Can and
should the law provide privacy rights to counter the intrusive effect of mass
surveillance via modern technologies?
by
Tzeni Kapsogeorgou
Abstract
Privacy has been always identified as an important value for the life of
each individual and is a right protected by law as an essential human right.
Privacy and particularly privacy of personal information must also be considered
as an indication of quality of democracy and freedom, while practices of mass
surveillance and blatant violation of privacy rights is often a priority and
enforcement tool in an illiberal regime. High technology revolution and
specifically vast advances in the areas of computers, digital networks and
information technology have changed the rules of the game in the area of
personal privacy. An integrated chain of business and transaction automation,
data centralisation through digital networks and powerful as well as flexible
processing of personal data in advanced information systems, offers enormous new
possibilities in many areas of business and services.
The
use of personal information as raw material for incidental processing using
sophisticated decision support systems and techniques like data matching and
data mining represent a valuable resource in areas of market research
personalised services and in fraud detection. The potential threat of a gradual
transition to systems that actually survey every detail our private life and
overwhelm freedom is still very visible. Law slowly adapts to that scenery and
legal regime that tries to control and regulate use of personal data and
surveillance has evolved. Society is though still immature and has not weigh
precisely the possibilities of combining information technology in mass
surveillance efforts; as a result law may still have some weak points that would
deserve further attention.
Contents
How law protects privacy as an essential human right
Respect of privacy rights as an indication of democratic quality
Privacy of personal information
The factor of transaction and service automation
The factor of
digital networks and the Internet phenomenon
The factor of information technology
The role of private sector
The role of government services and the public sector
Incidental processing of raw information
Data matching and data mining techniques
The benefits of reasonable surveillance
The potential dangers of surveillance
Answering the question
The legal regime
Weak points in legislation. Considerations
Conclusion
Protection of private life may be easily identified as
an important human value that could even be considered as a major factor for
preserving personal inward balance. Privacy
means our right to control information about ourselves preventing others
invasion into our life and habits and it could be defined
(in U.S. at least) of “the right to be let alone” . In
terms perhaps more appropriate to the information society, privacy might be
defined as the right not to be subject to surveillance . No
matter of the exact definition and the point of view, privacy is valuable for
each individual no matter of his professional or social status.
Most societies have
also recognised that, and although they do not proclaim the
same level of respect to privacy rights, privacy is usually protected up to some
extent. Of course private life has
also to be thought as an anti-parallel aspect of human life with sociality as in
each community a specific trade off is usually consecrated between privacy and
social bonds.
Privacy must also be contemplated in relation with behaviours that oppose
to the common understanding of right and fair, and a misinterpretation of
privacy, claims that someone who is “right” in his life does not have
something to hide.
Fundamental protection of privacy
Privacy
rights are recognised as fundamental human rights and in modern democratic
states there are several substantiations of privacy protection by law, in forms
like protection of privacy of mail or residency. These forms of privacy are
considered as an essential right of citizens and foundation laws like a
constitution usually provide their protection.
Other aspects of privacy though like privacy of personal information,
were not covered explicitly until a few years ago.
We have to clarify that the right of privacy should not be misunderstood
in the sense that in any well-governed state, absolute privacy cannot be
acceptable. This means that privacy of an individual should not contradict with
legality and common interest. As an example in benefit of state organisation,
many aspects or activities of life require some registration under law.
Privacy as indication of democracy
So it is obvious that the borders between the right of an individual to
privacy and the right of a state and a society or even an other individual to be
informed about illegal activities or to be organised for the common benefit, is
not always very clear. We have also
to take into account as well that information about individuals lives their acts
and thoughts is a strategic factor, probably the most important one in
establishment of an authority especially of an unjustified one.
As a result Illiberal or undemocratic regimes always have as a priority
violation of privacy, through practices of surveillance and extended use of
their information agencies. A statement that may be extracted then, is that
respect of privacy is also an indication of democratic quality in the sense that
in a real democracy freedom of thought and expression is not considered as a
threat, so there is no need of privacy violation and surveillance as an
enforcement tool.
