Constructing a surveillance impact assessment

This paper describes surveillance impact assessment (SIA), a methodology for identifying, assessing and resolving risks, in consultation with stakeholders, posed by the development of surveillance systems. This paper appears to be the first such to elaborate an SIA methodology. It argues that the process of conducting an SIA should be similar to that of a privacy impact assessment (PIA), but that an SIA must take account of a wider range of issues, impacts and stakeholders. The paper categorises the issues and impacts to be considered in the conduct of an SIA and identifies the benefits of a properly conducted SIA.     

Privacy impact assessment: Its origins and development

Privacy impact assessment (PIA) is a systematic process for evaluating the potential effects on privacy of a project, initiative or proposed system or scheme. Its use has become progressively more common from the mid-1990s onwards.     

The state of the art in privacy impact assessment

There is growing interest in Europe in privacy impact assessment (PIA). The UK introduced the first PIA methodology in Europe in 2007, and Ireland followed in 2010. PIAs provide a way to detect potential privacy problems, take precautions and build tailored safeguards before, not after, the organisation makes heavy investments in the development of a new technology, service or product. This paper presents some findings from the Privacy Impact Assessment Framework (PIAF) project and, in particular, the project's first deliverable, which analyses the similarities and differences between PIA methodologies in Australia, Canada, Hong Kong, Ireland, New Zealand, the United Kingdom and the United States, with a view to picking out the best elements which could be used in constructing an optimised PIA methodology for Europe. The project, which began in January 2011, is being undertaken for the European Commission's Directorate General Justice. The first deliverable was completed in September. The paper provides some background on privacy impact assessment, identifies some of its benefits and discusses elements that can be used in construction of a state-of-the-art PIA methodology.     

Profiling the mobile customer – Privacy concerns when behavioural advertisers target mobile phones – Part I

Mobile customers are being tracked and profiled by behavioural advertisers to be able to send them personalized advertising. This process involves data mining consumer databases containing personally-identifying or anonymous data and it raises a host of important privacy concerns. This article, the first in a two part series on consumer information privacy issues on Profiling the Mobile Customer, addresses the questions: “What is profiling in the context of behavioural advertising?” and “How will consumer profiling impact the privacy of mobile customers?” The article examines the EU and U.S. regulatory frameworks for protecting privacy and personal data in regards to profiling by behavioural advertisers that targets mobile customers. It identifies potential harms to privacy and personal data related to profiling for behavioural advertising. It evaluates the extent to which the existing regulatory frameworks in the EU and the U.S. provide an adequate level of privacy protection and identifies key privacy gaps that the behavioural advertising industry and regulators will need to address to adequately protect mobile consumers from profiling by marketers. The upcoming second article in this series will discuss whether industry self-regulation or privacy-enhancing technologies will be adequate to address these privacy gaps and makes suggestions for principles to guide this process.¹     

Privacy and the precautionary principle

The precautionary principle – which implies that where there are threats of serious or irreversible damage, lack of full scientific certainty shall not be used as a reason for postponing protective measures – has been adopted as a standard of environmental and health protection in international and European legislation. This article offers an overview of the precautionary principle as a legal standard applicable to European privacy and data protection legislation. For this reason, it takes particularly into account the guidelines of this legislation as well as the privacy impact assessment framework, raised by the European Commission through the Recommendation on Radio-Frequency Identification applications. In brief, the article stresses the role of the precautionary principle in improving privacy protection through liability, prudence and transparency.     

The fundamental right of data protection in the European Union: in search of an uncharted right

The entry into force of the EU Charter of Fundamental Rights and the ensuing introduction of the right to data protection as a new fundamental right in the legal order of the EU has raised some challenges. This article is an attempt to bring clarity on some of these questions. We will therefore try to address the issue of the place of the right to the protection of personal data within the global architecture of the Charter, but also the relationship between this new fundamental right and the already existing instruments. In doing so, we will analyse the most pertinent case law of the Court of Luxembourg, only to find out that it creates more confusion than clarity. The lesson we draw from this overview is that the reasoning of the Court is permeated by a ‘privacy thinking’, which consists not only in overly linking the rights to privacy and data protection, but also in applying the modus operandi of the former to the latter (which are different we contend). The same flawed reasoning seems to be at work in the EU Charter of Fundamental Rights. Therefore, it is crucial that the different modi operandi be acknowledged, and that any upcoming data protection instrument is accurately framed in relation with Article 8 of the Charter.     

