Privacy in the Information Society [II] 1315246015, 9781315246017

Table of contents :
Cover......Page 1
Half Title......Page 2
Title......Page 4
Copyright......Page 5
Contents......Page 6
Acknowledgements......Page 10
Series Preface......Page 14
Introduction......Page 16
PART I PRIVACY GENERALLY......Page 28
1 'An Examination of the Concern for Information Privacy in the New Zealand Regulatory Context', Information and Management, 43, pp. 322-35.......Page 30
2 'Property Rights in Personal Information: An Economic Defense of Privacy', Georgetown Law Journal, 84, pp. 2381-417.......Page 44
3 'Privacy and Security Concerns as Major Barriers for e-Commerce: A Survey Study', Information Management & Computer Security, 9, pp. 165-74.......Page 82
4 'Privacy by Design - Principles of Privacy-Aware Ubiquitous Systems', Lecture Notes in Computer Science, 2201, pp. 273-91.......Page 92
5 'The Problem of Anonymous Vanity Searches', I/S: A Journal of Law and Policy for the Information Society, 3, pp. 297-316.......Page 112
PART II DATA PROTECTION AND COMMERCE......Page 132
6 'EU Data Protection Policy. The Privacy Fallacy: Adverse Effects of Europe's Data Protection Policy in an Information-Driven Economy', Computer Law and Security Report, 18, pp. 31-47.......Page 134
7 'Information Technology, Marketing Practice, and Consumer Privacy: Ethical Issues', Journal of Public Policy & Marketing, 12, pp. 106-19.......Page 152
8 'Consent in Data Protection Law: Privacy, Fair Processing and Confidentiality', in Serge Gutwirth (ed.), Reinventing Data Protection?, Dordrecht: Springer, pp. 83-110.......Page 166
9 'The Data Protection Directive 95/46/EC: Idealisms and Realisms', International Review of Law, Computers & Technology, 26, pp. 229-44.......Page 194
10 'Behavioral Advertising: The Cryptic Hunter and Gatherer of the Internet', Federal Communications Law Journal, 64, pp. 599-616.......Page 210
11 'Privacy and Confidentiality in an e-Commerce World: Data Mining, Data Warehousing, Matching and Disclosure Limitation', Statistical Science, 21, pp. 143-54.......Page 228
12 'Safe Harbor - A Framework That Works', International Data Privacy Law, 1, pp. 143-48.......Page 240
13 'The "Final" Privacy Frontier? Regulating Trans-Border Data Flows', International Journal of Law and Information Technology, 15, pp. 362-94.......Page 246
14 'To Track or Not to Track: Recent Legislative Proposals to Protect Consumer Privacy', Harvard Journal on Legislation, 49, pp. 193-206.......Page 280
PART III BIOMETRICS......Page 294
15 'Biometrics: Privacy's Foe or Privacy's Friend?', Proceedings of the Institute of Electrical and Electronic Engineers, 85, pp. 1480-92.......Page 296
16 'Privacy Issues in the Application of Biometrics: A European Perspective', in James L. Wayman, Anil K. Jain, Davide Maltoni and Dario Maio (eds), Biometric Systems: Technology, Design and Performance Evaluation, New York: Springer, pp. 335-59.......Page 310
17 'Biometrics and Privacy: A Note on the Politics of Theorizing Technology', Information, Communication & Society, 6, pp. 85-104.......Page 336
18 'Biometric Technologies in Support of Identity and Privacy Assurance', Biometric Technology Today, 10, pp. 5-9.......Page 356
19 'Privacy Law: Biometrics and Privacy', Computer Law & Security Review, 17, pp. 154-60.......Page 362
PART IV THE CLOUD......Page 370
20 'Security and Privacy Implications of Cloud Computing - Lost in the Cloud', Lecture Notes in Computer Science, 6555, pp. 149-58.......Page 372
21 'Privacy and Consumer Risks in Cloud Computing', Computer Law & Security Review, 26, pp. 391-97.......Page 382
22 'Digital Evidence in Cloud Computing Systems', Computer Law & Security Review, 26, pp. 304-8.......Page 390
23 'Caught in the Clouds: The Web 2.0, Cloud Computing, and Privacy?', Northwestern Journal of Technology' and Intellectual Property, 9, pp. 29-49.......Page 396
PART V GEO-LOCATION......Page 418
24 'Re-Mapping Privacy Law: How the Google Maps Scandal Requires Tort Law Reform', Richmond Journal of Law and Technology, 17, pp. 1-30.......Page 420
25 'E-Commerce Tax: How the Taxman Brought Geography to the "Borderless" Internet', Revenue Law Journal, 17, pp. 1-9.......Page 450
26 'Tweets from Justin Bieber's Heart: The Dynamics of the "Location" Field in User Profiles', Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 237-46.......Page 460
PART VI SOCIAL NETWORKS......Page 470
27 'Teens, Privacy & Online Social Networks: How Teens Manage Their Online Identities and Personal Information in the Age of MySpace', Pew Internet & American Life Project, pp. i-vii.......Page 472
28 'Publicly Private and Privately Public: Social Networking on YouTube', Journal of Computer-Mediated Communication, 13, pp. 361-80.......Page 480
29 'Employer's Use of Social Networking Sites: A Socially Irresponsible Practice', Journal of Business Ethics, 95, pp. 507-25.......Page 500
30 'Social Networking Websites - A Concatenation of Impersonation, Denigration, Sexual Aggressive Solicitation, Cyber-Bullying or Happy Slapping Videos', International Journal of Law and Information Technology, 17, pp. 252-67.......Page 520
PART VII HEALTH CARE......Page 536
31 'Impact of News of Celebrity Illness on Breast Cancer Screening: Kylie Minogue's Breast Cancer Diagnosis', Medical Journal of Australia, 183, pp. 247-50.......Page 538
32 'Privacy, Information Technology, and Health Care', Communications of the ACM, 40, pp. 93-100.......Page 542
33 "'Iceland Inc."?: On the Ethics of Commercial Population Genomics', Social Science & Medicine, 58, pp. 1201-9.......Page 550
34 'Geocoding in Cancer Research: A Review, American Journal of Preventive Medicine, 30, pp. S16-S24.......Page 560
Name Index......Page 570

Citation preview

Downloaded by [University of California, San Diego] at 23:25 16 May 2017

Downloaded by [University of California, San Diego] at 23:25 16 May 2017

Privacy in the Information Society

The Library of Essays on Law and Privacy Series Editor: Philip Leith Titles in the Series:

Downloaded by [University of California, San Diego] at 23:25 16 May 2017

The Individual and Privacy Volume I Joseph A. Cannataci Privacy in the Information Society Volume II Philip Leith Security and Privacy Volume III Joseph Savirimuthu

Downloaded by [University of California, San Diego] at 23:25 16 May 2017

Privacy in the Information Society

Volume II

Edited by

Philip Leith Queens University of Belfast, UK

First published 2015 by Ashgate Publishing

Downloaded by [University of California, San Diego] at 23:25 16 May 2017

Published 2016 by Routledge 2 Park Square, Milton Park, Abingdon, Oxon OX14 4RN 711 Third Avenue, New York, NY 10017, USA Routledge is an imprint of the Taylor & Francis Group, an informa business

Copyright © 2015 Philip Leith. For copyright of individual articles please refer to the Acknowledgements. All rights reserved. No part of this book may be reprinted or reproduced or utilised in any form or by any electronic, mechanical, or other means, now known or hereafter invented, including photocopying and recording, or in any information storage or retrieval system, without permission in writing from the publishers. Notice: Product or corporate names may be trademarks or registered trademarks, and are used only for identification and explanation without intent to infringe. Wherever possible, these reprints are made from a copy of the original printing, but these can themselves be of very variable quality. Whilst the publisher has made every effort to ensure the quality of the reprint, some variability may inevitably remain. British Library Cataloguing in Publication Data A catalogue record for this book is available from the British Library. Library of Congress Control Number: 2014946839 ISBN 9781409441281 (hbk)

Downloaded by [University of California, San Diego] at 23:25 16 May 2017

Contents Acknowledgements Series Preface Introduction PART I

2 3 4 5

ix xiii XV

PRIVACY GENERALLY

Ellen A. Rose (2006), 'An Examination of the Concern for Information Privacy in the New Zealand Regulatory Context', Information and Management, 43, pp. 322-35. 3 RichardS. Murphy (1996), 'Property Rights in Personal Information: An Economic 17 Defense of Privacy', Georgetown Law Journal, 84, pp. 2381-417. Godwin J. Udo (2001), 'Privacy and Security Concerns as Major Barriers for e-Commerce: A Survey Study', Information Management & Computer Security, 9, pp. 165-74. 55 Marc Langheinrich (2001), 'Privacy by Design- Principles of Privacy-Aware 65 Ubiquitous Systems', Lecture Notes in Computer Science, 2201, pp. 273-91. Christopher Soghoian (2007), 'The Problem of Anonymous Vanity Searches', liS: A Journal ofLaw and Policy for the Information Society, 3, pp. 297-316. 85

PART II

DATA PROTECTION AND COMMERCE

6 Lucas Bergkamp (2002), 'EU Data Protection Policy. The Privacy Fallacy: Adverse Effects of Europe's Data Protection Policy in an Information-Driven Economy', Computer Law and Security Report, 18, pp. 31-47. 7 Ellen R. Foxman and Paula Kilcoyne (1993), 'Information Technology, Marketing Practice, and Consumer Privacy: Ethical Issues', Journal of Public Policy & Marketing, 12, pp. 106-19. 8 Roger Brownsword (2009), 'Consent in Data Protection Law: Privacy, Fair Processing and Confidentiality', in Serge Gutwirth (ed.), Reinventing Data Protection?, Dordrecht: Springer, pp. 83-110. 9 Rebecca Wong (2012), 'The Data Protection Directive 95/46/EC: Idealisms and Realisms', International Review ofLaw, Computers & Technology, 26, pp. 229-44. 10 Joanna Penn (2012), 'Behavioral Advertising: The Cryptic Hunter and Gatherer of the Internet', Federal Communications Law Journal, 64, pp. 599-616. 11 Stephen E. Fienberg (2006), 'Privacy and Confidentiality in an e-Commerce World: Data Mining, Data Warehousing, Matching and Disclosure Limitation', Statistical Science, 21, pp. 143-54.

107 125 139 167 183 201

Privacy in the Information Society

vi

Downloaded by [University of California, San Diego] at 23:25 16 May 2017

12 Damon Greer (2011), 'Safe Harbor- A Framework That Works', International Data Privacy Law, 1, pp. 143--48. 13 Gehan Gunasekara (2007), 'The "Final" Privacy Frontier? Regulating Trans-Border Data Flows', International Journal of Law and Information Technology, 15, pp. 362-94. 14 Molly Jennings (2012), 'To Track or Not to Track: Recent Legislative Proposals to Protect Consumer Privacy', Harvard Journal on Legislation, 49, pp. 193-206. PART III

253

269

283 309 329 335

THE CLOUD

20 Vassilka Tchifilionova (20 11 ), 'Security and Privacy Implications of Cloud Computing- Lost in the Cloud', Lecture Notes in Computer Science, 6555, pp. 149-58. 21 Dan Svantesson and Roger Clarke (2010), 'Privacy and Consumer Risks in Cloud Computing', Computer Law & Security Review, 26, pp. 391-97. 22 M. Taylor, J. Haggerty, D. Gresty and R. Hegarty (2010), 'Digital Evidence in Cloud Computing Systems', Computer Law & Security Review, 26, pp. 304-8. 23 Paul Lanois (2010), 'Caught in the Clouds: The Web 2.0, Cloud Computing, and Privacy?', Northwestern Journal of Technology and Intellectual Property, 9, pp. 29--49. PART V

219

BIOMETRICS

15 John D. Woodward (1997), 'Biometrics: Privacy's Foe or Privacy's Friend?', Proceedings of the Institute of Electrical and Electronic Engineers, 85, pp. 1480-92. 16 Marek Rejman-Greene (2005), 'Privacy Issues in the Application of Biometrics: A European Perspective', in James L. Wayman, Ani I K. Jain, Davide Maltoni and Dario Maio (eds), Biometric Systems: Technology, Design and Performance Evaluation, New York: Springer, pp. 335-59. 17 Irma van der Ploeg (2003), 'Biometrics and Privacy: A Note on the Politics of Theorizing Technology', Information, Communication & Society, 6, pp. 85-104. 18 Colin Soutar (2011 ), 'Biometric Technologies in Support of Identity and Privacy Assurance', Biometric Technology Today, 10, pp. 5-9. 19 Jan Grijpink (2001), 'Privacy Law: Biometrics and Privacy', Computer Law & Security Review, 17, pp. 154-60. PART IV

213

345 355 363 369

GEO-LOCATION

24 Lindsey A. Strachan (2011), 'Re-Mapping Privacy Law: How the Google Maps Scandal Requires Tort Law Reform', Richmond Journal ofLaw and Technology, 17,pp. 1-30. 25 Dan Jerker B. Svantesson (2007), 'E-Commerce Tax: How the Taxman Brought Geography to the "Borderless" Internet', Revenue Law Journal, 17, pp. 1-9.

393 423

Privacy in the Information Society

vii

26 Brent Hecht, Lichan Hong, Bongwon Suh and Ed H. Chi (2011), 'Tweets from Justin Bieber's Heart: The Dynamics ofthe "Location" Field in User Profiles', Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 237--46. 433

Downloaded by [University of California, San Diego] at 23:25 16 May 2017

PART VI

SOCIAL NETWORKS

27 Amanda Lenhart and Mary Madden (2007), 'Teens, Privacy & Online Social Networks: How Teens Manage Their Online Identities and Personal Information in the Age of MySpace', Pew Internet & American Life Project, pp. i-vii. 445 28 Patricia G. Lange (2007), 'Publicly Private and Privately Public: Social Networking on YouTube', Journal of Computer-Mediated Communication, 13, pp.361-80. 453 29 Leigh A. Clark and Sherry J. Roberts (2010), 'Employer's Use of Social Networking Sites: A Socially Irresponsible Practice', Journal of Business Ethics, 95, pp. 507-25. 473 30 Bruce L. Mann (2008), 'Social Networking Websites- A Concatenation of Impersonation, Denigration, Sexual Aggressive Solicitation, Cyber-Bullying or Happy Slapping Videos', International Journal of Law and Information Technology, 17, pp. 252-67. 493 PART VII

HEALTH CARE

31 Simon Chapman, Kim McLeod, Melanie Wakefield and Simon Holding (2005), 'Impact ofNews of Celebrity Illness on Breast Cancer Screening: Kylie Minogue's Breast Cancer Diagnosis', Medical Journal ofAustralia, 183, pp. 247-50. 511 32 Thomas C. Rindfleisch (1997), 'Privacy, Information Technology, and Health Care', Communications of the ACM, 40, pp. 93-100. 515 33 Jon F. Merz, Glenn E. McGee and Pamela Sankar (2004), '"Iceland Inc."?: On the Ethics of Commercial Population Genomics', Social Science & Medicine, 58, pp. 1201-9. 523 34 Gerard Rushton, Marc P. Armstrong, Josephine Gittler, Barry R. Greene, Claire E. Pavlik, Michele M. West and Dale L. Zimmerman (2006), 'Geocoding in Cancer Research: A Review', American Journal of Preventive Medicine, 30, pp. S16-S24. 533 Name Index

543

Downloaded by [University of California, San Diego] at 23:25 16 May 2017

Downloaded by [University of California, San Diego] at 23:25 16 May 2017

Acknowledgements Ashgate would like to thank the researchers and the contributing authors who provided copies, along with the following for their permission to reprint copyright material. Association for Computing Machinery, Inc. for the essays: Brent Hecht, Lichan Hong, Bongwon Suh and Ed H. Chi (2011), 'Tweets from Justin Bieber's Heart: The Dynamics of the "Location" Field in User Profiles', Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 237-46. Copyright© 2011 ACM; Thomas C. Rindfleisch (1997), 'Privacy, Information Technology, and Health Care', Communications of the ACM, 40, pp. 93-l 00. Copyright © 1997 ACM. Australian Medical Publishing Company for the essay: Simon Chapman, Kim McLeod, Melanie Wakefield and Simon Holding (2005), 'Impact ofNews of Celebrity Illness on Breast Cancer Screening: Kylie Minogue's Breast Cancer Diagnosis', Medical Journal ofAustralia, 183, pp. 247-50. Copyright © 2005 The Medical Journal of Australia. Reproduced with permission. Bond University and the Revenue Law Journal for the essay: Dan Jerker B. Svantesson (2007), 'E-Commerce Tax: How the Taxman Brought Geography to the "Borderless" Internet', Revenue Law Journal, 17, pp. l-9. Elsevier for the essays: Ellen A. Rose (2006), 'An Examination of the Concern for Information Privacy in the New Zealand Regulatory Context', Information and Management, 43, pp. 32235. Copyright© 2006 Elsevier B.V. All rights reserved; Lucas Bergkamp (2002), 'EU Data Protection Policy. The Privacy Fallacy: Adverse Effects of Europe's Data Protection Policy in an Information-Driven Economy', Computer Law and Security Report, 18, pp. 31-47. Copyright© 2002 Elsevier Science Ltd. All rights reserved; Colin Soutar (2011), 'Biometric Technologies in Support of Identity and Privacy Assurance', Biometric Technology Today, 10, pp. 5-9; Jan Grijpink (200 1), 'Privacy Law: Biometrics and Privacy', Computer Law & Security Review, 17, pp. 154-60. Copyright © 200 I Elsevier Science Ltd. All rights reserved; Dan Svantesson and Roger Clarke (2010), 'Privacy and Consumer Risks in Cloud Computing', Computer Law & Security Review, 26, pp. 391-97. Copyright© 2010 Svantesson and Clarke. Published by Elsevier Ltd. All rights reserved; M. Taylor, J. Haggerty, D. Gresty and R. Hegarty (20 I 0), 'Digital Evidence in Cloud Computing Systems', Computer Law & Security Review, 26, pp. 304-8. Copyright© 2010 M. Taylor, J. Haggerty, D. Gresty and R. Hegarty. Published by Elsevier Ltd. All rights reserved; Jon F. Merz, Glenn E. McGee and Pamela Sankar (2004), '"Iceland Inc."?: On the Ethics of Commercial Population Genomics', Social Science & Medicine, 58, pp 1201-9. Copyright © 2003 Elsevier Ltd. All rights reserved; Gerard Rushton, Marc P. Armstrong, Josephine Gittler, Barry R. Greene, Claire E. Pavlik, Michele M. West and Dale L. Zimmerman (2006), 'Geocoding in Cancer Research:

X

Privacy in the Information Society

A Review', American Journal of Preventive Medicine, 30, pp. S 16-S24. Copyright © 2006 American Journal of Preventive Medicine. Published by Elsevier Inc.

