政府公共性的多维度分析

政府公共性具体体现在政府执掌的是社会公共权力、政府贯彻执行社会公共意志、政府谋求的是社会公共利益、政府管理社会公共事务、政府承担公共责任和政府的行为应公开透明这六方面。政府公共性的理念支点是公共精神,现实载体是公共政策,物质保障是公共财政。政府公共性从历史看经历了一个产生、丧失、膨胀和转移的复杂过程。现代社会伴随着市民社会的发展壮大,第三部门的崛起,出现了私域公共性的觉醒,政府公共性逐步向社会转移。政府公共性的丧失和政府公共性的转移虽然表面上都表现为政府公共性在量上的减少,但其实两者在本质上有着很大的差异。政府公共性的丧失是强政府弱社会的必然结果。而政府公共性的转移体现出社会在力量壮大之后,要求政府将一部分管理的公共事务交给社会,实现部分权力向权利的回归。     

Privacy and personal data protection in China: An update for the year end 2009

This paper explores developments in privacy and data protection regulation in China. It argues that, since China is an emerging global economic power, the combination of domestic social economic development, international trade and economic exchange will encourage China to observe international standards of privacy and personal data protection in its future regulatory response.     

The anonymous police blogger,the newspaper and the unmasking of Night Jack

The English High Court recently refused to grant an injunction to restrain The Times newspaper from publishing the identity of an anonymous political blogger (The author of a blog v Times Newspapers Limited [2009] EWHC 1358 (QB)). The facts of the case were unusual: there was no clearly unlawful behaviour by the blogger, who was also a police officer highly critical of political figures and policies. There was also no relationship between the blogger and the journalist who deduced the blogger's identity; the court therefore focussed on the tort of misuse of private information and countervailing public interests, such as freedom of expression. This article describes the approach of the court and considers the earlier case of Mahmood v Galloway ([2006] EWHC 1286 (QB)) concerning an undercover journalist's attempt to prevent publication of photographs showing what he looked like. It also discusses whether data protection law could have a role to play in future cases concerning attempts to preserve an online author's anonymity. The conclusion of the article is that this case does not spell the end of all anonymous blogging.     

Towards a new generation of CCTV networks: Erosion of data protection safeguards?

CCTV networks are progressively being replaced by more flexible and adaptable video surveillance systems based on internet protocol (IP) technologies. The use of wireless IP systems allows for the emergence of flexible networks and for their customization, while at the same time video analytics is easing the retrieval of the most relevant information. These technological advances, however, bring with them threats of a new kind for fundamental freedoms that cannot always be properly assessed by current legal safeguards. This paper analyses the ability of current data protection laws in providing an adequate answer to these new risks.     

“In the public interest”: The privacy implications of international business-to-business sharing of cyber-threat intelligence

This article reports on preliminary findings and recommendations of a cross-discipline project to accelerate international business-to-business automated sharing of cyber-threat intelligence, particularly IP addresses. The article outlines the project and its objectives and the importance of determining whether IP addresses can be lawfully shared as cyber threat intelligence.The goal of the project is to enhance cyber-threat intelligence sharing throughout the cyber ecosystem. The findings and recommendations from this project enable businesses to navigate the international legal environment and develop their policy and procedures to enable timely, effective and legal sharing of cyber-threat information. The project is the first of its kind in the world. It is unique in both focus and scope. Unlike the cyber-threat information sharing reviews and initiatives being developed at country and regional levels, the focus of this project and this article is on business-to-business sharing. The scope of this project in terms of the 34 jurisdictions reviewed as to their data protection requirements is more comprehensive than any similar study to date.This article focuses on the sharing of IP addresses as cyber threat intelligence in the context of the new European Union (EU) data protection initiatives agreed in December 2015 and formally adopted by the European Council and Parliament in April 2016. The new EU General Data Protection Regulation (GDPR) applies to EU member countries, a major focus of the international cyber threat sharing project. The research also reveals that EU data protection requirements, particularly the currently applicable law of the Data Protection Directive 95/46/EC (1995 Directive) (the rules of which the GDPR will replace in practice in 2018), generally form the basis of current data protection requirements in countries outside Europe. It is expected that this influence will continue and that the GDPR will shape the development of data protection internationally.In this article, the authors examine whether static and dynamic IP addresses are “personal data” as defined in the GDPR and its predecessor the 1995 Directive that is currently the model for data protection in many jurisdictions outside Europe. The authors then consider whether sharing of that data by a business without the consent of the data subject, can be justified in the public interest so as to override individual rights under Articles 7 and 8(1) of the Charter of Fundamental Rights of the European Union, which underpin EU data protection. The analysis shows that the sharing of cyber threat intelligence is in the public interest so as to override the rights of a data subject, as long as it is carried out in ways that are strictly necessary in order to achieve security objectives. The article concludes by summarizing the project findings to date, and how they inform international sharing of cyber-threat intelligence within the private sector.     

Revoking consent: A ‘blind spot’ in data protection law?

