Law Questions regarding the Future of Privacy

<< back to 'Questions Regarding the Future of Privacy in 2015'

Questions

1. What laws are in place to control privacy? (Robert)
   

   Well as for the Netherlands, we have to disappoint a lot of people. There is not a law for privacy.

   We can divide the general laws regarding privacy in three topics: Spatial privacy – the right for an own physical space Relational privacy – the right to communicate with persons of your own choice and the secrecy of these communications. Informational privacy – the right to have private personal information.

   Some particular topics are protected in the constitution or other laws like e.g. the Law Protection Personal Data (WBP), Law municipal population registers (GBA). Although these laws are helping the civilians there are, off course, also laws that are in favor of the government services like the Telecommunication law, General Law on entering, Law report uncommon operations(MOT). These type of laws are only to be used in exceptions but are also protecting the privacy of civilians. [1]

   For other countries it is slightly different. The United States of America does have some kind of law regarding privacy [2]. But privacy is not explicitly mentioned in the constitution of the USA. The UK is, since 1997, heavily busy with changing there laws to be aware of privacy. Also regarding these changes, the European Union has also some rules/laws acting as guidelines for their members. These guidelines are up to now referring to the protection of personal data.

   If we take the 36 most mentioned countries in the world, some do not have any privacy laws but they are doing better than the ones that have these laws. According to an article from the Daily Telegraph, November 2, 2006 the

   UK is the worst country in the ability to protect their privacy[3].
2. Is it possible to change privacy laws / legislation? (technological, political / research etc) (Robert)

Changing privacy laws is very hard as there are no particular privacy laws. Most countries have quit some 
laws which try to cover the topic of privacy. Also  they have some laws which makes the government able to break 
peoples privacy. 

Most of the laws regarding elements of privacy are stated in the constitution of countries. These constitutions 
are very hard to change. Normally it takes years to change this. 

Although with upcoming terrorism and other threads governments are making new laws which are enacting the future 
of privacy but also the safety of people. For this the privacy of people has sometimes to be damaged. 

With the upcoming new technologies the old laws are not sufficient anymore. The governments will make new laws 
according to these developments. These new laws are not covering the old but are contributing to the old, which 
does not say that the total law is still the same. On basis of digital information can be acted differently than 
upon analogue information. 

Even complete nations are making up rules which has to be followed. For example the European Union is creating a 
set of laws which has to be implemented within their member countries. These laws are at his point only affecting 
the digital privacy. Sometimes these nations are even in conflict about this topic as the EU and USA are 
regularly.
<M/pre>
<li>'''What are the latest developments in privacy laws ? (Folkert)'''</li>
<div style="width:90%; font-size:8pt;overflow:auto">
''The EU Data Privacy Directive''. The European Union Data Privacy Directive limits the collection, use, disclosure and other processing of personal data about EU residents (“EU personal data”). The Directive sets minimum standards for the privacy laws of each EU member country and provides civil damages and criminal fines for non-compliance (for both a company and its officers and directors). 

''COPPA''
Congress enacted the Children’s Online Privacy Protection Act of 1998, 15 U.S.C. §§ 6501 et seq., to prohibit unfair or deceptive acts or practices in the collection, use or disclosure of personally identifiable information from and about children under the age of 13 on the Internet. FTC regulations implementing COPPA became effective on April 20, 2000 (see 16 CFR Part 312). 

''Gramm-Leach-Bliley Act''
The Gramm-Leach-Bliley Act, 15 U.S.C. §§ 6801 et seq. (GLBA), not only significantly deregulated banking and financial practices but also implemented broad new rules to protect consumer financial privacy.
The GLBA imposes detailed notice and opt-out requirements for nonpublic personal financial information and sharply restricts the ability of companies to disclose such information to third parties.
The GLBA assigns enforcement authority to the Securities and Exchange Commission (SEC) for brokers, dealers and investment advisors and to a variety of other federal agencies for banks, savings associations and credit unions.
The GLBA also assigns catch-all regulatory authority to the FTC for companies not specifically parceled out to other agencies. The SEC and FTC recently promulgated final regulations for enforcement of the GLBA.
While the statute originated in the banking context, it imposes privacy restrictions far beyond traditional financial institutions. [4]
</div>
<li>'''How are recent changes in privacy laws influenced / caused by new technologies. (Folkert)'''</li>
<div style="width:90%; font-size:8pt;overflow:auto">
A series of security break-ins is kick-starting a political drive to reshape federal laws that dictate how companies protect personal information--and what they have to do if that data leaks out. 
What began with the leak of tens of thousands of records from data broker ChoicePoint earlier this month was quickly compounded by a series of rapid-fire incidents involving Bank of America, Science Applications International Corp., an online payroll services company and the T-Mobile Sidekick of hotel heiress Paris Hilton. 
That avalanche of high-profile breaches in the last month has captured the attention of a growing number of U.S. senators, mainly Democrats, who have called for new laws as a response.

