Privacy on the Internet Dr Julia Sziklay Office

Privacy on the Internet Dr. Julia Sziklay Office of the Parliamentary Commissioner for Data Protection and Freedom of Information 7 -1 -2009

Internet = "network of networks" • a global data communications system - a hardware and software infrastructure that provides connectivity between computers • consists of millions of private and public, academic, business, and government networks of local to global scope that are linked by various technologies • carries all kind of information resources and services, such as electroniv mail, online chat, file transfer and file sharing, online gaming and the inter-linked hypertext documents and other resources of the World Wide Web.

History of the Internet • 1946: a comic science-fiction by M. Leinster „A Logic Named Joe” • 1958: Advanced Research Projects Agency (first goal to connect country-wide radar systems for the U. S. Air Force) • 1969: first network connection between the University of California and Stanford Research Institute • 1978: International Packet Switched Service (first commercial use in the telecommunication and the bank sector) • 1988: open for commercial use • 1991: European Organization for Nuclear Research publicized the World Wide Web project (with a web browser one can view Webpages that may contain text, images, videos and other multimedia and navigate between them using hyperlinks) • 1993: WWW was declared as free to use for everyone • 2008, June: 1. 463 billion people user

Characteristics of the Internet • (+) public and available for anyone, • (+) a useful tool for opening access to data of public interest • (+) serves freedom of thinking and freedom of expression on a global level BUT • (-) rather vulnerable in terms of data security • (-) a potential source of inaccurate or untruthful information; • (-) apt to make room for illegal activity

Relationship between privacy and the freedom of expression right to share one’s thoughts and experiences with a community of fellow Internet users BUT contributors should avoid infringing on other people’s individual rights, including their right to privacy and the protection of personal data

Internet privacy ability to control what information one reveals about oneself over the Internet, and to control who can access that information

Risks to Internet privacy User-tracking: • Internet Service Providers (capable to observe any Internet-related activity of the user) • Cookies (parcels of text sent by a server) tracking and maintaining specific information of the user • Data logging (may include recording times when the computer is in use, or which web sites are visited) • Spyware programs • Web bug • Social engineering • Phishing • Malicious proxy server • Search engines

Risks to Internet privacy (ctd. ) Illegal and harmful content: • • A. Need to fight against the illegal content of the Internet with legal tools (top-down control): Council of Europe`s 2001 Convention on Cybercrime (child-pornography) – Additional Protocol, 2006 (racist and xenophobic materials), but only 11 countries ratified it…) OECD Recommendation on Cross-border Co-operation in the Enforcement of Laws Protecting Privacy European Commission: Safer Internet and Safer Internet Plus programs B. Need to fight against the harmful content of the Internet (bottom-up control): from self-regulation to co-regulation

Risks to Internet privacy (ctd. ) On-line social networks: • Concept dates back to the 1960 s, but participation increased in recent years (Hungary: 1. 5 million registered i. W users) • Participants are offering self-profile in order to contact or being contacted. • Risks range from identity theft to online and phisical stalking, embarrasment, discrimination and blackmailing.

Principle of personal data frugality and data avoidance • Anonymising and pseudonym use e. g. nicknames • Moderation principles Problems: • which identifier used on the Internet qualify as personal data? • uncontrollable manners of personal data disclosure • lack of international cooperation

Concrete cases (Hungary) misuse of personal data on community sites • An article posted at the web site of a Hungarian daily featured a series of conversations otherwise accessible from a members-only forum (reserved for qualified physicians).

The punishing tool of publicity… • “Web Hall of Shame” featuring the uploaded data of persons who were found by the editors to have violated the written or unwritten rules of various areas of daily life, e. g. by breaking or ignoring the traffic regulations. • A planned web-site to set up by creators and beneficiaries of copy-right featuring writings without acknowledging the original authorship.

i. W-cases grievances of insulting, obscene statements, innuendos, and photos being published

Disturbances in Budapest, 2006 • The case of www. kuruc. info (a website with political far-right affiliation) disclosing names, addresses, home phone and mobile phone numbers of judges and prosecutors participating in criminal proceedings against the rioters.

Spams • only with the previously gained consent of the recipient • businesslike offering of the possibility of data transfer also qualifies as commercial advertising activity, as well as electronic advertising

Conclusions: EU „digital future” strategies 250 million European Internet users (40 million growth in 2007) BUT users’ lack of trust → already threatening economic development →EU Commission initiatives e. g. Launch Safer Internet 2009 -13, guides on digital education etc.

Children being a special target group • Children spend annual 300 billion $ of their pocket money on a global market! • More vulnerability: - underestimation of risks, - ignorance of privacy information → need of additional protection!

USA, 1998: Children’s Online Privacy Protection Act (COPPA) /children: under the age of 13/ The operator is strictly required: - to provide notice on the website of what information is collected from children by the operator, how the operator uses such information, and the operator's disclosure practices for such information; - to obtain verifiable parental consent for the collection, use, or disclosure of personal information from children; - upon request of a parent a description of the specific types of personal information collected from the child ; the opportunity at any time to refuse to permit the operator's further use of personal information from that child; - to prohibit conditioning a child's participation in a game, the offering of a prize, or another activity on the child disclosing more personal information than is reasonably necessary to participate in such activity; - to establish and maintain reasonable procedures to protect the confidentiality, security, and integrity of personal information collected from children. - to meet Safe Harbour requirements approved by the Federal Trade of Commission. • Attorney general of a State may bring civil action on behalf of the residents in a district court

Awareness raising-programs for children - by DPAs e. g. „DADUS” program /Portugal/ - by content-service providers e. g. ”Friendly Internet Campaign” /Hungary/ - by NGOs e. g. Media Awareness Network /Canada/

The Web shall not be a realm of legal immunity!

Thank you for your attention! Office of the Parliamentary Commissioner for Data Protection and Freedom of Information www. obh. hu H-1051 Budapest Nádor u. 22 privacy@obh. hu tel: 4757186 fax: 2693541