I have a Facebook account,therefore I am – authentication with social networks

ABSTRACT

Social login is the use of a social network account to get access to other services. Since the internet in its architecture does not have the possibility to identify the internet user, for many services, social logins are the solution to authenticate users without the need to set up individual identity management systems. Social logins are not useful for all types of services, however, and the potential lock-in and lock-out of users needs to be considered.     

网络隐私法律保护简论

隐私一般是指与公共利益、群体利益无关的、当事人不愿让他人知道或他人不便知道的个人信息,而个人数据是所有用来标识个人基本情况的数据。文章针对互联网技术的发展为个人数据处理带来的隐私权问题,在分析西方国家保护模式、梳理我国隐私权保护现状基础上,提出了在我国加强网络空间的隐私权保护的必要性和紧迫性。     

Privacy notices versus informational self-determination: Minding the gap

Privacy notices are instruments that intend to inform individuals of the processing of their personal data, their rights as data subjects, as well as any other information required by data protection or privacy laws. The goal of this paper is to clarify the current discourse regarding the (in)utility of privacy notices, particularly in the context of online transactions. The perspective is a European one, meaning that the analysis shall be geared towards the European Data protection framework, particularly the European Data Protection Directive. The paper discusses the role that privacy notices play under the European data protection framework today, summarizes the main critiques regarding the use of privacy notices in practice and develops a number of recommendations.     

Privacy and the regulation of 2012

This paper explores the European Commission’s proposal for a new Regulation to update and reform data protection law in Europe. As regards the Regulation itself, without presenting an exhaustive analysis of all the provisions, this paper aims to highlight some significant changes proposed to the data protection regime by comparison between Directive 95/46 and the proposed Regulation. It takes particularly into account legislative innovation concerning data protection principles, data subjects’ rights, data controllers and data processors obligations, and the regulation of technologies. Before analyzing these innovations, it introduces some considerations about the Commission’s choice to use a Regulation instead of a Directive to harmonize national data protection regime.     

Property rights in personal data: Learning from the American discourse

This contribution is an attempt to facilitate a meaningful European discussion on propertization of personal data by explaining the idea as it emerged in its ‘mother-jurisdiction’, the United States. The piece starts with an overview of how the current US legal system addresses the data protection problem and whether, according to the US commentators, the law does it effectively. Furthermore, the contribution presents propertization of personal information as an alternative to the existing data protection regime and one of the ways to fill in the alleged gaps in the US data protection system. The article maps the US propertization debate. Pro-propertization arguments are considered from economic perspective as well as from the perspective of the limitations of the US legal and political system. In continuation it analyses proposals on how property rights in personal data would have to be regulated, if at all, in case the idea of propertization is accepted. The main points of criticism of propertization are also sketched. The article concludes with a brief summary of the US propertization discourse and, most importantly, with a list of the lessons Europeans can learn from their American counterparts engaging in the debate in the home jurisdiction. Among the main messages is that the outcome of the debate depends on the definition of the problem propertization is called on to tackle, and that it is the substance of the actual rights with regard to personal data that matters, and not whether we label them as property rights or not.     

Using social network analysis to target criminal networks

Using social network analysis (SNA), we propose a model for targeting criminal networks. The model we present here is a revised version of our existing model (Schwartz and Rouselle in IALEIA Journal, 18(1):18–14, 2008), which itself builds on Steve Borgatti’s SNA-based key player approach. Whereas Borgatti’s approach focuses solely on actors’ network positions, our model also incorporates the relative strength or potency of actors, as well as the strength of the relationships binding network actors.

Privacy by design and anonymisation techniques in action: Case study of Match technology

Privacy by Design is now enjoying widespread acceptance. The EU has recently expressly included it as one of the key principles in the revised data protection legal framework. But how does Privacy by design and data anonymisation work in practise? In this article the authors address this question from a practical point of view by analysing a case study on EU Financial Intelligence Units (“FIUs”) using the Ma³tch technology as additional feature to the existing exchange of information via FIU.NET decentralised computer network. They present, analyse, and evaluate Ma³tch technology from the perspective of personal data protection. The authors conclude that Ma³tch technology can be seen as a valuable example of Privacy by Design. It achieves data anonymisation and enhances data minimisation and data security, which are the fundamental elements of Privacy by Design. Therefore, it may not only improve the exchange of information among FIUs and allow for the data processing to be in line with applicable data protection requirements, but it may also substantially contribute to the protection of privacy of related data subjects. At the same time, the case study clearly shows that Privacy by Design needs to be supported and complemented by appropriate organisational and technical procedures to assure that the technology solutions devised to protect privacy would in fact do so.     

Privacy and personal data protection in China: An update for the year end 2009

This paper explores developments in privacy and data protection regulation in China. It argues that, since China is an emerging global economic power, the combination of domestic social economic development, international trade and economic exchange will encourage China to observe international standards of privacy and personal data protection in its future regulatory response.     

