Special Issue on Privacy
- Introduction to the Special Issue
Lilian Edwards, pp.265-269
Lilian Edwards introduces this special issue of SCRIPTed, based on the Workshop on Privacy and Technology which was convened at Edinburgh in September 2005 under the auspices of the AHRC Centre for Research into Intellectual Property and Technology Law.
- When personal data, behavior and virtual identities become a commodity: Would a property rights approach matter?
Corien Prins, pp.270-303
This article attempts to grapple with the privacy debate, taking account of both the philosophical and economic arguments for and against a property right in privacy, as well as recent court cases such as the famous Douglas v Hello which arguably veer towards granting such property rights, albeit paradoxically only in the privacy of those whose living it is to be public property: namely, celebrities. The article concludes towards the idea that it is not enough to simply decide that privacy can or cannot, or should or should not, be propertised: what is truly important is to analyse the effect such would have on, for example, limitation of misuse of personal data, and efficiency of re-use of data, especially compared to conventional human rights systems of protection of privacy such as data protection law, which although good on paper, may in reality in the digitised trans-national world of the Internet offer less protection than some property rights systems.
- From Safe Harbour to the Rough Sea? Privacy Disputes across the Atlantic
Andreas Busch, pp.304-321
Contrary to initial hopes, the increased economic, social-cultural and political importance of cyberspace has led to substantial state regulation of it. Since nation states are still the dominant force here, the regulation of transborder data ﬂows requires the cooperation of nation states which encounters many difficulties.
These problems can be analysed along two dimensions. On the one hand, there are competing interests in the ﬁeld of transborder data ﬂows: economic interests centre on issues like cost-effectiveness; safety interests focus on the reduction of risk and the prevention of misuse; and civil liberty interests call for the upholding of privacy and freedom of information. On the other hand, national environments differ considerably, especially with respect to the values that inform political debate; the direction and mobilisation of interests; and the existence of institutions in relevant areas such as data protection. This paper uses these two dimensions to analyse two illustrative cases: one is the “Safe Harbor” agreement between the US and the EU that was meant to provide a framework for ﬁrms in the face of different standards of private sector data protection between the two areas; the other is the recent dispute between the US and the EU about the transmission of airline passengers’ personal data. The paper argues that these cases demonstrate that initial expectations for a “policy transfer” of EU privacy standards to the US did not materialise, and that differences in institutions and underlying values can largely account for this.
- Just because you’re paranoid, doesn’t mean they’re not after you: Legislative developments in relation to the mandatory retention of communications data in the European Union
Judith Rauhofer, pp.322-343
In the wake of the terrorist attacks in New York, Madrid and London the mandatory retention of communication data by communications service providers has become a contentious issue between the governments of nation states and the communications industry and civil rights campaigners. While the former claim that such retention is necessary for the purpose of national security and the detection and investigation of crime, the latter argue that data retention represents an attack on the rights and freedoms of individuals without evidence that measures will indeed increase the security of citizens. This paper explores the legislative developments, which have taken place in the UK and the European Union in recent years, focusing in particular on the draft Directive on data retention which was adopted in February 2006.
- Watching the watcher: recent developments in privacy regulation and cyber-surveillance in South Africa
Caroline B Ncube, pp.344-354
This article outlines developments in privacy regulation in South Africa. The first part comments on the recently issued draft bill on the protection of personal information. It pays particular attention to the provisions on transborder information flows. The second part comments on the Regulation of Interception of Communications and Provision of Communication Related Information Act (70 of 2002) which ushers in a very controversial cyber-surveillance regime.
- The World Summit on the Information Society – privacy not found?
Ralf Bendrath and Rikke Frank Jørgensen, pp.355-369
This article will explore how privacy was dealt with in the United Nations World Summit on the Information Society (WSIS) process. WSIS was the first time that information and communication technology was linked to human rights and development on the global policy agenda. The article will argue that though the WSIS documents ended up with a formal commitment to human rights, there was de facto no recognition of privacy as a human right which is fundamentally affected by the design and use of technology. On the contrary, privacy continues to be dealt with as a marginal issue attached to an overarching agenda of state security. We will conclude that the post WSIS phase is showing some momentum in favor of privacy, due to new emerging alliances between civil society and industry.