Downloaded by [University of California, San Diego] at 23:25 16 May 2017

Emerald Group Publishing Limited for the essay: Godwin J. Udo (200 1), 'Privacy and Security Concerns as Major Barriers fore-Commerce: A Survey Study', Information Management & Computer Security, 9, pp. 165-74. Copyright© 2001 MCB University Press. Georgetown Law Review for the essay: Richard S. Murphy ( 1996), 'Property Rights in Personal Information: An Economic Defense of Privacy', Georgetown Law Journal, 84, pp. 2381--417. Copyright© 1995-1996 Georgetown Law Journal. Harvard Student Legislative Research Bureau for the essay: Molly Jennings (20 12), 'To Track or Not to Track: Recent Legislative Proposals to Protect Consumer Privacy', Harvard Journal on Legislation, 49, pp. 193-206. The Institute of Electrical and Electronic Engineers for the essay: John D. Woodward (1997), 'Biometrics: Privacy's Foe or Privacy's Friend?', Proceedings of the Institute of Electrical and Electronic Engineers, 85, pp. 1480-92. Copyright© 1997 IEEE. The Institute of Mathematical Statistics for the essay: Stephen E. Fienberg (2006), 'Privacy and Confidentiality in an e-Commerce World: Data Mining, Data Warehousing, Matching and Disclosure Limitation', Statistical Science, 21, pp. 143-54. Copyright© 2006 Institute of Mathematical Statistics. !IS: A Journal of Law and Policy for the Information Society for the essay: Christopher Soghoian (2007), 'The Problem of Anonymous Vanity Searches', !IS: A Journal of Law and Policy for the Information Society, 3, pp. 297-3 16. Copyright © 2007 Christopher Soghoian. Northwestern University School of Law for the essay: Paul Lanois (2010), 'Caught in the Clouds: The Web 2.0, Cloud Computing, and Privacy?', Northwestern Journal of Technology and Intellectual Property, 9, pp. 29--49. Reprinted by special permission of Northwestern University School of Law, Northwestern Journal of Technology and Intellectual Property. Oxford University Press for the essays: Damon Greer (2011), 'Safe Harbor- A Framework That Works', International Data Privacy Law, 1, pp. 143-8. Copyright © 2011 Oxford University Press; Gehan Gunasekara (2007), 'The "Final" Privacy Frontier? Regulating Trans-Border Data Flows', International Journal of Law and Information Technology, 15, pp. 362-94. Copyright © 2007 Oxford University Press, all rights reserved; Bruce L. Mann (2008), 'Social Networking Websites - A Concatenation of Impersonation, Denigration, Sexual Aggressive Solicitation, Cyber-Bullying or Happy Slapping Videos', International Journal of Law and Information Technology, 17, pp. 252--67. Copyright© 2008 Oxford University Press. All rights reserved. Joanna Penn for the essay: Joanna Penn (20 12), 'Behavioral Advertising: The Cryptic Hunter and Gatherer of the Internet', Federal Communications Law Journal, 64, pp. 599-616. Copyright© 2012 Joanna Penn.

Privacy in the Information Society

xi

Downloaded by [University of California, San Diego] at 23:25 16 May 2017

Pew Research Center for the essay: Amanda Lenhart and Mary Madden (2007), 'Teens, Privacy & Online Social Networks: How Teens Manage Their Online Identities and Personal Information in the Age of MySpace', Pew Internet & American Life Project, pp. i-vii. Springer for the essays: Marc Langheinrich (2001), 'Privacy by Design - Principles of Privacy-Aware Ubiquitous Systems', Lecture Notes in Computer Science, 2201, pp. 273-91. Copyright© 2001 Springer-Verlag Berlin Heidelberg; Roger Brownsword (2009), 'Consent in Data Protection Law: Privacy, Fair Processing and Confidentiality', in Serge Gutwirth (ed.), Reinventing Data Protection?, Dordrecht: Springer, pp. 83-110. Copyright© 2009 Springer Science and Business Media B.V.; Marek Rejman-Greene (2005), 'Privacy Issues in the Application of Biometrics: A European Perspective', in James L. Wayman, Anil K. Jain, Davide Maltoni and Dario Maio (eds), Biometric Systems: Technology, Design and Performance Evaluation, New York: Springer, pp. 335-59; Vassilka Tchifilionova (2011), 'Security and Privacy Implications of Cloud Computing- Lost in the Cloud', Lecture Notes in Computer Science, 6555, pp. 149-58. Copyright© 2011 IFIP International Federation for Information Processing; Leigh A. Clark and Sherry J. Roberts (2010), 'Employer's Use of Social Networking Sites: A Socially Irresponsible Practice', Journal of Business Ethics, 95, pp. 507-25. Copyright© 2010 Springer. Taylor and Francis for the essays: Rebecca Wong (2012), 'The Data Protection Directive 95/46/EC: Idealisms and Realisms', International Review of Law, Computers & Technology, 26, pp. 229--44. Copyright© 2012 Taylor and Francis; Irma van der Ploeg (2003), 'Biometrics and Privacy: A Note on the Politics of Theorizing Technology', Information, Communication & Society, 6, pp. 85-104. Copyright© 2003 Taylor & Francis Ltd. University of Michigan; American Marketing Association for the essay: Ellen R. Foxman and Paula Kilcoyne (1993), 'Information Technology, Marketing Practice, and Consumer Privacy: Ethical Issues', Journal ofPublic Policy & Marketing, 12, pp. 106-19. John Wiley and Sons for the essay: Patricia G. Lange (2007), 'Publicly Private and Privately Public: Social Networking on YouTube', Journal ofComputer-Mediated Communication, 13, pp. 361-80. Copyright© 2007 John Wiley and Sons. Every effort has been made to trace all the copyright holders, but if any have been inadvertently overlooked the publishers will be pleased to make the necessary arrangement at the first opportunity.

Publisher's Note The material in this volume has been reproduced using the facsimile method. This means we can retain the original pagination to facilitate easy and correct citation of the original essays. It also explains the variety of typefaces, page layouts and numbering.

Downloaded by [University of California, San Diego] at 23:25 16 May 2017

Series Preface

Downloaded by [University of California, San Diego] at 23:25 16 May 2017

It was a pleasure to be asked to produce this series of essays, following in the footsteps of

Eric Barendt's Privacy collection (Ashgate, 200 I). Barendt had focused on the philosophical aspects of privacy at a time when academic interest in privacy was beginning to develop more seriously, and his chosen essays had been useful to both me and my students as we studied what 'right to privacy' the individual might have in the networked world. That collection enabled me to see quickly the main themes delineating privacy and also push students towards quickly grasping these themes. Over the past decade or so, the research field has exploded and a much more cross-disciplinarian approach is needed to understand better current trends and responses by the academic community. This series of volumes thus moves into- perhaps- a less philosophical approach about the individual and a more 'ethical' one as society attempts to determine what role privacy should have and how regulation might be enabled whether through law, technology or social norm. The new context is that there is now no technical limitation as to how privacy might be undermined: both the state and commerce have tools and techniques to know more about any individual than they know about themselves, whether through the daily collection of everyday data or through targeting of individuals or populations. It is clear that ifthere is now no technical constraint to intrusion, the current debate must be over the ethics of privacy: what should society consider to be 'right behaviour' (in the moral sense) in a world where no-one appears to agree what that behaviour should be or where the moral lines should be drawn. There is, of course, no real help given by Conventions such as the European Convention on Human Rights (ECHR)- Art. 8 and Art. 10 tell us only that we have a right to privacy and also a right to know about others, two abstract rights which clearly conflict. The much vaunted 'right to be left alone' hardly helps us understand privacy in the modern world either. The debate is now over how to construct more detailed rights and the ethical rationale for these constructions. Before this can be done, we must also understand the complexity ofthe concept of 'privacy'. My colleagues in this project, Joseph Cannataci and Joseph Savirimuthu have aided me enormously by broadening the series' vision of what privacy is. Our goal has not been to present a collection which follows our own views on the ethical choices around the regulation of privacy (each of us, it seems to me, has a different perspective anyway). What they have done is to help to disentangle the strands which are lumped together under the rubric of privacy, and provide the reader with a means to approach these strands. We have done so by taking a decidedly multi-disciplinary approach. Cannataci's volume, The Individual and Privacy, looks at privacy from a principally anthropological stance. What has been meant by privacy in the past? What has privacy meant in the various parts of the globe, each with their own culture? What is the nature of an individual's right as against the community? The reader could hardly leave Cannataci's volume without agreeing with his assertion that privacy is a complex multi-faceted matter. Understanding of that fact means that our proposed ethical solutions must match the complexity of the problem.

Downloaded by [University of California, San Diego] at 23:25 16 May 2017

xiv

Privacy in the Information Society

Savirimuthu, in Security and Privacy, deals with that strand of privacy related to the state -that of surveillance. A state has obligations to protect the individual from others but also obligations to respect the rights of the individual, all within a framework where the state is the most powerful actor. It was, after all, state intrusion which had brought Art. 8 ECHR into being. Yet any state now has more powerful techniques for overseeing the citizen than the Nazi or Soviet states ever had. Can we implement, through law, an ethical framework in which we can trust the state to behave responsibly? Savirimuthu's chosen essays focus on whether and how regulation might be possible. My own collection. Privacy in the !riformation Society, looks at the conflict where the attempt to build an 'information economy' meets the attempt to protect privacy. The very notion of 'information economy' leads us to understand that there is value in infonnation of all kinds - celebrity private lives, customer databases, user provided information to social media, email contents, health data. etc. etc. Presuming that an infonnation economy is a 'good thing' (certainly most countries wish to develop this) does this mean that privacy is no longer possible? If it is, how might we set up the positive rights and responsibilities to match our expectations? We had much debate when we first got together on this project as to how we might structure the collections. Hopefully the reader will find that our chosen approach is useful. We also had debate about which essays might appear and where, a problem since although the titles of each collection differ, we are really interested in the same complex issue. We also certainly each felt that we could have chosen two or three times as many essays, but hopefully- again- the reader will not be disappointed with those upon which we did eventually rest. PHILIP LEITH Series Editor Queen's University of Belfast, UK

Introduction

Downloaded by [University of California, San Diego] at 23:25 16 May 2017

The Transformation of Privacy The 1960s and 1970s were a transformational period in terms of privacy - a new kind of 'information assault' upon the individual became possible through large scale storage techniques in computer databases. What is now viewed as the classic concept of privacy ('the right to be left alone' by the press) was merged with a world where government and commerce's collection of data became ever more usual and access to highly personal information by more and more agencies became feasible. The need for strong legal regulation for privacy became the default position from those who wrote on these matters- Alan Westin, Raymond Wacks, etc.- and few writers on privacy would have argued that there was no such assault on privacy through the 'database society'. There was certainly hesitation from governments to legislate for privacy, per se, but the most problematic aspects of the use of databases were certainly viewed as requiring correction. For example, incorrect data on databases which prevented individuals having access to credit, or the lack of any right to see what information was being held on one in databases, were dealt with. 1 These problems led to the data protection framework; but this is not a privacy law. It does not prohibit lawful storage and processing of information or give a widespread right to be left alone or allow the individual to refuse to have their data processed, and is thus best seen as an 'access and rectification right' with associated bells and whistles (for example, the need to keep data secure). Where consent is required, refusal means that the individual cannot have a bank account, mobile phone, internet access, etc. and is thus perhaps a right in theory rather than one in practice. The hesitation to deal with privacy rights was not just something found in government the judiciary were unwilling to be drawn into these matters. In response to a 1961 attempt to create a UK privacy right, the Lord Chancellor- Viscount Kilmuir- suggested that judges would be unhappy adjudicating on privacy matters since they would be viewed as censors. 2 This is certainly not a position that today's judges would take as they award injunction after injunction, reporting the existence of which is also frequently injuncted. The criticism of the privacy academic towards this new world and the refusal of governments to move from data protection rights to full privacy rights can be read in the literature from the 1980s onwards: ever more strident calls for privacy rights to be formally enshrined in law, The US Fair Credit Reporting Act 1970 was such an access and rectification right. 'It would, no doubt, be possible for Parliament to leave it to the courts to decide in what circumstances a newspaper could successfully raise a defence of "public interest". Matters of public interest might be defined as "matters on which a reasonable man would consider himself entitled as a member of the public to be informed". The application ofthis definition would mean conferring on the courts a discretionary power so wide that it must, in effect, constitute them, in this field, virtual censors of the Press. My own view is that such a course is neither acceptable nor desirable.' Right of Privacy Bill [HL] Hansard Debate 15 June 1961 Vol. 232 cc289-99.

Downloaded by [University of California, San Diego] at 23:25 16 May 2017

xvi

Privacy in the Information Society

and an unwillingness from governments to accede to these demands. And, as we moved from databases of a few megabytes to ones of terabytes, petabytes and exabytes, the clamour for the protection of what is now being seen as a 'fundamental right' continues to rise. The more than 3,000 amendments proposed to the revision to the European data protection framework in 2013 gives an indication of the arguments over moving this framework to a more privacycentric approach, evidenced by, for example, the proposed Article 17 of the regulation giving a right to be forgotten and to erasure of data. Many of the arguments being made by privacy advocates, though, are often one sided and simplistic- the concept of privacy is not necessarily a goal which should be sought at all costs. There are many reasons why privacy should not be a trump card in a complex society which interacts in many ways (Leith, 2006). The arguments made against the right to be forgotten in the USA, Europe and the rest of the world are similar: freedom of expression through the US First Amendment, Article 19 of the Universal Declaration of Human Rights and Article 10 ECHR rights in Europe. 3 The social rights of the community to be able to discuss and be informed about other members of the community are surely just as important as the rights of any one individual. The right of governments to protect themselves from terrorism and companies to protect themselves from fraud, are important elements in making life safer and more efficient, too. This- rather wide-ranging- collection of essays has been brought together to focus on one element on the complex interaction of technology, commerce and the rights of the individual -that of the 'information society', and hopefully the reader will take a more balanced view of the debate after reading the various essays in this collection. The essays are an attempt to fit a reasonable spread of perspective within a relatively confined page limit. Without doubt there are many essays which could have been included here, but the essays chosen are certainly sufficiently representative to help the student of privacy develop a view of the field which puts privacy into the context oftoday's information society.

The Information Society: Built upon Personal Data The information society is an important context in which the privacy debate is being played out. By information society is meant a political and economic programme to develop tools, techniques and regulatory schemes which will enable the development of society through post-industrial changes as countries move from heavy manufacturing to more 'knowledgebased' economics where information rather than steel is the foundational unit. One of the earliest statements of the need for this was the Bangemann Report (Bangemann et al., 1994) from the mid-1990s, a period when digitization and the worldwide web was growing, and also a period when Europe was losing its industrial advantage to other countries. Bangemann and his group were adamant that only through using this new technology of ICT could wealth be generated within Europe. The idea was also developed through the World Summit on the Information Society in Tunis in 2005 where the need to overcome the digital divide between rich and developing countries was also asserted. We might say that the current economic and

See also General Comment No. 34: Article 19: Freedoms of opinion and expression, Human Rights Committee, I 02nd session, Geneva, 11-29 July 20 II.

Privacy in the Information Society

xvii

Downloaded by [University of California, San Diego] at 23:25 16 May 2017

political assumptions throughout the world proclaim that the information society is the only way forward for any society which wishes future wealth. What is this information society? It is based upon the idea that information technology can transform our world for the better, and offers a revolutionary way forward. As Bangemann's 1994 report argued: Throughout the world, information and communications technologies are generating a new industrial revolution already as significant and far-reaching as those of the past. It is a revolution based on information, itself the expression of human knowledge. Technological progress now enables us to process, store, retrieve and communicate information in whatever form it may take- oral, written or visual- unconstrained by distance, time and volume. This revolution adds huge new capacities to human intelligence and constitutes a resource which changes the way we work together and the way we live together.

The Western model ofthe information society incorporates a highly liberal underpinning where the market is seen to be the most effective way to develop the new information economy. In Europe this was due to an unhappiness with the older state supported industries and national protections which -it was argued- had caused Western societies to lose their technological advantage to the Far East. Bangemann was particularly sceptical of non-free market approaches but in the US, too, the success of private enterprise in developing technology (Microsoft, Apple, Intel, Cisco, etc.) did not lead to a demand for government to direct, support or control technological innovation. The information society model thus encourages private enterprise to get on with their task of building and making money from this new information economy. The role of government is to be an enabler for private enterprise by protecting intellectual property rights, encouraging secure systems, opening media and reducing national impacts which undermine the working of the internal market, encouraging competition, and 'urging' private enterprise to work together to provide common technical systems. Also, and important here, is the role of government in protecting privacy in this information society. In the less developed countries there is less commitment to the laissez-faire approach where that method is frequently viewed as laying open communities to economic rape by multinationals. Here, the concept of the information society is more about equality of access and overcoming the digital divide, but the market approach is still seen as important. In China, too, governmental desire to build an information society is strong despite perceived problems of information access by citizens (Zhang and Zheng, 2009). To all of these non-Western systems, the EU and US have been keen to export their own information society model, doing so through conferences, project support and various educative routes. 4 If this briefly describes the philosophy of the information society, it does not tell us what is the 'information' upon which the new society is based. Bangemann provided us with more detail of the kinds of areas in which the information society would make itself felt through a series of examples such as teleworking ('Companies (both large and SMEs) and public administrations will benefit from productivity gains, increased flexibility, cost savings. For the general public, pollution levels, traffic congestion and energy consumption will be reduced. For employees, more flexible working arrangements will be particularly beneficial for all those tied to the home, and for people in remote locations the narrowing of distances will http:/I egov. iist. unu. edu/down Ioad/EU-China-Information-Society-Final-Report. pdf.