Privacy
of personal information
Apart from the generic analysis about privacy and privacy rights that
aims to serve as a basis for further discussion, the major issue of our
“information age” is the privacy of personal information and the role of
modern technologies like computer networks and information technology in mass
surveillance practices. These practices use facts or details of our personal
private life that have been recorded at some specific time point and in this way
effectively survey many of our past and current activities. Due to the
importance of this sort of mass surveillance in our information age that uses
the latest achievements of computer and information technology, it is
necessitated to focus on a study on its characteristics and implications
regarding society and law.
Informational privacy is the right of preventing use of
personal or private information against the will or without acknowledgement of
the source and the subject of that information. At an official level, violation
of this form of privacy might involve collecting personal or private information
about individuals suspected or not of criminal conduct, whilst at a non
governmental level, reference can be made to the marketers that obtain data
through online questionnaires and “loyalty cards” in order to use it for
marketing purposes[1].
As our world moves fast from the post industrial to
information age where globalisation is a rational anticipation, information
itself is the most important asset to be obtained either for the private or the
public sector. Information is a kind of power especially when that information
concerns living individuals. Every action that we take, our transactions,
contacts habits and small details of daily life, could reveal, particularly when
are combined, a lot about our thoughts and lifestyle[2].
So a system that effectively collects, processes and utilises such information
can be unquestionably considered as performing surveillance on our lives, and
certainly in a mass level.
Privacy of personal information did not always receive the same level of
attention as other forms of privacy. The main reason for that is that the
subject of the information, usually either is not aware of this type of
violation of his privacy or has provided the information with his own will at
some point at past. In any case he does not directly interfere and is not
directly affected by the storage and usage of the information. In many cases
only a small subset of the subjects of the information will ever detect the act
of using their personal information and this will be only from an application
using the results of this act.
Additionally the public opinion has not been adequately informed and is
not aware of the issue of informational privacy. An average person will provide
without much deliberation, a piece of information about himself to a respected
counterpart, without asking much about the use that this information, the period
that will be kept for, if it will be crosschecked and if it is really relevant
to the reason it is asked for.
Furthermore the owners and the users of personal information, that in
many cases have collected information as a side-act of an irrelevant transaction
or other activity of the unsuspected individual, do the feel the obligation of
informing him about the existence of the information or the way that it will be
used.
At last while anybody is generally intuitively not pleased in the idea of
being subject of an arbiter information system, he cannot easily locate the way
that such an activity could really harm him, he can not find an easy way to
protected himself anyway and the simplest thing to do is really to ignore it.
Personal information collected in a mass and also detailed level, for
example several personal details like transactions of a large number of persons,
is a resource difficult to be acquired and handled. The amount or the resulted
information is enormous constituted by small chunks.
And it also has to be further processed and combined in order to provide
valuable results. Performing the above tasks manually is impossible or at least
very expensive, and this was in effect a protection against such practices.
Modern technologies have changed that. Incorporated in the
whole process of information flow they have changed the way things used to be in
numerous ways.
The
factor of transaction automation
The first stage in the process of personal information flow is its
collection. Traditionally mass surveillance systems and personal information
data banks had a great difficulty in accomplishing this task. The only practical
way to overcome it without using any modern technologies is to deploy some
specific registration scheme that is usually provided and enforced by law, to
organise it and supply all the required resources. Police records, social
security records or even internal revenue records and cadastre records could be
thought as examples of such registration schemes. Information acquisition
systems of that form have common characteristics like their high cost, the use
of dedicated personnel, the high quality of the obtained information and the
fact that their use is usually really the minimal required for having a well
organised and governed state. Furthermore all the details regarding their
structure and use is usually given by law, they are considered as state property
and none is allowed to use them arbitrarily while the subjects of the
information are aware of the existence and use of the information.
Modern technologies in an area that could be described as transaction and
service automation have introduced several alternatives to that model.