- Implementing Pseudonymity
Miranda Mowbray, (Published in Issue 3-1)
I will give an overview of some technologies that enable pseudonymity – allowing individuals to reveal or prove information about themselves to others without revealing their full identity. I will describe some functionalities relating to pseudonymity that can be implemented, and some that cannot. My intention is to present enough of the mathematics that underlies technology for pseudonymity to show that it is indeed possible to implement some functionalities that at first glance may appear impossible. In particular, I will show that several of the intended functions of the UK national ID could be provided in a pseudonymous fashion, allowing greater privacy. I will also outline some technology developed at HP Labs which ensures that users’ personal data is released only to software that has been checked to conform to their preferred privacy policies.
- Penetrating the Zombie Collective: Spam as an International Security Issue
Andrea M. Matwyshyn, pp.370-388
Since the mid 1990’s, spam has been legally analyzed primarily as an issue of balancing commercial speech with consumers’ privacy. This calculus must now be revised. The possible deleterious consequences of a piece of spam go beyond inconvenient speech and privacy invasion; spam variants such as phishing and “malspam” (spam that exploits security vulnerabilities) now result in large-scale identity theft and remote compromise of user machines. The severity of the spam problem requires analyzing spam foremost as an international security issue, expanding the debate to include the dynamic impact of spam on individual countries’ economies and the international system as a whole. Spam creation is becoming a flourishing competitive international industry, generating a new race to the bottom that will continue to escalate. Although the majority of spammers reside in the United States and a majority of spam appears to originate in the U.S. spam production is being increasingly outsourced to other countries by U.S. spammers. Similarly, as U.S. authorities begin to prosecute, spammers are moving offshore to less regulated countries. Therefore, spam presents an international security collective action problem requiring legislative action throughout the international system. A paradigm shift on the national and international level is required to forge an effective international spam regulatory regime. Spam regulation should be contemplated in tandem with the development of data security legislation and closing pre-existing doctrinal gaps in contract, computer crime and jurisdiction law, harmonizing all these bodies of law simultaneously across the international system to form a coherent international data control regime.
- Squeezing Information out of the Information Commissioner: Mapping and measuring through online public registers
Philip Leith, pp.389-411
Access to public registers has to date been primarily through physical observation of the printed record, thus allowing only the most basic searching and recording of that information. This is clearly changing with, for example, property sales information being commodified and made available over the internet, and a more open attitude to the re-use of government data. Is this ‘open data’ path the one that all registration agencies that handle publicly accessible records should follow? Or are there limitations – self imposed perhaps – that the agencies should rely upon to constrain the use of such data for any number of reasons? How far should this access be allowed – an online version of the printed register, or should something more powerful be offered to the public? In this article I look to one register which is particularly relevant to this discussion – principally because the register is held by the organisation with a responsibility for making public information accessible to the UK public – the UK Information Commissioner’s Office (ICO). I will argue that an extended right of access to public registers should be enabled which allows processing and analysis of the data contained within the register. In terms of the ICO, this ‘right to process public information’ is essential that we may better understand the privacy and data protection debate.
- Electroconvulsive therapy (ECT) – The imposition of ‘truth’?
