Can and should the law provide privacy rights to counter the intrusive effect of mass surveillance via modern technologies

Can and should the law provide privacy rights to counter the intrusive effect of mass surveillance via modern technologies?

Privacy has been always identified as an important value for the life of each individual and is a right protected by law as an essential human right. Privacy and particularly privacy of personal information must also be considered as an indication of quality of democracy and freedom, while practices of mass surveillance and blatant violation of privacy rights is often a priority and enforcement tool in an illiberal regime. High technology revolution and specifically vast advances in the areas of computers, digital networks and information technology have changed the rules of the game in the area of personal privacy. An integrated chain of business and transaction automation, data centralisation through digital networks and powerful as well as flexible processing of personal data in advanced information systems, offers enormous new possibilities in many areas of business and services.

The use of personal information as raw material for incidental processing using sophisticated decision support systems and techniques like data matching and data mining represent a valuable resource in areas of market research personalised services and in fraud detection. The potential threat of a gradual transition to systems that actually survey every detail our private life and overwhelm freedom is still very visible. Law slowly adapts to that scenery and legal regime that tries to control and regulate use of personal data and surveillance has evolved. Society is though still immature and has not weigh precisely the possibilities of combining information technology in mass surveillance efforts; as a result law may still have some weak points that would deserve further attention.

What privacy rights mean

The right to Privacy

Protection of private life may be easily identified as an important human value that could even be considered as a major factor for preserving personal inward balance. Privacy means our right to control information about ourselves preventing others invasion into our life and habits and it could be defined (in U.S. at least) of “the right to be let alone” . In terms perhaps more appropriate to the information society, privacy might be defined as the right not to be subject to surveillance . No matter of the exact definition and the point of view, privacy is valuable for each individual no matter of his professional or social status.

Most societies have also recognised that, and although they do not proclaim the same level of respect to privacy rights, privacy is usually protected up to some extent. Of course private life has also to be thought as an anti-parallel aspect of human life with sociality as in each community a specific trade off is usually consecrated between privacy and social bonds.

Privacy must also be contemplated in relation with behaviours that oppose to the common understanding of right and fair, and a misinterpretation of privacy, claims that someone who is “right” in his life does not have something to hide.

Privacy rights are recognised as fundamental human rights and in modern democratic states there are several substantiations of privacy protection by law, in forms like protection of privacy of mail or residency. These forms of privacy are considered as an essential right of citizens and foundation laws like a constitution usually provide their protection.

Other aspects of privacy though like privacy of personal information, were not covered explicitly until a few years ago.

We have to clarify that the right of privacy should not be misunderstood in the sense that in any well-governed state, absolute privacy cannot be acceptable. This means that privacy of an individual should not contradict with legality and common interest. As an example in benefit of state organisation, many aspects or activities of life require some registration under law.

So it is obvious that the borders between the right of an individual to privacy and the right of a state and a society or even an other individual to be informed about illegal activities or to be organised for the common benefit, is not always very clear. We have also to take into account as well that information about individuals lives their acts and thoughts is a strategic factor, probably the most important one in establishment of an authority especially of an unjustified one.

As a result Illiberal or undemocratic regimes always have as a priority violation of privacy, through practices of surveillance and extended use of their information agencies. A statement that may be extracted then, is that respect of privacy is also an indication of democratic quality in the sense that in a real democracy freedom of thought and expression is not considered as a threat, so there is no need of privacy violation and surveillance as an enforcement tool.

Apart from the generic analysis about privacy and privacy rights that aims to serve as a basis for further discussion, the major issue of our “information age” is the privacy of personal information and the role of modern technologies like computer networks and information technology in mass surveillance practices. These practices use facts or details of our personal private life that have been recorded at some specific time point and in this way effectively survey many of our past and current activities. Due to the importance of this sort of mass surveillance in our information age that uses the latest achievements of computer and information technology, it is necessitated to focus on a study on its characteristics and implications regarding society and law.

Informational privacy is the right of preventing use of personal or private information against the will or without acknowledgement of the source and the subject of that information. At an official level, violation of this form of privacy might involve collecting personal or private information about individuals suspected or not of criminal conduct, whilst at a non governmental level, reference can be made to the marketers that obtain data through online questionnaires and “loyalty cards” in order to use it for marketing purposes[1].