Transaction automation systems like ATMs, credit and loyalty cards, and Internet
shopping as well as service automation systems like electronic identification
cards, digital telecommunications, and Internet services (like e-mail) comprise
a new rich source of personal information. The characteristics of this
information acquisition systems is that they provide information as a side-act
of their main activity (there are of course many registration forms on web as
well where one is directly propelled to provide various information about him)
in a digital form ready to be used by information systems, the cost of the
actual acquisition of the information is very low and no substantial additional
personnel or other resources are required. The subject of the information is not
wittingly providing that information and in fact in most cases does not ever
realises the existence of the information. For example an average person does
not know or at least is not thinking when is phoning somewhere that the exact
time and duration of the phone call is recorded, and that there is always a
possibility that this information is used at future for a purpose unrelated with
the phone call.
The
factor of digital networks and the Internet
The next step in information flow is centralisation. In order to achieve
a mass collection of records of personal information that is complete and
accurate, the information that is usually collected at different locations has
to be centralised as fast and efficiently as possible.
The centralisation process may be realised in a variety of ways from the
transmission of data via a web form, to the periodic synchronisation of ATMs
with a central bank system, or it could be just virtual in distributed database
systems, in any case though the factor of computer networks is vital since the
volume of data is high and the value of the information decreases with time.
The Internet phenomenon and all the related standards and technologies
represent an additional factor that facilitates the task of information and
therefore of personal information manipulation in a great extent.
Internet is growing so dramatically in a rate that unquestionable surpass
any modern medium of communication ever before succeeded [3]and
is expected to replace or to incorporate in many more activities of our life.
Internet messaging, Internet commerce, web pages and hypertext transmission are
only a few first implementations that already actualise the idea of the global
community; we have to keep in mind though that internet is also an insecure,
uncontrollable medium that connects most of the world and countries with
different society structure, traditions and legal systems. Personal information
that is out there could be quite easily accessed and used in an unpredicted way
and law in many cases is just unable to protect us. The Internet creates a model
of decision making through personal data use that empowers public and private
organisations worldwide[4].
The
factor of information technology
Up to the point of information processing, one cannot claim that privacy
rights have been actually violated especially if the reason of data gathering
could be justified from the business or governmental activity that the
information was given for. The concern is not in fact information retrieval
itself but rather the way that is used, processed and combined[5].
As raw input to incidental processing, to extract reliability conclusions or any
other use different to the one for which it was given or retrieved, information
has usually to be handled by an computer based information system. Information
technology directs privacy in ways that are undoubtedly different than ever
before[6]. Taking full advantage of
computer technology, modern database and knowledge base systems as well as more
sophisticated systems in the area of decision support and artificial
intelligence, utilize modern supercomputers with increased processing power,
memory and storage capacity, in order to support in an efficient and flexible
way, mass surveillance using personal information.
Even a simple query in a properly organised database, storing information
about our transactions is able to reveal a significant amount of valuable
derived information about our personality. Furthermore techniques like data
matching and data mining exert to extract the last valuable resolution from raw
data[7].
Data
matching and data mining techniques
Data matching can be described as “the
crosschecking of data, either concurrently or retrospectively, looking for
duplication and/or inconsistencies between data streams. Moreover according to
the governmental definition it enables the comparison of data collected by
different data users, (or by the same data user in different contexts)”[8].
The primary aim of the comparison is the identification of anomalies and
inconsistencies and the improvement of data quality as well as fraud detection.
Enrichment of data and augmentation of data value through data combining could
be another desirable gain of this procedure. Validation of information is
logically applicable to information given explicitly from individuals often
derived from application forms. Data matching techniques are based on indicators
of information accuracy and usually cannot provide a procedure that
automatically corrects the information, but serves as a starting point for
further investigation while an additional produced outcome is about subject’s
reliability. Typically closed user groups carry out data matching exercises and
a reasonable candidate for following such procedures are governmental agencies
or financial and insurance institutions.
Data mining uses advanced software tools to
“identify links, relationships, patterns and trends in data and can produce
graphics to help show what that means. It uses knowledge based or rules based
systems for modelling databases to identify transactions with pre-defined
characteristics, or transactions that deviate from the norm”[9].