Downloaded by [University of California, San Diego] at 23:25 16 May 2017

xviii

Privacy in the Information Society

help cohesion'), distance learning, 'electronic roads' (driver information, route guidance, fleet management, road pricing, etc.), a European air system, health care networks ('improvement in diagnosis through on-line access to European specialists, on-line reservation of analysis and hospital services by practitioners extended on European scale, transplant matching, etc.') and e-Gov. What is clear from this view of the information society and those which followed, is that digital participation is the basis of the information society, and that the citizen was being encouraged to partake as fully as possible. Health records were to go online, traffic data (for example, registration 10, location) were to be collected, as well as daily interactions with government and commercial companies. Thus the basic unit of the information society is personal data. Further, if data about the individual's interactions become easily available, whether by lawful or unlawful means, there must be a loss of control over that data by the individual. It is clear therefore that the information society project affects privacy in a very substantial way. The problem for the Western governments who wish to enable the information society is that they desire two goals which conflict. First, they wish to encourage the digitalization of the citizen so that the information society is stimulated. But, second, they have to consider the calls for protection of data and for privacy, which- if the most extreme calls being made by privacy advocates were implemented - could undermine the whole project by disabling access to the personal data upon which the system operates. If the citizen places sufficient importance upon privacy, then the information project will fail. Governments throughout the world have not yet discovered how to accommodate these two goals, and indeed- as the other collections in this series make clear- governments have often been the most active in making use of the easily availability of commercial information which describes the life of the citizen. Privacy Generally The essays in this part give a relatively non-legal introduction to issues surrounding privacywhat does privacy actually mean? How private can our lives be in this new commercial world? etc. The approach taken is to look beyond the narrow confines of law and legal thinking and to consider privacy as much as a techno-legal problem as a legal one. Ellen A. Rose (Chapter 1) gives us an excellent starting point to look at some of the complexities of privacy and personal data, which is particularly helpful since privacy is difficult to define and in the literature we typically find authors writing about different concepts of privacy with different assumptions about the nature of the social effect of that individuation of privacy. Rose's main interest is to test cross-nationally (between the US and New Zealand) which of two competing drives for privacy are more relevant. One of these is that proposed by Alan Westin and which emphasizes that it is the lack of personal control (autonomy) over data concerning oneself which drives the privacy concern. The other- from James Moor 5 - is that it is not so much control of the data which underpins concern, but rather that the data are not being properly cared for: that they are accessible to others who should not have access, for example. This latter drive accepts that control may be impossible in today's world, but access One can see the difficulty in expressing privacy philosophically by Moor's (1997) rather complex explanation of why it is an important framework for what he calls 'core values' of a society.

Downloaded by [University of California, San Diego] at 23:25 16 May 2017

Privacy in the Information Society

xix

restriction should be more robust. Rose reports on empirical work, and suggests that this latter model may be more accurate in the US and New Zealand. Why is this kind of work important? Because lawyers too frequently hark back to the 1890 Harvard Law Review essay of Warren and Brandeis, 6 and take a relatively simple view of what we mean by privacy ('the right to be left alone') when we should incorporate research from more diverse fields. Richard S. Murphy's approach (Chapter 2) is to investigate privacy as an economic concept, noting that often privacy is not really the goal of the individual when they wish to control information which is true, but rather an attempt to protect reputation. Murphy notes the traditional economic approach which says that if information flow is inhibited then costs rise due to 'inefficiency'. An alternative put forward by Murphy is that there are actually economic benefits to privacy (avoidance of expenditures on privacy protection and reputation by the individual, satisfaction of private preferences, etc.) and that privacy might be better viewed as a contractual relationship between parties, a situation which could lead to a more efficient economic relationship. Godwin J. Udo's essay (Chapter 3) relates a relatively early survey on user attitudes to online privacy. The findings generally agree with the large number of surveys which have been undertaken since that date, all of which indicate that users are concerned about privacy in the online commerce world and having clear policies in place about use of email, information about online shopping, etc. The reader might consider whether the current e-commerce environment indicates a changing situation with collectors of data being more responsive to these fears. Marc Langheinrich (Chapter 4) offers a computer scientist's view of 'ubiquitous systems' and the possible role of 'privacy by design' in their development. A ubiquitous system is one where the computer has moved from the office or the desktop to being an integrated part of everyday life- the mobile phone is a perfect example, where the user is usually unaware of just what information is being collected and transmitted and to where. We could say this is the ideal tool of the information society. The essay is interesting because it is directed to the developers of these systems- the technical innovators who perhaps see the new technologies which infringe privacy as being more interesting than those which protect privacy. Those hoping for a technical solution to privacy may be disappointed that Langheinrich does not appear very hopeful of such systems. Christopher Soghoian (Chapter 5) is another technical author who provides us with a perspective on how difficult it is to remain anonymous when searching. His starting point is AOL's release of data 'for research' in 2006 which they believed to have been anonymized, only to discover that it was indeed possible for researchers to determine who many of the individuals were who entered search terms into the AOL search engine. This essay raises the issue of unsuspecting user behaviour which can- in a brief moment, and without thinkingundermine attempts to keep their personal information private.

Data Protection and Commerce The EU prides itself on having an effective data protection regime which it considers to provide a fundamental and an ethical core to the information society. In this part we look more Perhaps the best critical analysis of the context for that essay is Barron ( 1979).

Downloaded by [University of California, San Diego] at 23:25 16 May 2017

XX

Privacy in the Information Society

closely at the regime itself with both critical and supportive essays and also essays which point to possible developments in the data protection system. Lucas Bergkamp's essay (Chapter 6) is a highly readable attack on the EU's data protection model when applied to consumer commerce. He suggests that rather than information in commercial transactions being a problem for consumers, it is to their advantage that information is collected on them because it leads to better services, cheaper prices, etc. In effect, rather than benefiting the consumer, data protection law encourages poorer services and products for the consumer. A contrasting argument is put by Ellen R. Foxman and Paula Kilcoyne (Chapter 7), which suggests that marketers should be more concerned with the ethical issues around the sale of information for the purposes of marketing. Their essay is an early one, where telemarketing (including autodialling) was the particular application where they considered privacy to be infringed. Since the early 1990s, though, the world has moved on and the selling of data about individuals (either to other companies or to government) is an enormously profitable business. Were they wrong to consider such usage unethical, or is the world a less ethical place today? Roger Brownsword (Chapter 8) offers a different approach to data protection using a more rights-oriented approach to defend the data protection system. Rights-based thinking is at a particularly high point in UK legal thinking, and indeed finds an echo in the European approach of seeing privacy as a 'fundamental right' .7 Consent is one of the (perhaps few?) means in which a consumer can affect the holding of data about them and many have suggested that strengthening the consent requirement could offer a way to protect the individual from unwanted processing. The original Data Protection Directive is around 20 years old yet is still the primary legislation for a Europe where the internet has become the major communicating tool and a location to where much commerce has moved. Critics as well as supporters of the Directive have argued for a long time that it needs rewriting, and in her essay Rebecca Wong (Chapter 9) looks at the various elements which are relevant to rewriting this to ensure a reasonable expectation of privacy for the online user. One of the techniques used in online commerce which was not available when the original Data Protection Directive was produced was the dynamic targeting of consumers through 'behavioural advertising' where what they have clicked on, or what they have searched for in the past enable software tools to decide what should now be presented on screen to them. Sophisticated analysis is possible which should help the consumer find useful products, but often annoys or makes them wonder how the system 'knows' of their interests. Joanna Penn's essay (Chapter I 0) provides a useful overview of the tools available to the advertiser and also the consumer harms which she sees arising from these. Her argument is that the most effective means of controlling these harms would be for regulators to provide guidelines to assert what is allowable (and useful to the consumer) and what should not be allowed. Stephen E. Fienberg's essay (Chapter II) looks to yet another technique of online commerce -the use of complex algorithms to 'mine data': that is, to search for relevant patterns which tie independent pieces of data together, even though these pieces may exist in very large Charter of Fundamental Rights of the European Union also General Comment No. 34: Article 19: Freedoms of opinion and expression, 2000. See Articles 7 (Respect for private and family life) and 8 (Protection of personal data).

Downloaded by [University of California, San Diego] at 23:25 16 May 2017

Privacy in the Information Society

xxi

databases or a number of databases. The technique is particularly effective when large commercial concerns have multiple types of database - for example, online purchasing of groceries, insurance, mobile phone networks, and have gained the consent of their customers to these data being processed in this way (usually, the details of just what the processing is are not given to the consumer). Fienberg points to the usage of this commercially collected information by the security forces or through security breaches. Fienberg uses statistical techniques to suggest that while there have been attempts to reduce ease of external access through 'sliding scales of identifiability' these do not produce the results their proponents suggest and databases remain a privacy liability. Damon Greer's essay (Chapter 12) argues that the safe harbour system which was introduced to enable European sourced data to be stored and processed in countries which do not have a European-style data protection regime, works reasonably effectively. Given the criticisms of the system -which Greer responds to- a defence might seem difficult, but to Greer the system has raised the issue of data protection in the US (and this is the most important 'safe harbour' given the importance of the US online presence) and encouraged US companies to think more seriously about the need to safeguard personal data. The EU has, of course, long felt that the world would be a better place if its data protection regime could be exported, so Greer's view may be welcomed by some. Gehan Gunasekara (Chapter 13) takes a less optimistic view in his analysis of the protection of information which is passed from one nation state to another- a situation which is becoming more and more typical as globalization of commerce encourages data transmission for a variety of reasons. The difficulties of having 'reasonableness tests' in cross-border processing where different processing cultures exist (as well as different surveillance rules with regard to security services and non-citizen data) is raised, and the difficulty of applying local rules to non-local companies who process data about local individuals- a common occurrence on the internet. The failings of the current system could, she suggests, be met by a more contractual approach which was included in a 'fourth generation' protection system. Molly Jennings' essay (Chapter 14) discusses the possibilities of having a 'do not track' option available to online consumers which would give the user an escape from behavioural advertising or the use of unseen software which recorded and communicated the consumer's online activities. Rather than simply block tracking, Jennings argues that a more nuanced approach could be achieved by enabling the consumer to accept some tracking but reject other forms. This approach, Jennings suggests, is central to one recent US attempt to legislate control of online commercial use of personal data. Biometrics

The traditional password and user name is awkward and ineffective (partly because users keep the same passwords for many years) and there is need for better forms of enabling access to, for example, ubiquitous computing devices. Biometrics thus offer the information society project a more effective means of control - retinal scanning, fingerprint recognition, etc. While technically these systems are not yet perfect, they will certainly be used more widely in future. However, there are also other areas where it is not for the consumers' need that the technology is planned: rather it is a means of security for access to government systems,

Downloaded by [University of California, San Diego] at 23:25 16 May 2017

xxii

Privacy in the Information Society

school attendance recording, etc. What are the privacy implications ofthis new kind of access control technology? John D. Woodward (Chapter 15) considers the arguments for and against the use of biometrics as a method of access control in an early essay on the topic. He considers a variety of applications - immigration checks, fraud detection in welfare and licensing - which demonstrates why any eGov programme would be delighted to have a successful technology available. But the possibilities of the technology go beyond external aspects of the body to considering DNA as a suitable mechanism for assessing the validity of the user. Woodward argues that despite these potential problems, there is the possibility that biometrics could provide better safe keeping of an individual's privacy than any of the non-biometric methods. Marek Rejman-Greene (Chapter 16) is relatively pro-biometrics as an authentication method and his essay provides a readable overview of the various principles of data protection in Europe and why biometrics might conflict with these. He reports that even as late as 2005, developers were designing biometric systems without consideration of the privacy needs of end users. Technological determinism- that is the assumption that technology controls what the world becomes, rather than technology is controlled itself- underpins many of the arguments in privacy. Irma van der Ploeg's essay (Chapter 17) looks to the social context of the technology and the manner in which that technology is described to demonstrate the differing views possible, and how political needs can often affect the way that the technology is described and sold to users. Having read van der Ploeg, the reader is encouraged to analyse the argument of Colin Soutar (Chapter I 8), which notes that the way in which biometrics is described is important 'for public perception'. Thus concentrating upon identification of the individual from biometrics is a less attractive way to sell biometrics to potential users than concentrating upon the authentication role which biometrics also performs. Likewise, Jan Grijpink's early essay (Chapter I 9) presents a way of looking at biometric technology where the way the technology is described means it does not necessarily overturn the Iega! requirements of data protection - 'no new ru Ies or measures are needed for anonymous biometrics as such' (p. 340).

The Cloud 'The cloud'- virtual storage space available to users which promises to look after their data, back them up, make them available as required to the user wherever they be - is a highly attractive option in a world where in-house computing expertise is expensive and workers work from office, home or wherever. Little wonder that it is viewed by many as a solution for a very real problem of the information society- the need to store, secure and access data and materials from multiple locations as required. In this part we look to the technology and what the privacy implications might be of a technology which encourages the user to leave their most private communications on a server, the location or administration of they know little about. Vassilka Tchifilionova's essay (Chapter 20) serves as a useful introduction to the technical and legal issues surrounding the cloud and emphasizes that there is a 'depth' to the cloud

Downloaded by [University of California, San Diego] at 23:25 16 May 2017

Privacy in the Information Society

xxiii

which requires those businesses utilizing it to consider before embarking upon off-site storage and processing. Dan Svantesson and Roger Clarke (Chapter 21) provide an introduction to the legal aspects which the user of a cloud-based system should concern themselves with, using Google Docs as an example. Such aspects cover privacy, contract and the extraterritorial application of the law of another state. M. Taylor, J. Haggerty, D. Gresty and R. Hegarty (Chapter 22) provide an indication of the potential for the unwanted enhancing of privacy during evidence collecting procedures. Typically, access to data by police services (or even in civil actions in the UK with Norwich Pharmacal orders 8) is relatively easy when there is evidence of crime. In a cloud environment though, where is the evidence? What legal regime enables access by policing authorities? Is the cloud a means of enhancing the privacy of those undertaking unlawful activities? Paul Lanois (Chapter 23) uses a discussion of cookies which are stored on a user's machine to highlight the utility of these, their privacy impact and how- when moving onto the cloudsuch problems can potentially increase because the user is unaware of just what is happening to the cloud-based information and no longer has the availability of browser settings to control what is happening to their personal information.

Geo-Location It is difficult to imagine how the world managed before phone-enabled maps, Google Streetview and the various other systems which help the user to find their way around their physical environment. But, of course, while the user extracts information from these services, the services extract data from the user about their location without the user's knowledge (though probably with their consent). Further, the collection of data which these services require - Streetview in particular - often leads to accusations that the privacy of others is being incessantly undermined. In this part we look at some of the problems. Lindsey A. Strachan (Chapter 24) investigates the litigation over Google's Streetview and accuses Google of building a Big-Brother like world 'whereby people would no longer feel comfortable driving to work, walking outside, sitting on their porches, etc.' (p. 411 ). Strachan's view of privacy is very much based on that of Warren and Brandeis and, indeed, demands extension to tort law in just the way they did. The topic of Dan Jerker B. Svantesson (Chapter 25) is totally different: does using geolocation to ensure that tax is correctly paid mean that there is no possibility of purchasing 'in private'? Online retailers operate in a complex world where there are differing tax schemes in various national states. How can they know which is the correct scheme to apply? Svantesson looks to the advantages and problems in utilizing geo-location and suggests that geography can very much be applied to online commerce, even though it undermines the notion of the internet as a location of anonymity standing apart from the nation state. The location field is everywhere in web-based services- a box where the user is supposed to input their town or city. Brent Hecht, Lichan Hong, Bongwon Suh and Ed H. Chi's essay (Chapter 26) reports on their research into whether these locations are actually valid (many Norwich Pharmacal Company & Ors v. Customs and Excise [1973] UKHL 6, at: www.bailii. org/uk/cases/UKHL/1973/6.html.

xxiv

Privacy in the Information Society

are not, involving 'impish' behaviour) and, even if not, whether it is possible to determine a reasonable geographic location using tools such as geocoders which enable reasonably precise location data to be constructed from information in tweets and other publicly available postings.