As our world moves fast from the post industrial to information age where globalisation is a rational anticipation, information itself is the most important asset to be obtained either for the private or the public sector. Information is a kind of power especially when that information concerns living individuals. Every action that we take, our transactions, contacts habits and small details of daily life, could reveal, particularly when are combined, a lot about our thoughts and lifestyle[2]. So a system that effectively collects, processes and utilises such information can be unquestionably considered as performing surveillance on our lives, and certainly in a mass level.

Privacy of personal information did not always receive the same level of attention as other forms of privacy. The main reason for that is that the subject of the information, usually either is not aware of this type of violation of his privacy or has provided the information with his own will at some point at past. In any case he does not directly interfere and is not directly affected by the storage and usage of the information. In many cases only a small subset of the subjects of the information will ever detect the act of using their personal information and this will be only from an application using the results of this act.

Additionally the public opinion has not been adequately informed and is not aware of the issue of informational privacy. An average person will provide without much deliberation, a piece of information about himself to a respected counterpart, without asking much about the use that this information, the period that will be kept for, if it will be crosschecked and if it is really relevant to the reason it is asked for.

Furthermore the owners and the users of personal information, that in many cases have collected information as a side-act of an irrelevant transaction or other activity of the unsuspected individual, do the feel the obligation of informing him about the existence of the information or the way that it will be used.

At last while anybody is generally intuitively not pleased in the idea of being subject of an arbiter information system, he cannot easily locate the way that such an activity could really harm him, he can not find an easy way to protected himself anyway and the simplest thing to do is really to ignore it.

Personal information collected in a mass and also detailed level, for example several personal details like transactions of a large number of persons, is a resource difficult to be acquired and handled. The amount or the resulted information is enormous constituted by small chunks. And it also has to be further processed and combined in order to provide valuable results. Performing the above tasks manually is impossible or at least very expensive, and this was in effect a protection against such practices.

Modern technologies have changed that. Incorporated in the whole process of information flow they have changed the way things used to be in numerous ways.

The first stage in the process of personal information flow is its collection. Traditionally mass surveillance systems and personal information data banks had a great difficulty in accomplishing this task. The only practical way to overcome it without using any modern technologies is to deploy some specific registration scheme that is usually provided and enforced by law, to organise it and supply all the required resources. Police records, social security records or even internal revenue records and cadastre records could be thought as examples of such registration schemes. Information acquisition systems of that form have common characteristics like their high cost, the use of dedicated personnel, the high quality of the obtained information and the fact that their use is usually really the minimal required for having a well organised and governed state. Furthermore all the details regarding their structure and use is usually given by law, they are considered as state property and none is allowed to use them arbitrarily while the subjects of the information are aware of the existence and use of the information.

Modern technologies in an area that could be described as transaction and service automation have introduced several alternatives to that model. Transaction automation systems like ATMs, credit and loyalty cards, and Internet shopping as well as service automation systems like electronic identification cards, digital telecommunications, and Internet services (like e-mail) comprise a new rich source of personal information. The characteristics of this information acquisition systems is that they provide information as a side-act of their main activity (there are of course many registration forms on web as well where one is directly propelled to provide various information about him) in a digital form ready to be used by information systems, the cost of the actual acquisition of the information is very low and no substantial additional personnel or other resources are required. The subject of the information is not wittingly providing that information and in fact in most cases does not ever realises the existence of the information. For example an average person does not know or at least is not thinking when is phoning somewhere that the exact time and duration of the phone call is recorded, and that there is always a possibility that this information is used at future for a purpose unrelated with the phone call.

The next step in information flow is centralisation. In order to achieve a mass collection of records of personal information that is complete and accurate, the information that is usually collected at different locations has to be centralised as fast and efficiently as possible.

The centralisation process may be realised in a variety of ways from the transmission of data via a web form, to the periodic synchronisation of ATMs with a central bank system, or it could be just virtual in distributed database systems, in any case though the factor of computer networks is vital since the volume of data is high and the value of the information decreases with time.