While a data warehouse database system could be thought as a basic
infrastructure for this technique, analytical processing and even intelligent
systems have been also developed that effectively to "learn" from
experience using sample data to build up models with classification or
predictive ability. Neural networks and genetic algorithms are sophisticated
techniques that are commonly used for that purpose. These systems can analyse,
adapt and explain raw information in order to produce secondary information of
increased value but can also even discover previously unknown patterns of fraud.
Benefits
of reasonable surveillance
Mass surveillance together with the concern of violating privacy rights
it also intends, in most cases, to serve for the benefit of the state, of a
company, of country’s economy, and even of individuals.
So blind condemnation of mass surveillance practices is not always
justified. Use of personal information, and reasonable surveillance based on
explicit and carefully predefined rules and provisions that protect individuals
could be of a great importance for proper state organisation, police effort, and
protection of citizens and companies from fraud and criminality.
Government clearly declares that by the assistance of information technology,
fraud and criminality can be effectively decreased and simultaneously security
can be increased. Economy can also gain a lot since early detection of
fraud reduces company loses and restricts business risk, reducing products and
services cost in benefit of the lawful citizens.
Economy has also realised a significant development boost through use of
personal information from transactions or activities as a tool or product, in
business plans and new opportunities. Even individuals benefit from new
directions in business and commerce like personalised services. For example
personalised advertisement that targets only people that could be really
interesting on a product are better from entirely blind junk advertisement and
it also allow companies to spent less, and reduce prices.
Dangers
of mass surveillance
It is already clear that use of computers and their new possibilities
raise concerns about individuals and their privacy[10].
The main concern is the effect of computerised information systems that use
personal data, in privacy[11].
The storage and use of personal information poses numerous of dangers.
For example, the information may be of a particularly sensitive nature, it may
be excessive, going beyond that required by the person using for his or her
legitimate needs, or it may be inaccurate. There are real, existing and
significant dangers related to the storage and processing personal data. Apart
from being reluctantly affected by inaccurate data, there are other issues such
as the effect on privacy of individuals[12].
Personal data given for one specific purpose may be used for another, without
the consent of the data subject. And a different issue is about the security of
systems storing personal information. This turns to be dramatically important in
cases when unauthorized people gain access to data like credit card numbers.
Already, in the absence of any explicit legal standard
“data banks “ are overflowed of our personal data. Personal data does
not necessarily include only name, age, address, but most of the times include
additional information about profession, marital status, race, religion, or even
more consuming habits and medical records.
Personal information records are also inflexible and unmitigated in the
sense that it tracks events of our life, segmentally and in a rather time
resistant way. Human personality and behaviour is very complex to be judged from
sparse events and can change dramatically with time. So personal information
records could finally stigmatise people in a way similar with criminal records.
The difference is that in this case it was not a court of justice that has
decided about it.
Violating privacy rights, these information systems could also turn to be
a threat to democracy and freedom. As a matter of fact, improper use of modern
technology and information systems that handle personal information could be
potentially used and extensively serve, originate and empower a totalitarian
state. Even if we feel confident about democracy and its stability, we must
always feel the obligation to foresee potential dangers, and shield it against
them, since an environment appropriate for its abolishment is always prepared
gradually. And in an age where information does not have borders we have to be
aware about the possibility of existence of unknown “dark” control and power
centres all around the world.
Informational privacy may also become a thread against a country’s
defence. Just imagine what an advantage is for a country’s enemies, to have
access or extract information for people that are vital for its defence.
Computer technology has also heightened more primitive fears about a
coldly, logical society of digital “spies” and “informers” because of
the power of computers in terms of information processing. Even now, a popular
feeling remains that computers undermine human skills and that the development
of computer technology “heralds the dawn of an austere and coldly logical
society”[13].
Yet it is already hard to think and imagine that in our ignorance and tolerance,
information is feasible to be gathered, stored and retrieved in the light speed.
Even if we now consider these fears as naïve and unjustified, we have to
consider that a situation where a machine somehow surveys, decides and judges
about people’s future and life, in a cold inhumane way, has come a little
closer.
Mass excessive arbiter surveillance through transactional data may also
affect companies and economy negatively in the long run. Sooner or later
customers will loose confidence in automated transactions when they will realise
violation of their privacy, the ways that they could be affected and there is
always the possibility that will try to avoid them.