Downloaded by [University of California, San Diego] at 23:25 16 May 2017

Social Networks The proposition that privacy is something we all want and are willing to invest substantial effort in achieving has come in for something of a battering through the popularity of social networking sites. Here, rather than hide one's most private moments, some users brazenly exhibit images of drunken moments and detail intimate facts about themselves. One of the major problems for legislators and also Information Commissioners is just how to fit this new form of social display with the classic notion that the user has to be protected from BigBrother type data collection. Amanda Lenhart and Mary Madden (Chapter 27) show us that, rather than interacting in an unwitting way with social networking sites, teenagers are often more sophisticated in their privacy management tactics. They report on a 2006 survey of teenagers which outlines the various ways in which the users try to protect their privacy, and also note a surprisingly high percentage (7 per cent) of all online teens who have felt scared or uncomfortable after online contact from a stranger. We reprint only the summary of findings, but the whole report is well worth study, comparing it to later surveys to see whether attitudes have changed. Patricia G. Lange (Chapter 28) looks at the use of visual representations on You Tube by young people. She notes that there is frequently a very nuanced and knowing use of the privacy implications of online video, though sometimes a failure to pick up on all aspects (for example, a Jewish boy in front of a Nazi symbol when the wider audience would not know his religion). Leigh A. Clark and Sherry J. Roberts (Chapter 29) are concerned about the use of social networking sites as a means of assessing employee behaviour, particularly when considering job applicants. The applicants who are not interviewed are, of course, rarely informed that they were pre-screened. Clark and Roberts are clear in their view that employers are being socially irresponsible in using this form of research. Bruce L. Mann (Chapter 30) takes a different view to that of the many who see the service provider for social networks as the agent upon whom liability should be laid. He notes the errant social communications which appear and suggests that although the service provider has some responsibility through their one-sided licence regimes (whose 'consequence amounts to a clickwrap license that constitutes permission to release personal data to third parties' (p. 497)), the ultimate liability has to be with the individual themselves(' [t]he position taken here therefore, is that any person ... should be under a duty to take reasonable steps to protect their own personal data from being viewed, re-used, or sold, article 10 ECHR notwithstanding' (p. 498)) and that education and information should encourage this.

Health Care The information society will intrude into many aspects of the individual's life as it seeks to provide better services for both the individual and the community. As an example of this

Downloaded by [University of California, San Diego] at 23:25 16 May 2017

Privacy in the Information Society

XXV

intrusion we have chosen one topic which might be viewed as particularly sensitive with regard to the individual and private- that of medical information about the individual. Simon Chapman, Kim McLeod, Melanie Wakefield and Simon Holding (Chapter 31) report on the media's use of medical information which concerns celebrities and what impact this might have on public health. The essay describes the 'Kylie effect' as news of diagnosis of Kylie Minogue's breast cancer was handled by the news and other media. Media, of course, are some of the most prolific users of information on individuals - particularly celebrities - and the view taken is that usually such usage is either self-serving for the celebrity or an invasion of that celebrity's privacy. Here, we see something more subtle as health information both increases sales and changes public attitudes to health. Thomas C. Rindfleisch's early essay (Chapter 32) introduces the problems inherent in patient database systems. These systems are viewed as essential and inevitable for health care- both to serve the individual better, but also through data mining processes to improve understanding and care across a population. The reader should consider whether the systems built to date have dealt with the concerns which Rindfleisch raised. Jon F. Merz, Glenn E. McGee and Pamela Sankar (Chapter 33) discuss ethical issues around Iceland's genetic database. This was a public health inspired project to collect genetic descriptions on all of Iceland's population so that it could be used as a means of furthering health research. Supported by the government with legislation, the database was exclusively licensed to a commercial firm. The authors raise the ethical concerns which arise around the commercial nature - rather than governmental - of the goals of the project. While the collection of data is simple the privacy implications of having sensitive personal information as a commercial resource is further heightened by the firm's bankruptcy and resale of the intellectual property in the database. Our final essay (Chapter 34) brings together geo-location and heath in Gerard Rushton, Marc P. Armstrong, Josephine Gittler, Barry R. Greene, Claire E. Pavlik, Michele M. West and Dale L. Zimmerman's discussion of cancer data. Cancer registries are very important tools in assessing what might cause cancers and also how they may be treated. Cancer registries require collecting detailed personal information and also a high degree of accuracy in the information collected. The authors, as many others in the field do, note the huge benefit from such tools but also the potential impact upon privacy as more and more information is collected and becomes accessible either lawfully or unlawfully.

Conclusion The 'big question' around the information society is whether we are entering a world with different assumptions and mentalities -will, as part of this, there be a different expectation of privacy ('get over it, there's no more privacy') or will privacy become more and more important to the individual? Communication theorists have argued over this for decades, with arguments being made that technology to a very large extent defines the nature of the world. Writing, some have said, changed the ancient oral culture to one where memory became less important; printing changed the manuscript culture to one where repeatability (manuscript copies were rarely identical to their original) gave a notion of concreteness to the world. What will electronic culture do to our mentalities as the imperative to collect and process information about the individual becomes ever more important to the success of business and

xxvi

Privacy in the Information Society

government? Hopefully this collection of essays will help the student to think about privacy and collection of and access to information in a measured manner.

Downloaded by [University of California, San Diego] at 23:25 16 May 2017

References Bangemann, Martin et al. (1994), 'Report on Europe and the Global Information Society: Recommendations of the High-Level Group on the Information Society to the Corfu European Council', Bulletin of the European Union, Supplement No. 2/94. Barron, James H. (1979), 'Demystifying a Landmark Citation', Suffolk University Law Review, 13, pp. 875-922. Leith, P. (2006), 'The Socio-Legal Context of Privacy', International Journal of Law in Context, 2, pp. 105-36. Moor, J.H. (1997), 'Towards a Theory of Privacy in the Information Age', Computers & Society, 27, pp. 27-32. Warren, S.D. and Brandeis, L.D. (1890), 'The Right to Privacy', Harvard Law Review, 4, pp. 193-220. Zhang, X. and Zheng, Y. (2009), Chinas Information and Communications Technology Revolution: Social Changes and State Responses, Abingdon: Taylor & Francis.

Downloaded by [University of California, San Diego] at 23:25 16 May 2017

Part I Privacy Generally

Downloaded by [University of California, San Diego] at 23:25 16 May 2017

Downloaded by [University of California, San Diego] at 23:25 16 May 2017

[1] An examination of the concern for information privacy in the New Zealand regulatory context Ellen A. Rose * Institute

r~f

Tnformation and Mathematical Sciences, Massey

Universit)~

Auckland 1310, Ne1v Zealand

Received 5 March 2004; received in revised form 23 April 2005; accepted 22 August 2005 Available online 5 October 2005

Abstract This study used confirmatory factor analysis on responses from a random sample of 459 New Zealanders to examine the theoretical basis of the concern for information privacy. The results were interpreted using two competing theories to explain ditferences found in the structural model of the construct when testing it with a non-US sample. Differences between US and New Zealand privacy protection approaches reflected cross-national ditferences in privacy concerns. The findings should contribute to our understanding of cross-national information privacy concerns and have implications for policy instrument choices. KeJwords: Concern for information privacy; Data protection models; Information privacy theory; Stmctural equation modeling

1. Introduction Increased consumer concerns about organizational practices in the collection and management of personal data have resulted from several. Firstly, advances in information technology (IT) have produced efficiencies that have increased the value of personal information as a commodity for exchange [22]. Secondly, globalization has increased the need for cross-border data flows leading to concerns about different levels of protection and safeguards. Thirdly, legislation to improve privacy protection has often been enacted in reaction to surveys of consumer concern but has later been followed by legislation to decrease privacy in reaction to catastrophic events, such as the 9/11 terrorist attack. Finally, an increase in the exchange of information between public and private organizations [ 17] and the

* Tel.:

+64 9 414 0800x9264; fax: +64 9 441 8181. E-mail address: e.a.rose@ma~~ey.ac.nL.

availability of new surveillance capabilities has contributed to consumer fears of misuse. The ease of collecting and accessing information over global networks has made information privacy concern an international issue, complicated by the variability in the way it is defined and protected by laws and policies across countries [5, 15,23,39]. The purpose of my study was to examine the CFIP construct using a non-US sample to determine whether empirical evidence could be found to support Westin's control theory of privacy, upon which the construct is based. If a lack of individual control over one's information is not the only plausible explanation underlying privacy concerns, individual procedural controls for fair information practice (FJP), such as choice and consent, may be necessary but insufficient ways to justify and manage privacy. Different policy instruments (such as law, privacy-enhancing technologies, international agreements, administrative regulation, and organizational policies) are used in different countries. Different conceptualizations of the dynamic

4

Privacy in the Information

Socie~v

E.A. Rose/Infonnalion & Managemenl 43 (2006) 322-335

associations between individuals, public and private organizations, and IT are reflected in the current variety of approaches [2]. Cross-national and cultural differences in the way that privacy is defined may also reflect different underlying explanations for information privacy concern.

Downloaded by [University of California, San Diego] at 23:25 16 May 2017

2. Related work, theoretical framework, and hypotheses 2.1. CFIP as a multi-dimensional concept A 15-item instrument, hereafter referred to as the CFIP instrument was developed by Smith et al. in Ref. [37] as a way of measuring the multi-dimensional nature of consumer concern for information privacy (CFIP). The CFIP instrument was based on an extensive review of the privacy literature and the use of rigorous procedures to test its validity and reliability using samples of US graduate students. The CFIP instrument was designed to measure levels of consumer concern about organizational information privacy practices with respect to the four first-order factors or dimensions of CFIP shown in Table I. Concerns about organizational practice, such as collection, errors, secondary use, and unauthorized access to personal information, represent aspects of consumer concern in terms of losing the ability to control the collection, handling, and use of personal information. The fair information practices (FIPS) displayed here are the five principles adopted by the US Federal Trade Commission: notice, choice, security, access, and enforcement. They are common to all major international codes. Despite the recognition of FIPS in US laws and organizational policies, consumer privacy concerns remain high, as evidenced by recent Harris Interactive polls [19-21] and the Federal Trade Commission studies [13,14]. Similarly, in NZ complaints to the Privacy Commissioner rose 10% in 2001 from the previous year. The largest categories of complaints were in gaining access to personal information held by others (29.6%) and concerns over unauthorized disclosure (29.3%) [36]. Privacy concerns reported in NZ surveys were higher when the Internet was involved (e.g. 86% concerned or very concerned) but lower (e.g. 47% concerned or very concerned) when other issues, such as health care, the environment, and crime, were simultaneously considered. The 47% represented a drop from 68% concerned or very concerned in the 1994 Brian Steel Survey (cited in Ref. [42]). Two recent international studies [26,27] using the CFIP instrument found that consumers in countries with

323

moderate regulatory models (e.g. US and New Zealand) had greater privacy concerns than consumers in countries with either no regulation or very high regulation. Levels of concern were not significantly different between countries with moderate regulatory models. It was assumed that high regulation resulted in fewer privacy violations, leading to fewer incidents reported in the media and lower concern or else that in countries with low concern, there was little pressure by the public or advocacy groups. Both studies used relatively small per country samples (n = 706 spread over 30 countries; n = 595 spread over 20 countries). All participants belonged to the IS Audit and Control Association (ISACA), resulting in a sample biased towards employed males with higher levels of education. CFIP was represented as a reflective second-order factor, underlying the four CFIP dimensions in the findings of a recent study of US consumers (biased towards the more educated and affluent) [38]. This factor was interpreted as the common aspect of an individual's concern about losing control over his or her private information underlying concerns specific to each dimension. This interpretation was based on the "control theory" of privacy attributed to Westin [44], whose 1967 definition stated: "Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information ahout them is communicated to others" (as opposed to the statement of Brandeis and Warren quoting Judge Cooley in 1890 that privacy was the right "to be let alone"). This definition reflects the individualist cultural model that prevails in North America [24]. Control is not separated from privacy in Westin's definition. The privacy as a control viewpoint has been widely used in recent studies, including [10,31]. Based on the control theory of privacy, I expected support for the following hypothesis:

Hypothesis Hla. Consumer concern for information privacy can be separated into concerns about unauthorized access, errors, secondary use, and collection where a common concern about loss of control underlies the distinct concerns. This control theory has been criticized as confusing privacy with autonomy. Practically, it is impossible in today' s world to have total control over personal information once it has been collected and dispersed [40]. A more recent, alternative view [28] is Moor's "control/ restricted access" theory. This separates the concept of privacy from the concept of control, stating that it is possible to have privacy without control and

Concem that information i~ collected from individuals for one purpose but is used for another_ secondary purpose (internally or shared with external third parties) without authorization from the individuals

Concern that protections against deliberate and accidental errors in data are inadequate

Concern that data about individuals are readily available to people not properly authorized to view or work with these data

Unauthorized secondary use

Errors

Unauthorized access

per~onal

Concem that extensive amount~ or personally identifiable data are being collected and stored in databases

Notice of infonnation practices should be given before collection occurs

users and gathering of too much information without consent from the data subject

~uhjects

due to inadequate re~trictions (technical or legal) on access

Disclosure of information about data

Data subjects may be portrayed in a false light due to errors in information held by data users

per~onal

and uses

information by data users for other intemal and extemal u~es without permission from the data subject

u~er~

or legislation; remedies i r hann is established

Enforcemenllredress-self-regulation

Securily as a responsibility of data user~ in protecting data from unauthorized access

data users to maintain data integrity

Enforcement/redress Privacy Commissioner; threshold test to estahli~h hann

re~pomihilitie~ or data user~ wrt disclosure of personal data

Principles 5 and 11: Deal with

take to emure integrity

Access to correct error~ Securily as a responsibility of

the data subject access to make corrections and data u~er responsibilities for data integrity

Nolice of steps data users will

with notice/choice in terms of u~e or personal data by both private and public organizations and protection of the data after it is collected

Principles 9. 10, and 12: Deal

Principles 1--4: Deal with the purpose of collection, source of data, notice/choice for data subject, and manner or the collection

NZ Privacy Act of 1993 l35j

Principles 6-8: Deal with allowing

Security a~ a re~ponsihility or data users in protecting data from unauthoriLed use~

and users

Choice in deciding which uses

Notice of potential data

Appropriation of per~onal

subject~ ~hould he given optiom about intemal/extemal secondary use

Choice or consent means data

Fair information practices ll3j

US Privacy Torts l33j

Intrusive use of technology by data

FIPS and the NZ Privacy Act

Collection

Tort~,

Definition in Ref. l37j

CFlP dimension

Table I Relating the four dimemiom of CFIP to US Privacy

Downloaded by [University of California, San Diego] at 23:25 16 May 2017

~

2.

L t:

w

::::;

~

w a

~

lt

8

is:

Po

~

c·

~

"'~ ~ "'"'c·

t">1

~

w

~

v,

;::,. "' '2"

Cl

VJ

5· ;:,

~~

Cl

s. "'....., S,

;:;·

"
The ensuing controversy results in litigation,·' amending Canadian legislation" and a comprehensive investigation by the British Columbia Office of the Information and Privacy Commissioner.'; 1 Several watch lists exist including. in the United States, that of the Office of Fore-ign Assets Control (available at: http:/ /www.treasury.goY/ofGces/enforcement/ofac/sdn/tllsdn.pdf) as 'ivell as a United Nations list. 2 For an account of this incident see the H't>PkPnd Ht>-rald, Saturday-Sunday, October 23-24 2004, Al6. ~',This is discussed further below. 4 British Columbia Go''(lf'n11nmt & ,)'proict> EmjJ!oyn~s' Union (/Jffitionn) o Tht> i1iinister r4"Hnllth Sn-oict>s and The Aledical ,")'eroi(e~ Cmmni.)siou (Jt.)jJOndenls) B.C.S.C., Victoria registry No. 04-0879. 'Freedom of Information and Protection of Privacy Amendment Act, 2004, S.B.C. 2004, c.64. (,Information & Privacy Commissioner for British Columbia 'Privacy and the lTSA Pattiot Act: Implications for British Columbia Public Sector Outsourcing', (British Columbia, 2004). Available at: http:/ I

www.oipcbc.org/sector_public/usa_patriot_act/pdf~/report/privacy-final.pdf.

363

Privacy in the Information Society

Downloaded by [University of California, San Diego] at 23:25 16 May 2017

(~EIL\1'\

{;lT:-rASEKAR-\

The final example concerns the electronic transfer, by airlines flying to and from the United States, of so-called 'Passenger Name Record' (PNR) data 7 to the United States Department of Homeland Security Bureau of Customs and Border Protection (CBP). Following the terror attacks of September 11, 2001, this requirement has been imposed by the US authorities. However the requirement on airlines to hand over infonnation collected for one purpose (providing a service) for another purpose (data-mining for security-related purposes and for combating terrorism) contravened the strict privacy rules contained in European Union legislation (hereafter the 'Privacy Directive') 8 thereby placing the airlines in something of a dilemma. In May, 2004 the European Commission ruled that privacy undertakings given by the CBP were 'adequate' thus allowing for the transfer of the data. However this decision was challenged and on May 30, 2006 the European Court ofJustice ruled that the transfer ofPNR data to CBP constitutes processing operations concerning public security and the activities of the State in areas of the criminal law, matters outside the ambit of the Privacy Directive in the first place. The Commission was therefore not empowered to grant an 'adequacy' exemption from the requirements of the Privacy DirectiveY At the time of writing this impasse has yet to be resolved. There are common threads running through the foregoing illustrations. An obvious one is that they all relate to security and counter-terrorist measures but this is purely co-incidental. To be sure, the encroachment of security imperatives into areas traditionally regarded as private and personal to indi'.'iduals represents a challenge for privacy values and is one focus for discussion in this article. The real lesson contained in the examples, however, is more mundane. It is that in an increasingly globalized world, where the market for goods and services spans national borders, national safeguards and regimes for the protection of personal data or information about individuals is of little value as technology allows the information to be whisked out of the jurisdiction at the proverbial click of a mouse. The discussion below examines the challeng·e posed by these developments against the various jurisdictional responses to them. It will be seen that, despite significant convergence in global information privacy norms, the difficulties resulting from trans-border data flows represents a further concern insufficiently dealt with by existing privacy norms. This may necessitate a new, 7 The PNR data clements include the 'PNR record locator code,' date of reservation, name, address, all forms of payment information, contact telephone numbers, travel agency, travel status of the passenger, e-mail address, general remarks, scat number, no-show history and any collected APIS (1\dvanced Passenger Information System) Information. :'< Dircctiyc 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the Protection of Individuals 'With regard to the Processing of Personal Data and on the Free Movement of Such DaL-'1; this dire-ctive is discussed furthe-r below. ~' Eumprrm Parlimnrnt 1' Counr'il r~lthr Eumjmm lTnion, ECJ, C-317/04 & C-318/04, 30 May 2006.

