How to use this Page

Defining “privacy” has proven akin to a search for the philosopher’s stone. None of the numerous theories proposed over the years seems to encompass all the varied facets of the concept. In considering the meaning of privacy, it can be fruitful to examine how a great artist of the past has dealt with aspects of private life that retain their relevance in the Internet age.

The post A Chekhovian view of privacy for the internet age appeared first on OUPblog.

Recently Google Inc. was ordered to remove nine search results after the Information Commissioner’s office (ICO) ruled that they linked to information about a person that was no longer relevant. Almost ten years ago, that individual had committed a minor criminal offence and he recently put on a request to Google that related search results be removed, in compliance with the decision of the European Court of Justice in Google Spain.

The post The power of the algorithm appeared first on OUPblog.

The widespread practice of uploading photographs onto internet social networking and commercial sites has converged with advances in face recognition technologies to create a situation where an individual can no longer be just a face in the crowd. Despite the intrusive potential of face recognition technologies (FRT), the unauthorised application of such technologies to online digital images so as to obtain identity information is neither specifically prohibited nor a critical part of the international law reform discourse.

The post Just a face in the crowd appeared first on OUPblog.

The OECD’s Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (1980) were an early influence on the development of data privacy laws in Asia. Other bodies have since also been influential in the formulation of data privacy laws across Asia, including the 1981 Council of Europe Data Protection Convention, the United Nations Guidelines for the Regulation of Computer Data Files, the European Union’s Data Protection Directive, and the APEC Privacy Guidelines.

This timeline below shows the development of data privacy laws across numerous different Asian territories over the past 35 years. In each case it maps the year a data privacy law or equivalent was created, as well as providing some further information about each. It also maps the major guidelines and pieces of legislation from various global bodies, including those mentioned above.

Featured image credit: Data (scrabble), by justgrimes. CC-BY-SA 2.0 via Flickr.

The post A brief history of Data Privacy Law in Asia appeared first on OUPblog.

        

Related Stories

• Is London the world’s legal capital?
• Parental consent, the EU, and children as “digital natives”
• Public health in 2014: a year in review

 

Children have become heavy new media users. Empirical data shows that a number of children accessing the internet – contrary to the age of users – is constantly increasing. It is estimated that about 60% of European children are daily or almost daily internet users, and therefore, by many they are considered to be “digital natives”.

However, in our view, the use of this “digital natives” concept is misleading and poorly founded, and is based on the assumption that children are quick to pick up new technologies. A recent EU Kids Online study invalidates this assumption. The study shows that even though children actively surf on various online applications, they lack digital skills such as bookmarking a website, blocking unwanted communications, and changing privacy settings on social networking sites. Many children are not capable of critically evaluating information and changing filter preferences.Interestingly, the lack of skills to perform specific tasks while being online does not impinge on children’s beliefs in their abilities – 43% of surveyed children believe to know more about the internet than their parents. At the moment, no correlation between this proclaimed self-confidence and their actual understanding of how internet works can be done due to the lack of data. Nevertheless, it is worth questioning whether, and to what extent, it is reasonable to expect that children understand the implications of their behaviour and what measures could mitigate children’s online risks in the most efficient and effective way.

It is probably closer to the truth to say that, in terms of privacy and data protection awareness, children are anything but “digital natives”.

Indeed, children’s actions online are being recorded, commercialised and serve for the purposes of behavioural advertising without them actually realising. This media illiteracy is tackled by awareness raising campaigns and policy measures on domestic and EU levels. However, it seems that these measures only partially address the challenges posed by children’s online engagement.

The European Commission (EC) seems to be in favour of legislative measures providing for a stronger legal protection of children’s personal data in the online environment. In Article 8 of the proposal for the General Data Protection Regulation, the EC introduces verifiable parental (or custodian) consent that would serve as a means of legitimising the processing of a child’s personal data on the internet.