Aims,methods and achievements in European data protection1

The protection of personal data represents one of recent most emerging legal issues. On one hand, the privacy and the discretion of individuals are challenged by various new means of data collection and communication. On the other hand, the growth and development of the information economy is heavily dependent on the level of freedom of business units in gathering, processing and distribution of various kinds of information. In this short notice, we will try to summarize the experience with the data protection laws with respect to their basic teleology.     

Say cheese! Privacy and facial recognition

The popular social networking site, Facebook, recently launched a facial recognition tool to help users tag photographs they uploaded to Facebook. This generated significant controversy, arising as much as anything, from the company’s failure to adequately inform users of this new service and to explain how the technology works.The incident illustrates the sensitivity of facial recognition technology and the potential conflict with data privacy laws. However, facial recognition has been around for some time and is used by businesses and public organisations for a variety of purposes – primarily in relation to law enforcement, border control, photo editing and social networking. There are also indications that the technology could be used by commercial entities for marketing purposes in the future.This article considers the technology, its practical applications and the manner in which European data protection laws regulate its use. In particular, how much control should we have over our own image? What uses of this technology are, and are not, acceptable? Ultimately, does European data protection law provide an adequate framework for this technology? Is it a framework which protects the privacy of individuals without unduly constraining the development of innovative and beneficial applications and business models?     

隐私权视野下的网上公开裁判文书之限

裁判文书的上网是落实审判公开的一项有力措施,但其对隐私权的威胁亦不容忽视。裁判文书的全文上网原则上应预先获得当事人的同意,当然,若裁判文书涉及公共利益,则隐私权也应受到限制。但因公共利益的需要而将裁判文书上网时,仍应对具有可识别性的个人信息和其他重要信息予以保密。被害人、证人、未成年人的隐私权应予特殊保护。调解书原则上不应通过网络公开。     

Normative challenges of identification in the Internet of Things: Privacy,profiling, discrimination,and the GDPR

In the Internet of Things (IoT), identification and access control technologies provide essential infrastructure to link data between a user's devices with unique identities, and provide seamless and linked up services. At the same time, profiling methods based on linked records can reveal unexpected details about users' identity and private life, which can conflict with privacy rights and lead to economic, social, and other forms of discriminatory treatment. A balance must be struck between identification and access control required for the IoT to function and user rights to privacy and identity. Striking this balance is not an easy task because of weaknesses in cybersecurity and anonymisation techniques. The EU General Data Protection Regulation (GDPR), set to come into force in May 2018, may provide essential guidance to achieve a fair balance between the interests of IoT providers and users. Through a review of academic and policy literature, this paper maps the inherent tension between privacy and identifiability in the IoT. It focuses on four challenges: (1) profiling, inference, and discrimination; (2) control and context-sensitive sharing of identity; (3) consent and uncertainty; and (4) honesty, trust, and transparency. The paper will then examine the extent to which several standards defined in the GDPR will provide meaningful protection for privacy and control over identity for users of IoT. The paper concludes that in order to minimise the privacy impact of the conflicts between data protection principles and identification in the IoT, GDPR standards urgently require further specification and implementation into the design and deployment of IoT technologies.     

A comparison of data protection legislation and policies across the EU

Although the protection of personal data is harmonized within the EU by Directive 95/46/EC and will be further harmonized by the General Data Protection Regulation (GDPR) in 2018, there are significant differences in the ways in which EU member states implemented the protection of privacy and personal data in national laws, policies, and practices. This paper presents the main findings of a research project that compares the protection of privacy and personal data in eight EU member states: France, Germany, the UK, Ireland, Romania, Italy, Sweden, and the Netherlands. The comparison focuses on five major themes: awareness and trust, government policies for personal data protection, the applicable laws and regulations, implementation of those laws and regulations, and supervision and enforcement.The comparison of privacy and data protection regimes across the EU shows some remarkable findings, revealing which countries are frontrunners and which countries are lagging behind on specific aspects. For instance, the roles of and interplay between governments, civil rights organizations, and data protections authorities vary from country to country. Furthermore, with regard to privacy and data protection there are differences in the intensity and scope of political debates, information campaigns, media attention, and public debate. New concepts like privacy impact assessments, privacy by design, data breach notifications and big data are on the agenda in some but not in all countries. Significant differences exist in (the levels of) enforcement by the different data protection authorities, due to different legal competencies, available budgets and personnel, policies, and cultural factors.     

El libre acceso a la información,las innovaciones tecnológicas y la publicidad de los actos Procesales

This paper raises questions about the Brazilian legal system, which takes to an extreme the constitutional principle (the Publicity Principle) requiring publication of legal cases, and is unable to properly distinguish between the need to publish judicial decisions, and the publication of documents and texts produced by the parties, thus endangering the protection of personal data, and representing a possible security risk to the State and society as a whole.     

