Difference between revisions of "Law Questions regarding the Future of Privacy"

<< back to 'Questions Regarding the Future of Privacy in 2015'

Questions

1. What laws are in place to control privacy? (Robert)
   

   Well as for the Netherlands, we have to disappoint a lot of people. There is not a law for privacy.

   We can divide the general laws regarding privacy in three topics: Spatial privacy – the right for an own physical space Relational privacy – the right to communicate with persons of your own choice and the secrecy of these communications. Informational privacy – the right to have private personal information.

   Some particular topics are protected in the constitution or other laws like e.g. the Law Protection Personal Data (WBP), Law municipal population registers (GBA). Although these laws are helping the civilians there are, off course, also laws that are in favor of the government services like the Telecommunication law, General Law on entering, Law report uncommon operations(MOT). These type of laws are only to be used in exceptions but are also protecting the privacy of civilians. [1]

   For other countries it is slightly different. The United States of America does have some kind of law regarding privacy [2]. But privacy is not explicitly mentioned in the constitution of the USA. The UK is, since 1997, heavily busy with changing there laws to be aware of privacy. Also regarding these changes, the European Union has also some rules/laws acting as guidelines for their members. These guidelines are up to now referring to the protection of personal data.

   If we take the 36 most mentioned countries in the world, some do not have any privacy laws but they are doing better than the ones that have these laws. According to an article from the Daily Telegraph, November 2, 2006 the

   UK is the worst country in the ability to protect their privacy[3].
2. Is it possible to change privacy laws / legislation? (technological, political / research etc) (Robert)
3. What are the latest developments in privacy laws ? (Folkert)

The EU Data Privacy Directive. The European Union Data Privacy Directive limits the collection, use, disclosure and other processing of personal data about EU residents (“EU personal data”). The Directive sets minimum standards for the privacy laws of each EU member country and provides civil damages and criminal fines for non-compliance (for both a company and its officers and directors).

COPPA Congress enacted the Children’s Online Privacy Protection Act of 1998, 15 U.S.C. §§ 6501 et seq., to prohibit unfair or deceptive acts or practices in the collection, use or disclosure of personally identifiable information from and about children under the age of 13 on the Internet. FTC regulations implementing COPPA became effective on April 20, 2000 (see 16 CFR Part 312).

Gramm-Leach-Bliley Act The Gramm-Leach-Bliley Act, 15 U.S.C. §§ 6801 et seq. (GLBA), not only significantly deregulated banking and financial practices but also implemented broad new rules to protect consumer financial privacy. The GLBA imposes detailed notice and opt-out requirements for nonpublic personal financial information and sharply restricts the ability of companies to disclose such information to third parties. The GLBA assigns enforcement authority to the Securities and Exchange Commission (SEC) for brokers, dealers and investment advisors and to a variety of other federal agencies for banks, savings associations and credit unions. The GLBA also assigns catch-all regulatory authority to the FTC for companies not specifically parceled out to other agencies. The SEC and FTC recently promulgated final regulations for enforcement of the GLBA. While the statute originated in the banking context, it imposes privacy restrictions far beyond traditional financial institutions. [4]

4. How are recent changes in privacy laws influenced / caused by new technologies. (Folkert)

A series of security break-ins is kick-starting a political drive to reshape federal laws that dictate how companies protect personal information--and what they have to do if that data leaks out. What began with the leak of tens of thousands of records from data broker ChoicePoint earlier this month was quickly compounded by a series of rapid-fire incidents involving Bank of America, Science Applications International Corp., an online payroll services company and the T-Mobile Sidekick of hotel heiress Paris Hilton. That avalanche of high-profile breaches in the last month has captured the attention of a growing number of U.S. senators, mainly Democrats, who have called for new laws as a response.