364

221

Privacy in the Information

222

Downloaded by [University of California, San Diego] at 23:25 16 May 2017

TilE ''Fil\AL,.

Socie~v

I'RIVALYFRO~TIER.t REbl-L\TI~G TR-\~S-DORDERDATA

FLO\YS

Fourth Generation, of Data Protection Principles. If so the result would be ironic as the original impetus for uniform data protection standards was to alleviate concerns by business and governments that differences among national laws might hamper the free flow of personal data across borders and hinder economic development. 10 Acceptance that a new set of criteria are needed would represent an acknowledgement of at least a partial failure of this objective. Whether a new set of principles, addressing the flow of personal information across borders, will amount to the 'final' step, in creating a global privacy framework, only time will tell. However some solutions are tentatively suggested in this article.

2 The Evolution of Global Information Privacy Norms The recognition of privacy as a concept worthy of distinct treatment by law is a relatively recent development and elates back to a seminal article by two Harvard academics at the end of the nineteenth century.I 1 The likely impulse for this essay was the perceived danger of the technology of the day, cameras and mass-circulation newspapers. The twentieth century saw the extensive development of several distinct torts of privacy in the United States 12 and the tort has continued to be modified and adopted in different ways in other common law jurisdictions including the United Kingclom 13 and New Zealand. 11 In more recent times fresh privacy concerns again arose as a result of technological developments, notably the spectacular growth of automatic data processing made possible by the computer revolution. '1\Thile their use was at first limited to large government agencies for purposes such as policing, taxation and social security1' large private sector firms rapidly followed suit and the continued evolution of computers, telecommunications networks and eventually the internet meant that unprecedented amounts of information about individuals (personal data or personal information) could be collected, stored and transmitted by even the smallest of private-sector firms with relative ease. In addition, the ability to 'profile' individuals' behaviour, purchasing patterns and creditworthiness led

10 Se-e for e-xample the- OECD, Guidelines on the Protection r!f'Privac)' and ?faroborder Nows r~f'Pn:sonal Data, 1980. clause 17. 11 SD \~rarrcn and LD Brandeis 'The Right to Privacy' (1890) 4 Harv I.R 193. 12 RPstatemPnf r~fthe Latt' o{Tort~, 2d (American Law institute: 1965-79) S 652A-F. 13 Through application of the existing rcmcd} of Breach of Confidence although influenced heavily by the Human Rights Act 1998 (UK) ·which implemented the European Convention on Human Rights see Camphdl ,, ,VJGN Ud [2004] 2 AC 457 (HL). 11 Jiosking7>Runting[2005]1 NZLR1 (Cc\). 1 ·' Early concern in New Zealand over privacy led to the enactment of the \.·ranganui Computer Centre j_\ct 1976 which for the first time contained provi5ions safeguarding personal privacy of citizens.

365

Downloaded by [University of California, San Diego] at 23:25 16 May 2017

Privacy in the Information Society

to fears as to the arrival, by stealth, of the ultimate surveillance society. Big Brother may not necessarily be the State or Government apparatus but may indeed exist all the same in terms of an indi"idual's ability to control what information is known about them and by whom. The counterpart to data matching by government agencies (for example between taxation authorities and social welfare or immigration) is the very real possibility of the exchange or sale of data between companies. For instance a health insurance pro"ider may find a potential customer's dietary preferences (easily obtainable from supermarkets through the use ofloyalty cards and the like) of value in order to 'customize' the level of risk and premium to that customer. In an age of consumer credit the 'credit-worthiness' of individuals and their consumer preferences are also ob"ious targets for business to exploit. Commentators have long ago observed that we live in an information age and that personal information clearly is ofvalue. 1G The economic importance of an increasingly affluent global middle class was evident. The issue, however, was the type of regime which should govern the collection and disposal of information about these individuals. The response to these trends originated in the more advanced economies of the West. From the early 1970s onwards countries such as Sweden, France and Germany enacted legislation which applied to both the public and private sectors. One of the earliest privacy statutes was the United States Privacy Act of 19741i which remains in force. This statute only applies to personal information about citizens held by the federal government however. To harmonise standards and prevent the free flow of information between the advanced economies the Organisation for Economic Cooperation and Development (OECD) developed, in 1980, a set of principles known as the Guidelines on the Protection of Privacy and Trans-border Flows of Personal Data. 1H The legislation and the OECD Guidelines contained common elements. The 'rules' they set out were open-ended and structured in the form of guidelines or principles. Ultimately they carne to be known as 'fair information practices' or 'data/privacy protection principles.' The principles themselves are astonishingly uniform. A typical example is the ten privacy principles contained in Canada's federal privacy law, the Personal Information Protection and Electronic Documents Act (PIPEDA) . 1D These have been summarised as:

l. ilccountability. Organizations are accountable for the protection of personal information under their control.

Hi Sec for example Anne \,\'ells Branscomb, H1to Owns Information? Hom Jnir}(u:y to Jmbli( acce'>~ (Basic Books, New York, 1994). 17 5llSC S 552(a) (1988). 18 Available at: www.oecd.org. 10 Personal Information Protection and Electronic Docurncnts Act, S.C. 2000, c.5.

366

223

Privacy in the Information

224

Downloaded by [University of California, San Diego] at 23:25 16 May 2017

TilE ''Fil\AL,.

Socie~v

I'RIVALYFRO~TIER.t REbl-L\TI~G TR-\~S-DORDERDATA

FLO\YS

2. Identifying purposes. The purposes for which the personal information is being collected must be identified during or prior to the collection. 3. Consent. Information must be collected with the knowledge and consent of the individual and for a reasonable purpose. 4. Limiting collection. The collection of personal information is to be limited to what is necessary for the identified purposes and must be collected by fair and lawful means. 5. Limiting use, disclosure and retention. Information can only be used and disclosed for the purpose for which it is collected and be retained only as long as it is necessary to fulfil the purpose. 6. Accuracy. Information must be as accurate, complete and up-todate as possible. 7. Safeguards. Information must be protected by adequate safeguards. 8. Openness. Information about an organization's privacy policies and practice is to be readily available. 9. individual access. Information must be accessible for review and correction by the individual whose personal information it is. 10. Challenging compliance. Organizations are to provide means to an individual to challenge an organization's compliance with the above principles. 20 Jennifer Stoddart, the Privacy Commissioner of Canada has succinctly explained the effect of the principles: People should be told what information is being collected about them, by whom, for what purposes; they should be told what is being done with it and who it is being disclosed to; they should be able to control the collection, use and disclosure of the information through the power of granting or withholding consent; the information should be securely held and treated as confidential; people should have a right of access to their information, and a right to correct it where necessary. 21 Similar principles are contained in the privacy legislation of several other jurisdictions, for example the twelve Information Privacy Principles in New Zealand 22 and the ten National Privacy Principles in Australia. 2 :3

20

Above n 6, at p 38.

Privacv Commissioner of Canada. 'Annual Report to Parliament 2003-2004' (available at: http:/ I vvvvw. privcom. gc. ca/ information I ar/ 200304/ 200~~04_e.asp) . ~2 Privacy Act, 1993, s 6. Privaq Amendment (Priyate Sector) Act 2000 (C'th, Aust). ~1

367

Downloaded by [University of California, San Diego] at 23:25 16 May 2017

Privacy in the Information Society

The Privacy Directive of the European Union was itself the impetus for many of these, including the Australian enactments. The laws pertaining to information privacy therefore share common characteristics. To usc a biological metaphor; they possess the same DNA. If one were to extend the metaphor further, however, the most advanced evolutionary form of data privacy regime is that of the European Union. Although a consensus may exist as to the content of the information privacy principles themselves the same cannot be said about their implementation. A majority ofjurisdictions have followed the European approach in creating a 'seamless' web of protection spanning both private and government spheres, thus recognising that information can easily be transmitted between sectors and the reality that private/public distinctions are virtually impossible to maintain in an age of outsourcing and contracting out of public services. New Zealand, 21 Australia 25 and Hong Kong26 have also followed this approach as, most recently, hasJapan. 27 In the United States, on the other hand, information privacy law has developed differently. Despite privacy rules being adopted at an early stage for the Federal Government similar provisions have not been developed spanning the private sector. Instead a number of ad-hoc measures have been enacted, often in response to egregious violations, 2R sector by sector. These include the Family Education Rights and Privacy Act 1974 (relating to student records), the Right to Financial Privacy Act 1978 (relating to bank records), the Fair Credit Reporting Act 1970 (relating to credit reporting), the Children's Online Privacy Protection Act (COPPA) 1998, the Health Insurance Portability and Accountability Act 1996 and the Driver's Privacy Protection Act 1994. This patchwork scheme of protection is well short of the degree of privacy protections existing in jurisdictions that have followed the European approach, an approach which due to its seamless nature minimises the opportunities for information to fall into the gaps between diverse regulatory provisions. Privacy experts generally agree that in the United States, the gathe1ing, sharing, selling and use of personal and consumer information is largely unregulated outside the health care and banking sectors. 29 In addition, a major weakness in the Cnited States approach is the absence of a federal Data Protection Office or Commissioner to investigate complaints by individuals and to promote information privacy values.

21

Privacy Act 1993.

~ 5 Privacy Act 1988 (as amended) (C'th, Aust). 21

Personal Data (Priyacy) Ordinance 1996. Personal Information Protection Act (La\v No. 57 of2003).

28

For example the \Ideo Privacy Protection Act 1988 vvas enacted by Congress as a result of the- release

26

ofJudge Robert Bork's video rental records during his failed Supreme Court nomination. 20 Above n 6, at p 51.

368

225

Privacy in the Information

226

Socie~v

Downloaded by [University of California, San Diego] at 23:25 16 May 2017

TilE 'TL\L-\L" PRIVACY FRC)NTIEK- REGlTL\Til\(, TR.-\J\S-ll(>RDER DATA FLO\\'S

Most other jurisdictions have a Privacy Commissioner. In countries with 'third generation' privacy laws, such as New Zealand, all forms of personal information arc protected, regardless of the media in which they arc contained and, fundamentally, the same rules apply to all agencies that collect and process personal information, whether they be large governmental organisations or private business entities such as pizza delivery franchises or mail order firms. A caveat must be added to any discussion concerning information privacy. Privacy can theoretically be categorised into various branches, for example physical privacy, territorial privacy and information privacy. It is only the last of these, information privacy, which is the subject for discussion in this article. However for practical purposes the categories do overlap. For instance if one considers the present day phenomenon of so-called 'extraordinary rendition' of terrorism suspects by the United States?>o it becomes apparent that information gathered about individuals may well result in extremely adverse consequences to those individuals in physical terms. Hence it becomes all the more important to know what personal information is being gathered, by whom and for what purpose. As a consequence the arguments advanced by some commentators that information privacy, or even privacy itself, ought to be accorded a lower status to that of other legal rights such as the right to liberty are, with respect, fundamentally flawed.?, 1

3

The Cross-border Challenge

The divergences between the United States and other jurisdictions that have made provision for the protection of personal data represented a serious and urgent challenge to the goal of achieving uniform global standards for information privacy. The case for reconciling the different approaches was particularly cogent given the substantial volume of world trade in goods and services that flowed between the United States and the European Union. However differences between these giant economic blocs were not the only challenge faced by advocates of information privacy protection. Some of these other challenges are briefly mentioned below.

3.1

The Business Challenge: Outsourcing

The transfer of personal information across borders was a troubling enough issue when privacy norms differed between the jurisdiction

Jo Involving the- alleged extra-legal abduction and transfer of suspe-cts to 'black-sites' in third countrie-s where they haYe been allegedly subject to detention, torture and interrogation; seeP Sands 'The International Rule- of Law: Extraordinary Rendition, Complicity and its Consequences' [2006] r;uwjmtn !!unum Ri~hts LR 408. Jl See for instance C Doyle and M Bagaric, P!irxuy IJro! in Australia (The Fe-deration Press: Sydney 2005) at pp 50-56.

369

Privacy in the Information Society

Downloaded by [University of California, San Diego] at 23:25 16 May 2017

(,EIL\1:\ {;ll:-J"ASEKA.RA

from which the information was sent and that in which it is received. Of far greater concern, however, is the fact that, increasingly, personal information is being sent to jurisdictions where little or no protection exists for the data. Technological advances and trade liberalisation have enabled the flow of personal information in the course of data management services to countries like India and China.:12 These trends are likely to see not only personal information flows to English-speaking parts of the Third World but in all probability, to francophone Africa and Latin America as well. Indeed, the outsourcing of 'knowledge work' has been described as the third wave of globalization, following trade and manufacturing.?> 3 There is no reason to automatically fear these developments. On the contrary, they may provide a spur for developing countries to bring their information privacy laws into line with those of developed nations. For example, Argentina enacted legislation and became the first Latin American country to obtain an adequacy ruling from the European Commission. 31 lndia is in the process of enacting a comprehensive data protection law. 3" Nevertheless, concern over the privacy implications of outsourcing has led to members of the European Parliament (at the instigation of labour unions) seeking an inquiry by the European Commission as to whether data protection rules were breached in the outsourcing of British businesses' functions. 31 ' In the United States concerns over outsourcing led to the introduction in the House of Representatives of a law designed to ensure that data protection laws in offshore jurisdictions meet stringent standards.'l7 The Privacy Commissioner for British Columbia has referred to the irony of the latter proposal given European concerns, discussed below, that American privacy rules themselves are inadequate."H The implications of outsourcing for privacy have been examined by the British Columbia Privacy Commissioner in a meticulously researched report. '19 The conclusion was that a ban on oubiourcing was neither practicable nor desirable but that safeguards were nonetheless required. 411 Some of the sug-gested solutions will be explored further in this article.

'" Abm·c n 6, at p 44. Public Policy Forum and ITAC Round Table, 'IT Offshore Outsourcing Practices in Canada' (Ottawa, 20 May 2004) at p 6. :!l The proces ofatisfying the European Commision under the Privacy Directive i explained helm\'. Sec generally the discussion in Dorothcc Heisenberg, Negnlialing P1ivacy: The /~'uropean Union, the United Statts, and Perwmal Data ProttYtion (Lynne Rienner Publihers, USA, 2005) at pp 112-113. Ibid. "US, Bill H.R. 4366, Personal Data Offshoring Protection Act of 2004, lOS'h Gong., 2004. :lX Abow' n 6, at p "11. :JfJ Above n 6. 10 Ibid, at p 136, see particularly Reconnnendations 1, 5 and 6.

370

227

228

Privacy in the Information

Socie~v

TilE "FL\fAL I'RIVACY FRO:\ITIER? REGl-L\TII\C, TRAJ\S-I30RDER DATA FLOWS

Downloaded by [University of California, San Diego] at 23:25 16 May 2017

3.2

The Technological Challenge: Data Banks and Data Mining

There is a Lendency for personal informalion lo be accumulaled in everlarger dala banks and some multi-billion dollar companies exisl only for Lhe purpose of collecting, analysing and sharing personal dala ~ilh olher companies_'~~ One example is ChoicePoinl, an American corporalion Lhal provides identification and credenlial verification services informalion loa large number of businesses and maintains information on a large number of individuals and businesses. Lax security safeguards on its part resulted in credit card information on some 40 million indi\iduals being stolen in 2005 - an illustration of the harm that can result from such aggregated data banks if they are inadequately maintained. Data matching between government agencies was the impetus for many of the early data protection laws. 12 The impersonal and possibly sinister implications for individuals (in particular the difficulty of challenging automated processes, the reversal of normal evidential presumptions and the potential for mistakes) led to the adoption of legislative safeguards such as those enacted in New Zealand 1 ~ andAustralia. 11 In New Zealand, these safeguards prmide for agreements between government agencies to be vetted beforehand by the Privacy CommissioneL The Information Ylatching Guidelines require the Commissioner to have regard to several factors, including cost-benefit considerations (whether the cost of the proposed programme is justified by the monetary or other benefits to society), whether alternative means exist for achieving the objectives sought and the principle of proportionality. 4'' In addition, both legislative stipulations 4G as well as information matching rules promulgated under the Act47 prmide for such matters as technical standards, the destruction of data once it has been used against an individual 4R and procedural safeguards including prior notification to indi\iduals before adverse action is taken against them. Time limits also exist for infonnation matching programmes and the results of the programmes have to be reported annually to the CommissioneL These measures perhaps explain

Ibid, at p 49. In New Zealand, for example, see the Privacy Commissioner Act 1991 which has been replaced by Part X Privacy Act 1993. 4 ·~ Privacy Act 1991~, Part X. H Data-matching Program (Assistance and tax) Act 1990 (C'th). It should be noted that section 12 of this Act requires the Priyacy Commissioner to issue Guidelines for the- conduct of data-matching programmes and that a breach of either the Act or Guidelines constitutes an interference ·with privacy under s 13 of the Privacy Act 1988 (C'th) thus enabling a person to complain to the Priyacy Commissioner. 1:' Privacy Act 1993. s 98. 40 Ibid, Part X. 17 Ibid, Fourth Schedule. 48 In other words a further 'black list' of those caught cheating the social welfare for example cannot be maintained after d1e initial adverse action is taken against the individuals concerned. 11

4 :!