Article 8 of the proposal foresees that parental consent would be required in cases where the processing operations entail personal data of children under the age of 13. The age of 13 would be the bright-line from which the processing of children’s personal data would be subjected to fewer legal constraints.

In practice, this would divide all children into two groups; children that are capable to consent (i.e. 13-18 year olds) to the processing of their personal data and children that are dependent on parental approval of their online choices (i.e. 0-13 year olds). Drawing such a strict line opposes the stages of physical and social development. Also, it requires the reconsideration of the general positive perception of the proposed parental consent from a legal point of view. In particular, it is necessary to evaluate whether the proposed measure is proportionate and whether it coincides with the human rights framework.

In a recent article published in the International Data Privacy Law Journal, we have analysed the proposal to distinguish between children younger and older than 13 years and found many practical and principled objections. Apart from the practical objections, which are often self-evident (e.g. what about the protection of children in the age group from 13 to 18 year old? How to ensure the enforcement of the proposed parental consent?), there are several fundamental problems with the proposed 13 years-rule.

The bright-line rule, which would require data controllers to obtain parental consent before processing personal data of children aged under 13, seems to be incompatible with the notion of evolving capacities. The proposed measure is based on the assumption that from the age of 13 all children are able to provide an independent consent for the processing of their personal data in the online environment. The proposed Article 8 ignores the fact that every child develops at a different pace and that the introduction of parental consent does not ensure more guidance regarding online data processing. We also regret that Article 8 in its current form doesn’t foresee a way in which children could express their own views regarding the data processing operation; the responsibility to consent would rest exclusively with a parent or a legal guardian. This set-up opposes the idea of children’s participation in the decision-making process that concerns them, an idea anchored in the UN Convention on the Rights of the Child (UNCRC) and that is recognised by both the EU and its Member States.

Finally, our analysis suggests that children’s rights to freedom of expression and privacy may be undermined, if the proposed parental consent is introduced. As a result of Article 8, children’s access to information could become limited and dependent on parents. Also, the scope of their right to privacy would shrink as parents would be required to intervene in children’s private spaces (e.g. gaming accounts) to make informed choices. Therefore, it can be observed that the introduction of parental consent contradicts the key principles of human rights law enshrined in the UNCRC.

Featured image credit: Student on iPod at school. Photo by Brad Flickinger. CC-BY-2.0 via Flickr.

The post Parental consent, the EU, and children as “digital natives” appeared first on OUPblog.

        

Related Stories

• Why Republican governors embrace Obamacare
• Gary King: an update on Dataverse
• Does absence make the heart grow fonder?

 

By Fleur Johns

Public international lawyers are forever in catch-up mode, or so it seems. The international legal appetite for ‘raw’ data of global life is seemingly inexhaustible and worry about the discipline lagging behind technology is perennial. There has, accordingly, been considerable energy devoted to ‘cybernating’ international law, in one way or another, or adapting the discipline to new possibilities posed by digital technology.

Much international legal writing concerned with computer and information technology (CIT) and global data flows has been concerned with developing law on these phenomena on the global plane. Scholars and practitioners of international law have, for instance, published important work on privacy and data protection and cyberwarfare.

Just as important, however, but receiving far less attention, are legal and equitable dimensions of the global data economy being envisioned by institutions such as the World Economic Forum. International law is often viewed, in this context, diminutively and technically: as a means of delivering on foregone conclusions and facilitating the realization of pre-agreed goals. Yet, as a recent paper in the London Review of International Law argued, there is much more at stake in the global laws surrounding data-gathering, data-mining and the monetization and use of datasets, than the technical assurance of frictionless interface and the protection of privacy. Whether with regard to global offshoring in the CIT industry, or global practices of data gathering and profit-seeking at the ‘bottom of the pyramid’, new modes of economic inequality are under construction, with law playing a crucial infrastructural role – a role which merits tougher questioning.

