A walk in to the cloud and cloudy it remains: The challenges and prospects of ‘processing’ and ‘transferring’ personal data

Cloud computing is an information technology technique that promises greater efficiency and reduced-cost to consumers, businesses and public institutions. However, to the extent it has brought better efficiency and minimal cost, the emergence of cloud computing has posed a significant regulatory challenge on the application of data protection rules particularly on the regime regulating cross-border data flow. The Data Protection Directive (DPD), which dates back to 1995, is at odds with some of the basic technological and business-related features of the cloud. As a result, it is claimed that the Directive hardly offers any help in using the legal bases to ‘process’ and ‘transfer’ data as well as to determine when a transfer to a third country occurs in cloud computing. Despite such assertions, the paper argues that the ECJ's Bodil Lindqvist decision can to a certain extent help to delineate circumstances where transfer should and should not occur in the cloud. Concomitantly, the paper demonstrates that controllers can still make the most of the available possibilities in justifying their ‘processing’ as well as ‘transferring’ of data to a third country in cloud arrangements. In doing so, the paper also portrays the challenges that arise down the road. All legal perspectives are largely drawn from EU level though examples are given from member states and other jurisdictions when relevant.     

Citizens' perceptions of data protection and privacy in Europe

Data protection and privacy gain social importance as technology and data flows play an ever greater role in shaping social structure. Despite this, understanding of public opinion on these issues is conspicuously lacking. This article is a meta-analysis of public opinion surveys on data protection and privacy focussed on EU citizens. The article firstly considers the understanding and awareness of the legal framework for protection as a solid manifestation of the complex concepts of data protection and privacy. This is followed by a consideration of perceptions of privacy and data protection in relation to other social goals, focussing on the most visible of these contexts–the debate surrounding privacy, data protection and security. The article then considers how citizens perceive the ‘real world’ environment in which data processing takes place, before finally considering the public's perception and evaluation of the operation of framework against environment.     

The CLSR-LSPI Seminar – ‘The future of privacy regulation in the online world’

The annual CLSR-LSPI Seminar (www.lspi.net) took place on 19 September 2011 at the Sixth Legal, Security & Privacy Issues in IT Conference (LSPI) at University of Nicosia, Cyprus. The event, led by Prof. Steve Saxby, Editor-in-Chief of CLSR, invited contributions from five legal specialists on a variety of current issues dealing with the future of privacy. A lively discussion took place amongst those present after each intervention. The reports of those who presented are recorded below.     

论劳动者隐私权的法律保护:一个分析框架

以民法为中心的隐私权立法不足以保护劳动者,应构建契合劳动法理念的隐私权保护制度。劳动关系的从属性限制了劳动者隐私权受保护的范围和程度,同时也对雇主提出保护劳动者隐私权的要求。保护劳动者隐私权必须对各种社会利益及其相对重要性进行分析,核心在于实现雇主利益与劳动者隐私权的平衡,其一般标准可以区分为四项原则:职业区分原则;利益衡量原则;最少损害原则;合法限制与合意限制原则。     

监狱行刑实务中罪犯隐私权若干问题探讨

监狱行刑实务中,保护罪犯私人信息有其必要性与重要价值。对罪犯私人信息、罪犯通信、罪犯＂现身说法＂等涉及罪犯隐私权的问题,应遵循目的特定原则、限制原则、合法公正原则、安全保护原则等。不同类型罪犯的隐私权应区别对待。在确保监狱内特别公共场所的秩序与安全的前提下,应当尽可能地控制监控手段的使用,防止监控手段的滥用。行刑活动在对罪犯隐私权进行必要限制的同时,也要予以有效的保护,以期科学、理性、全面地认识罪犯隐私权。     

“人肉搜索”的刑法学思考

人肉搜索作为一种新兴的信息搜索方式,近几年愈发吸引社会关注。人们在赞叹人肉搜索为社会环境净化带来积极作用的同时,也看到网络暴力事件的频频发生。在隐私权的内涵如何界定在实体法上还没有明确规定,学界意见尚未统一的情况下,将人肉搜索纳入刑法规制明显不当,面临诸多障碍。针对人肉搜索产生的负面影响,应主要从民事责任角度加以调整。人肉搜索的部分行为类型也可构成刑法现有的侮辱罪、诽谤罪以及出售、非法提供公民个人信息罪。     

智能信息系统的隐私保护问题研究

智能信息系统是运用人工智能技术的信息系统,可以对信息进行智能分析,实现信息挖掘,从而提升信息的价值。智能信息系统面临的主要挑战在于如何能够在使用个人数据的同时,确保个人身份信息和个人隐私得到保护。智能信息系统隐私权保护是一项系统工程。国家和政府应当在保护个人信息方面更加积极有力。司法机关在保障公民隐私权方面扮演着平衡各方利益的角色。保护公民隐私权,应当强化技术创新。互联网企业应承担起个人数据保护的主体责任,加强自我约束。社会组织收集个人信息不能超过必要的限度与合目的性。个人隐私权遭受侵犯时应积极主动地运用法律捍卫自己的合法权益。     

论电子政务信息公开与隐私权冲突之协调

信息公开是电子政务的重要方面,是公众知情权的保障。但是信息公开不可避免的给个人隐私造成侵害,在分析我国隐私权保护现状的基础上,笔者提出应采用利益衡量和权利限制原则,并借鉴欧美的经验,构建安全港模式,从而实现电子政务信息公开与公民隐私权保护两者的利益平衡。     

网上侦查与公民隐私权保护之衡平

互联网所创造的无边界的虚拟空间催生着侦查信息化的发展,使侦查方式由传统趋于现代。侦查的核心是信息,而互联网恰能让各种与侦查相关的信息得到高效的管理和应用,进而提高办案效率。运用网络信息侦查破案已成为诸多国家刑事侦查的重要途径。然而,当网络监控、网络通缉、IP地址查找、网络侦查陷阱等一系列高科技的侦查手段赋予侦查机关强大的侦破能力时,公民的隐私权却遭受着前所未有的打击。网上侦查与公民隐私权存在着天然的冲突性,但二者又必须在控制犯罪与保障人权、实体真实与程序正义的相互冲突的价值之间寻求动态的平衡。     

论完善我国公民隐私权法律保护制度

世界各国对隐私权的法律保护方式主要有直接保护、间接保护、概括保护。我国目前对隐私权的保护属于间接保护的方式 ,民法中尚未确认隐私权为独立的民事权利。完善我国隐私权法律制度 ,一方面应在刑法中设立侵犯公民隐私权罪 ;另一方面在将要制定的《民法典》中 ,应确认隐私权为一项独立的民事权利 ,确定隐私权的范围并规定侵犯隐私权的法律责任。