Privacy and personal data protection in China: An update for the year end 2009

This paper explores developments in privacy and data protection regulation in China. It argues that, since China is an emerging global economic power, the combination of domestic social economic development, international trade and economic exchange will encourage China to observe international standards of privacy and personal data protection in its future regulatory response.     

Privacy,surveillance, and the proportionality principle: The need for a method of assessing privacy implications of technologies used for surveillance

Developments in technology have created the possibility for law enforcement authorities to use for surveillance purposes devices that are in the hands or private premises of individuals (e.g. smart phones, GPS devices, smart meters, etc.). The extent to which these devices interfere with an individual's private sphere might differ. In the European Union, surveillance measures are considered lawful if they have been issued in conformity with the legal rules and the proportionality principle. Taking a fundamental rights approach, this paper focuses on the information needed for adopting proportionate decisions when authorizing the use for surveillance of devices that are not built for surveillance purposes. Since existing methods of privacy assessment of technologies do not offer the required information, this paper suggests the need for a new method of assessing privacy implications of technologies and devices which combines an assessment of privacy aspects with the different dimensions of surveillance.     

South Africa's PNR regime: Privacy and data protection

There has been an increase in the collection and use of Passenger Name Record (PNR) data for security purposes globally. Though academic analysis of this trend has remained focused largely on the North American and European context, the Government of South Africa has been using PNRs since 2014 for security purposes. South Africa was the first country on the African continent to implement such a regime and is one of only thirteen states internationally to link its Advanced Passenger Information (API) and PNR systems. While there has been little attention on South Africa's use of PNRs, an inquiry into the country's PNR practices reveals striking privacy concerns, including the potential permanent retention of PNR data and a failure of the state to fully disclose if, and under what conditions, PNR data can be shared with other states. While South Africa has implemented a PNR regime that is comparable to the highest international standards, the data protection requirements appear to be far less developed. In fact, South Africa's PNR regime remains enigmatic as all indications and mention of PNR are elusive and scattered across government publications. As such, this paper aims to provide an introduction into the elements of South African PNR use, including the implications as they relate to law, data protection, and privacy.     

Dualism in data protection: Balancing the right to personal data and the data property right

This paper explores the issues surrounding the right to personal data and the data property right in the context of commercial transactions involving big data, and will thus inform the ongoing drafting process of the Chinese Civil Code and development of a commercial data market in China. The analysis herein attempts to break through the traditional concept of ‘property’ with the aim of helping China to develop a modern information society, devise a property law theory suitable for the big data era, and improve the level of protection afforded to rights and legitimate interests in data. To date, no comprehensive study has focused on developing a proper understanding of the concept of ‘data property rights’, and hence we lack the solid theoretical support needed to construct a proper protective system for such rights. This paper offers the first systematic study of the rules pertaining to data property rights, thereby enriching the theory of such rights and serving as a theoretical basis for the enactment of a civil code that protects citizens’ legal rights and interests in the information society. It also offers a thorough discussion of how to construct a data property protection system, thereby providing an ideal reference model for enactment of the Chinese Civil Code.     

Property rights in personal data: Learning from the American discourse

This contribution is an attempt to facilitate a meaningful European discussion on propertization of personal data by explaining the idea as it emerged in its ‘mother-jurisdiction’, the United States. The piece starts with an overview of how the current US legal system addresses the data protection problem and whether, according to the US commentators, the law does it effectively. Furthermore, the contribution presents propertization of personal information as an alternative to the existing data protection regime and one of the ways to fill in the alleged gaps in the US data protection system. The article maps the US propertization debate. Pro-propertization arguments are considered from economic perspective as well as from the perspective of the limitations of the US legal and political system. In continuation it analyses proposals on how property rights in personal data would have to be regulated, if at all, in case the idea of propertization is accepted. The main points of criticism of propertization are also sketched. The article concludes with a brief summary of the US propertization discourse and, most importantly, with a list of the lessons Europeans can learn from their American counterparts engaging in the debate in the home jurisdiction. Among the main messages is that the outcome of the debate depends on the definition of the problem propertization is called on to tackle, and that it is the substance of the actual rights with regard to personal data that matters, and not whether we label them as property rights or not.     

Opening up personal data protection: A conceptual controversy

The existence of a fundamental right to the protection of personal data in European Union (EU) law is nowadays undisputed. Established in the EU Charter of Fundamental Rights in 2000, it is increasingly permeating EU secondary law, and is expected to play a key role in the future EU personal data protection landscape. The right's reinforced visibility has rendered manifest the co-existence of two possible and contrasting interpretations as to what it come to mean. If some envision it as a primarily permissive right, enabling the processing of such data under certain conditions, others picture it as having a prohibitive nature, implying that any processing of data is a limitation of the right, be it legitimate or illegitimate. This paper investigates existing tensions between different understandings of the right to the protection of personal data, and explores the assumptions and conceptual legacies underlying both approaches. It traces their historical lineages, and, focusing on the right to personal data protection as established by the EU Charter, analyses the different arguments that can ground contrasted readings of its Article 8. It also reviews the conceptualisations of personal data protection as present in the literature, and finally contrasts all these perspectives with the construal of the right by the EU Court of Justice.     

