Reconstructing consumer privacy protection on‐line: a modest proposal

Problems with consumer trust and confidence in the Internet as a safe environment in which to shop, browse and associate are well documented, as are the correlations between this lack of consumer trust and fears about privacy and security online. This paper attempts first to show why existing legal and extra‐legal modes for the protection of privacy online are failing to protect consumers and promote consumer trust. In particular it critiques the European regime of mandatory data protection laws as outdated and inappropriate to a world of multinational corporatism and ubiquitous transnational data flows via cyberspace. In the second part lessons are drawn from the crisis currently faced by intellectual property in cyberspace, particularly in reference to MP3 music files and peer‐to‐peer downloading and useful parallels are drawn from the solution devised by William Fisher of the Berkman Centre, Harvard, in the form of an alternative payment scheme for copyright holders. Finally, the insights drawn from Fisher's work are combined with original proposals drawn from a comparison of the consumer–data collector relationship in cyberspace with the roles played by truster, trustee and beneficiary in the institution of common law trust. The resulting ‘modest proposal’ suggests that a ‘privacy tax’ be levied on the profits made by data collectors and data processors. This could fund no‐fault compensation for identified ‘privacy harms’, improve public privacy enforcement resources, provide privacy‐enhancing technologies to individuals, satisfy the desire of commerce for less data protection‐related internal bureaucracy and possibly create the conditions for better promotion of consumer trust and confidence. The uptake of electronic commerce would thus be significantly enhanced.     

个人健康医疗信息和隐私权保护

Personal health care and medical treatment information are both personal information which can be used as a sign to identify each individual. Such information shall be under the control of the owner. The comprehensiveness of personal health care and medical treatment information makes it more valuable than the simplex personal information. The controlling right of personal health care and medical treatment information is irretrievable once deprived. The rights of controlling, managing and using regarding personal health care and medical treatment information can be separated appropriately. The right of privacy is an independent personality right. For the protection of public interests, the right of personal privacy shall be appropriately limited. Meanwhile, the government shall be responsible for the protection of personal health care and medical treatment information. Tang Xiaotian is a professor and supervisor in charge of the development and planning division of Shanghai University of Political Science and Law, and deputy General Secretary-in-chief of the Society of Law of Shanghai, whose main studies is focused on victim science, criminal law and criminology. Till now, he has 8 monographs and over 90 articles published in academic journals.     

Pondering personal privacy: a pragmatic approach to the Fourth Amendment protection of privacy in the information age

As technology with surveillance capacities has advanced, the debate over the rights of the citizenry to be free from governmental breaches of personal privacy has intensified. Within the United States, government actions legally challenged as intrusions into personal privacy have been analyzed under the Fourth Amendment, but Supreme Court rulings in such cases lack a clear and consistent rationale. Additionally, while more than a dozen federal privacy statutes have been enacted, each piece of legislation pertains to a specific type of information (e.g. driver’s license information, education records, and financial records). There is no overarching federal legislation which protects the individual’s private affairs from warrantless government inspection. A key issue underlying the scope of the debate and the variation in court decisions and public policies pertinent to invasions of privacy by government agencies is the lack of a clear and cogent definition of ‘privacy.’ By means of a review of the evolution of legal protections of privacy under the Fourth Amendment and a review of the evolution of technology with surveillance applications, it is suggested that there is a need for a sound operational definition of privacy. As a starting point for an informed and pragmatic dialogue on this matter, an operational definition of privacy built upon extant case and statutory law is provided.     

The legal construction of personal information protection and privacy under the Chinese Civil Code

Personal information protection and privacy interact in diverse ways, especially in the contemporary information age. Although books and articles have focused on this topic, the new tendencies of worldwide legislation and judicial practice bring challenges, as the legal construction of personal information protection and privacy differs from culture to culture and time to time. In 2017, the General Provisions of the Civil Law of the People's Republic of China (“the General Provisions of the Chinese Civil Code” hereafter)¹ (expired) addresses the legal concepts of personal information protection and the right to privacy simultaneously, to which this article refers as the dual model, differing from the one-dimensional mode of privacy protection before. Subsequently, the “The Right to Privacy and the Protection of Personal Information,” a chapter of the newly issued Civil Code of the People's Republic of China's (“the Chinese Civil Code” hereafter), ascertains the dual model and details related provisions. It has been dubbed a landmark ruling of China's personal information protection, greatly boosting the modernization of China's civil system.Despite the many articles that discuss approaches to China's civil protections, little attention has been given to the fundamental question concerning what exactly encompasses the personal information protection and privacy to which these laws refer. Based on the regulations and applicability of the General Provisions of the Chinese Civil Code and the Chinese Civil Code, this paper explores the legal construction of personal information protection and privacy under Chinese legal orders, including the differences, similarities, and interplay between the two rights. By distinguishing the legal value, contents and remedial approaches, this paper concludes that the two rights are distinct but overlap. On one side, personal information protection is elevated to the status of a separate civil right in the legal context of China, rather than part of privacy. On the other side, tailored regulations should be establish according to the criteria of the nature of information, the extent of information processing, and the elements of damage when confronted with overlaps in the two rights in judicial practice. Thus, this paper provides a perspective from which to clarify the approaches to civil protection of personal information and privacy in China and a reference model for enactment of the Chinese Personal Information Protection Law in the future.     

Blood rights: the body and information privacy

Genetic and other medical technology makes blood, human tissue and other bodily samples an immediate and accessible source of comprehensive personal and health information about individuals. Yet, unlike medical records, bodily samples are not subject to effective privacy protection or other regulation to ensure that individuals have rights to control the collection, use and transfer of such samples. This article examines the existing coverage of privacy legislation, arguments in favour of baseline protection for bodily samples as sources of information and possible approaches to new regulation protecting individual privacy rights in bodily samples.     

Altered states: state health privacy laws and the impact of the Federal Health Privacy Rule

Although the Federal Health Privacy Rule has evened out some of the inconsistencies between states' health privacy laws, gaps in protection still remain. Furthermore, the Federal Rule contains some lax standards for the disclosure of health information. State laws can play a vital role in filling these gaps and strengthening the protections afforded health information. By enacting legislation that has higher privacy-protective standards than the Federal Health Privacy Rule, states can play three important roles. First, because they can directly regulate entities that are beyond HHS's mandate, states can afford their citizens a broader degree of privacy protection than the Federal Health Privacy Rule. Second, by having state health privacy laws, states can enforce privacy protections at the local level. Finally, action by the states can positively influence health privacy policies at the federal level by raising the standard as to what constitutes sufficient privacy protection. High privacy protections imposed by states may serve as the standard for comprehensive federal legislation, if and when Congress reconsiders the issue. So far, states' reactions to the Federal Privacy Rule have been mixed. Only time will tell whether states will assume the mantle of leadership on health privacy or relinquish their role as the primary protectors of health information.     

HIPAA standards for privacy of individually identifiable health information: an introduction to the consent debate

On March 27, 2002, DHHS published proposed amendments to the Privacy Standards under HIPAA. The most controversial of these changes is the removal of the requirement that providers obtain patient consent before using or disclosing protected health information for treatment, payment, and healthcare operations. Some see this change as a rejection of privacy rights, while others see it as an acknowledgement of practical reality. This comment introduces the reader to the issues that are debated immediately following in the articles by Geralyn A. Kidera and Kristen Rosati.