The Internet phenomenon and all the related standards and technologies represent an additional factor that facilitates the task of information and therefore of personal information manipulation in a great extent.

Internet is growing so dramatically in a rate that unquestionable surpass any modern medium of communication ever before succeeded [3]and is expected to replace or to incorporate in many more activities of our life. Internet messaging, Internet commerce, web pages and hypertext transmission are only a few first implementations that already actualise the idea of the global community; we have to keep in mind though that internet is also an insecure, uncontrollable medium that connects most of the world and countries with different society structure, traditions and legal systems. Personal information that is out there could be quite easily accessed and used in an unpredicted way and law in many cases is just unable to protect us. The Internet creates a model of decision making through personal data use that empowers public and private organisations worldwide[4].

Up to the point of information processing, one cannot claim that privacy rights have been actually violated especially if the reason of data gathering could be justified from the business or governmental activity that the information was given for. The concern is not in fact information retrieval itself but rather the way that is used, processed and combined[5]. As raw input to incidental processing, to extract reliability conclusions or any other use different to the one for which it was given or retrieved, information has usually to be handled by an computer based information system. Information technology directs privacy in ways that are undoubtedly different than ever before[6]. Taking full advantage of computer technology, modern database and knowledge base systems as well as more sophisticated systems in the area of decision support and artificial intelligence, utilize modern supercomputers with increased processing power, memory and storage capacity, in order to support in an efficient and flexible way, mass surveillance using personal information.

Even a simple query in a properly organised database, storing information about our transactions is able to reveal a significant amount of valuable derived information about our personality. Furthermore techniques like data matching and data mining exert to extract the last valuable resolution from raw data[7].

Data matching can be described as “the crosschecking of data, either concurrently or retrospectively, looking for duplication and/or inconsistencies between data streams. Moreover according to the governmental definition it enables the comparison of data collected by different data users, (or by the same data user in different contexts)”[8]. The primary aim of the comparison is the identification of anomalies and inconsistencies and the improvement of data quality as well as fraud detection. Enrichment of data and augmentation of data value through data combining could be another desirable gain of this procedure. Validation of information is logically applicable to information given explicitly from individuals often derived from application forms. Data matching techniques are based on indicators of information accuracy and usually cannot provide a procedure that automatically corrects the information, but serves as a starting point for further investigation while an additional produced outcome is about subject’s reliability. Typically closed user groups carry out data matching exercises and a reasonable candidate for following such procedures are governmental agencies or financial and insurance institutions.

Data mining uses advanced software tools to “identify links, relationships, patterns and trends in data and can produce graphics to help show what that means. It uses knowledge based or rules based systems for modelling databases to identify transactions with pre-defined characteristics, or transactions that deviate from the norm”[9]. While a data warehouse database system could be thought as a basic infrastructure for this technique, analytical processing and even intelligent systems have been also developed that effectively to "learn" from experience using sample data to build up models with classification or predictive ability. Neural networks and genetic algorithms are sophisticated techniques that are commonly used for that purpose. These systems can analyse, adapt and explain raw information in order to produce secondary information of increased value but can also even discover previously unknown patterns of fraud.

Mass surveillance together with the concern of violating privacy rights it also intends, in most cases, to serve for the benefit of the state, of a company, of country’s economy, and even of individuals.

So blind condemnation of mass surveillance practices is not always justified. Use of personal information, and reasonable surveillance based on explicit and carefully predefined rules and provisions that protect individuals could be of a great importance for proper state organisation, police effort, and protection of citizens and companies from fraud and criminality. Government clearly declares that by the assistance of information technology, fraud and criminality can be effectively decreased and simultaneously security can be increased. Economy can also gain a lot since early detection of fraud reduces company loses and restricts business risk, reducing products and services cost in benefit of the lawful citizens.

Economy has also realised a significant development boost through use of personal information from transactions or activities as a tool or product, in business plans and new opportunities. Even individuals benefit from new directions in business and commerce like personalised services. For example personalised advertisement that targets only people that could be really interesting on a product are better from entirely blind junk advertisement and it also allow companies to spent less, and reduce prices.

It is already clear that use of computers and their new possibilities raise concerns about individuals and their privacy[10]. The main concern is the effect of computerised information systems that use personal data, in privacy[11].

