Identity crisis: Global challenges of identity protection in a networked world

Modern identity is valuable, multi-functional and complex. Today we typically manage multiple versions of self, made visible in digital trails distributed widely across offline and online spaces. Yet, technology-mediated identity leads us into crisis. Enduring accessibility to greater and growing personal details online, alongside increases in both computing power and data linkage techniques, fuel fears of identity exploitation. Will it be stolen? Who controls it? Are others aggregating or analysing our identities to infer new data about us without our knowledge or consent? New challenges present themselves globally around these fears, as manifested by concerns over massive online data breaches and automated identification technologies, which also highlight the conundrum faced by governments about how to safeguard individuals' interests on the Web while striking a fair balance with wider public interests. This paper reflects upon some of these problems as part of the inter-disciplinary, transatlantic ‘SuperIdentity’ project investigating links between cyber and real-world identifiers. To meet the crisis, we explore the relationship between identity and digitisation from the perspective of policy and law. We conclude that traditional models of identity protection need supplementing with new ways of thinking, including pioneering ‘technical-legal’ initiatives that are sensitive to the different risks that threaten our digital identity integrity. Only by re-conceiving identity dynamically to appreciate the increasing capabilities for connectivity between different aspects of our identity across the cyber and the physical domains, will policy and law be able to keep up with and address the challenges that lie ahead in our progressively networked world.     

Russian PNR system: Data protection issues and global prospects

The usage of Passenger Name Record (PNR) for security purposes is growing worldwide. At least six countries have PNR systems; over thirty are planning to introduce them. On 1 December 2013, a Russian PNR system will be implemented. But enhanced collection of personal data leads to increased surveillance and privacy concerns. Russian authorities state that passengers' rights will be respected, but a closer look at the Russian regime reveals a number of critical points. From a global perspective, the Russian regime is only one of many PNR systems, including new ones to come in the future. Apparently, for the majority of them, similar challenges and problems will apply. At the same time, for the EU, with its strict data protection requirements, PNR requests by third countries (i.e. non-EU countries) create conflicts of laws. In order to resolve them, the EU concludes bilateral PNR agreements. However, the current deals, especially the one between the EU and the USA, involve a number of weaknesses. Accepting the latter, and having a pending proposal on the EU PNR system, the EU has weakened its position in negotiations with third countries. How will the EU deal with the Russian as well as with all the future requests for PNR? This paper provides legal analysis of the Russian PNR regime, pointing out common problems and giving prognosis on the global situation.     

电子数据认证的价值选择与制约机制——以刑事诉讼为视角

在对电子数据的认证中,现代技术因素增强了人们对此类证据的信赖程度,强化了裁判者的内心确认,也导致案件的证明过程中,认为电子数据的证明力一般大于其他传统证据。在诉讼中应避免过于追求电子数据的证明效果,在认证时有必要进行公共性价值衡量,使法律规范与诉讼行为获得合理性契合,保证电子数据在刑事证据领域的有序合法运用,使这种新兴证据种类得以规范和完善。     

初查性质新探

初查作为刑事立案前的职权行为因为缺乏法律规定而引起学界的争议,特别是初查的性质,对初查性质的界定不同直接决定了对初查程序的完善方式不同。警察机关的初查行为是警察权的性质,而检察机关的初查行为则是法律监督性质。     

社会治理视阈下的大数据意识

伴随着互联网技术和计算机技术的快速发展,我国已步入大数据时代。在社会治理视阈下,大数据深刻影响着社会治理的客观环境,逐渐成为政府和社会组织决策和创新的基础,成为社会治理科学化的核心。社会治理者要实现社会治理的科学化,应对大数据时代面临的社会治理问题,关键是要强化自身的大数据意识。     

The work of revision of the Council of Europe Convention 108 for the protection of individuals as regards the automatic processing of personal data