Personal networks and crime victimization among Swedish youth

We combine routine activity theory, lifestyle-victimization theory, and a social network perspective to examine crime victimization. In particular, we study to what extent crime victimization is associated with having close contacts who have been victimized and/or who engage in risky lifestyles. We use the data (collected in 2014) of 1,051 native Swedes and 1,108 Iranian and Yugoslavian first- or second-generation immigrants in Sweden who were all born in 1990. They were asked to describe their personal characteristics, various behaviours, and past personal experiences with crime victimization, as well as those of the five persons with whom they most often spend their leisure time. Our findings support the network perspective: crime victimization is negatively associated with the number of close contacts an individual mentions but is substantially more likely for those who have many close contacts who have themselves been victimized. In terms of a risky lifestyle that may enhance the likelihood of being victimized, we found only that individuals who get drunk frequently were at somewhat higher risk of being victimized. To guard young individuals against crime victimization, it might thus be worthwhile to focus more on with whom they associate than on their potentially risky lifestyles or attitudes.     

Privacy,National Security,and Internet Economy: An Explanation of China's Personal Information Protection Legislation

With the development of the internet and the increasing role played by information technology in the economy, personal information protection has become one of the most significant legal and public policy problems. Since 2013, China has accelerated its legislation efforts towards protecting personal information. The Cybersecurity Law of the People’s Republic of China took effect on June 1, 2017. Legal scholars focus on the nature of personal information, discuss the necessity of enacting specific laws on protecting personal information, and attempt to propose relevant draft laws regarding personal information protection. Personal information protection, however, is not only a legal issue but also a political one. We need to look at the decision-making process about legislation on personal information protection in China. Why has China sped up its legislation on personal information protection since 2013? Is privacy, civil rights, or legal interest the main reason behind the legislation? Only after placing personal information protection legislation in a broader context, can we have a better understanding of the underlying logic and dynamics of personal information protection in China, and can perceive the potential content and possible future of these legislation. This paper argues that Internet industry development, the social consequences of personal information infringement, and national security are the main drivers of China’s personal information protection legislation.     

大数据时代日本个人信息保护法探究

个人信息本来是极其隐私的事物,在大数据时代却时刻处于"裸奔"状态,时刻面临被侵犯的风险。特别在新冠肺炎疫情防控中,大数据技术发挥了重要作用,个人信息保护再次引起关注。整体而言,日本个人信息保护法以"个人优先"与"公共优先"的宗旨博弈为出发点,以"个人信息"的概念界定为基础,以个人信息权的保护为核心,以个人信息保护机构的独立设置为落脚点,为个人信息的保护奠定了基础。我国应当积极行动起来,尽快颁布《个人信息保护法》,助力大数据时代个人信息保护和数字经济的发展。     

e-Youth before its judges - Legal protection of minors in cyberspace

The present paper¹ aims both at introducing the legal aspects of the protection of minors in cyberspace and analysing and criticizing certain main features embedded in this legal approach of young people protection. After a short introduction underlining the concept of child’s rights and the reason why this right has been particularly proclaimed in the context of the cyberspace, the first section describes the new technological features of the ICT environment and linked to this evolution the increasing risks the minors are confronted with. A typology of cyber abuses is proposed on the basis of these considerations. A list of EU or Council of Europe texts directly or indirectly related to the minors’ protection into the cyberspace is provided. The second section intends to analyse certain characteristics of the legal approach as regards the ways by which that protection is conceived and effectively ensured. Different principles and methods might be considered as keywords summarizing the legal approach and to a certain extent, fixing a partition of responsibilities taking fully into account the diversity of actors might be deduced from the different regulatory documents.The third section comes back to the different complementary means by which the Law is envisaging the minors’ protection. The obligation to create awareness about the potential risks minors might incur definitively is the first one. The omnipresent reference in all the legal texts to the role of self-regulatory interventions constitutes another pillar of the protection envisaged by the Law. After having described the multiple instruments developed in the context of this self-regulation (labels, codes of conduct, hotlines, ODR…) or even co-regulation, the paper examines the conditions set by the European legislators as regards these instruments. Technology might be considered as a fourth method for protecting children. Our concern will be to see how the Law is addressing new requirements as regards the technological solutions and their implementation. The present debates about the liability of the actors involved in applications or services targeted or not vis-à-vis the minors like SNS or VSP operators are evoked. As a final point the question of the increasing competences of LEA and the reinforcement of the criminal provisions in order to fight cyber abuses against minors will be debated. In conclusion, we will address final recommendations about the way by which it would be possible to reconcile effective minors’ protection and liberties into the cyberspace.