大数据时代社区应急治理中居民隐私顾虑之化解

大数据时代社区应急治理现代化既要运用大数据技术提高应对突发事件的效能,也要兼顾对居民隐私权的有效保护,消除居民隐私顾虑。隐私权的双重属性和社区应急治理中不规范的居民信息采集、使用和泄露行为会导致出现侵害居民隐私权的情况,使居民产生隐私顾虑。因此,大数据环境下社区应急治理需加强对居民隐私的保护,从法律、责任、多元主体协同等层面建立居民隐私顾虑化解机制,平衡社区应急治理中社区公共利益与居民个人利益的张力和冲突,提高社区应急治理效能和治理现代化水平。     

E-Government users’ privacy and security concerns and availability of laws in Dubai

The purpose of the study was to review privacy and security concerns and their impact on e-government adoption in Dubai. The research analyzed the literature on e-government, security and privacy concerns of e-government adoption and the legislative provision relating to privacy and security protection. A survey on e-government user concerns on privacy, security and ease of use was also carried out. The data for the survey in this research were collected from 190 respondents in Dubai. The results of the analysis revealed that perceived security, privacy and perceived ease of use were important constructs in e-government adoption. The analysis of legal framework showed that the Federal Constitution, the Penal Code, the new Data Protection Act and the Computer Crime Act could be used to address various privacy and security concerns. Thus, it is important that the policy makers facilitate an appropriate awareness campaign of the existence of both information privacy and security to attract more participation towards the e-government services.     

Citizens' perceptions of data protection and privacy in Europe

Data protection and privacy gain social importance as technology and data flows play an ever greater role in shaping social structure. Despite this, understanding of public opinion on these issues is conspicuously lacking. This article is a meta-analysis of public opinion surveys on data protection and privacy focussed on EU citizens. The article firstly considers the understanding and awareness of the legal framework for protection as a solid manifestation of the complex concepts of data protection and privacy. This is followed by a consideration of perceptions of privacy and data protection in relation to other social goals, focussing on the most visible of these contexts–the debate surrounding privacy, data protection and security. The article then considers how citizens perceive the ‘real world’ environment in which data processing takes place, before finally considering the public's perception and evaluation of the operation of framework against environment.     

论劳动者隐私权的法律保护:一个分析框架

以民法为中心的隐私权立法不足以保护劳动者,应构建契合劳动法理念的隐私权保护制度。劳动关系的从属性限制了劳动者隐私权受保护的范围和程度,同时也对雇主提出保护劳动者隐私权的要求。保护劳动者隐私权必须对各种社会利益及其相对重要性进行分析,核心在于实现雇主利益与劳动者隐私权的平衡,其一般标准可以区分为四项原则:职业区分原则;利益衡量原则;最少损害原则;合法限制与合意限制原则。     

欧美金融隐私保护法律制度比较

欧美金融隐私权保护由于不同隐私保护体系而显得区别很大.欧盟综合性的保护方式为金融隐私权提供了较高的保护水平,但是实践中各国适用并不一致.美国单独立法的方式使得其金融隐私保护错综复杂,市场力量、行业自律也在保护金融隐私方面发挥重要作用.我国金融隐私立法应参照欧美法律和实践两个方面的情况.     

Location privacy: The challenges of mobile service devices

Adding to the current debate, this article focuses on the personal data and privacy challenges posed by private industry's use of smart mobile devices that provide location-based services to users and consumers. Directly relevant to personal data protection are valid concerns about the collection, retention, use and accessibility of this kind of personal data, in relation to which a key issue is whether valid consent is ever obtained from users. While it is indisputable that geo-location technologies serve important functions, their potential use for surveillance and invasion of privacy should not be overlooked. Thus, in this study we address the question of how a legal regime can ensure the proper functionality of geo-location technologies while preventing their misuse. In doing so, we examine whether information gathered from geo-location technologies is a form of personal data, how it is related to privacy and whether current legal protection mechanisms are adequate. We argue that geo-location data are indeed a type of personal data. Not only is this kind of data related to an identified or identifiable person, it can reveal also core biographical personal data. What is needed is the strengthening of the existing law that protects personal data (including location data), and a flexible legal response that can incorporate the ever-evolving and unknown advances in technology.     