The storage and use of personal information poses numerous of dangers. For example, the information may be of a particularly sensitive nature, it may be excessive, going beyond that required by the person using for his or her legitimate needs, or it may be inaccurate. There are real, existing and significant dangers related to the storage and processing personal data. Apart from being reluctantly affected by inaccurate data, there are other issues such as the effect on privacy of individuals[12]. Personal data given for one specific purpose may be used for another, without the consent of the data subject. And a different issue is about the security of systems storing personal information. This turns to be dramatically important in cases when unauthorized people gain access to data like credit card numbers.

Already, in the absence of any explicit legal standard “data banks “ are overflowed of our personal data. Personal data does not necessarily include only name, age, address, but most of the times include additional information about profession, marital status, race, religion, or even more consuming habits and medical records.

Personal information records are also inflexible and unmitigated in the sense that it tracks events of our life, segmentally and in a rather time resistant way. Human personality and behaviour is very complex to be judged from sparse events and can change dramatically with time. So personal information records could finally stigmatise people in a way similar with criminal records. The difference is that in this case it was not a court of justice that has decided about it.

Violating privacy rights, these information systems could also turn to be a threat to democracy and freedom. As a matter of fact, improper use of modern technology and information systems that handle personal information could be potentially used and extensively serve, originate and empower a totalitarian state. Even if we feel confident about democracy and its stability, we must always feel the obligation to foresee potential dangers, and shield it against them, since an environment appropriate for its abolishment is always prepared gradually. And in an age where information does not have borders we have to be aware about the possibility of existence of unknown “dark” control and power centres all around the world.

Informational privacy may also become a thread against a country’s defence. Just imagine what an advantage is for a country’s enemies, to have access or extract information for people that are vital for its defence.

Computer technology has also heightened more primitive fears about a coldly, logical society of digital “spies” and “informers” because of the power of computers in terms of information processing. Even now, a popular feeling remains that computers undermine human skills and that the development of computer technology “heralds the dawn of an austere and coldly logical society”[13]. Yet it is already hard to think and imagine that in our ignorance and tolerance, information is feasible to be gathered, stored and retrieved in the light speed. Even if we now consider these fears as naïve and unjustified, we have to consider that a situation where a machine somehow surveys, decides and judges about people’s future and life, in a cold inhumane way, has come a little closer.

Mass excessive arbiter surveillance through transactional data may also affect companies and economy negatively in the long run. Sooner or later customers will loose confidence in automated transactions when they will realise violation of their privacy, the ways that they could be affected and there is always the possibility that will try to avoid them.

Legal regime

In order to understand in which extend law currently protects people and the society, from mass surveillance that uses the power of modern technologies, we have to refer to the current legal regime in the area.

According to the main declarations of the unified European Market there should be no limits to the retrieval of information between Member States. The more legal divergences are erected the more of a problem it becomes, especially when these divergences are taking place in what purports to be a common market. However the enactment of a Data Protection Directive was a common requirement in order to be founded a common legal system corresponding to the territory of the EU.

Directive 95/46/EC on the Protection of Personal Data has entered into effect from 25 October 1998, with the aim of establishing a harmonised regulatory framework to ensure both a high level of protection for the privacy of individuals in all EU Member States and the free movement of personal data within the EU. Provision is also made in the legislation to ensure that personal data is only transferred to countries outside the EU when its continued protection is guaranteed.

In accordance with this Directive Member States shall protect the fundamental rights and freedoms of natural persons, and in particular their right of privacy, with respect to the processing of personal data.

Member States shall neither restrict nor prohibit the free flow of personal data between Member States for reasons connected with the protection afforded under paragraph 1.

The right to information from subsequent data users about where the data originated

The right to opt out of allowing personal data to be used in certain circumstances.

In the case of sensitive data, the legislation establishes that such data can only be processed with the explicit consent of the individual, subject to a number of public interest exemptions. In case where personal data is to be used exclusively for journalistic, artistic or literary purposes, the Directive requires the Member States to strike a balance between guaranteeing freedom of expression while protecting the individual's right to privacy.