The flow of personal data throughout the public and private sectors is central to the functioning of modern society. The processing of these data is, however, increasingly being viewed as a major concern, particularly in light of many recent high profile data losses. It is generally assumed that individuals have a right to withdraw, or revoke, their consent to the processing of their personal data by others; however this may not be straightforward in practice, or addressed adequately by the law. Examination of the creation of data protection legislation in Europe and the UK, and its relationship with human rights law, suggests that such a general right to withdraw consent was assumed to be inbuilt, despite the lack of express provisions in both the European Data Protection Directive and UK Data Protection Act. In this article we highlight potential shortcomings in the provisions that most closely relate to this right in the UK Act. These raise questions as to the extent of meaningful rights of revocation, and thus rights of informational privacy, afforded to individuals in a democratic society.     

Privacy regulations on biometrics in Australia

This paper aims to provide an analysis of the current regulatory environment, at the federal level, of privacy protection concerning biometrics in Australia. The study only focuses on the federal Privacy Act 1988 (Cth) and the Biometrics Institute Privacy Code. The discussion is based on the legal concerns of the use of biometrics, and an analysis is made concerning the implications of privacy protection sources.     

Automated consent through privacy agents: Legal requirements and technical architecture

The changes imposed by new information technologies, especially pervasive computing and the Internet, require a deep reflection on the fundamental values underlying privacy and the best way to achieve their protection. The explicit consent of the data subject, which is a cornerstone of most data protection regulations, is a typical example of requirement which is very difficult to put into practice in the new world of “pervasive computing” where many data communications necessarily occur without the users' notice. In this paper, we argue that an architecture based on “Privacy Agents” can make privacy rights protection more effective, provided however that this architecture meets a number of legal requirements to ensure the validity of consent delivered through such Privacy Agents. We first present a legal analysis of consent considering successively (1) its nature; (2) its essential features (qualities and defects) and (3) its formal requirements. Then we draw the lessons of this legal analysis for the design of a valid architecture based on Privacy Agents. To conclude, we suggest an implementation of this architecture proposed in a multidisciplinary project involving lawyers and computer scientists.     

Russian data retention requirements: Obligation to store the content of communications

This paper presents an analysis of Russian data retention regulations. The most controversial point of the Russian data retention requirements is an obligation to keep the content of communications that is untypical for legislation of European and other countries. These regulations that oblige telecom operators and Internet communication services to store the content of communications should come into force on July 1, 2018.The article describes in detail the main components of the data retention mechanism: the triggers for its application, its scope, exemptions and barriers to its enforcement. Attention is paid to specific principles for implementation of content retention requirements based on the concepts of proportionality, reasonableness and effectiveness.Particular consideration is given to the comparative aspects of the Russian data retention legislation and those applying in different countries (mainly EU member states). The article focuses on the differences between the Russian and EU approaches to the question of how to strike a balance between public security interests and privacy. While the EU model of data retention is developing in the context of profound disputes on human rights protection, the Russian model is mostly concentrated on security interests and addresses mainly economic, technological aspects of its implementation.The paper stresses that a range of factors (legal, economic and technological) needs to be taken into account for developing an optimal data retention system. Human rights guarantees play the key role in legitimization of such intrusive measures as data retention. Great attention should be paid to the procedures, precise definitions, specification of entitled authorities and the grounds for access to data, providing legal immunities and privileges, etc. Only this extensive range of legal guarantees can balance intervention effect of state surveillance and justify data retention practices.     

Pricing privacy – the right to know the value of your personal data

The commodification of digital identities is an emerging reality in the data-driven economy. Personal data of individuals represent monetary value in the data-driven economy and are often considered a counter performance for “free” digital services or for discounts for online products and services. Furthermore, customer data and profiling algorithms are already considered a business asset and protected through trade secrets. At the same time, individuals do not seem to be fully aware of the monetary value of their personal data and tend to underestimate their economic power within the data-driven economy and to passively succumb to the propertization of their digital identity. An effort that can increase awareness of consumers/users on their own personal information could be making them aware of the monetary value of their personal data. In other words, if individuals are shown the “price” of their personal data, they can acquire higher awareness about their power in the digital market and thus be effectively empowered for the protection of their information privacy. This paper analyzes whether consumers/users should have a right to know the value of their personal data. After analyzing how EU legislation is already developing in the direction of propertization and monetization of personal data, different models for quantifying the value of personal data are investigated. These models are discussed, not to determine the actual prices of personal data, but to show that the monetary value of personal data can be quantified, a conditio-sine-qua-non for the right to know the value of your personal data. Next, active choice models, in which users are offered the option to pay for online services, either with their personal data or with money, are discussed. It is concluded, however, that these models are incompatible with EU data protection law. Finally, practical, moral and cognitive problems of pricing privacy are discussed as an introduction to further research. We conclude that such research is needed to see to which extent these problems can be solved or mitigated. Only then, it can be determined whether the benefits of introducing a right to know the value of your personal data outweigh the problems and hurdles related to it.