371

Downloaded by [University of California, San Diego] at 23:25 16 May 2017

Privacy in the Information Society

why information matching has become generally accepted by the public in New Zealand. A further dimension to data matching is that it may occur bet\veen government agencies in more than one jurisdiction. This tendency is likely to become more prevalent. Again, the existing domestic safeguards are capable of addressing the issues that arise in this context. Under the New Zealand Guidelines, for example, agency-to-agency agreements must be scrutinised by the Commissioner and reported afterwards even where these involve data exchanges with overseas agencies. 19 Data matching in the private sector is more problematic. Few jurisdictions outside Europe have adopted the stipulations of its Privacy Directive that require that an organisation must not make a decision adverse to an individual based on automated processing unless the indi~idual has either consented beforehand or sufficient measures exist to safeguard the data subject's legitimate interests." 0 It has been seen that such safeguards, such as the right to notice before adverse action is taken and the right to challenge decisions concerning the data subject, exist thus far only in the public sector data matching programs of Australia and New Zealand. In jurisdictions that have not adopted the European Privacy Directive's stipulations in this area, the existing privacy principles probably do not constitute an absolute bar to the practice of automated decisions concerning individuals by the private sector. However the requirements for transparency, consent and accountability mean that any such matching must be disclosed at the point of collection of the personal information as being a pertinent purpose for the information. Surreptitious matching would probably constitute a breach of the principles. Although it was not data matching in the strict sense there was still outrage, in New Zealand, when it was revealed that the Real Estate Institute had established a tenant database accessible to its members which collected data from landlords as to the 'tenant-worthiness' of up to 400,000 individuals (a sizable portion of Kew Zealand's population) .51 The better view is that, in the absence of a specific authorisation from the Privacy Commissioner~ data matching ought not to occur apart from the governmental programmes sanctioned by legislation. Far more insidious is the so-called practice of 'data mining' 52 that is being increasingly used post September 11. It involves extracting information from

+')For example- programmes ben..veen the New Zealand Inland Revenue Department and its Netherlands counterparts for the purposes of assessing eligibility for superannuation, pension and ·welfare payments was undertaken in the 2004-2005 yea1~ see 'Annual Report of the Privacy Commissioner', (Wellington. 2005) at pp68·71. 50 Above n 8, Article 15. '' 1 'Dangers of tenant database' The _New Zert!and Ilnald 10 January 2006. 5 ~ See VrRenke- 'Vrho Controls the Past ~ow Controls the- Future: Counter-Terrorism, Data Mining and Privacy" (2006) 43 llllmta LR 779.

372

229

230

Privacy in the Information TilE ''Fil\AL,.

Socie~v

I'RIVALYFRO~TIER.t REbl-L\TI~G TR-\~S-DORDERDATA

FLO\YS

Downloaded by [University of California, San Diego] at 23:25 16 May 2017

large volumes of data and subjecting it to analysis, often using sofavare that applies undisclosed and unverifiable analytical criteria and assurnptions.S:3 In the United States data mining has been described as: the application of database technology and techniques -such as statistical analysis and modelling - to uncover hidden patterns and subtle relationships in data and Lo infer rules that allow for the prediction of future results 51 Privacy commentators have observed that an obvious feature of data mining is that the analysis of an indi~idual's personal information creates new, secondary information about that person. 55 The privacy implications that arise include the fact that: The 'hidden patterns and subtle relationships' that data mining detects are recorded and become personal information of the individual.. .. Information about an indi~idual's credit history, credit card purchases, law enforcement record or interactions, travel habits and so on may be mined to derive the finding that she is a possible terrorist who should be put on a terrorist watch list and kept under surveillance. This new personal information would become part of the swelling river of data whose channels are, in the private and public sectors, ever changing and difficult to follow, much less control. In this light data mining raises concerns about the accuracy and use of derived personal information, not to mention the indi~idual's right of access to and correction of such information. '' 6 The most ambitious use of data mining was undoubtedly the programme funded by the Pentagon in 2002 entitled the 'Total Information Awareness' project, a name later changed to the 'Terrorism Information Awareness' (TIA) in response to public concerns. The programme proposed to combine large amounts of information collected from the private sector into a giant database that would identify patterns believed to be associated with planning terrorist attacks. 57 Although funding for the research has been discontinued several agencies continue research into data mining and it has been reported that 52 United States federal agencies use or plan to use data mining, 'factual data analysis' or 'predictive analysis' in some 199 different efforts, of which at least 29 relate to detecting terrorist or criminal activities. 5H

5 ~l

Above n 6, at p 51.

" 1 US

General Accounting Office, 'Data Mining: federal Efforts Cover a V\'ide Range of Uses: Report to the Rtnking Minority Member, Subcommittee on Financial Management, the Budget, and International Security', (Committee on Governmental Affairs, US Senate, May 2004) at p l. '"'Above n 6. at p 52. Ibid. r' 7 Above n 6, at p 53. 'iS Above n 52, at p 789.

373

Downloaded by [University of California, San Diego] at 23:25 16 May 2017

Privacy in the Information Society

The Computer Assisted Passenger Pre-screening System (CAPPS and its later version CAPPS II) also used data mining clementsYJ Although discontinued in its original form the CAPPS programme is currently entitled 'Secure Flight' but, as noted earlier, is still the source of ongoing controversy with the European Union. The controversy has been beneficial to privacy advocates. It has, for instance, been noted that while CAPPS II would have relied upon algorithms to predict whether a specific passenger was likely to be a terrorist, Secure flight, on the other hand, relies on checking passenger data against a centralised interagency terrorist watch list meaning that the program will only search for known or suspected terrorists. Go Furthermore, the database is only available to the Transportation Safety Authority's personnel (as opposed to airline employees) whilst there now exists a 'redress mechanism, where people can resolve questions if they believe they have been unfairly or incorrectly selected for additional screening. ' 1; 1 Finally, another positive aspect is that unlike CAPPS II, Secure Flight does not extend to looking for those with outstanding warrants, such as those wanted for serious criminal offences, an expansion of law enforcement powers criticised as unnecessary for airline safetyY 2 The British Columbia Privacy Commissioner has recommended that his Government undertake an independent audit of data mining activities by all public bodies, identifY and publicise such activities and develop legislative mechanisms for applying fair information practices to data mining. 1i?> In principle, there would seem to be no reason why data mining should be proscribed altogether. It may be, for example, that rules analogous to those enacted for data matching (discussed above) can he developed to allow the use of data mining provided its benefits can he demonstrably justified and that transparent monitoring and criteria are put in place. There may he a case for secrecy where aspects of security use are concernedli4 hut no grounds for secrecy exist for other uses of data mining.

3.3

The Security Challenge: A Trojan-Horse for Attacking Privacy?

Proponents of privacy have had a particularly difficult time since the terror attacks of September 11, 2001. Governments in the United States and r,qlbid.

J T Soma, M~f Nichols, SD Rynerson, LA Maish & JD Rogers 'Balance of privacy vs security: a historical perspective of the- USA PATRIOT Act' (2005) 31 Rulgen Computer & Ta:hrwlog.,)' l.awjmarwl285 at pp 34'>-344. l>t Ibid. ll~ http:/ /www."\Yired.com/ne\\'s/privacy/0,1848.64748,00.htmL l> 3 Above n 6, Recomrnenclation 10, p 138. Ill The risks and alleged benefits of data mining are thoroughly examined by Renke, above n 52. Renke argues, convincingly, that extreme caution must be exercised before employing such tcchnolog)' given the fact that modern terrorist organisations do not exhibit the same traits as those ·which existed in the past and also differ in many significant ways from organised criminal organisations. Many assumptions on which data mining is founded may therefore be incorrect resulting in mistakes and consequent undermining of the public confidence in the efficacy of the practice. IJ()

374

231

232

Privacy in the Information

Socie~v

Downloaded by [University of California, San Diego] at 23:25 16 May 2017

TilE 'TL\L-\L" PRIVACY FRC)NTIEK- REGlTL\Til\(, TR.-\J\S-ll(>RDER DATA FLO\\'S

elsewhere have faced relatively little opposition in enacting measures that in many cases impinged seriously on personal privacy whilst at the same time curtailing existing privacy safeguards. These laws have been enacted with the ostensible goal of enhancing the public's security against terrorist and other threats. Epitomising these measures is the American Patriot Act, an acronym standing for 'Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism' Act (Patriot Act) of2001Y' Its purpose was to amend and extend a number of United States laws and rules dealing with intelligence and counte1~intelligence activities, information sharing and terrorism. 6 G Detailed examination of the Patriot Act is outside the scope of the present discussion. It suffices, however, to make three observations about it. First, section 215 amends the Foreign Intelligence Surveillance Act (FISA) which empowers the United States Foreign Intelligence Surveillance Court (FIS Court) to issue secret orders to enable the FBI to obtain records from third parties. Whereas previously orders could only be sought where the FBI could show specific facts giving reason to believe the person the records sought about was a foreign power or agent thereof, section 215 lowered the threshold to showing that records are sought for an authorized investigation to obtain foreign intelligence information not concerning a United States person or to protect against international terrorism or clandestine intelligence activities. m Furthermore, whereas FISA orders were previously limited to certain business records held by public carriers and accommodation, physical storage or vehicle rental facilities, section 215 expanded the power to make orders to obtain 'any tangible thing' and removed the restriction on the kinds of organisations covered. 1'K There has been much concern in the United States about these orders being presented to hospitals, libraries, bookstores, schools and all variety of businesses_~'\' It has been contended that FISA orders may be made in relation to entire databases ofinfonnation. 70 Secondly other provisions of the Patriot Act have been almost as contentious. These include section 218 which altered the authority for physical searches and electronic surveillance under FISA: instead of requiring foreign intelligence to be 'the purpose' of the search or surveillance, it only needs to be 'a significant purpose. ' 71 Section 505 in turn lowers the

'''USA Patriot Act. Pub. L. No. 107·56. 115 Stat.272 (2001). (,r; Above n 6, at p 2~). hi AboYe n 6, at p 70. (,t;Ibid. ""Ibid atp 71. 7()Ibid. 71 50 U.S.C. SS 1804 (a) (7) (B) and 1823 (a) (7) (B); the United States courts have sanctioned the use of the powers for such expanded purposes, see for example In re: .)'ealed Case310 F.3d 717 (U.S. Foreign Int. SmT. Ct. Rev. 2002) and United States'' Sattar2003 U.S. Dist. LEXIS 16164 (S.D.:-I.Y. 2003).

375

Privacy in the Information Society

Downloaded by [University of California, San Diego] at 23:25 16 May 2017

bEIL\1\ GlT:-J"ASEKAR-\

threshold for the FBI to issue orders under a number of statutes/ 2 called 'national security letters' that compel financial institutions, phone companies and internet service providers to disclose information about their customers.7:1 The threshold is merely 'relevance to an authorised intelligence investigation' and unlike orders issued by the FIS Court, national security letters are issued by the FBI directly, and secretly, without judicial supervision, the power being expanded to cover records held by travel agencies, real estate agents, the United States Postal service,jewellery stores, casinos and car dealerships. 71 There are also provisions that encourage, rather than mandate, organisations to voluntarily report suspicious activities and purport to offer complete immunity against criminal and civil liability anyw·here in the world for so doing. 7" These differ from conventional whistle-blower protection measures that are usually narrower in focus and set out specified channels for disclosure. 71i More insidious, however, are the recent revelations by the New York Times of secret schemes monitoring millions of bank records through accessing data from the Brussels-based Swift organisation 77 and its revelations in late 2005 of a warrant less eavesdropping programme ordered by the United States President. 7H These would appear to fall outside the ambit of any law altogether. 7!1 The Patriot Act has obvious implications for individuals and businesses outside the United States as well. Apart from the outsourcing trends mentioned earlier, the law's reach extends to all United States registered corporations and their subsidiaries. As the case involving the money transfer company referred to earlier demonstrates, many large enterprises that operate outside the United States nevertheless transmit personal data to it

72 18U.S.C. S 2709 (counterintelligence access to telephone toll and transactional records); 12 U.S.C. S 311 '1 (special proceclun:s for financial records); 15 U .S.C. S 1681 u (credit record disclosures to FBI for counterintelligence purposes). i'J Above n 6, at p 73. 71 Ibid. i:i For example se-e section ~151, Patriot Act. For discussion of different approaches to ·whistle-hluwing see G Gnnasekara 'V\'histle-hlo·wing: 1\ew Zealand and UK Solutions to a Common Problem' (2003) 24 Stat LR 39. 77 'Bank Data Is Siftf'd hy U.S. in Sf'crf't to Block Tf'rror' '171P Nrw York Fitru'sJnnf' 2~. 2006. iB 'Bush Secretly Lifted Some Limits on Spying in U.S. After 9/11, Otli Although the existence of this defence is understandable in terms of sensitivities v.ith regard to national sovereignty, it is nevertheless questionable as to whether it is justified. Companies and individuals should not be permitted to shelter behind it except where they can point to an unambiguous and mandatory stipulation of the foreign jurisdiction. Permissive stipulations such as those referred to earlier 124 certainly do not fall into this category. Whistle-blowing is another area that has occasioned difficulty.12" Powers such as those of the FBI to issue national security letters discussed above are, of course, a different matter. Even where the foreign law mandates certain conduct (including nondisclosure to the data subject of the action required by the foreig·n law) this will not apply at the point of collection in the domestic jurisdiction.

11 ~ It should be noted that 'agency' is given a broad definition encompassing both the private and public sectors and includes natural persons, bodies of persons and corporations: see Privacy Act 199~) s 2. 1 ~r1 It ·would fall '"·ithin the definition of 'agency' as set out above. 121 The applicability of this Act to conduct outside New Zealand is made clear by s ~) which stipulates: 'This Act extends to the engaging in conduct outside New Zealand by any person resident or carrying on business in New Ze-aland to the e-xtent that such conduct relates to the- supply of goods or services, or the granting of interests in land, "\Yithin )Jev-.' Zealand.· u 2 Privacy Act 199~1 s 10(3). 123 Privacy Act 1988 (as amended) (C"th. Aust) s 13 D. 1:; 4 Above n 75. 12s See the discussion by M Schmidl, 'The Article 29 "\\'orking Party Opinion on V\'histleblowing· (2006) 6 H'(Jdd Data Pwtertion Report 23.

384

241

Privacy in the Information

242

Downloaded by [University of California, San Diego] at 23:25 16 May 2017

TilE ''Fil\AL,.

Socie~v

I'RIVALYFRO~TIER.t REbl-L\TI~G TR-\~S-DORDERDATA

FLO\YS

Hence in the first example given at the outset of this article the individual should have been informed that, in order to process his money transfer, the information would have to be checked against international or United States lists of known terrorists for sccurityvclling purposes. There is no rcason why compliance with foreign law should not be inconsistent with complying with domestic rules as well. Say, for example, that an overseas law requires the information to be forwarded to the relevant taxation author~ ity. If this was disclosed to the data subject at the outset or, subsequently authorised by him or her then, in most cases, no breach of domestic privacy rules will have occurred. 12 1i In a great many instances transparency is a complete cure with respect to alleged interferences with privacy. Extra-territoriality is not, however, a panacea for dealing with many trans-border issues, particularly when domestic laws are inconsistent and possibly even clash with privacy values. Ultimately, alternative approaches are needed.

5

Analogous Solutions

I finally consider several solutions to address the di±liculties outlined above. Some of these have already been implemented in certain jurisdictions; others are more in the nature of an exercise in brainstorming or considering solutions from other legal fields that may offer helpful analogies.

5.1

Contractual I ProjJerty Paradigms

It has been seen that several jurisdictions sanction the onward transfer of personal data where adequate contractual guarantees are elicited from the transferee of the data. Indeed by this means the data controller's entire gamut of privacy duties, in relation to the information, may be transferred to the recipient of the data. 127 The difficulty with contract is, of course, the doctrine of pri"ity of contract meaning that a contract is only enforceable by the parties to it and not by third parties. This rule has been relaxed in most jurisdictions so that the clear beneficiary of a stipulation such as one for the benefit of a data subject can be enforced by the latter. 128 The difficulty still remains where information is further transferred, by the original transferee, to another party. An entirely new contract would be required with each subsequent transfer.

12 r' In New Zealand for example see Privacy Act 1993 s 6, Information PriYacy Principle 11 (d). 127 A schedule, for example, can easily be attached to the contract containing the Fair Information/ Privacy Principles. l2;) In New Zealand, sec Contracts (Privity) Act 1982.

