Gaughran vs the UK and public acceptability of forensic biometrics retention

This commentary provides a response to the European Court of Human Rights ruling in the case of Gaughran vs the United Kingdom on 13 February 2020. The Court ruled that the indefinite retention of DNA, fingerprints and facial images from all convicted adults was disproportionate. Using data from a survey on public attitudes, we examine the public acceptability of the police retention of forensic biometrics from the population.     

个人信息保护法制管窥

现代意义的隐私权乃是一种“个人信息控制权”,因此有必要对收集、利用、保存、传播他人信息的行为全面进行规范,许多国家先后制定了个人信息保护法。在立法模式上,根据是否以一部法律对公共部门和非公共部门的个人信息处理行为进行规范,分为总括和分离两种模式。在立法内容上,“OECD劝告”曾确立个人信息保护的八项原则,同时个人信息主体的权利可具体化为五项权利。另外,对特定行业制定特别规定是普遍采取的做法。     

Digital Wiretap Warrant: Improving the security of ETSI Lawful Interception

Lawful Interception (LI) of data communications is an essential tool for Law Enforcement Agencies (LEA) in order to investigate criminal activities carried out or coordinated by means of Internet. However, the ability to secretly monitor the activities of citizens also has a great impact on civil rights. Therefore, democratic societies must prevent abuse and ensure that LI is only employed in specific cases with justifiable grounds or a probable cause. Nowadays, in many countries each interception must be authorized by a wiretap warrant, usually issued by a judge. However, this wiretap warrant is merely an administrative document that should be checked by the network or service operator before enabling the monitoring of its customers, whose communications are later handed over to a LEA in plaintext. This paper proposes the idea of employing a Digital Wiretap Warrant (DWW), which further protects the civil liberties, security and privacy of LI by ensuring that monitoring devices can only be enabled with a valid DWW, and by encrypting the captured data so only the authorized LEA is able to decrypt those communications. Moreover, in the proposed DWW framework all digital evidence is securely time-stamped and signed, thus guaranteeing that it has not been tampered with, and that a proper chain of custody has been met. In particular this paper proposes how to apply the DWW concept to the lawful interception framework defined by the ETSI LI Technical Committee, and evaluates how the additional security mechanisms could impact the performance and storage costs of a LI platform.     

论政府信息公开排除范围的界定

在政府信息公开实践中,排除公开的范围应如何界定,成为整个信息公开法制的关键。为防止排除范围被行政主体滥用,国家秘密、商业秘密、个人隐私以及其它排除公开的范围应得到妥善界定。分析以上排除公开的范围,对国家秘密、商业秘密等概念的内涵进行适度收缩,同时要建立价值衡量的原则、明确排除范围的具体子类型、采用梯次化的概念内涵构造以及保证必要的监督空间等,为实现信息公开的价值而策略性地调整信息公开的排除范围。     

Scenario study of biometric systems at borders

This paper examines and compares the existing privacy instruments of VIS and US-VISIT systems in addressing the specific legal issues and challenging the privacy-invasive behaviour in the world of biometrics. A biometric scenario is presented to give a vision of a future society in 5 years from now when biometric technology is more widely used. The objective here is to open up the scope of considering the potential legal risks of the use of biometrics, based upon the present passport and visa application plans in the EU and USA.     

中欧标准必要专利比较研究与借鉴

标准必要专利建立的目的是为了推广技术,使得技术产品具有兼容性和统一性,避免资源浪费,提高生产效率。标准必要专利具有社会公共属性,其本身具有标准的公益性与专利权的私有性相统合的特性。对中国和欧洲地区标准必要专利的立法、司法实践进行系统梳理和比较,可以为我国标准必要专利的立法和实践提供借鉴建议。对于标准必要专利的认定,应当充分考虑技术的不可替代性,同时考量法律保护的地域性和国际规则;标准必要专利许可费率的确定要对不同收费标准予以具体分析,尽量对许可费进行事前市场考量,减少主观认知偏差和事后判断产生的问题;另外可以借鉴欧洲国家司法经验,详细规定专利权人如何遵守FRAND原则的规范指南;市场地位的判定不仅需要考虑市场占有率,还应当结合时间要素判断;对于滥用市场地位的认定应当考察是否“具有滥用之恶意”。     

论个人隐私权的行政法保护

从隐私权的私权属性出发,应该确立以私权为核心的隐私权行政法保护理念;行政权力公共利益属性决定了隐私权行政法保护离不开行政公开制度建构;在平衡政府权力与个人权利的关系中,制定个人隐私权保护法,为隐私权行政法保护提供直接法律依据。     

Regulating electronic identity in the European Union: An analysis of the Lisbon Treaty’s competences and legal basis for eID

This paper discusses the feasibility of EU legal action in the field of electronic identity (eID) within the new distribution of legal competences and the provision of novel legal basis engendered by the Treaty of Lisbon. The article attempts to find a ‘legal anchor’ to the idea of a pan-European electronic identity within EU law, looking at the issues of competences and legal basis. After examining various different areas of competence and the most feasible (and probable) candidates for a legal basis supporting an EU legal framework for eID, the paper argues that the latter should be found in the combination of Article 16 TFEU (concerning the right to the protection of personal data) with Article 3 TUE, and Articles 26 and 114 TFEU (concerning the establishment and functioning of the Internal Market), which also constitute the area of competence where an eID legal initiative can be pursued.     

Security,privacy and freedom and the EU legal and policy framework for biometrics

The adoption of the Treaty of Lisbon and the granting to the Charter of Fundamental Rights of the same legal force as the Treaty has lent a new impulse to the consideration of fundamental human rights by the European Union (EU). The question remains, however, as to how this legal discourse, centred upon human rights, is actually shaping the EU regulatory framework in specific policy domains. The aim of this paper is to critically appraise the ways that the fundamental rights of security, privacy and freedom guaranteed by the Charter are being construed in the context of EU law and policy on biometrics, an ethically and morally sensitive security technology whose development and use are being actively promoted by the EU. We conclude that the interpretation of the pertinent rights, as well as their balancing, owes a great deal to the goals of EU policies for research and development, and under the auspices of Freedom, Security and Justice, shaped largely by political and economic considerations. These considerations then tend to prevail over ethically or morally-based legal claims.     

Unmanned aircraft systems: Surveillance,ethics and privacy in civil applications

This paper examines how the use of unmanned aircraft systems (UASs) for surveillance in civil applications impacts upon privacy and other civil liberties. It argues that, despite the heterogeneity of these systems, the same “usual suspects” – the poor, people of colour and anti-government protesters – are targeted by UAS deployments. It discusses how current privacy-related legislation in the US, UK and European Union might apply to UASs. We find that current regulatory mechanisms do not adequately address privacy and civil liberties concerns because UASs are complex, multimodal surveillance systems that integrate a range of technologies and capabilities. The paper argues for a combination of top-down, legislated requirements and bottom-up impact assessments to adequately address privacy and civil liberties.