To prevent abuses in the use of personal data, and ensure that data subjects are informed of the existence of processing operations, the Directive lays down common rules to be observed by those who collect, hold or transmit personal data as part of their economic or administrative activities or in the course of the activities of their association. In particular, there is an obligation to collect data only for specified, explicit and legitimate purposes and to hold it only so long as it remains relevant, accurate and up-to-date.

The Directive also establishes the principle of transparency with regard to the collection of data. This gives individuals the option of whether to provide the information or not and entitles them to be informed about the identity of the organisation intending to process the data and the main purpose of such processing.

Under the Directive, data subjects are granted a number of important rights including the right of access to data, the right to know where the data originated (if such information is available), the right to have inaccurate data rectified, a right of recourse in the event of unlawful processing and the right to withhold permission to use their data in certain circumstances. Individuals will, for example, have the right to opt-out, free of charge and without providing any specific reason, from being sent direct marketing material.

In the case of particularly sensitive data (ethnic or racial origin, political or religious beliefs, trade union membership or data concerning health or sexual life), the Directive establishes that this can only be processed with the explicit consent of the individual concerned. Exceptions may be allowed in specific cases where there is an important public interest (e.g. for medical or scientific research), in which event alternative safeguards must be established.

The flexibility of the Directive means that some differences between national data protection regimes may still persist. It, therefore, lays down the principle that the law of the Member State where a data processor is established applies in cases where data is transferred between Member States.

In the specific case of personal data used exclusively for journalistic, artistic or literary purposes, the Directive requires Member States to ensure appropriate exemptions and derogations exist which strike a balance between guaranteeing freedom of expression while protecting the individual's right to privacy.

With regard to the transfer of data to non-EU countries, the Directive includes provisions to prevent the EU rules from being circumvented. The basic rule is that the non-EU country receiving the data should ensure an adequate level of protection. The advantage for those non-EU countries that are able to provide adequate data protection is that they will be able to benefit from the free flow of data from all 15 EU Member States.

In English Law there is, traditionally, no general right to privacy[14]. The first attempts to marshal the basic rights of individuals in the scope of privacy and retrieval of personal data was the enforcement of Data Protection Act 1984,which reflected the demands of the era as UK attempted to harmonise its national law in the minimum internationally recognised data protection standards. A further development has been by the Human Rights Act 1998 which incorporates a much broader right to respect for one’s private and family life, his home and his correspondence.

However, under the influence of the EU Data Protection Directive the English Law made a step further and improved the existing legal regime taking into force the Data Protection Act 1998 from March 2000.Several new and significant rights have been added into the new law as it goes much further than before.

First of all, DPA 1998 is concerned with personal data, meaning data referring to a living individual who can de identified from that data, or from that and other data or information in the possession of the data user. Furthermore, it is extended apart from computer records to manual records, to “relevant filing system” and a new definition about sensitive personal data is included. The utmost recognised principle, apart from all those concerning the processing of personal data, is the one for the transborder data flows where personal data are prohibited to being transferred to a country outside the European Economic Area (EEA) unless an adequate level of protection for the rights of data subjects is ensured .On the other hand there cannot be posed any obstacles to retrieval of personal data within the borders of EEA.

The problematic issue which is arisen from this provision is what will happen in case of a non Member State that fails to ensure “an adequate level of protection” such as US that lacks any certain right to privacy and its legal system in that particular field is somewhat occasional, providing restrictions only to government and governmental agencies.

Almost since the enactment of the EC Directive, negotiations have been taking place between EU and US attempting to develop a vulgarly set of rules and principles to safeguard data transactions between the two parties.

The final and most popular argument at present is that voluntary self-regulation of data privacy in the commercial sector is preferable to government interference[15]. Organisations like TRUSTe, the Online Privacy Alliance and BBBonline were founded worldwide.

The main purpose is to be provided an “industry regulated cost effective privacy program” based on an online seal which awarded to Web sites that adhere to established privacy principles. This displayed seal is intended to provide online users with an indication of the Web site’s policy on personal data and use moreover to allow them to make a decision about whether or not to disclose information to the Web site[16].

We can conclude now that use of personal and transaction information can be useful in several ways but, the power of computers to manipulate such data can be misused and a legal system of rules needs to be found in order to prevent abuse of this huge power.