In order to understand in which extend law currently protects people and
the society, from mass surveillance that uses the power of modern technologies,
we have to refer to the current legal regime in the area.
The European
Directive 95/46EC on the protection of personal data
According to the main declarations of the unified European Market there
should be no limits to the retrieval of information between Member States. The
more legal divergences are erected the more of a problem it becomes, especially
when these divergences are taking place in what purports to be a common market.
However the enactment of a Data Protection Directive was a common requirement in
order to be founded a common legal system corresponding to the territory of the
EU.
Directive 95/46/EC on the Protection of Personal Data has entered into
effect from 25 October 1998, with the aim of establishing a harmonised
regulatory framework to ensure both a high level of protection for the privacy
of individuals in all EU Member States and the free movement of personal data
within the EU. Provision is also made in the legislation to ensure that personal
data is only transferred to countries outside the EU when its continued
protection is guaranteed.
The Directive in Article 1 states that:
In accordance with this Directive Member States shall protect the
fundamental rights and freedoms of natural persons, and in particular their
right of privacy, with respect to the processing of personal data.
Member States shall neither restrict nor prohibit the free flow of
personal data between Member States for reasons connected with the protection
afforded under paragraph 1.
Under the legislation the rights granted include:
The right to information from subsequent data users about where the data
originated
A right of access to personal data
A right of rectification of personal data that is shown to be inaccurate.
The right to opt out of allowing personal data to be used in certain
circumstances.
In the case of sensitive
data, the legislation establishes that such data can only be processed with the
explicit consent of the individual, subject to a number of public interest
exemptions. In case where personal data is to be used exclusively for
journalistic, artistic or literary purposes, the Directive requires the Member
States to strike a balance between guaranteeing freedom of expression while
protecting the individual's right to privacy.
To prevent abuses in the use
of personal data, and ensure that data subjects are informed of the existence of
processing operations, the Directive lays down common rules to be observed by
those who collect, hold or transmit personal data as part of their economic or
administrative activities or in the course of the activities of their
association. In particular, there is an obligation to collect data only for
specified, explicit and legitimate purposes and to hold it only so long as it
remains relevant, accurate and up-to-date.
The Directive also
establishes the principle of transparency with regard to the collection of data.
This gives individuals the option of whether to provide the information or not
and entitles them to be informed about the identity of the organisation
intending to process the data and the main purpose of such processing.
Under the Directive, data
subjects are granted a number of important rights including the right of access
to data, the right to know where the data originated (if such information is
available), the right to have inaccurate data rectified, a right of recourse in
the event of unlawful processing and the right to withhold permission to use
their data in certain circumstances. Individuals will, for example, have the
right to opt-out, free of charge and without providing any specific reason, from
being sent direct marketing material.
In the case of particularly
sensitive data (ethnic or racial origin, political or religious beliefs, trade
union membership or data concerning health or sexual life), the Directive
establishes that this can only be processed with the explicit consent of the
individual concerned. Exceptions may be allowed in specific cases where there is
an important public interest (e.g. for medical or scientific research), in which
event alternative safeguards must be established.
The flexibility of the Directive means that some differences between
national data protection regimes may still persist. It, therefore, lays down the
principle that the law of the Member State where a data processor is established
applies in cases where data is transferred between Member States.
In the specific case of
personal data used exclusively for journalistic, artistic or literary purposes,
the Directive requires Member States to ensure appropriate exemptions and
derogations exist which strike a balance between guaranteeing freedom of
expression while protecting the individual's right to privacy.
With regard to the transfer
of data to non-EU countries, the Directive includes provisions to prevent the EU
rules from being circumvented. The basic rule is that the non-EU country
receiving the data should ensure an adequate level of protection. The advantage
for those non-EU countries that are able to provide adequate data protection is
that they will be able to benefit from the free flow of data from all 15 EU
Member States.
Data Protection Law in UK
In English Law there is,
traditionally, no general right to privacy[14].