Another set of challenges for contemporary international lawyers arises from the turn to ‘big data’ — large-scale data mining and data analytics — for global governance. In the UN Global Pulse initiative, for example, the United Nations is mining digital data sources and using real-time data analytics to evaluate human wellbeing and vulnerability, and directing resources and policymaking attention accordingly. When states that are parties to the Convention on the International Trade in Endangered Species of Wild Fauna and Flora (CITES) gather to review the listing of animal and plant species for differing levels of treaty protection, they frequently act (in part) on the basis of species distribution modeling (SDM). This SDM will have been carried out by software implementing one among a number of possible presence/absence algorithms.

It is a routine preoccupation of international lawyers that global norms and public decision-making processes should be apparent to those whom they impact: transparency is today treated as a meta-principle of international legal order. Yet it is still unclear what ‘transparency’ could or should entail when decision-making processes in question are partially automated, use complex and dynamic algorithmic operations, and draw inputs from a range of public and private sources. In relation to SDM for CITES listing purposes, for instance, a recent report in Science suggested that the relevant software’s intricacies are not grasped by many scientist-modelers: there are ‘many in the SDM domain unable to interpret the original algorithms, much less understand how they were implemented in the distributed code’. One wonders what CITES decision-makers to whom SDM modeling outcomes are being delivered are making of this material, if many responsible for these models’ development are unable to interpret them satisfactorily. Another recent paper has drawn attention to the traps that big data analysis can present for policy-makers seeking up-to-the-minute insights on global populations’ health and wellbeing.

Public international lawyers will doubtless continue to pursue broad-ranging regulatory initiatives, regionally and globally, concerning cybercrime and data protection. Beyond these efforts, however, global policy-makers and international lawyers working in a far greater range of fields need to engage critically with the priorities, preferences and relations embedded in, or generated by, the software and hardware of global data gathering and analysis. Associations among co-patterners (or those correlated in some analytical pattern) may prove just as significant as those among co-citizens or fellow right-holders — if not more so — in the global operations of law.

Fleur Johns is a Professor in the Faculty of Law at UNSW Australia, Sydney and a contributor to the London Review of International Law, a new journal, published by Oxford University Press, which publishes highest-quality scholarship on international law from around the world; the first issue featuring Professor Johns’ article ‘The deluge’, discussing the significance of big data for public international law, is free to read online for a limited time.

The London Review of International Law publishes highest-quality scholarship on international law from around the world. Reflecting the pace and reach of developments in the field, the London Review seeks to capture the ways in which received ideas are being challenged and reshaped by new subject-matters, new participants, new conceptual apparatuses and new cross-disciplinary connections.

Oxford University Press is a leading publisher in international law, including the Max Planck Encyclopedia of Public International Law, latest titles from thought leaders in the field, and a wide range of law journals and online products. We publish original works across key areas of study, from humanitarian to international economic to environmental law, developing outstanding resources to support students, scholars, and practitioners worldwide. For the latest news, commentary, and insights follow the International Law team on Twitter @OUPIntLaw.

Subscribe to the OUPblog via email or RSS.
Subscribe to only law articles on the OUPblog via email or RSS.
Image: information weapon, keyboard grenade. Photo by -antonio-, iStockphoto.

The post We’re all data now appeared first on OUPblog.

        

Related Stories

• Whaling in the Antarctic Australia v. Japan (New Zealand intervening)
• The financial consequences of terrorism
• Improving the quality of surveys: a Q&A with Daniel Oberski

 

By Christopher Kuner

Tension between different regulatory systems has long existed in certain areas (think of the disagreements between EU and US competition regulators regarding the aborted GE-Honeywell merger in the early 2000s). A similar power struggle is currently underway between different legal regimes regulating the collection, processing, and transfer of personal data (variously referred to in different legal systems as “data protection”, “data privacy”, or “information privacy” law), one that will shape the world in the 21^st century.

