[WG-P3] Regulatory Calls for Participation

Mark Lizar mark at smartspecies.com
Thu Sep 9 10:23:58 EDT 2010


I just posted a list of regulatory calls for participation and some  
content to accompany it on the wik as discussed in the last call.

Please let me know if you have any updates, additions, edits, thoughts.

- Mark

  Regulatory Calls for Participation

Current Regulatory Related Calls For Participation (Consider making  
this section a Live list on a wiki)
•           FTC Roundtable (2009-2010) - The US Federal Trade  
Commission in the US has recently been hosting a series of day-long  
public roundtable discussions to explore the privacy challenges posed  
by the vast array of 21st century technology and business practices  
that collect and use consumer data. Such practices include social  
networking, cloud computing, online behavioural advertising, mobile  
marketing, the collection and use of information by retailers, data  
brokers, third-party applications, and other diverse businesses. The  
goal of the roundtables is to determine how best to protect consumer  
privacy while supporting beneficial uses of the information and  
technological innovation.

•           European Commission: Public Consultation on Privacy  
(2009-2010) The European Union is based on the respect for fundamental  
rights. Article 8 of the Charter of Fundamental Rights of the European  
Union expressly recognises the fundamental right to the protection of  
personal data. In order to remove potential obstacles to the flows of  
Personal Data and to ensure a high level of protection within the EU,  
data protection legislation has been harmonised. The Commission also  
engages in dialogue with non-EU/EEA countries so as to achieve a high  
level of protection of individuals when exporting personal data to  
those countries. It also initiates studies on the development at  
European and international level on the state of data protection and  
negotiates international agreements to safeguard the rights of  
individuals where their personal data are transferred (shared) to  
(with) third countries for law enforcement purposes, such as the fight  
against terrorism and serious crime. (European Commission, 2010b)

•           OECD Roundtables (2010) - Organisation for the Economic  
Co-operation and development - "2010 is an important year for privacy,  
as the OECD marks the 30th anniversary of its Guidelines on the  
Protection of Privacy and Transborder Flows of Personal Data. The  
Guidelines were the first international statement of the core  
information privacy principles and have proven highly influential over  
the years, serving as the basis for national and international privacy  
instruments. Several events have been planned for 2010, beginning with  
an OECD Roundtable on the impact of the Privacy Guidelines, which took  
place on 10 March. The keynote speaker for the event was the  
Honourable Michael Kirby, who chaired the OECD expert group that  
developed the Guidelines in 1980. Justice Kirby spoke of context in  
which the Guidelines were conceived, their strengths and enduring  
value, and their future. Justice Kirby was then joined by the former  
Vice-Chair of the expert group, Louis Joinet, and the former Head of  
the ICCP Division, Hanspeter Gassmann, who recalled the experience of  
drafting the Guidelines."

•           EU-US Consultation: (2010) Consultation on the future EU- 
US international agreement on personal data protection and information  
sharing for law enforcement purposes (http://ec.europa.eu/justice_home/news/consulting_public/0005/consultation_questionaire_en.pdf 
  and http://ec.europa.eu/justice_home/news/consulting_public/0005/registered_organisations/european_privacy_association_registered_en.pdf)

•           National Strategy for Trusted Identities in Cyberspace http://www.nstic.ideascale.co 
m/ The Whitehouse and DHS have recently promulgated the National  
Strategy for Trusted Identity in Cyberspace (NSTIC) in late June, and  
public comments are due by July 19th. The NSTIC outlines an ambitious  
identity management strategy for the United States, but public  
discussion has been extremely limited. The NSTIC is a very significant  
and policy document which may have an impact on Internet commerce,  
online speech, identity management, identity trust frameworks, and  
online anonymity. We (the Liberty Coalition, eCitizen Foundation, CDT,  
and others) are concerned that no meaningful public discussion has  
occurred. (Email from Aaron)

•            The UK Ministry of Justice has issued a call for  
evidence on current data protection laws, seeking views on:

◦           How the European Data Protection Directive and the UK  
Data Protection Act are working

◦           The impact of data protection on individuals and  
business, and

◦           Whether the Information Commissioner's powers and  
penalties could be strengthened.

•           Direct link - Call for Evidence on the Current Data  
Protection Legislative Framework, 6 July 2010.The responses will be  
assessed and used to inform the UK’s position in negotiations on a  
new EU instrument for data protection, "which are expected to begin in  
early 2011." This fits in with the expected publication by end 2010 of  
the Commission's draft of the new EU data protection legislation. http://www.justice.gov.uk/news/newsrelease060710a.htm

In global cyberspace, legal privacy instruments vary not only among  
jurisdictions but are currently changing and evolving inside  
jurisdictions. These change have an impact on public policy.

Legally there is a lot of activity that is changing the policy of  
organisations internationally. Some examples of this include:

In the UK the Information Commissioners Office (ICO) has receive this  
year (and is going to receive in the future) greater powers to audit  
and fine organisations who break privacy regulations. In addition,  
there are already laws that are due to be implemented that effect  
information sharing. In Europe these include 'Cookie Law' (Parliament,  
2009) and in the UK the controversial Digital Economy Bill  
(Parliament, 2010), which imposes penalties for peer-to-peer file  
sharing of copyrighted material. An online regulation that will  
attempt to enforce privacy related public policy for Internet cafes  
and Internet Users in the UK.

The Article 29 Working Party released a report on the 26th of May 2010  
revealing that the 3 major search engines, Yahoo, Google, Microsoft,  
are not compliant with data protection law (e.g. illegal) when  
managing search queried information. "Personal data related to search  
queries is very sensitive, and search history should be treated as  
confidential personal data. This legal guidance (also found in FIP  
principles) indicates that the retention period shouldn't be longer  
than necessary for the specific purpose. Even if IP address or cookies  
are replaced by a unique identifier, the individual can still be  
identified by correlating stored queries." (Article 29 Data Protection  
Working Party, 2010)

A draft of a Bill that is currently in progress is the Council Of  
Europe: The Consultative Committee Of The Convention For The  
Protection of Individuals with Regard To Automatic Processing of  
Personal Data (Council of Europe, 2009) Is a draft regulation that  
explicitly deals with quality of consent and profiling, implements  
regulation, provides a much greater degree of notice to the  
individual, and therefore, is intended to regulate information sharing  
transactions. (See section 5.1)

In the USA there are state laws regarding information sharing that  
have already been passed, a Massachusetts regulation 201 CMR 17.00  
stipulates any business (in and out of Massachusetts) that holds  
personal information on residents of the state must be encrypted.  
Along with an online privacy bill, announced on May 4 2010 in the USA,  
proposes new legislation that would require companies to get a user’s  
explicit approval (that is, it would require users to “opt in”)  
before they “knowingly collect” information about a person’s  
medical history, financial records, Social Security number, sexual  
orientation or precise geographic location. (Ingram, 2010) 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://kantarainitiative.org/pipermail/wg-p3/attachments/20100909/463a0e35/attachment-0001.html 

More information about the WG-P3 mailing list