The first attempts to marshal the basic rights of individuals in the scope of
privacy and retrieval of personal data was the enforcement of Data Protection
Act 1984,which reflected the demands of the era as UK attempted to harmonise its
national law in the minimum internationally recognised data protection
standards. A further development has been by the Human Rights Act 1998 which
incorporates a much broader right to respect for one’s private and family
life, his home and his correspondence.
However, under the influence of the EU Data Protection Directive the
English Law made a step further and improved the existing legal regime taking
into force the Data Protection Act 1998 from March 2000.Several new and
significant rights have been added into the new law as it goes much further than
before.
First of all, DPA 1998 is concerned with personal data, meaning data
referring to a living individual who can de identified from that data, or from
that and other data or information in the possession of the data user.
Furthermore, it is extended apart from computer records to manual records, to
“relevant filing system” and a new definition about sensitive personal data
is included. The utmost recognised principle, apart from all those concerning
the processing of personal data, is the one for the transborder data flows where
personal data are prohibited to being transferred to a country outside the
European Economic Area (EEA) unless an adequate level of protection for the
rights of data subjects is ensured .On the other hand there cannot be posed any
obstacles to retrieval of personal data within the borders of EEA.
The problematic issue which is arisen from this provision is what will
happen in case of a non Member State that fails to ensure “an adequate level
of protection” such as US that lacks any certain right to privacy and its
legal system in that particular field is somewhat occasional, providing
restrictions only to government and governmental agencies.
Safe harbor negotiations
Almost since the enactment of the EC Directive, negotiations have been
taking place between EU and US attempting to develop a vulgarly set of rules and
principles to safeguard data transactions between the two parties.
The final and most popular argument at present is that voluntary
self-regulation of data privacy in the commercial sector is preferable to
government interference[15].
Organisations like TRUSTe, the Online Privacy Alliance and BBBonline were
founded worldwide.
The main purpose is to be provided an “industry regulated cost
effective privacy program” based on an online seal which awarded to Web sites
that adhere to established privacy principles. This displayed seal is intended
to provide online users with an indication of the Web site’s policy on
personal data and use moreover to allow them to make a decision about whether or
not to disclose information to the Web site[16].
Answering
the question
We can conclude now that use of personal and transaction information can
be useful in several ways but, the power of computers to manipulate such data
can be misused and a legal system of rules needs to be found in order to prevent
abuse of this huge power.
This legal system has already been defined in a great extent as it has
been pointed out above, but to really answer the question that is given, we have
to enumerate some important details of the lifecycle of personal information and
mass surveillance, examine the extent in which they are covered by legislation
as well as if this legislation is possible to be enforced in practice and if it
is already been applied.
During the process of data gathering, an important issue already covered
by the legislation quite well (for example the EC directive) refers to the
acknowledgement of the information subjects for the process of data collection,
the needs that this collection will serve, the period for which the data will be
kept and if it will be properly updated and accurate, and to give individuals
the right to be excluded from this process if they wish, without any cost or
inconvenience for them when data gathering itself is not requisite for the
specific activity. Also legislation provides that an individual should have a
way to access the data about him and require for its correction. This provision
could be practically enforced and examined only in cases of registration forms
and only in the sense of existence of some information regarding these aspects
given to users. But to ensure that these declarations are actually held or that
transactional information is not used in a way other than serving the
transaction is a rather difficult task that would require specialised in
information technology inspectors. And what is not explicitly provided is the
way that the processes of personal data gathering themselves could be registered
and controlled.
Regarding the stage of data transmission legislation
(EC directive) covers the important aspect of transferring personal data
outside a country and this is a very common issue for private multinational
trusts. Again there is no way to define an implementation mechanism, and in many
cases this could cause enormous problems to companies due to the way that are
organised.
Finally about the information manipulation step, there is not an easy way
to ensure the way that data is treated. There are not explicit provisions
regarding the incidental processing of data and the procedures of data matching
and data mining, or a provision about the case that data are treated anonymously
for market research or statistical purposes.
Another important aspect is about the procedures of re-distribution of
personal data either for profit or not, and as a service or in a massive way,
that has been also addressed by EC directive and other legislation.
But this is not the exact case about security requirement of personal
information systems and liability in cases of unauthorised access.
