Digital identity,privacy and the right to identity in the United States of America

This article analyses digital identity as an emergent legal concept in the United States of America, as a consequence of the move to place all federal government services on-line. The features and functions of digital identity and its legal nature are examined, and the consequences are considered.     

The retention of personal information online: A call for international regulation of privacy law

New technologies permit online businesses to reduce expenses and increase efficiency by, for example, storing information in “the cloud”, engaging in online tracking and targeted advertising, location and tracking technologies, and biometrics. However, the potential for technology to facilitate long term retention of customers' personal information raises concerns about the competing right of individuals to the privacy of their personal information. Although the European Commission has recently released a proposal for regulation to “provide a data subject with the right to be forgotten and to erasure”, neither the OECD Privacy Guidelines nor the APEC Privacy Framework includes any requirement to delete personal information. While New Zealand includes a “limited retention principle” in the Privacy Act 1993, apart from one limited exception the privacy principles cannot be enforced in court. Taking New Zealand privacy law as an example, this paper examines the issue of retention of customer data, explains why this is a serious problem and argues that although it could be addressed by appropriate amendments to domestic laws, domestic privacy legislation may not be sufficient in an online environment. In the same way as other areas of law, such as the intellectual property regime, have turned to global regulatory standards which reflect the international nature of their subject matter, international privacy regulation should be the next stage for the information privacy regime.     

The legal construction of privacy and data protection

In this contribution, the authors explore the differences and interplays between the rights to privacy and data protection. They describe the two rights and come to the conclusion that they differ both formally and substantially, though overlaps are not to be excluded. Given these different yet not mutually exclusive scopes they then apply the rights to three case-studies (body-scanners, human enhancement technologies, genome sequencing), highlighting in each case potential legal differences concerning the scope of the rights, the role of consent, and the meaning of the proportionality test. Finally, and on the basis of these cases, the authors propose paths for articulating the two rights using the qualitative and quantitative thresholds of the two rights, which leads them to rethink the relationship between privacy and data protection, and ultimately, the status of data protection as a fundamental right.     

The Bermuda Islands blow ‘sweet & sour’ on employers’ liability for Internet libel

The Bermudian Supreme Court (at first instance) recently ruled in Bermuda Restaurants Limited (t/a “Chopsticks”) v. Jonathan Daspin and ConvergEx Global Markets Ltd. (Civil Jurisdiction 2008: No. 134 (to be reported)) on the issue of whether an employer (here, a company) should be held liable for an allegedly libellous email publication by its employee, the managing director. The Judge was asked by the employer company to determine two issues of law which exposed the company and which centred on its vicarious liability for its employee's actions, including whether the use of the company's email system, during working hours, made it complicit in the publication. The Court held, applying principles of English and Canadian law, that the company was not vicariously liable and by extension that it was not the email's publisher.     

EU developments in IP,IT & telecommunications law

This is the latest edition of Baker & McKenzie's column on developments in EU law relating to IP, IT and telecommunications. This article summarises recent developments that are considered important for practitioners, students and academics in a wide range of information technology, e-commerce, telecommunications and intellectual property areas. It cannot be exhaustive but intends to address the important points. This is a hard copy reference guide, but links to outside web sites are included where possible. No responsibility is assumed for the accuracy of information contained in these links.     

Protecting personal data in wartime: The destruction of the alphabetic tabulators in Oslo

As a contribution to this special issue of CLSR, Jon Bing offers a unique wartime account of one of the earliest attempts to prevent ‘online processing’ of personal data by the occupying authorities for oppressive purposes.