This legal system has already been defined in a great extent as it has been pointed out above, but to really answer the question that is given, we have to enumerate some important details of the lifecycle of personal information and mass surveillance, examine the extent in which they are covered by legislation as well as if this legislation is possible to be enforced in practice and if it is already been applied.

During the process of data gathering, an important issue already covered by the legislation quite well (for example the EC directive) refers to the acknowledgement of the information subjects for the process of data collection, the needs that this collection will serve, the period for which the data will be kept and if it will be properly updated and accurate, and to give individuals the right to be excluded from this process if they wish, without any cost or inconvenience for them when data gathering itself is not requisite for the specific activity. Also legislation provides that an individual should have a way to access the data about him and require for its correction. This provision could be practically enforced and examined only in cases of registration forms and only in the sense of existence of some information regarding these aspects given to users. But to ensure that these declarations are actually held or that transactional information is not used in a way other than serving the transaction is a rather difficult task that would require specialised in information technology inspectors. And what is not explicitly provided is the way that the processes of personal data gathering themselves could be registered and controlled.

Regarding the stage of data transmission legislation (EC directive) covers the important aspect of transferring personal data outside a country and this is a very common issue for private multinational trusts. Again there is no way to define an implementation mechanism, and in many cases this could cause enormous problems to companies due to the way that are organised.

Finally about the information manipulation step, there is not an easy way to ensure the way that data is treated. There are not explicit provisions regarding the incidental processing of data and the procedures of data matching and data mining, or a provision about the case that data are treated anonymously for market research or statistical purposes.

Another important aspect is about the procedures of re-distribution of personal data either for profit or not, and as a service or in a massive way, that has been also addressed by EC directive and other legislation. But this is not the exact case about security requirement of personal information systems and liability in cases of unauthorised access.

And of course one of the most important problems in the current legal system is that it does not yet have a global and international character, in contradistinction with technology advances, digital information and related business.

Undoubtedly the hidden reason between the inability of law to regulate protection or privacy and to find a way for its implementation is the distance between the worlds of legal and computer and information technology science. There is a need for law to come closer, to be informed and to have some basic knowledge or advice on the area of information technology. On the other hand the world of computer, information technology and especially Internet technology needs to stop ignoring legal aspects related to personal privacy, but to carefully design and implement technology standards that could make the task of protection privacy practical, without affecting technology flexibility and potency.

Unquestionably modern technology advances have enabled the implementation of personal information systems for mass surveillance purposes with intrusive effects to privacy. While existence of such systems could be beneficial in several cases, it is unwise to think that by ignoring the dangers of mass surveillance and allow exploitation of such systems in an arbiter and excessive way without rules and restrictions, would be useful for society in a longer term.

The challenge is great, so the standards developed for personal data use on information systems and the Internet will come about an essential role in defining democracy in the information age[17].

Legislation has already started to adapt to the new environment but it still has many weak points, while in the area of implementing and applying law, insufficiency is the common case.

Public awareness is the starting point in order to improve current situation, since very few could be done if we do not individually treat personal information as a valuable resource that needs protection. And public awareness is the only way to propel political will to enforce relevant legislation, since this enforcement has some cost as well.

But the key factor is the closer cooperation of law and technology in order to make privacy law implementation practical, without affecting technology potency and introducing unnecessary restrictions in information and Internet technology exploitation.

These guidelines could serve a lot towards the unquestionable need of efficient provision and protection of privacy rights by law, to counter the intrusive effect of mass surveillance via modern technologies.

BIBLIOGRAPHY

Branscomb, A.W. Who owns information ? : from privacy to public access Basic, 1994

Cate , F. H. Privacy in the information age , Brookings Institution Press, 1997

CavazosA. Ed.&Gavino M., CyberSpace and the Law –Your rights and duties in the On-Line World, MIT Press,1996

Charlesworth,A.“Implementing the European Data Protection Directive 1995 in UK Law: The Data Protection Act 1998” (1999) 16 (3) Government Information Quarterly 203

Charlesworth,A.” Clash of the Data Titans: US and EU Data Privacy Regulation”(2000) 6 European Public Law pages 253-274