At the federal level, privacy laws tend to be created erratically, spurred by one well-publicized emotional anecdote after another. Congress approved the Video Privacy Protection Act in 1988 after a newspaper published Supreme Court nominee Robert Bork's video rental records. The murder of actress Rebecca Schaeffer, whose killer found her address through DMV records, led to the Drivers Privacy Protection Act. [5]

New materials include the privacy provisions of the Homeland Security Act and the E-Government Act, the European Commission statement on air passenger record transfers, and reports on video surveillance, biometrics, the Internet WHOIS directories, and radio frequency identification. [6]

The personal information revealed by teenagers on these sites also attracts sexual predators. There have been a number of reports of sexual predators locating victims through social networking sites. As a result of growing concern over the misuse of social networking, a new bill has been introduced into the United States Congress to protect teenagers. The newly proposed Deleting Online Predators Act of 2006 (Fitzpatrick, 2006) states the term “commercial social networking website” means a commercially operated Internet Web site that
“(i) allows users to create web pages or profiles that provide information about themselves and are available to others users; and
(ii) offers a mechanism for communication with other users, such as a forum, chat room, email, or instant messenger.” [7]

The growth of the spyware problem has prompted several proposals for new legislation
to address the privacy dimension of the issue. Representative Mary Bono (R-CA) and
Senator John Edwards (D-NC) have each introduced legislation targeted specifically at
spyware, while Senator Ernest Hollings (D-SC) has included a section applying to
spyware in a more comprehensive bill to establish baseline privacy standards on the
Internet. In addition to the three bills for which language has already been introduced,
Senator Conrad Burns’ (R-MT) office has indicated that he may introduce a bill targeted
at spyware.

In October 2004, all but one member of the U.S. House of Representatives voted for a bill that was supposed to curtail the threat of malicious PC-disrupting spyware. 
But the Senate ignored it. So the House once again approved spyware regulations in May 2005, which yielded precisely the same lack of a result. 
Hoping that the third time proves the charm, House leaders on Thursday introduced a bill that would once again try to impose 31 pages of regulations on the software industry in an effort to define what types of activities are permissible and which ones aren't. [8]
</div>
<li>'''How often do privacy infringements take place? (Folkert)'''</li>
<div style="width:90%; font-size:8pt;overflow:auto">
{| class="wikitable"
|+ stolen private information
! Employer || Number affected || How
|-
| Bank of america || 1.2 million || Theft of tapes
|-
| SAIC || 45,000 || Stolen equipment
|-
| Adecco || 1,000 || SSNs on postcards
|-
| Time Warner || 60,000 || Lost back-up tapes
|-
| MCI || 16,500 || Stolen laptop
|-
| Purdue || 11,360 || Unauthorized access
|-
| US DOJ || 80,000 || Stolen laptop
|-
| Motorola || 30,000 || Stolen computers
|-
| FDIC || 6,000 || Unauthorized access
|-
| Eastman Kodak || 5,800 || Stolen laptop
|-
| San Diego County || 32,000 || Hacking
|-
| US Air Force || 33,000 || Stolen log-in
|-
| Boeing || 161,000 || Stolen laptop
|-
| Ford Moter Co. || 70,000 || Stolen computer
|-
| Honeywell || 19,000 || Data posted on web
|}

Employer Practices (AMA Study 2005)
*76% Employers Monitor Employee Internet Usage
*36% Track Content, Keystrokes, Time Online
*65% Use Blocking Software
*50-55% Review Employee Emails and Computer Files

Employer Notice
*89% Notify that Internet Usage Tracked
*82-86%% Notify that Computer Files and Emails Reviewed
*80% Inform About Content, Keystrokes, Time 
*61% of employees access personal e-mail at work; 41% use instant messaging (SmoothWall survey, Nov. 2005)

</div>

</ol>

===References===
[1] J. Terstegge, 2001, http://home.planet.nl/~privacy1/faq_nl.htm#2

[2] R.B. Standler, 1997, Privacy Law in the USA, http://www.rbs2.com/privacy.htm

[3] Privacy International, 2007, http://www.privacyinternational.org/article.shtml?cmd[347]=x-347-545269&als[theme]=Privacy%20and%20Human%20Rights

[4] http://www.cooley.com/news/alerts.aspx?ID=000037672220

[5] http://news.com.com/Perfect+storm+for+new+privacy+laws/2100-1029_3-5593225.html

[6] http://www.epic.org/bookstore/pls2003/

[7] http://www.firstmonday.org/issues/issue11_9/barnes/

[8] http://news.com.com/2100-1028_3-6157826.html