18 J Marshall J Computer Info L

18 J. Marshall J. Computer & Info. L. 1 Fall, 1999 by David Banisar and Simon Davies of Privacy International GLOBAL TRENDS IN PRIVACY PROTECTION: AN INTERNATIONAL SURVEY OF PRIVACY, DATA PROTECTION, AND SURVEILLANCE LAWS AND DEVELOPMENTS

1950 Convention for the Protection of Human Rights and Fundamental Freedoms Everyone has the right to respect for his private and family life, his home and his correspondence. (2) There shall be no interference by a public authority with the exercise of this right except as in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health of morals, or for the protection of the rights and freedoms of others.

Threats to Privacy GLOBALIZATION - The reduction of physical boundaries to the communication of data. The Internet is the best known example but high speed and low cost communication networks also allow easy transfer of data. CONVERGENCE - The ability to import, correlate and use data from different software and operating systems permits combination of or cross reference on data from different systems that was not possible before. MULTI-MEDIA - The ability to share different types of communication media. Voice, video and printed word can be easily shared via the internet, television

Differing National Approaches to Ensuring Privacy The US has provided protection to specific types of data through individual laws. This approach is slow to protect against new threats to privacy.

The European Union - Comprehensive Approach 4 Telecommunication Directive 4 Data Protection Directive

Basic EU Requirements 4 obtained fairly and lawfully; 4 used only for the original specified purpose; 4 adequate, relevant and not excessive to purpose; 4 accurate and up to date; 4 accessible to the subject; 4 kept secure; and 4 destroyed after its purpose is completed.

Each member nation is required to pass legislation providing the baseline protection.

EU model is based on enforceability 4 the protections are defined in rules 4 each nation will have a Privacy Commissioner or agency

EU requirements drive non members to enact complying laws to participate in EU market The EU’s approach is shaping the debate and requirements related to privacy legislation.

Differing approaches to Protecting Privacy · Comprehensive Laws · Laws covering specific areas · Self Policing · Use of Technologies

Privacy Still At Risk Privacy remains at risk due to gaps in laws or lagging behind new technology, technology can aid in protecting privacy but will not ensure it. Even with adequate laws lack or resources or enforcement results in continued risks. Exemptions to laws for law enforcement and security organizations pose continued risks to privacy.

Privacy Around the World The remainder of the article contains a synopsis of the state of privacy in countries of the world.

The Licensing of Our Personal Information: Is It a Solution to Internet Privacy Copyright (c) 2000 California Law Review October, 2000 88 Calif. L. Rev. 1507 by Kalinda Basho

Privacy in the Information Age can best be defined as "the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others. " n 8

Online Privacy Systems Must · Allow the choice of whether to share or not · Notify the user of how their data will be used · Allow verification the data will be used as described · Compensation – The user should be · Be Easy to use ie not be cumbersome · Enforcement and Redress if it is not followed

Licensing Data Can Provide Privacy Using the framework of the Uniform Commercial Information Transactions Act (UCITA)

Three current methods of providing privacy online fail · Laws - Children's Online Privacy Protection Act is cumbersome and was created as a reaction to privacy violations · Self Regulation – groups do not follow their current guidelines and few groups participate in seal programs like the Better Business Bureau or TRUSTe seal programs. · Technology – Like anonymous browsing – limits the data available, prevents the benefits of customized browsing

For licensing to work Privacy would have to be provided by law. · This would create an incentive for businesses to participate in license deals. · Right now they would either just not deal with users or · create some inducement to get users to surrender their data.

Cumbersome to negotiate with each website visited · Infomediaries – Business that negotiates information transactions between data collectors and people providing data. · Read it to work almost like certificate verification behind the scene in a browser where the user only gets a notice if a preagreed terms is not accepted in the behind the scene transaction.

Benefits of Licensing · Users would chose from standard requirements that would help them cover areas that they might not address on their own. · Use of electronic agents would be meticulous in applying terms. · Establish terms for use in enforcing the contract terms

Barriers to This Approach · Providing Information would have to be considered a transaction under UCITA · UCITA was created for software transactions and does not translate well to information. · Even if a uniform law in all 50 states the internet needs to be addressed internationally.

Barriers Continued · How do you Enforce the Licenses? Damages would be small and legal fees would make them not worth pursuing.

Satisfy the Six Requirements?

Allow the choice of whether to share or not 4 The use of electronic agents would allow a user to chose whether to provide the information or not based on information provided about privacy policy.

Notify the user of how their data will be used 4 Electronic Agent would present a message screen to accept terms different from the ones elected when configuring the agent with the use that would be acceptable.

Allow verification of data Use 4 Through seal programs like those of the Better Business Bureau or TRUSTe the user could have assurance that the licensor of their data was complying with the terms of their agreement

Compensation 4 To satisfy that the licensor agreement is valid some consideration whether it be monetary or customized service would be a requirement of such a system.

Be Easy to use ie not be cumbersome 4 Through the use of Infomediaries and the use of electronic agents the described setup would be easy to use

Enforcement and Redress if it is not followed 4 The terms of the license agreement would provide for penalties if the license agreement is broken.

With Nowhere to Hide: Workers are Scrambling for Privacy in the Digital Age 1999 Journal of Technology Law and Policy Spring, 1999 4 J. Tech. L. & Pol'y 1

Employer are at Risk 4 They are turning to Surveillance to address the risk 4 This in turn is threatening workers privacy

Networked Computers Increased the Risk 4 More resources are accessible via networks 4 Internet Connections increases the risks

Risk includes sexual harassment complaints due to technology, exposure of data, loss of use of system.

Surfing inappropriate sites leaves information about the user behind. This can be embarrassing for a company.

Sabotage

To guard against that risk employers may use surveillance techniques.

Site Three concerns · Productivity · Bandwidth and network Resources · Exposure from inappropriate use

Use Surveillance to detect; theft, tardiness, to evaluate job performance and quality control and to uncover use of drugs or alcohol.

Camera’s, email sniffing, listening to phone calls, monitoring of web surfing habits.

Employees do not give up a right to privacy due to employment.

To protect worker privacy the author suggests that the use of surveillance should be limited like wire tapping today to situations where there is already evidence of a problem.

Different types of surveillance is governed by different laws and requirements. It might not be legal

Measuring the employee’s expectation of privacy is key to determining whether it is a violation of privacy.

Another aspect considered is whether the invasion was preventable or not; close the window analogy.

Legal Recording Phone Conversations ·informed consent · business extension which says that sales calls can be recorded for training purposes but not personal calls.

Surveillance video systems are legal if they do not capture sound and the area they cover is public. There is less expectation of privacy when the surveillance cameras are openly visible.

Answer: management selecting the appropriate level of surveillance to address the risk involved balanced against employees privacy rights.

Defacto loss of work place privacy should be prevented through privacy laws to address current and potential privacy concerns

Surveillance should require satisfaction of criteria that a problem exists. Rules for how the data will be used and with whom it will be shared should be developed.