Data protection law has traditionally been viewed as a dreary subject of interest only to a few specialists. But whether it involves filling out government forms, purchasing items on the web, communicating with friends and relatives online, or checking in for a flight, almost every activity we engage in nowadays involves the processing of personal data. The growing importance of data processing is reflected in the large number of countries (approximately 100) around the world that have enacted data protection laws, and the countries and international organisations (including the European Union, the OECD, and the United States) that are currently in the process of revising them to meet the challenges posed by globalisation and the rapid growth of the Internet.

Much personal data routinely flows across national borders, and the same data processing may result in the application of multiple laws. The ease with which data flows internationally also means that data privacy law has become a point of competition between different legal systems, with each one striving to achieve the seemingly impossible goal of simultaneously protecting the privacy of individuals, striking a balance between privacy and other important values (e.g., public security), and furthering economic growth.

This competition has been most pronounced between the European Union, which has recently asserted that other countries should follow the “gold standard” of its data protection legislation, and the United States, which believes that its system is even better. Such international regulatory spats illustrate that nations too often view the subject largely as a way to score political points, and that they have failed to grasp some basic facts about the processing of personal data:

• Protection of data privacy is not just a transatlantic issue. Data protection laws have been enacted all over the world, including by regional organizations (APEC, ECOWAS, and others) and dozens of nations in Africa, Latin America, and Asia.
• It is also not just an online issue. Nearly every economic and social activity nowadays involves the processing of personal data, including the most basic ones. Too often regulatory attention focuses on the online “flavour of the month” (e.g., social networks, search engines, etc.), and fails to recognize that data processing has become embedded in every aspect of society.
• And it is not just an economic issue, but one that can help further important developmental goals as well. For example, the UN Secretary General has begun an initiative called “Global Pulse” involving projects such as the use of data analytics to better understand the global state of various infectious diseases, and using a centralized text messaging system to allow mobile phone users to report on people trapped under buildings following an earthquake, among others. Data protection law is currently not conceived to facilitate the large-scale use of data mining for purposes related to development, public health, and similar goals, but these uses will greatly increase in coming years, and will challenge our assumptions about the purposes and structure of regulation.

Part of the problem is that while data protection and privacy issues have global ramifications, the legal framework for them is still very much a matter of local or, at best, regional regulation. While some regional organizations (in particular the Council of Europe) are attempting to become more global, there are substantial differences in the way the subject is viewed in different countries and legal systems. In contrast to some other areas of the law, there is also a lack of legal instruments and institutions of a global scope covering privacy and data protection.

Legal regulation of data processing often stands in tension with economic pressures that encourage the processing and transfer of personal data, and political pressures that inhibit the development of coordinated and coherent regulation. States are only too happy to adopt legal requirements for the private sector that they are unwilling to comply with themselves (e.g., with regard to data processing for law enforcement purposes), and technology to process personal data advances faster than the law can keep up with.

From being considered a niche area, data protection law has evolved to the point that it is hard to find areas of human endeavour that it does not concern. The way that the struggles over data protection are resolved in the coming years will determine the kind of world we live in, and the kind of Internet we have.

Dr. Christopher Kuner is editor-in-chief of the journal International Data Privacy Law. He is author of European Data Protection Law: Corporate Compliance and Regulation, and the forthcoming book Transborder Data Flow Regulation and Data Privacy Law in which he elaborates some of the topics discussed here. Dr. Kuner is Senior Of Counsel at Wilson Sonsini Goodrich & Rosati in Brussels, and an Honorary Fellow of the Centre for European Legal Studies, University of Cambridge.

Combining thoughtful, high level analysis with a practical approach, International Data Privacy Law has a global focus on all aspects of privacy and data protection, including data processing at a company level, international data transfers, civil liberties issues (e.g., government surveillance), technology issues relating to privacy, international security breaches, and conflicts between US privacy rules and European data protection law.

Subscribe to the OUPblog via email or RSS.
Subscribe to only law and politics articles on the OUPblog via email or RSS.
Image credit: Laptop keyboard with fingerprint enlarged by magnifying glass – computer criminality concept. Image by Jirsak, iStockphoto.

The post The global data privacy power struggle appeared first on OUPblog.