And of course one of the most important problems in the current legal
system is that it does not yet have a global and international character, in
contradistinction with technology advances, digital information and related
business.
Undoubtedly the hidden reason between the inability of law to regulate
protection or privacy and to find a way for its implementation is the distance
between the worlds of legal and computer and information technology science.
There is a need for law to come closer, to be informed and to have some basic
knowledge or advice on the area of information technology. On the other hand the
world of computer, information technology and especially Internet technology
needs to stop ignoring legal aspects related to personal privacy, but to
carefully design and implement technology standards that could make the task of
protection privacy practical, without affecting technology flexibility and
potency.
Conclusion
Unquestionably modern technology advances have enabled the implementation
of personal information systems for mass surveillance purposes with intrusive
effects to privacy. While existence of such systems could be beneficial in
several cases, it is unwise to think that by ignoring the dangers of mass
surveillance and allow exploitation of such systems in an arbiter and excessive
way without rules and restrictions, would be useful for society in a longer
term.
The challenge is great, so the standards developed for personal data use
on information systems and the Internet will come about an essential role in
defining democracy in the information age[17].
Legislation has already started to adapt to the new environment but it
still has many weak points, while in the area of implementing and applying law,
insufficiency is the common case.
Public awareness is the starting point in order to improve current
situation, since very few could be done if we do not individually treat personal
information as a valuable resource that needs protection. And public awareness
is the only way to propel political will to enforce relevant legislation, since
this enforcement has some cost as well.
But the key factor is the closer cooperation of law and technology in
order to make privacy law implementation practical, without affecting technology
potency and introducing unnecessary restrictions in information and Internet
technology exploitation.
These guidelines could serve a lot towards the unquestionable need of
efficient provision and protection of privacy rights by law, to counter the
intrusive effect of mass surveillance via modern technologies.
Bainbridge D.
Introduction to Computer Law , Longman 2000
Bainbridge D. EU
Data Protection
Directive,Butterworths 1996
Branscomb,
A.W. Who owns information ? : from privacy to public access Basic,
1994
Cate
, F.
H. Privacy
in the information age , Brookings Institution Press, 1997
CavazosA. Ed.&Gavino M., CyberSpace and the Law –Your rights
and duties
in the On-Line World, MIT
Press,1996
Charlesworth,A.“Implementing
the European Data
Protection Directive 1995 in
UK Law: The Data Protection Act
1998” (1999) 16 (3) Government Information Quarterly 203
Charlesworth,A.”
Clash of the Data Titans: US and EU Data Privacy Regulation”(2000) 6
European Public Law pages 253-274
Jones P. Privacy and
the Private Sector:Law at
the crossroads of evolution ”(2000) 6 European
Public Law pages275-301
Katsch
M.E. Law
in Digital World , Oxford
University Press,1995
Lloyd J. I.
Information Technology Law Butterworths,2000
Lloyd J.I.&Simpson M. Law on the
electronic frontier, Edinburgh University Press 1994
Lloyd I., Legal
Aspects of the
Information society ,
Butterworths,2000
Reed C.& Angel J. Computer Law ,Blackstone Press 2000
Reidenberg,J.R.”Restoring
Americans’ Privacy in Electronic Commerce” Berkeley Technology Law Journal14
(1999) pages771-792
Spinello,R.A Morality
and Law in Cyberspace Jones & Bartlett Pub.2000
Wacks,R.The protection of privacy, London Sweet Maxwell1980
Wacks,R. Personal
information : privacy and the law Clarendon Press, 1993
WEB SITE ARTICLES
Belgum,K.D. Who
Leads at Half-time? Three Conflicting Visions of Internet Privacy
Policy,6 RICH.J.L&TECH.1 (Symposium 1999) . http://www.richmond.edu/jolt/v6i1/belgum.html
Consultation Paper on the EC Data Protection Directive (95/46/EC)
http://www.homeoffice.gov.uk/ccpd/dataprot.htm
Litan,R.E.&
Swire,P. P. Avoiding
a Show-Down Over EU Privacy Laws,
Policy Brief series no. 29 The Brookings Institution http://www.brookings.org/comm/PolicyBriefs/pb029/pb29.htm
Lloyd I.