Philip Ruthen, pp.412-436
Within the contemporary psychiatric setting where the controversial operative procedure Electroconvulsive therapy (ECT) is applied, the identity of the person to be ‘treated’ is positioned at a convergence point of competing disciplines. ECT’s contradictory existence is additionally quantifiable through analysis of official statistical data, where omissions and inconsistencies obscure the contexts and activity of ECT’s administration. Whilst a number of other states have either banned its usage, or applied increasing restrictions, it is proposed bio-medical frameworks in this arena of UK healthcare inhibit rights based policy initiatives. Such frameworks further limit the admission of alternate socio-legal method which is are coupled with evidence bases from service user/survivor experience. The article recognises the need for genuinely collaborative research – rather than research done by consumers for consumers and by clinicians for clinicians. It is positioned to produce a transitional domain between differing perspectives of ECT from evidence based research. The contemporary socio-legal debates about safeguards for excessive treatments, consents, legal status, and the questioning of a person’s capacity also find convergence in ECT’s administration processes, as care becomes interchangeable with authority through its outreach, and intrusion. The article intends to inform further research, and, in the context of the Mental Health Bill [HL]2006, offers recommendations toward the implementation of equality in NHS service delivery. These include proposing structural changes in the clinic accreditation regimes, and the promotion of rights-based measures for inclusion in changes to the Mental Health Bill [HL]2006 from the comparative perspective of the Mental Capacity Act 2005.
- Las licencias de uso de bienes digitales: El difícil equilibrio entre los titulares de los derechos y los usuarios
(Licences for Use of Digital Works: The Difficult Balance Between Right-holders and Users)
Aurelio Lopez-Tarruella Martinez, pp.437-462
This article examines the new legal figure of licensing of use of digital works from the perspective of Spanish doctrine and jurisprudence, attempting to find the elusive balance between users and right-holders. Of particular interest is the existence of extra-contractual obligations arising from the use of the licensed work, and how that may generate conflict and imbalance to users. The article analyses the problems of contract formation for Civil jurisdictions present in the practice of shrink-wrap and click-wrap agreements, and seeks solutions in consumer-protection legislation at European level.
- The Spanish Tax Administration and the Internet
Ana María Delgado García & Rafael Oliver Cuello, pp.463-472
The application of new technologies in relations between the Spanish Tax Administration and the taxpayer is of particular importance in terms of the administrative duty of information and assistance, and also in tax procedures, especially in those such as administrative procedures. In this context, the principle manifestations of new technologies applied to tax procedures occur in the presentation and payment of tax declarations, tax notification and the lodging of appeals against tax decisions. This communication channel with the Tax Administration offers the following benefits: reduced indirect tax pressure, as it is a more comfortable system for the taxpayer for processing their declarations; reduced workload for the Administration which avoids recording and processing tasks, and, generally, paperwork; shorter declaration processing times; and less time needed for processing and detecting the evolution of economic variables, which allows for improved monitoring of the global collection and by sector.
- La France v. Apple: who’s the dadvsi in DRMs?
Nicolas Jondet, pp.473-484
On August 1, 2006 the French Parliament passed the law on copyright and related rights, known as DADVSI (loi relative au Droit d’Auteur et aux Droits Voisins dans la Société de l’Information), which implements the European Copyright Directive of 2001. The main feature of the law is the legalisation of technical protection measures for copyrighted works (also known as TPMs or DRMs) and the introduction of legal mechanisms to protect and enforce these technical measures. Such steps, aimed at combating digital piracy, should have been welcomed unreservedly by all involved in the media industry, from artists and producers to distributors, especially online content distributors such as Apple and Sony. However, the legalisation and protection of technical measures came with a few twists from French lawmakers. These twists have unnerved Apple, the market leader in music media players and online content distribution with its iPod player and iTunes distribution platform respectively. The DADVSI law introduces the requirement of interoperability for technical measures meaning that all DRM-protected music file must be playable on any device, irrespective of its brand or of the software used to read it. Such requirement of compatibility between competing DRMs threatens Apple’s exclusive DRM technology. In doing so, the law threatens the umbilical cord between the iPod player and the music sold on iTunes, and thus Apple’s dominance in both markets. This paper will describe how French lawmakers have managed to put in place an original and, so far, unique legal framework based around a new independent body in charge of implementing DRM interoperability and of ensuring that technical measures do not upset the balance between the interests of the rightholders and those of the consumers.