New Governance,Chief Privacy Officers,and the Corporate Management of Information Privacy in the United States: An Initial Inquiry

While the turn from traditional regulation to more collaborative, experimentalist, and flexible forms of governance has garnered significant academic focus, far less attention has been paid to the effects of such “new governance” approaches on regulated firms' understanding of the laws' demands, and on the structures employed within business organizations to meet them. This article targets this analytic gap by examining internal corporate practices regarding consumer privacy, an arena in which the Federal Trade Commission and the states have adopted new governance models. Using data from qualitative interviews with leading corporate Chief Privacy Officers, as well as internal corporate documentation, it examines the way privacy practices have been catalyzed in the shadow of new privacy governance approaches and the combination of regulatory, market, and stakeholder forces they seek to harness. Specifically, it suggests the convergence of a set of practices adopted by privacy officers identified as “leaders,” regarding both high‐level corporate privacy management and the integration of privacy into entity‐wide risk management goals through technology, decision‐making processes, and the empowerment of distributed expertise networks throughout the firm.     

Privacy,trust and policy-making: Challenges and responses

The authors contend that the emerging ubiquitous Information Society (aka ambient intelligence, pervasive computing, ubiquitous networking and so on) will raise many privacy and trust issues that are context dependent. These issues will pose many challenges for policy-makers and stakeholders because people's notions of privacy and trust are different and shifting. People's attitudes towards privacy and protecting their personal data can vary significantly according to differing circumstances. In addition, notions of privacy and trust are changing over time. The authors provide numerous examples of the challenges facing policy-makers and identify some possible responses, but they see a need for improvements in the policy-making process in order to deal more effectively with varying contexts. They also identify some useful policy-making tools. They conclude that the broad brush policies of the past are not likely to be adequate to deal with the new challenges and that we are probably entering an era that will require development of “micro-policies”. While the new technologies will pose many challenges, perhaps the biggest challenge of all will be to ensure coherence of these micro-policies.     

The Borrowed View: Privacy, Propriety, and the Entanglements of Property

A dominant characterization celebrates property as a means to attain privacy and autonomy. Drawing on recent scholarship, I compare this idea with a proprietarian perspective, which emphasizes the ways in which private ownership comes freighted with public responsibilities. The garden, I shall argue, reveals both dimensions to property. Drawing from gardening debates over the past century and an empirical survey of gardening in Vancouver, Canada, I conclude by arguing, first, that the ends of property are more diverse than we suppose, and second, that these two conceptions should in fact be thought of not as incompatible and opposed, but as entangled and interrelated. While judicial and academic evaluations tend to rely on a binary view of property, so that privacy and propriety seem to live in different spaces, my findings suggest a more fluid cohabitation.     

Ownership of personal data in the Internet of Things

This article analyses, defines, and refines the concepts of ownership and personal data to explore their compatibility in the context of EU law. It critically examines the traditional dividing line between personal and non-personal data and argues for a strict conceptual separation of personal data from personal information. The article also considers whether, and to what extent, the concept of ownership can be applied to personal data in the context of the Internet of Things (IoT). This consideration is framed around two main approaches shaping all ownership theories: a bottom-up and top-down approach. Via these dual lenses, the article reviews existing debates relating to four elements supporting introduction of ownership of personal data, namely the elements of control, protection, valuation, and allocation of personal data. It then explores the explanatory advantages and disadvantages of the two approaches in relation to each of these elements as well as to ownership of personal data in IoT at large. Lastly, this article outlines a revised approach to ownership of personal data in IoT that may serve as a blueprint for future work in this area and inform regulatory and policy debates.     

网络安全、隐私及相关法律问题研究——兼论在民法典中确立人格权制度的现实和历史意义

只有保证了网络的安全和个人的隐私权,电子商务才能真正展开和蓬勃发展.从效率和我国的实际情况等方面考虑,网络安全和隐私权方面的立法应该纳入一般的部门法当中.在正在制定的民法典中确立包括隐私权在内的人格权制度兼具了现实和历史意义.网络无国界的特点决定了有关方面的立法需要国际间的协调与合作,所以网络技术拓宽了国际法的发展空间.个体面对计算机的事实内涵了道德因素是网络安全和隐私的根本保障的逻辑必然性.由此也显示了网络技术的文化与道德意义.