385

Downloaded by [University of California, San Diego] at 23:25 16 May 2017

Privacy in the Information Society

Property lawyers will, of course, recall that Tulk v 1'vioxhay129 established the doctrine that a restrictive covenant, binding a purchaser not to perform certain acts of ownership upon the land bought, may be enforced, not only against that purchaser as the contracting party, but also against third parties who later acquire the land. no The liability of the third party is based on both notice and the requirement that the covenantee must have retained other land in the neighbourhood for the benefit and protection of which the restrictive covenant was taken. 131 The question as to whether this equitable doctrine can be applied where the subject matter of the contract is other than land has exercised considerable judicial and academic controversy. 132 In the old case of De 1'viattos v Gibson Knight Bruce LJ asserted, in relation to charter rights over a ship that: Reason and justice seem to prescribe that, at least as a general rule, where a man by gift or purchase, acquires property from another, with knowledge of a previous contract, lawfully and for valuable consideration made by him with a third person, to use and employ the property for a particular purpose in a specified manner, the acquirer shall not, to the material damage of the third person, in opposition to the contract and inconsistently v.ith it use and employ the property in a manner not allowable to the giver or seller. 133 Despite being applied by the Privy Council in a subsequent case 134 this sweeping principle has not been universally applied outside the sphere of restrictive covenants in relation to land and subsequent cases have narrowed it to limited circumstances. 1 ":' The difficulty is that there is no proprietary interest retained by the covenantee. 1:lli Other solutions suggested include those of holding the subsequent purchaser to be a constructive trustee or invoking the tort of inducing breach of contract. 137 It has also been questioned whether any remedy can extend beyond the grant of a negative injunction as opposed to a positive order to perform the contract or an award of damages. 1 ~m This would have obvious ramification in relation to personal information, for instance where access to information or correction of it was sought or where damages are sought for a subsequent

(1848) 2 Ph 774. eu Burrmvs, Finn & Todd, Lrrw r?lContrart in 1Vew ZPaland (2 ed., Lexis)Jexis: V\'ellington 2004) at p 541. 1 ·"11 Ibid; see JjJrulou CouniJ Council v Allm [1914] ~~ Kll 642. l:l~ See S Gardne1~ 'The ProprieL'lry Effect of Contractual Obligations under Tu!k tJ Aioxha_v and De .Hallos ''Gibson· (1982) 98 l.(lli 279. ( 1858) 4 De G & J 276, 282. B 4 IJnd Stathcona SS Co v Dominion Coal Co [1926] AC 108. Port Line Ltd 1) Ben Line Steamers Ltd [19!38] 2 QB 146. nu Burrows, Finn & Todd, above n 130, at p 543. J:n Swiss Bank Cmp 11 L!oyds Bank Ltd [1979] Ch 548,575 per Bruwne-"\\.'ilkinsonJ. 138 Burrows, Finn & Todd, above n 130 at p 545. 12'1

386

243

244

Privacy in the Information

Socie~v

Downloaded by [University of California, San Diego] at 23:25 16 May 2017

TilE 'TL\fAL' PRIVACY FRCJ:\ITIER; REGlTL\Til'\(, TRA..J:\S-I30RDER DATA FLOWS

disclosure or usc of the information that was inconsistent with fair information principles. In the case of personal information docs a company retain any intcresL afler iL sells personal dala Lo anolher company? An argumenlmay be made LhaL iL does. Cerlainly, from an economic slandpoinL Lhe company slands Lo lose cuslomer goodwill where il has parled wilh cuslomer informalion and is unable Lo subsequenlly ensure iL is nolmisused. From Lhe legal standpoint the case may also be made that where the contractual assurances sought were not 'reasonable' the company may face legal sanctions under the data subject's privacy laws.B 9 These interests are not 'proprietary' interests in the conventional sense but ought, if a modern interpretation is taken of the existing principles outlined above, apply to this situation. Furthermore, data subjects themselves have interests in their personal information after it has been on sold or transferred to third parties. Data subjects' interests are not the information itself but the consequences that can occur from the use or misuse it. 110 In this regard they are analogous to land owners for whose benefit restrictive covenants were given. Whether or not courts adopt such an approach the ability of data subjects to use contract to secure their information privacy rights is likely to be limited in scope. Conflict of law rules and the difficulty of litigating rights across jurisdictions with its attendant costs will always be a significant obstacle. It must be remembered that many information privacy regimes provide cheap dispute resolution mechanisms as an alternative to expensive litigation. Breaches of contract, on the other hand, must generally he litigated in the civil courts, except where arbitration is specified. One option in developing a 'Fourth Generation' of privacy principles may he to allow national data protection authorities the power to enforce contractual stipulations or deem contravention of them to be a breach of privacy rules. Some jurisdictions already have provisions of this nature. 141 Another might be to require registration of such contractual clauses so that subsequent purchasers are put on notice, actual or constructive, as to the data subject's rights. It should be possible to attach a symbol such as tile '©' symbol for copyright or abbreviations used in conunerce such as 'cif' and the like. Perhaps the 'p' symbol might delineate the fact that standard privacy rights are covenanted in relation to information concerning the subject. Another requirement should be that the initial 'privacy

13 ~1 See the discussion above relating to jurisdictional approaches towards restricting exports of personal information. BU For example denial of credit, health insurance or the ability to access air travel to name a few. 111 Privacy Act 1988 (as amended) (C"th. Aust) ss 6A(2). 6 B(2) & 13 A( c): sen ice providers contracted to the Commonwealth government are bound by d1e terms of d1eir contract ·where this is inconsistent with the priyacy principles. A breach of contract is deemed to be a breach of the privacy principles in these circumstances.

387

Privacy in the Information Society

Downloaded by [University of California, San Diego] at 23:25 16 May 2017

(~EIL\1'\

{;lT:-rASEKAR-\

statement' given to an individual be attached to any subsequent transfer of the data: third parties will then be unable to claim that they received the information in ignorance of its intended uses and recipients. Such measures may go some way towards addressing criticism of the usc of contractual paradigms as a substitute for genuine adequacy assessment at the point of transfer or as a substitute for genuine regulatory monitor~ ing of the process of cross-border transfer. 112 It has been rightly pointed out, however, that 'Model contracts are "the only show in town"' at present for offshore out-sourcing partly as a result of the inconsistent manner in which national data Protection authorities handle the issue of assessing adequacy on the part of the third country's data protection regime (some such as those of France and Austria, require a prior approval process prior to the export of the personal data whereas others carry out a post facto review). 1 n While the propensity for data controllers to hide behind a 'reasonable eftorts' requirement is seen as something of a soft optionH1 there is, at the same time, appreciation of the beneficial potential of the use of standard form contracts incorporating data protection standards, especially for multi-national companies that are subject to public scrutiny and regulation across frontiers.H" Companies such as British Petroleum, for instance, adhere to both the United Kingdom Data Protection Act 1998 as well as to the European Privacy Directive. 146 Since it operates in many jurisdictions worldwide, this has the effect of bestowing the high European privacy standards on its employees and customers, even in jurisdictions where a lower privacy standard applies. Despite criticisms of contractual approaches, the suggestions made in this article ought, if adopted, militate against potential dilution of data controllers' responsibilities when the contractual road is taken as the preferred option. A half-way house between existing solutions (rigid policing by national Data Protection Authorities or reliance on contractual mechanisms alone) is also proposed below.

5.2

Consumer Law Model

Another area that provides a useful source of analogy is thaL of consumer law. Mosl jurisdictions have consumer protection laws and fair trading laws designed to protect consumers from corporate excesses. Product safety and information standards are commonplace. 117 A theme running See Baker, above n 106 at p 10. Ibid, at pp 10. 25. 111 Ibid. at p 13. 14'' Ibid, at p 14. 1 Hi See: http:/ /w\\w. bp.com/ popuppreviewtwocol.do?categOI)'ld=438&conten tld=2008122. HI See for example Trade Practices Act 1974 (C'th, Aust) PartV DiYision 1 A and Fair Trading Act (1\Z) Parts 2 & 3. 112

14"

388

245

246

Privacy in the Information

Socie~v

Downloaded by [University of California, San Diego] at 23:25 16 May 2017

TilE 'TL\L-\L" PRIVACY FRC)NTIEK- REGlTL\Til\(, TR.-\J\S-ll(>RDER DATA FLO\\'S

through many of these is transparency as to the quality of the goods or services being offered. In this respect similarities exist with the fair information/privacy principles discussed above. Fair trading laws also often allow for industry codes, binding or otherwise, to be adopted. HS In this regard they are similar to privacy regimes which allow data protection authorities to modifY rules or to promulgate rules for a particular sector with special needs such as for instance health care. 119 Ultimately it can be argued that there is little distinction between consumer rights and privacy rights- both usually require information disclosure and transparency and proscribe misleading or deceptive practices. This may be one way in which the reluctance of some jurisdictions, notably the United States, to adopt blanket information privacy rules may be addressed. From a business standpoint the advantage of a uniform set of standards is of course that of the level playing field - all business entities are equally subject to the same compliance costs. Yet another model for cross-border transfer is the Cartagena Biosa±ety Protocol which is in force in its signatory countries (which include Australia and New Zealand). 1 ' 0 This imposes rules with regard to food labelling and the like with regard to its genetically modified content. Although conceptually different to privacy (the duty is imposed on exporting countries to notifY the degree of genetically modified content) the similarity is tl!at the strictest importing jurisdiction's standard has tended to be the industry standard. There are ob'.'ious parallels witl! the Privacy Directive here.

5.3

Corporate Law Solutions

The business law models need not be confined to consumer law. Businesses increasingly deal across borders and must comply with numerous business law regimes in the jurisdictions in which they operate. This includes the like of Sarbanes-Oxley1'' 1 in the United States. Corporate law also provides many analogies. For example publicly listed companies must be transparent in their information practices and most jurisdictions outlaw insider dealing. There is no reason why personal infonnalion should be treated differently. Another common feature is the need for external audits of corporate practices. Organisations should also be periodically audited for their information practices. i\.t present, companies must be audited for their financial practices. This task is undertaken, for the most part, by private

See for example Trade Practices Act 1974 (C'th, Aust) Part IY B Industry Codes. In Nevv Zealand see for instance the Health Information Privacy Code 1994. IYI Cartagena Protocol on Biosafety to the Convention on Biological Diversity (adopted in May 2000) Articles 8 & 20. '" 1 Sarbanes-Oxley Act of2002, Pub. L. No. 107-204, 116 Stat.745 (2002). 118

H'J

389

Privacy in the Information Society

Downloaded by [University of California, San Diego] at 23:25 16 May 2017

bEIL\1\ GlT:-J"ASEKAR-\

sector firms that specialise in the practice. Despite failures associated with the corporate collapses at the beginning of this centuryl:' 2 the practice of private sector auditing has continued although with greater oversight by regulalory auLhoriLies. There is no reason why Lhis cannol be paralleled in Lhe personal dala sphere. Providing iL is sanclioned by regulaLion, Lhis is an induslry waiLing Lo be born or slill in ils infancy. Special audiL arrangernenls should be sel up wiLh regard Lo Lhe Lransfer of information across borders. In this regard analogies may be drawn with existing models where more stringent safeguards exist. For instance it has been observed that, in the United Kingdom, the procedures mandated by the Financial Services Regulator significantly exceed those of the Data protection Authority. 1 "~ These require, amongst other things, that the adequacy assessments are carried out, documented and that they are retained for inspection by all financial services organisationsY'1 If adopted, such a paradigm may represent a half way house between the approach of some Data Protection authorities that carry out a prior approval process prior to sanctioning personal data exports and others that carry out monitoring after the exports have occurred. Audits should also be carried out of the adequacy of standard contractual clauses - once again this is a task that can properly be entrusted to private sector specialists, such as law firms. Companies also have periodic reporting obligations. Not only must they report to registry offices but reports must from time to time be cornpiled on compliance with health and safety and a myriad other regulations. Compliance with data protection rules ought to be subject to similar reporting obligations. In this regard the onus is on national Data Protection authorities to formulate simple yet functional forms (most forms can he downloaded through the internet nowadays) that data controllers must return at least annually. Such forms can incorporate boxes asking questions such as 'is customer data sent overseas' which must be ticked and returned as appropriate. Self-certification is a theme running through many corporate governance rules. For example company directors in New Zealand are required to sign certificates attesting to a range of matters, ranging from the fair~ ness of their own remuneration, the solvency of the company and tlre fairness to shareholders of various actions including the issuing of shares, share re-purchases by companies and payment of dividends. Not only may failure to comply with such requirements amount to a criminal offence and lead to potential civil liability on the part of the directors themselves, but, in addition, it allows shareholders to bring an automatic action for prejudicial conduct. 155 1.>2 Such as d1e Enron debacle. J:i::i Quoted in Address by Marie Shroft~ Privacy CommissionCtvice provider, the required tramactional level of idenrity assurance is determined. Levels of assurance are defined in OMB 04-04

and subscqucndy used in NIST SP 800-63. The fimr general levels of identity assurance defined arc also present in rhe Kanrara Idcntiry Assurance Framework and the STORK Quality Authentication Assurance Framework, as well a1. national body schemes such as the Canadian Cyhcr-Amhcmication Renewal Project. This process of asses1-ing rhe required level of a.~surancc is true regardless of the type of transaction, ranging from low value Internet rransactiom to high s or reputational harm, which, for a corporation, is tantamounr to financial harm. A transactional level of assurance comprises two components: identity proofing and identifier authentication. Sysrem integrity, for maintaining and transmitting identity information is ,l third fa_ctor that is assumed to be presem in identity systems. A supporting comprehensive multi-layer intrusion detection and prevention cybersecurity system should be in place ro ful!y establish the trustworthiness of the identity componems. Identity proofing establishes the uniqueness or veracity of an identity claim for an individual. Identity proofing may be also

Socie~v

Identity system components

The first identity ecosystem principle definn{ above, is that the service provider needs to a~sess the risk involved in a transaction to define the level of identity assurance required

to support it. A~ part of this asses~mcm, the service provider may choose to augment che authenticated identifier with additional identity proofing at the time of tran.~action.

"Additional complementary identity proofing may be implemented at the time of transaction, such as requesting further documentation or knowledge from the individual" For example, a driver's licence is issued by a department of motor vehicles with the necessary identity checks. As drivers' licences become used for other activities- for c'Xample, opening a bank account- the primary (enrolment) level of identity proofing may be insufftcient or inappropriate for rhe risk inherent in the secondary action (transaction), even though visual inspection of the driver's licence provided an adequate degree of amhemication between the individual and their idemifier (in this case the driver's licence number) for traffic police for example. In such

tion, each individual departmental conducts the level of identity proofing that is required to support the level of identity assurance required to administer their particular benefit.

Proofing and authentication The principles of identity ecosystems, as well as privacy and security considerations, arc driving the functions of identity proofing and identifier authemication into two separate functional blocks. Of course, there is norhing to prevent both function.~ being supported within the s,1me enterprise, and in some cases this is the most appropriate configuration. One example of this is the US Federal Personal Identity Verification (PIV) program6 , in response to Homeland Security Presidential Directive 127. In this programme, the identity proofing is specifically provided by the National Agency Check with Inquiries (NACI) process, and the type of identifier aurhenrication is determined by the service provider on a transactional basis, using the authentication techniques specified in Federal Information Processing Standards (FIPS) 201-2. The combination of the strong identifier authentication (up to and including biometric authencimtion) and the well defined identity proofing process used, support the production of tl1e high assurance credential fOr this programme. As the concept of a PIV-like card (ie a high assurance credential) issued by non-federal

known as identity vetting or identity verification. Typically, following identity proof-Ing, the

cases, additional complementary identity proofing may be implemented at the time of transac-

individual is enrolled as a user in the service provider's application.

tion, such as requesting further documentation or knowledge from the individual.

one of the key considerations is hmv to define commensurate identity proofing capabilities

The service provider establishes a meaningless, but unique number called an identifier ~ by which the user is known to the service

This provides a degree of flexibility at the time of transaction and orchestrates the use of

in different jurisdictions where the PlY-I cards could be issued, so that the resulting cards

provider's application.

credentials for secondary applications, without necessarily burdening a credential with all of

would be interoperable in different domains. This type of discussion is, of course, dean~r

An identifier can be stored on a credential such as a ~mart card, as part of a public key infrastructure (PKT) certificate, or on a mobile

the identity information required for a range of transactions. Note that it also provides a distinction between the actual identity of the individual

within the context of separated identity functionality.

telephone, etc. The identifier is the link between the individual and the entitlement that a service provider oflCrs to them as a user of the application. The identifter does not inherently or necessarily contain any identity information- it is

(identity proofing), and the requirements for the ongoing authentication for transactional purposes (identifier authentication). This flexibility and distinction is also required in some jurisdic-

agencies (so called PIV-1) ha~ been developcd 8 ,

Biometric separation Biometric technologies can readily support both identity proofing and identifier authentication operations. Identity proofing can he considered a traditional usc of biometric technologies~ for applications such as law cnf a contract that effectively absolves those parties and the ISP (should they have had knowledge of the content) of any liability. This is all clue to an act of omission on the user's part, actus reus. Barring medical or psychological reasons,

As pan, M. (March 2008). After stumbling Face book finds a v·mrking eraser. )JY: Ne\\.' York Times. Bergstrom, I. (2008). Face book can ruin your life. And so can MySpace, Bebo ... The Independent. ::!':!In a recent example, see: Ed\vards, L. (2005). Articles 12-15 ECD: ISP liability- The problem of intennediary service provider liability, In Lilian Ech\'anls (eel). The nev\' legal framevvork fore-commerce :!U

" 1

in Europe. Hart Publishing, p.57. From the 1980's and 90"s, see: Reinking, D. (1987). (Ed.), Reading and computers: Issues for theory and practice. NY: Columbia University. See also: Huff, C., & Fin holt, T. (1994). Social issues in computing: Putting computing in its place. N~{: McGraw Hill. For unintended effects, see: \\Tah, B.Vr. (Ed.). (2008). V\Tiley Encyclopedia of Computer Science and Engineering. Hoboken, NJ:John Wiley & Sons, Inc. :.1 3 Rambam, S. (2006). Privacy is dead- GeL over it. The eighth To01·Con information ~ecurity conference, Sept 30 - Aug 1, San Diego, Coogle video clip, http:/ /video.google.ca/Yideoplay?docid=~83709f>37384;)28624&q=Steven+Rambam+Privacy+ls+Dearl&total=1&start=O&nlun=10&so=O&t~ pe=sf'ar ch&plindex=O

256

497

498

Privacy in the Information

Socie~v

Downloaded by [University of California, San Diego] at 23:25 16 May 2017

BlUJCE L. tvlA:'\1:'\1

'not thinking', non campus mentus, can be no argument for breach of confidence. This begs the question- why do they do it? The answer seems to be, to provide their personal data with 'context, context context'. 24 But at what expense? Clearly the time has come tor the liability, or partial liability, to rest with the user and the intervening SNI. The position taken here therefore, is that any person who is intent on joining an SNW should be under a duty to take reasonable steps to protect their own personal data from being viewed, re-used, or sold, article 10 ECHR notwithstanding.