Jones P. Privacy and the Private Sector:Law at the crossroads of evolution ”(2000) 6 European Public Law pages275-301

Lloyd J.I.&Simpson M. Law on the electronic frontier, Edinburgh University Press 1994

Reidenberg,J.R.”Restoring Americans’ Privacy in Electronic Commerce” Berkeley Technology Law Journal14 (1999) pages771-792

Spinello,R.A Morality and Law in Cyberspace Jones & Bartlett Pub.2000
Wacks,R.The protection of privacy, London Sweet Maxwell1980

Wacks,R. Personal information : privacy and the law Clarendon Press, 1993

Litan,R.E.& Swire,P. P. Avoiding a Show-Down Over EU Privacy Laws , Policy Brief series no. 29 The Brookings Institution http://www.brookings.org/comm/PolicyBriefs/pb029/pb29.htm

Mayer-Schönberger, V. The Internet and Privacy Legislation: Cookies for a Treat?1 W.Va.J.L.&Tech.1(1997)

Maxeiner J. R. Freedom of Information and the EU Data Protection Directive(1995) 48 (1) Federal Communications Law Journalhttp://www.law.indiana.edu/fclj/pubs/v48/no1/maxeiner.html

Singleton,S.”Privacy as Censorship:A Skeptical view of proposals to Regulate Privacy in the Private Sector” Cato Institute, Policy Analysis No 295, 22 January 1998 http://www.cato.org/pubs/pas/pa-295.html

Schwartz,P Privacy and Democracy in Cyber Space,52 Vanderbilt LawReview1609(1999)http://www.wcbcourses.com/wcb/schools/LEXI`S/law08/pschwartz/3/files/VAND-SCHWARTZ.PDF

[1] Bainbridge David, EU Data Protection Directive, Butterworths 1996

[2] Lloyd Ian, Legal Aspects of the Information society, Butterworths,2000 p.44 .

[3] Schwartz,P Privacy and Democracy in Cyber Space,52 Vanderbilt LawReview1609(1999) , http://www.wcbcourses.com/wcb/schools/LEXIS/law08/pschwartz/3/files/VAND-SCHWARTZ.PDF

[4] Schwartz,P Privacy and Democracy in Cyber Space,52 Vanderbilt LawReview1609(1999) http://www.wcbcourses.com/wcb/schools/LEXIS/law08/pschwartz/3/files/VAND-SCHWARTZ.PDF

[5] Schwartz,P Privacy and Democracy in Cyber Space,52 Vanderbilt LawReview1609(1999) http://www.wcbcourses.com/wcb/schools/LEXIS/law08/pschwartz/3/files/VAND-SCHWARTZ.PDF

[6] Schwartz,P Privacy and Democracy in Cyber Space,52 Vanderbilt LawReview1609(1999) http://www.wcbcourses.com/wcb/schools/LEXIS/law08/pschwartz/3/files/VAND-SCHWARTZ.PDF

[7] Lloyd Ian, Legal Aspects of the Information society , Butterworths,2000, page 44 .

[8] Data Protection Agency, A guide to developing data protection codes of practice on data matching, http://www.dataprotection.gov.uk/match. htm

[9] Data Protection Agency, A guide to developing data protection codes of practice on data matching, http://www.dataprotection.gov.uk/match. htm

[10] Bainbridge David, EU Data Protection Directive, Butterworths 1996

[11] Wacks R., The protection of privacy, London Sweet Maxwell1980

[12] Bainbridge David, EU Data Protection Directive, Butterworths 1996

[13] Lloyd I.J Information Technology Law, Butterworths 2000, page34

[14] Bainbridge David Introduction to Computer Law, Longman 2000 page 359

[15] Charlesworth,Andrew” Clash of the Data Titans: US and EU Data Privacy Regulation”(2000) 6 European Public Law, pages 253-274

[16] Jones Peter Privacy and the Private Sector: Law at the crossroads of evolution (2000) 6 European Public Law, pages 275-301

[17] Schwartz,P Privacy and Democracy in Cyber Space,52 Vanderbilt LawReview1609(1999) http://www.wcbcourses.com/wcb/schools/LEXIS/law08/pschwartz/3/files/VAND-SCHWARTZ.PDF