At the federal level, privacy laws tend to be created erratically, spurred by one well-publicized emotional anecdote after another. Congress approved the Video Privacy Protection Act in 1988 after a newspaper published Supreme Court nominee Robert Bork's video rental records. The murder of actress Rebecca Schaeffer, whose killer found her address through DMV records, led to the Drivers Privacy Protection Act. [5]

New materials include the privacy provisions of the Homeland Security Act and the E-Government Act, the European Commission statement on air passenger record transfers, and reports on video surveillance, biometrics, the Internet WHOIS directories, and radio frequency identification. [6]

The personal information revealed by teenagers on these sites also attracts sexual predators. There have been a number of reports of sexual predators locating victims through social networking sites. As a result of growing concern over the misuse of social networking, a new bill has been introduced into the United States Congress to protect teenagers. The newly proposed Deleting Online Predators Act of 2006 (Fitzpatrick, 2006) states the term “commercial social networking website” means a commercially operated Internet Web site that “(i) allows users to create web pages or profiles that provide information about themselves and are available to others users; and (ii) offers a mechanism for communication with other users, such as a forum, chat room, email, or instant messenger.” [7]

The growth of the spyware problem has prompted several proposals for new legislation to address the privacy dimension of the issue. Representative Mary Bono (R-CA) and Senator John Edwards (D-NC) have each introduced legislation targeted specifically at spyware, while Senator Ernest Hollings (D-SC) has included a section applying to spyware in a more comprehensive bill to establish baseline privacy standards on the Internet. In addition to the three bills for which language has already been introduced, Senator Conrad Burns’ (R-MT) office has indicated that he may introduce a bill targeted at spyware.

In October 2004, all but one member of the U.S. House of Representatives voted for a bill that was supposed to curtail the threat of malicious PC-disrupting spyware. But the Senate ignored it. So the House once again approved spyware regulations in May 2005, which yielded precisely the same lack of a result. Hoping that the third time proves the charm, House leaders on Thursday introduced a bill that would once again try to impose 31 pages of regulations on the software industry in an effort to define what types of activities are permissible and which ones aren't. [8]

5. How often do privacy infringements take place? (Folkert)

stolen private information

Employer	Number affected	How
Bank of america	1.2 million	Theft of tapes
SAIC	45,000	Stolen equipment
Adecco	1,000	SSNs on postcards
Time Warner	60,000	Lost back-up tapes
MCI	16,500	Stolen laptop
Purdue	11,360	Unauthorized access
US DOJ	80,000	Stolen laptop
Motorola	30,000	Stolen computers
FDIC	6,000	Unauthorized access
Eastman Kodak	5,800	Stolen laptop
San Diego County	32,000	Hacking
US Air Force	33,000	Stolen log-in
Boeing	161,000	Stolen laptop
Ford Moter Co.	70,000	Stolen computer
Honeywell	19,000	Data posted on web

Employer Practices (AMA Study 2005)

• 76% Employers Monitor Employee Internet Usage
• 36% Track Content, Keystrokes, Time Online
• 65% Use Blocking Software
• 50-55% Review Employee Emails and Computer Files

Employer Notice

• 89% Notify that Internet Usage Tracked
• 82-86%% Notify that Computer Files and Emails Reviewed
• 80% Inform About Content, Keystrokes, Time
• 61% of employees access personal e-mail at work; 41% use instant messaging (SmoothWall survey, Nov. 2005)

References

[1] J. Terstegge, 2001, http://home.planet.nl/~privacy1/faq_nl.htm#2

[2] R.B. Standler, 1997, Privacy Law in the USA, http://www.rbs2.com/privacy.htm

[3] Privacy International, 2007, http://www.privacyinternational.org/article.shtml?cmd[347]=x-347-545269&als[theme]=Privacy%20and%20Human%20Rights

[4] http://www.cooley.com/news/alerts.aspx?ID=000037672220

[5] http://news.com.com/Perfect+storm+for+new+privacy+laws/2100-1029_3-5593225.html

[6] http://www.epic.org/bookstore/pls2003/

[7] http://www.firstmonday.org/issues/issue11_9/barnes/

[8] http://news.com.com/2100-1028_3-6157826.html