4

Privacies

Article 8 in the Charter ofFundamental Rights of the European Union recognises that (1) Everyone has the right to the protection of personal data, and that (2) everyone has the right of access to data which has been collected concerning him or he1~ and the right to have it rectified. 25 Children are big· users of SNWs. Article 24 of the Charter states that (2) a child's best interests must be a primary consideration, and that (1) children shall have the right to such protection, and may express their views freely. 2"

5

Social Network Intermediary (SNI)

From the casual observer's perspective, it should be the Social Network Intermediary (SNI) who is best placed to assist new members in managing their privacy. Unfortunately (for new members), the legislation absolves the SNI of any responsibility. 'The law actually gives intermediaries an incentive to be as little involved as possible in what goes on their web serversY For example, Directive 2000/31/EC 2H ( 42)

The exemptions from liability established in this Directive cover only cases where the activity of the information society service provider is limited to the technical process of operating and giving access to a communication network over which information made available by third parties is transmitted or temporarily stored, for the sole purpose of making the transmission more efficient; this activity is of a mere technical, automatic and passive nature, which implies that the information

24 Boyd. D. (September 2006). Facebook's privacy train,vreck: Exposure, inYasion, and drama, Apophenia Blog. http:/ /www.danah.org/papers/FacebookA_ndPrivacy.html 25 Charter of Fundamental Rights of the European Union, Official Journal of the European Communities, 2000/C 364/01, Article 8. 2 Charter, Article 2 4. 27 George, C. & Scerri,J. (2008). \\'eb 2.0 and ·cser-Generatecl Content: legal chall\.1\I\

threatened, embarrassed, or targeted in someway by another person (often another young person) through the use of Internet or mobile phone. 11 An extended form of cyber-bullying is a video clip in a SNW showing a person undressing in front of their web cam. The cyber-bully has enticed or threatc ened a peer to strip-off their clothes in front of a web cam, which later appears as video footage in a social netw·orking website. 4 ~ 'Happy slapping', is a video clip on a social networking website depicting one individual being swarmed by one or more others. Happy slapping videos depict several youths 'hitting a random person (on the bus, walking down the street) whilst recording the act with a video camera phone. The attackers are usually aggressive, poorly educated youths known in England as 'chavs' ('neds' in Scotland). Victims are usually boys around tl1e same age as the attackers, but it's not unknown for victims to be older, or even women.' 4:1 In one clip a 27-yearcold man can be seen shouting into tlre camera of his mobile phone, "this is YouTube material" as he urinates on a disabled 50-yearc old woman who lay dying in tlre street. The woman later died in hospital. 44

10

Second Life

Young adults are big users of Second Life as well. 'Second Life' is an interactive virtual reality playground that also fits the definition of a social networking website. ReporterJason Farrell recently investigated child pornography in Second Life and discovered an area called "v\Tonderland' that was used by child abusers where 'child-like' avatars were offering sex. 45 Since Second Life is a user-created virtual environment, player interactions are not saved on the client computer. Home SecretaryJacquie Smith, in an interview v.ith Farrell, said that she would be publishing a consultation paper to outlaw virtual imagery of child abuse used in virtual on-line worlds. Since then, Second Life owner-managers Linden Lab, Inc. has installed a verification system in place, and is experimenting with tracking players' interactions. 1 G Nevertheless British police are going undercover in Second Life to investigate depictions of adult-child sex to track down pedophiles. 17 Wikipedia (April2008). Cybercbullving, http:/ /en.wikipedia.org/wiki/Cybercbullving Stromdale, C. (2007). Regulating online- content: A global vievv. Computer and Telecommunications Law Review, 13(6), pg. 7 t', Urban Dictionary (April 2008). Happy Slapping, http://w\V\\',urbandictionat').COm/de-fine. php?term=happy+slap 11 Staff. (September 2007). Man admits urinating on ill vvoman, BBC Ne-vvs, http:/ /news.bbc.co.uk/2/ hi/uk_ne\\'s/ england/ tees/7002627.stm r. Farrell, .J. (October 2007). Perverts use virtual world for fantasies, SkyNews, http:/ /news.sky.com/ skvnews/article/0 •• 30100-1290719.00.html 1(i Yirtual \.\~oriel New~ (October 2007). Age Play Report Prompts UK Investigation of Second Life Pedophilia,, http:/ /'in\"i\'.Yirtualworldsne¥-"'S.com/2007/ 10/age-play-report.html 17 Rentf'rs, E (Och)ber 2007). UK to im·Fs1igak pFdophilia in virtual worlrls, Rettlf'r~/SFconrl Litf- > Blog, http: I/ sen

No oneS incapable encnurages more lo have clwck-up:,, thdt unr girl lKyliej very happy (LOU/ pmmOLcr) The most salienl message oul nf all this ynu're very b 1hat if ilS fnund likely lo survive ynur (hrrasl ranrcrcxpcrl)

248

di:o,ebt' nu matter whdt

we cnulcl gel il, il

ln NC\v South \Vale~, rhe politicalupposilion seized the opponuniLy ol rneJia concern abuur lack of pruYisiun uf free screening rnr younger women ln alLack NSVv' goYernmenr pulicy (\vhich i~ nationally determined) This is d :,ituation tht' guwrnnwnt ha:, sat on. Tt would not haw lxen t>xpu:,ni except fnr the Kylie Minogue sil ualion (Shadmv HralLh Minis/a)

MJA • Volume 183 Number 5 • 5 September 2005

Privacy in the Information Society

513

MEDICINE AND THE MEDIA

Number of mammogram bookings in four Australian states before, during and 6 weeks after the publicity about Kylie Minogue's breast cancer diagnosis Pre-publicity period

Publicity period

Post-publicity period

19weeks: 1 Jan-13 May

2 weeks: 16-26 May

6 weeks: 27 May- 9 Jul

Initial

Initial Re-screen

Total*

4869

23326

28195

812

3888

4699

50.8%

66.7%

7.7%

14.7%

Re-screen

Total

Initial screen

Re-screen

Total

9248

68578

77 826

2101

10251

12352

487

3609

4096

1 051

5126

6176

115.8%

420%

Downloaded by [University of California, San Diego] at 23:25 16 May 2017

Victoria No. of bookings

Average bookings per week

Average weekly percentage change from pre-publicity period

Queensland No. of bookings

Average bookings per week

12539

61 723

74262

2577

9080

11657

4855

20363

25218

660

3249

3909

1289

4540

5829

809

3394

4203

95.3%

39.7%

49.1%

22.6%

4.5%

7.5% 9766

Average weekly percentage change from pre-publicity period

Western Australia No. of bookings

Average bookings per week

5966

32086

38052

1124

3564

4283

2279

7 427

314

1689

2003

562

1782

2142

474

1 238

1628

79.0%

5.5%

6.9%

51.0%

-26.7%

-18.7% 3665

Average weekly percentage change from pre-publicity period

Tasmania No. of bookings Average bookings per week

1 562

8039

9601

391

749

1140

888

2777

82

423

505

196

375

570

148

463

611

139.0%

-11.3%

12.9%

80.5%

9.5%

21.0%

Average weekly percentage change from pre-publicity period Total* No. of bookings Average bookings per week

29 315

170426

199741

6193

23644

29432

12891

53893

66844

1 543

8970

10513

3097

11822

14716

2149

8982

11141

100.7%

31.8%

40.0%

39.3%

0.1%

6.0%

Average weekly percentage change from pre-publicity period

* Rovv and column total differences reflect rounding after averaging

)9.-)% higher in un~crecned \Vnmcn, \vhile remaining unchanged in preYinusly wiLh the 19-

screeneJ vvomen week pre-puhlicity

DISCUSSION The dramatic increase in initial anJ re-screen

in ne\vs cuwragc nf Kylic's yuungcr \Vnmen tn Yuluntccr

Hn\VC\Tr, brca~t cancer is a \vcll reponed public health is.~ue in many nation~, and

lor As women aged less Lhan 40 )ears are to pankipate in dw RreasLScreen program. we cannOL repon on

arguments ha\·e heen maJe that rar more research atLention shoulJ he rocuseJ on Lhe hackgrnunJ into the rore-

gc~ts

age

the

hcl\v many such \Vnmen bonked tu obtain mammugram~ thmugh ~crecmng

and examining hu\v nc\vs cu\Trage influences nutcumes and might be

services or arrangeJ wiLh c_;p Lo receh·e a hilateral mammogram on Lhe preLext ol it screen. The latLer data will

impnwed LO increase participation rates illnesses anJ relateJ healLh e\'tflts are as is the massive news

Hcalt h (5 )()() or eligihle women) predecrease in hreast cancer

munality; 10 it might be expected that the significant "Kylic effect" nn screening may fmthcr reduce breast cancer death~. De~pitc consiJerahle prnmoLIOn

irl\'esunent in the mammography, 14 years arler

the commencement uf the pmgram an estimated 42.9% uf the target group '5ll-O() 11 years hmT newr been The women

cmphasi~

~timulared

these can lning. Health agcncie~ \Vise rn deYelnp nc\vs management

ln~urance Cummb~inn

Puhlic healLh

evaluations genor campaign \'aria-

sLraLeg1es, agencies coulJ re~pun~cs

explaining change~ m cumes, ~uch as participation in mammnscreening. The "Kylie errect'' we JescriheJ inJicates Lhat

influences can alsu hmT pmfnund nn ~uch nurcume~ Rarelv arc these effects su ulJ\inu~ that in~~1ire fncu~cd re~carch lnLeresl, as 1n ankle. heing generally relegateJ LO hackground "noise'' status. 12

question~"

rn the that nc\vs

celehriLy

analy~i~

can

ACKNOWLEDGEMENTS We thank the BreastScreen coordinators for rapid provision of data

COMPETING INTERESTS None identified

MJA • Volume 183 Number 5 • 5 September 2005

249

514

Privacy in the Information

Socie~v

MEDICINE AND THE MEDIA

ing. J Nat! Cancer lnst 2005; 97: 693-695

REFERENCES

5 Brown ML, Potosky AL. The presidential effect the public health to media about Ronald

media coverage of

on breast cancer

Downloaded by [University of California, San Diego] at 23:25 16 May 2017

19R9; 791551-1552

3 Howe A, Owen-Smith V, Richardson J. The impact of a television soap opera on the NHS Cervical in the North Med 2002; 24

299-304

4 Larson

HG

250

Woloshin S, Schwartz LM, Welch

endorsements of cancer screen-

7 l,· of rhe inaugural Roherr H Lel'i leadership symposium. Baltimore: Johns Hopkins University. Mannvernd (2002). Opt outs frum Icelandic health sector database. Available al: http://Vv'\V\V .mannvcrnd.is/cnglish l optout.html. Accessed March 7, 2003. Ma\ver, S. ( 1999). Life by design: Iceland, the nation of clones. Nnv York Times, January 23, p. A-19. Mcinnis, M. G. (1999). The assent of a nation: Genetics and Iceland. Clinical Genetics, 55, 234-239. Mcldolcsi, A. (2000). Italy loasls Sardinia wilh SharDNA. Nature Biotechnoloqr. 18, 1032. Merz, J. F. (2001). Introduction: A survey of international ethics practices in pharmacoepidemiology and drug safety. Pharmacoep;demioloqy and Druq Safery. 10, 579-581. Merz, J. F., Sankar, P .. & Yoo, S. S. (199X). Hospilal consent for disclosure of medical records. Journal of Law, ,Hedicine and Ethics. 26. 241-24R. Niilcr. E. (20()\ ). Collapse of Framingham dala deal highlights lack of cooperative model. 1Vature Biotechnoloyy, 19, 103. Nilsson, A., & Rose. J. (1999). Sweden takes steps lo protect tissue banks. Science, 286, 894. P,\\sson, G. (2002). The life of family trees and The Book of Icelanders. Medical Anthropology, 21, 337-367.

Palsson, G., & Hardard6ttir, K. E. (2002). For whom the cell tolls: Debates about biomedicine. Current Anthropology, 43. 271-301. Pc\lsson, G .. & Rabinow. P. (1999). Iceland: The case of a national human genome project. Anthropology Toduy, 15(5), 14-\X.

Palsson, G., & Rabinow. P. (2001). The Icelandic genome debate. Trends in BiotechnoloQJ', 19. 166-171. Palsson, ll., & Thorgeirsson. S. (1999). Genetic databases: Decoding developments in Iceland. Nature Biotechnolog_r. 17, 407. Philipkoski, K. (1999). Iceland's genetic jackpot. Wired.com December 10. Available at: http://Vv'\Vvv·.wired.com,inevvs/ print/0,1294,32904,00.html. Accessed March 7, 2003. Rose. H. (200 I). The ronunod.ijicalion of hioinformalion: The Icelandic health sector database. London: Wellcome Trust. Available at: http://WW\V.mannvernd.is,lgreinar/hilaryroscL3975.PDF. Accessed March 7, 2003. Rosell, S. (1999). Sweden's ans\ver to genomics ethics . ./1/ature. 401. 208. Rosenberg, R. (2001). Questions still linger on hearl study access: Private industry's right to use publicly funded data for pro tit remains at issue. Bosron G!ohe, Fehruary 21, D4. Sigurdsson, S. (2003). Decoding broken promises. http://V.l\V\V. open democracy .net/debates/article.jsp?id = 9&debateld = 79&articleld- 1024 (accessed March 7, 2003). Sweeney, L. (1997). Weaving technology and policy together to maintain confidentiality. .Journal (~f L(.{)l', Afedicine and Ethics. 25. 98-110. Tavtigian. S. V., Simard. J., Rommens, J., Couch, F., ShattuckEidens, D., & Neuhausen. S., et a\. (1996). The complete BRCA2 gene and mutations in chromosome 13q-linked kindreds. Nature Genetics, 12. 333-337. US Code of Federal Regulations (2002). US Code of Federal Regulations title 45, Section 46.10l(b). Winickoff, D. (2000a). The biobanks law and decode genetics: Rhetoric equals cash in Iceland. GendVatch, 13(5--6), 4-6.

Winick otT. D. (2000b). The Icelandic healthcare database. New l:i1yland Journal of Medicine, 343, 1734. World Health Organization (2002). Ministries of' health und national surveillance institutes around the H'orld. Geneva: World Health Organization. htlp://www.\vho.inl/cmc/surveilljmohglobal.html. Accessed March 7, 2003. World Medical Association (2000). Dedm·arion of Helsinki. Cedex, firance: World Medical Association. Available at: http:i/\vww.wma.net/e/policy/17-c_e.html. Accessed March 7, 2003. World Medical Association (2002). DeclaraTion on erhical considerations regardiny health databases. Cedex. France: World Medical Associalion (adopled at WMA General Assembly, October 2 6, 2002). Yawn, B. P., Ya\vn, R. A., Geier, R. G., Xia, Z., & Jacobsen, S. J. (1998). The impact of requiring patient authorization for use of data in medical records research. Journal of Family Fruclice, 47, 361-365.

Downloaded by [University of California, San Diego] at 23:25 16 May 2017

[34] Geocoding in Cancer Research

A Review

Downloaded by [University of California, San Diego] at 23:25 16 May 2017

Gerard Rushton, PhD, Marc P. Armstrong, PhD, Josephine Gittler, .JD, Barry R. Greene, PhD, Claire E. Pavlik, PhD, :\1ichele 1\1. West, PhD, Dale L. Zimmerman, PhD

Abstract:

There is now widespread agreement that geographic identifiers (geocodes) should be assigned to cancer records, but 1ittk agtTC'nlcnt on their fonn and how they should be assigned, reported, and used. Thh paper review~ geocoding practice in relation to Illf' of information.~J~· 93 Nevertheless, personal health information is not entitled to absolute prh.-dcy protection. Rather, a patient's interest in the privacy of personal health inlOnnatiorr rnust be balanced against societal interests in protecting and promoting public health!' 1 The initial issue that nntst be addressed in connection ''lith the g·eocoding of cancer records is whether and under what circmnstances they rnay be used fOr geocoding. In 2002, the C .S. Dep;u·nnent of Health and Human Sen.ices issued regulations, known as the IIealth Insurance Portability and Accountability ,\ct (HIP,~\) Ptivacy Rule.""' This rule generally prmides that a defined set of "covered entities" cannot dhdose personal health inforInation vdthout authorization frorn the indhiduals involved. However, the rule create'S an exception pennitting· Am J PreY Med 2006;:J0(2S)

519

Privacy in the Information Society disclosure of personal health infonnation to public health authorities lor public health purposes without sucb authorization. The Centers for Disease Control and Prevention (CDC)% and sevf'ral other agencies have interpreted this exception as permitting heallhcare providers to disclose

Downloaded by [University of California, San Diego] at 23:25 16 May 2017

cance-r cases to a state cancer rf'gistry pursuant to statt" law.

However, these public health authorities must take steps to ensure that specific individuals cannot lw idf'ntilied. Some state statutes and adminisu·ative regulations specifically rf'qnirf' cancer rf'gistrif's to takf' stf'ps to saleguarcl the security and confidentiality of registry data. "7 Geocoding Inf'thods are currf'ntly being df'veloped to be consistent with such requirements. For example, Klieger et al 1 " described a procedurf' df'signed to access indhidual-level health data held by a public health agency without compromising the privacy of this data. IIowever, according to the :--lorth ,\meticm Association of Cenu·al Cancer Registries (l\AACCR)"" "a major challenge is developing Inechanisins to appropliately protect, secure and relea~e data while protecting patient confidentiality in a stuidcu-d fa~hiun so that each cancer registry does nut have to deYelop thenr on dreir OV\'11." Cancer registries disting1lish bet\veen publicly released data and data rnade available to researchers. Publicly released cancer data are relea~ fm coutaining PllOI. GPogr Anal 1999;~1:67-f\7.

Am J Prev Med 200G;30(2S)

523

Privacy in the Information Society

Downloaded by [University of California, San Diego] at 23:25 16 May 2017

59.

fiO. Lm·ctt A, HClynes R, Snnnenb('J·g G, GClk S. CClr trClvd time Clnrl ClCC('SSibility hy bm to general practitioner 5er...-ice5: a 5tudv ming patient register5 and GIS. Soc Sci ~Ied 2002:55:97-111. fi1. Pt>JHhansky R. Thomasj'i\'. Tht> conct>pt of ant>s~: dt>finition and It>lationship to consumer 5atisf