Embed Size (px)
Citation preview
Internet & Privacy
Y. POULLET Prof. at the Univ. of Namur and LiegeDean of the Faculty of Law of Namur
Director of the [email protected]
http://www.droit.fundp.ac.be/crid
Rome, 17-18 June 2004
2
I. New characteristics of the environment
A. Omnipresence and multi use of the network
- Multiplication and interoperability of the networks and full digitization
(GPS/RFID/Internet/GSM/WIFI/Blue
Tooth/GRPS/SMS/etc.)
Functional separation are disappearing
- Multiplication of usages in the daily life
3
B. Interactivity of the network
- User creates by his use his own data
- Importance of the consent (Myth of the user empowerment P3P)
- Openess of the web (multiplication of traces)
- Multiplication of possible processing apart from
a primary collection
4
C. No control by the user of this terminal equipment
- Security means time consuming operations
- Radical opacity of the functioning of the
terminals
(spyware/cookies/….)
5
D. No control by the governments of the internet’s actors
- Increasing intervention of private normalization bodies (W3C/IETF/…)
- As regards the terminal equipment : no public norms
- As regards the c. services providers
(IAP/T.O./…)
6
E. International dimension
- Sovereignty of the national state
- TBDF or risks of TBDF
- Probl. of the localization of the actors
- Need for international norms
7
II. Towards new D.S. rights
- Right to remain anonymous and public security requirements
- D.S. Right to take benefit from the ICT in order to a better exercice of his right
- Right to a transparent and privacy compliant
terminal
- Right ot be considered as a consumer (class
action/ unfair terms of contract)
8
III. Do we need a new C. of E. Convention on DP?
A. BASIC FINDINGS
* Definitively, we need a new approach
- Privacy is no more a negative concept with a
restricted extension
- Privacy is now a positive concept covering
all personal data in order to ensure a correct
equilibrium between D.S. and D.C. and the
possibility of selfdetermination within an I.S.
9
* Privacy is not sufficient : need to protect directly the H. dignity
• Ambiguous relationships between Privacy and freedom of
expression :
Privacy is an absolute prerequisite for ensuring
freedom of expression
Privacy might not be an unjustified obstacle to the
freedom of expression (Linqvist case)
10
B. Scope
- Protection of individuals and groups – usage of « profiles » without direct links with individuals
- Personal data: a concept to be redefined – Do we
deal with a reality or a risk ?
- Need to regulate new actors - the terminal equipment producers- the IAP
11
C. Quality of data
- Fair collection
- Legitimate the processing by consent: limits and new questions : surveillance within a family
- How to create system as regards the control of subsequent use
12
D. Sensitivity of data
- Identification number
- Profiles
13
E. Security of data
- Need for C.S.P. to alert D.S. about risks
- Privacy and security by design
- Security in broadest sense and privacy : need for int. norms ( I.T – Int. Sec., Trust and Privacy Alliance – ISO/IEC 20886 Draft norms presently in discussion )
14
F. TBD Flows
- To deal with flows or Risk of flows
- What does mean flow ?
- Need for defining I.P. Law solutions as regards - localization of the services - Applicable law- Competent juridiction
- Need to reevaluate the adequacy decisions
15
Conclusions
PRIVACY HAS DEFINITIVELY GAINED A NEW MEANING
No need for radically new instruments but • Extension of the material scope : from processing to
Information systems/From data relative to individuals to data concerning groups
• New rights for the data subjects
• Need to deepen certain concepts like « compatible processing », « adequate protection », ….
• Need to develop data Protection by I.S. design and to regulate certain actors