Privacy notices versus informational self-determination: Minding the gap

Privacy notices are instruments that intend to inform individuals of the processing of their personal data, their rights as data subjects, as well as any other information required by data protection or privacy laws. The goal of this paper is to clarify the current discourse regarding the (in)utility of privacy notices, particularly in the context of online transactions. The perspective is a European one, meaning that the analysis shall be geared towards the European Data protection framework, particularly the European Data Protection Directive. The paper discusses the role that privacy notices play under the European data protection framework today, summarizes the main critiques regarding the use of privacy notices in practice and develops a number of recommendations.     

A comparison of proposed legislative data privacy protections in the United States

The use of online consumer tracking methods has raised significant privacy concerns for consumers and policymakers for decades. Advertisers using these methods analyze web-viewing habits to predict consumer preferences and actions. The advertising industry in the United States has promoted self-regulatory principles to respond to these concerns. However, in December 2010, the U.S. Federal Trade Commission reported that these efforts “have been too slow and up to now have failed to provide adequate and meaningful protection.” President Barack Obama's administration has supported broader legislation for comprehensive protection of individuals' private data. The leading model for data privacy protection is the 1980 Organization for Economic Cooperation and Development (OECD) Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. This article examines two leading legislative privacy proposals in the context of the OECD principles. This examination concludes that, although the proposals do not provide sufficient comprehensive privacy protections, they do fill significant gaps in current U.S. privacy laws.     

位置何以成为隐私?——大数据时代位置信息的法律保护

在数据这一新型生产要素中,位置数据的应用 日益广泛,不仅"基于位置的服务"雨后春笋般涌现,政府也基于位置数据创新社会治理方式、辅助案件侦破.然而,位置数据获取技术的进步及智能手机(作为现代最主要的定位工具)的普及,使得公民私密生活受到无处不在的位置监控威胁.位置信息的敏感性、位置获取技术的侵入性、公民对位置信息的隐私期...     

隐私权保障三论

隐私权是近年来发展较快的一项人格权,受到各国以及国际社会的普遍重视,但我国对隐私权的关注和研究起步较晚,在理论与实践中有许多问题亟需澄清。有必要从比较的视野研究域外隐私权的保障依据、保障界限以及保障模式,目的是在比较和借鉴中为中国隐私权保障的制度建构提供理论基础,并结合中国的国情提出完善的建议。     

网络环境下远程医疗若干法律问题初探

目前，世界上还没有国家通过立法认定远程医疗。远程医疗对人类医疗卫生事业的发展有着重大而深远的意义。自主性、契约性、地域性决定了远程医疗不同的法律特征及其调整机制。网络环境下的远程医疗涉及到计算机、法律、伦理等诸多领域的问题。本文选择了远程医疗设备评估、许可证及隐私权的保护等几个法律问题进行探讨。     

The future of privacy certification in Europe: an exploration of options under article 42 of the GDPR

The EU faces substantive legislative reform in data protection, specifically in the form of the General Data Protection Regulation (GDPR). One of the new elements in the GDPR is its call to establish data protection certification mechanisms, data protection seals and marks to help enhance transparency and compliance with the Regulation and allow data subjects to quickly assess the level of data protection of relevant products and services. To this effect, it is necessary to review privacy and data protection seals afresh and determine how data protection certification mechanisms, seals or marks might work given the role they will be called to play, particularly in Europe, in facilitating data protection. This article reviews the current state of play of privacy seals, the EU policy and regulatory thrusts for privacy and data protection certification, and the GDPR provisions on certification of the processing of personal data. The GDPR leaves substantial room for various options on data protection certification, which might play out in various ways, some of which are explored in this article.     

论隐私、隐私权的概念和特征

本文着重论述隐私概念和特征、隐私权概念和特征、西方隐私权的新构成、以及隐私权和其他相关人格权的区别。采用比较分折的方法,论述了国外隐私权渊源及发展,探讨我国隐私权保护滞后的原因。并力图对隐私、隐私权作一个科学的界定。