Thirty years after the Convention 108 for the protection of individuals as regards the automatic processing of personal data was adopted, the Council of Europe launched a process of modernising this text in order to adapt it to the substantive technological revolutions that have occurred since its birth in 1981. After two years of work, the Committee of the Convention 108 (T-PD Committee) has adopted the proposal of a revised version of both the Convention 108 and its additional Protocol. This paper presents the main propositions of changes brought by the modernisation work. Major changes have been brought to certain definitions and to the scope of the Convention as well as to the basic principles and to the special regime for sensitive data. Important new rights have been added to the list of guarantees offered to data subjects. New duties appear now in the text. And the transborder data flow regime has been entirely rewritten.     

论我国电子数据的法律规制及完善

由于互联网技术的快速发展,电子数据日趋成为关注的焦点。我国现有关于电子数据存在立法原则不明和具体制度相对滞后的明显缺陷,从而导致在司法实践中运用电子数据时面临现行法律的阻碍和技术维度的困境。通过对我国电子数据相关立法现状及司法实践的分析,总结我国电子数据法律规制方面存在的主要问题,并提出我国电子数据法律规制需要确立电子数据立法对基本权利的保障、完善电子数据可采性、举证责任、非法排除规则、搜查方法等方面具体措施,同时还需要加强电子数据立法的前瞻性,辅之以司法解释,转变对电子数据的认识观念,提高办案人员的技术能力。     

A walk in to the cloud and cloudy it remains: The challenges and prospects of ‘processing’ and ‘transferring’ personal data

Cloud computing is an information technology technique that promises greater efficiency and reduced-cost to consumers, businesses and public institutions. However, to the extent it has brought better efficiency and minimal cost, the emergence of cloud computing has posed a significant regulatory challenge on the application of data protection rules particularly on the regime regulating cross-border data flow. The Data Protection Directive (DPD), which dates back to 1995, is at odds with some of the basic technological and business-related features of the cloud. As a result, it is claimed that the Directive hardly offers any help in using the legal bases to ‘process’ and ‘transfer’ data as well as to determine when a transfer to a third country occurs in cloud computing. Despite such assertions, the paper argues that the ECJ's Bodil Lindqvist decision can to a certain extent help to delineate circumstances where transfer should and should not occur in the cloud. Concomitantly, the paper demonstrates that controllers can still make the most of the available possibilities in justifying their ‘processing’ as well as ‘transferring’ of data to a third country in cloud arrangements. In doing so, the paper also portrays the challenges that arise down the road. All legal perspectives are largely drawn from EU level though examples are given from member states and other jurisdictions when relevant.     

Facial symmetry in robust anthropometrics

Image analysis methods commonly used in forensic anthropology do not have desirable robustness properties, which can be ensured by robust statistical methods. In this paper, the face localization in images is carried out by detecting symmetric areas in the images. Symmetry is measured between two neighboring rectangular areas in the images using a new robust correlation coefficient, which down-weights regions in the face violating the symmetry. Raw images of faces without usual preliminary transformations are considered. The robust correlation coefficient based on the least weighted squares regression yields very promising results also in the localization of such faces, which are not entirely symmetric. Standard methods of statistical machine learning are applied for comparison. The robust correlation analysis can be applicable to other problems of forensic anthropology.     

Citizens' perceptions of data protection and privacy in Europe

Data protection and privacy gain social importance as technology and data flows play an ever greater role in shaping social structure. Despite this, understanding of public opinion on these issues is conspicuously lacking. This article is a meta-analysis of public opinion surveys on data protection and privacy focussed on EU citizens. The article firstly considers the understanding and awareness of the legal framework for protection as a solid manifestation of the complex concepts of data protection and privacy. This is followed by a consideration of perceptions of privacy and data protection in relation to other social goals, focussing on the most visible of these contexts–the debate surrounding privacy, data protection and security. The article then considers how citizens perceive the ‘real world’ environment in which data processing takes place, before finally considering the public's perception and evaluation of the operation of framework against environment.