The principle of proportionality in biometrics:Case studies from Norway

The principle of proportionality is a decisive factor in the legal review of biometric systems by the Data Protection Authorities (DPA) in EU member states. However, in the working document on biometrics the Data Protection Working Party gives little guidance on how the purpose and proportionality principle must be applied to biometrics. There remain uncertainties as to the specific criteria and factors that are used for evaluating the proportionality of processing biometric information. This sometimes leads to contradictory decisions by different national DPAs on similar biometric related issues. This paper aims to discuss the legal factors and parameters that are generally adopted to address the proportionality issue in the biometric context. After a brief analysis of the legal notion of the principle of proportionality, the paper analyses and discusses the European organisations’ interpretation of the recent Norwegian cases on biometrics. The paper then concludes with a summary of the interpretation of the proportionality principle within the biometric context and gives specific recommendations of several important factors that need to be taken into account.     

Why privacy is at risk

Dr Chris Pounder has been professionally involved in delivering data protection services since the time of the Lindop Report in 1978. Here he argues for an express link between the data protection and human rights regimes. Amberhawk is a new company founded by Chris in 2008 with Sue Cullen as the vehicle for the continuation of the information law training business previously operated by Pinsent Masons LLP.     

Are data protection laws sufficient for privacy intrusions? The case in Hong Kong

An area of concern which relates to privacy intrusions in Hong Kong is the substantial changes that have taken place in recent years in relation to news gathering and reporting and the activities of local paparazzi. The issue that needs to be addressed is how intrusions of privacy can be protected in Hong Kong. The most significant reform to date has been the enactment of the Personal Data (Privacy) Ordinance which provides rules for the fair handling of information about living individuals. However, the Ordinance is concerned only with data protection and does not provide a general privacy right. This article demonstrates the inadequacies of existing legislation for general privacy protection and examines the possibility of developing a separate action for general privacy via a) an action of extended breach of confidence as demonstrated by the UK model and b) a sui generis cause of action as can be seen in the New Zealand courts.     

File fragment encoding classification—An empirical approach

Over the past decade, a substantial effort has been put into developing methods to classify file fragments. Throughout, it has been an article of faith that data fragments, such as disk blocks, can be attributed to different file types. This work is an attempt to critically examine the underlying assumptions and compare them to empirically collected data. Specifically, we focus most of our effort on surveying several common compressed data formats, and show that the simplistic conceptual framework of prior work is at odds with the realities of actual data. We introduce a new tool, zsniff, which allows us to analyze deflate-encoded data, and we use it to perform an empirical survey of deflate-coded text, images, and executables. The results offer a conceptually new type of classification capabilities that cannot be achieved by other means.     

A simpler solution for offshoring personal information?

This article looks at the European Commission’s recent revisions to the controller-processor model clauses to allow the transfer of personal data to processors and sub-processors based outside of the EEA. These new sub-processing provisions are the subject of a recent opinion by the Article 29 Working Party that is both helpful and is likely to ease the use of these clauses. However, many of the other problems associated with the use of these clauses remain, especially the lengthy and bureaucratic filing and approval requirements mandated under many national laws.     

大数据视域下我国暴恐犯罪侦查治理研究

暴恐犯罪作为当前影响社会公共安全最为突出的犯罪活动之一,需要我们从经济、宗教、民族、外来势力和科技发展等方面分析其特点和发展趋势,在此基础上充分运用大数据时代海量的数据资源、先进的数据技术、创新的数据思维,充分发挥群众工作和各部门各行业齐抓共管的优势,全方位、多层次地实现暴恐犯罪侦查治理的数据化、精准化、科学化、系统化。     

大数据时代背景下的政府治理创新探析

大数据是信息革命的新成果。作为一种新的生产要素,大数据催生了新模式、新产品、新业态、新经济,促进了社会生产力的提高,继而改变了人们的生活方式,影响了社会的运行方式,从而产生一种新的文化,促使社会组织模式及权力关系发生重大变化,进而改变社会的组织与管理方式,引发政府治理的变革和创新。在互联网和智能化的时代背景下,大数据远远超越了技术层次,被赋予了丰富的社会属性,对领导方式、决策模式、政府治理创新等形成了新的冲击与挑战。某种意义上,大数据意味着一种新的生产方式和生活方式,意味着一种新的文化和思维方式,也意味着一种新的治理模式。     

Data security: Past,present and future

The loss by Her Majesty's Revenue and Customs (HMRC) of two CDs containing 25 million child benefit details has changed the data security landscape forever. No longer is data security the exclusive and rather arcane preserve of spotty technology professionals or data protection lawyers. HMRC has thrust data security onto the front pages of the mainstream media and brought it very suddenly to the top of the political and commercial agendas of senior politicians and boards of directors. In this article, the author will outline the reasons behind the rise of data security as a front line issue and examine the lessons to be learnt from HMRC. He will analyse the different facets of data security risk and explore ways in which organisations can go about managing it. He will outline the attitude of regulators to data security and where regulatory developments are likely to take us. The final part of the article looks into the future, with particular focus on the emergence of privacy enhancing technologies.     

European national news

The regular article tracking developments at the national level in key European countries in the area of IT and communications – co-ordinated by Herbert Smith LLP and contributed to by firms across Europe. This column provides a concise alerting service of important national developments in key European countries. Part of its purpose is to compliment the Journal's feature articles and Briefing Notes by keeping readers abreast of what is currently happening “on the ground” at a national level in implementing EU level legislation and international conventions and treaties. Where an item of European National News is of particular significance, CLSR may also cover it in more detail in the current or a subsequent edition.     

Singapore's Personal Data Protection legislation: Business perspectives

As global digitalisation of information and interconnecting technologies along with new marketing practices and business processes vastly increase the opportunities for data collection, storage, usage and delivery, there is a corresponding increase in consumer expectations of data privacy. These expectations must be met if business organisations are to promote consumer trust and confidence and maintain their overall competitiveness in a global market. It goes without saying that information is the most valuable business asset and “privacy is good business and information can be the basis of bigger business”. The need to protect data privacy has long been recognised and implemented by major trading nations. Surprisingly, Singapore as a financial centre and nation aspiring to be a trusted data hosting hub has been slow in enacting specific data protection laws. The first piece of legislation that has emerged is a light-touch baseline framework applicable to all organisations except the public sector. This article considers the new legislation from the business perspective and the implications for private sector business organisations facing the challenges of compliance.