,An Outline of the European
Protection Directive,(1996JILT) http://elj.warwick.ac.uk/jilt/dp/intros/default.htm
Mayer-Schönberger, V. The Internet and Privacy Legislation: Cookies for a Treat?1
W.Va.J.L.&Tech.1(1997)
http://www.wvjolt.wvu.edu/wvjolt/current/issue1/articles/mayer/mayer.htm
Maxeiner J. R. Freedom
of Information and the EU Data Protection Directive(1995) 48 (1) Federal
Communications Law Journalhttp://www.law.indiana.edu/fclj/pubs/v48/no1/maxeiner.html
Office of the
Data Protection Commissioner
http://www.dataprotection.gov.uk/match.htm
Petersen S. B.Your
Life as an Open Book: Has Technology Rendered Personal Privacy Virtually
Obsolete?(1995) 48(1) Federal CommunicationsLawJournal http://www.law.indiana.edu/fclj/pubs/v48/no1/petersen.html
Singleton,S.”Privacy
as Censorship:A Skeptical view of proposals to Regulate Privacy in the Private
Sector” Cato Institute, Policy Analysis No 295, 22 January 1998 http://www.cato.org/pubs/pas/pa-295.html
Schwartz,P Privacy
and Democracy in Cyber Space,52 Vanderbilt LawReview1609(1999)http://www.wcbcourses.com/wcb/schools/LEXI`S/law08/pschwartz/3/files/VAND-SCHWARTZ.PDF
[1] Bainbridge David, EU Data Protection Directive, Butterworths 1996
[2] Lloyd Ian, Legal Aspects of the Information society, Butterworths,2000 p.44 .
[3] Schwartz,P Privacy and Democracy in Cyber Space,52 Vanderbilt LawReview1609(1999) , http://www.wcbcourses.com/wcb/schools/LEXIS/law08/pschwartz/3/files/VAND-SCHWARTZ.PDF
[4] Schwartz,P Privacy and Democracy in Cyber Space,52 Vanderbilt LawReview1609(1999) http://www.wcbcourses.com/wcb/schools/LEXIS/law08/pschwartz/3/files/VAND-SCHWARTZ.PDF
[5] Schwartz,P Privacy and Democracy in Cyber Space,52 Vanderbilt LawReview1609(1999) http://www.wcbcourses.com/wcb/schools/LEXIS/law08/pschwartz/3/files/VAND-SCHWARTZ.PDF
[6] Schwartz,P Privacy and Democracy in Cyber Space,52 Vanderbilt LawReview1609(1999) http://www.wcbcourses.com/wcb/schools/LEXIS/law08/pschwartz/3/files/VAND-SCHWARTZ.PDF
[7] Lloyd Ian, Legal Aspects of the Information society , Butterworths,2000, page 44 .
[8] Data Protection Agency, A guide to developing data protection codes of practice on data matching, http://www.dataprotection.gov.uk/match. htm
[9] Data Protection Agency, A guide to developing data protection codes of practice on data matching, http://www.dataprotection.gov.uk/match. htm
[10] Bainbridge David, EU Data Protection Directive, Butterworths 1996
[11] Wacks R., The protection of privacy, London Sweet Maxwell1980
[12] Bainbridge David, EU Data Protection Directive, Butterworths 1996
[13] Lloyd I.J Information Technology Law, Butterworths 2000, page34
[14] Bainbridge David Introduction to Computer Law, Longman 2000 page 359
[15] Charlesworth,Andrew” Clash of the Data Titans: US and EU Data Privacy Regulation”(2000) 6 European Public Law, pages 253-274
[16] Jones Peter Privacy and the Private Sector: Law at the crossroads of evolution (2000) 6 European Public Law, pages 275-301
[17] Schwartz,P Privacy and Democracy in Cyber Space,52 Vanderbilt LawReview1609(1999) http://www.wcbcourses.com/wcb/schools/LEXIS/law08/pschwartz/3/files/VAND-SCHWARTZ.PDF