• Join over 1.2 million students every month
  • Accelerate your learning by 29%
  • Unlimited access from just £6.99 per month
  1. 1
  2. 2
  3. 3
  4. 4
  5. 5
  6. 6
  7. 7
  8. 8
  9. 9
  10. 10
  11. 11
  • Level: GCSE
  • Subject: ICT
  • Word count: 6759

Privacy and Data Protection: IT Law

Extracts from this document...


IT Law (Public Law Aspects) Seminar 4: Privacy and Data Protection Seminar Paper: The matter of transfer of personal data to a third country particularly in relation to the differences between the EU and the US; The Safe Harbor Principle Teacher: Dr. Gerrit Betlem and Mr. Martin Truman Student: Katharina v. Boehm-Bezing I. Introduction 1.) An old issue, growing in importance Searching the web, one can see that privacy on the Internet is a big issue. Countless US or EU based human rights initiatives are fighting for the right to privacy. What is the reason for this? Although concerns about consumers' ability to protect their privacy have been in existence for decades, the Internet makes the issue more delicate: Businesses have access to a larger audience, which allows them to collect more data from more people. Furthermore, collection of more specific behavioural information is possible attaching cookies to a hard drive, reporting which websites someone enters.1 In addition, data collection and storage having become much easier, faster and cheaper, cost concerns do not limit data-collection practices.2 At the same time, the market for information about consumers and consumer behaviour is continuously growing, side by side with the expansion of e-commerce. 2.) Definition of the issue Privacy can be defined as "the right of the individual to be protected against intrusion into his personal life or affairs, or those of his family, by direct physical means or by publication of information."3 This paper will focus purely on information privacy, also known as "data protection", which means the rules governing the collection and handling of personal data such as a person's name, address, phone number, family status, social security or other identification number or even medical, financial or government records. Data protection concerns the process of gathering, storing, analysis and distribution of personal data. Privacy issues can be divided into relations with the public sector and with the private sector.4 In this paper, I will concentrate on the private sector, especially relevant because of the growing importance of e-commerce. ...read more.


Examples illustrating the weakness of the US approach In the recent past, several profitable companies, including eBay.com, Amazon.com and Yahoo.com have either changed users' privacy settings or have changed privacy policies to the detriment of users.54 A series of companies, including Intel and Microsoft, were discovered to have released products that secretly track the activities of Internet users.55 In several cases, TRUSTe ruled that the practices compromised consumer trust and privacy but did not violate its privacy seal program.56 Significant controversy arose around "online profiling", the practice of advertising companies to track Internet users and compile dossiers on them in order to target banner advertisements. The largest of these advertisers, DoubleClick, attached personal information from a marketing firm it purchased to about 100 million previously anonymous profiles it had collected.57 The company backed down due to public opposition, a dramatic fall in its stock price and investigations from the FTC and several state attorneys general. In July 2000 the FTC reached an agreement with the Network Advertisers Initiative, a group consisting of the largest online advertisers including DoubleClick, which will allow for online profiling and any future merger of such databases to occur with only the opt-out consent. In January 2001, the FTC dropped its investigation of DoubleClick.58 These cases show, that self-regulation can only work, if it will cost the business more, either directly through damages or indirectly through declining competitiveness, to breach those rules than to respect them.59 This is the rule of the market. As long as there is no enforcement, this won't be the case. In fact, legislative action would solve two consistent problems found in self-regulatory efforts: Lack of enforceability and thus of incentive. V. Dataflow between the systems One might think that Data protection laws could be circumvented by simply transferring personal information to third countries with none or less rigid data protection law where it could then be processed without any limitations. ...read more.


44Federal Trade Commission, High School Student Survey Companies Settle FTC Charges, Oct. 2, 2002 http://www.ftc.gov/opa/2002/10/student1r.htm, cited on http://www.privacyinternational.org/survey/phr2003/countries/unitedstates.htm 45http://www.privacyinternational.org/survey/phr2003/countries/unitedstates.htm 46Charlesworth, supra FN 8 47http://www.privacyinternatioal.org/survey/phr2003/countries/unitedstates.htm 48Charlesworth, supra FN 8 49Privacy Online: Fair Information Practices in the Electronic Marketplace: A Federal Trade Commission Report to Congress (May 2000), available at http://www.ftc.gov/os/2000/05/index.htm#22. 50http://www.ftc.gov/speeches/muris/privisp1002.htm 51Charlesworth, supra FN 8 52http://www.privacyinternational.org/survey/phr2003/countries/unitedstates.htm 53http://www.privacyinternational.org/survey/phr2003/countries/unitedstates.htm 54http://www.privacyinternational.org/survey/phr2003/countries/unitedstates.htm 55See Big Brother Inside Campaign http://www.bigbrotherinside.org. 56Microsoft case sited by Charlesworth, supra FN 9; www.truste.com/users_w1723.html 57See EPIC DoubleClick Pages http://www.epic.org/privacy/doubletrouble/. 58ibid 59Charlesworth, supra FN 8 60Council of Europe, Convention for the Protection of Individuals with regard to the Automatic Processing of Personal Data, 1981, available at http://www.coe.fr/eng/legaltxt/108e.htm 61It states: "The Member States shall provide that the transfer to a third country of personal data which are undergoing processing or are intended for processing after transfer may take place only if the third country in question ensures an adequate level of protection." 62http://europa.eu.int/eur-lex/pri/en/oj/dat/2001/l_181/l_18120010704en00190031.pdf (text of the descision and clauses) 63Henry Farrell, supra FN 29 64ibid 65Paul M. Schwartz and Joel R. Reidenberg, Data Privacy Law (Michie 1996), cited at www.privacyinternational.org 66Henry Farrell, supra FN 29 67See, e.g., Public Comments Received by the USDepartment of Commerce in Response to the Safe Harbor Documents April 5, 2000, available at http://www.ita.doc.gov/td/ecom/Comments400/publiccomments0400.html. 68European Parliament Resolution on the Draft Commission Decision on the Adequacy of the Protection Provided by the Safe Harbour Privacy Principles and related Frequently Asked Questions issued by the USDepartment of Commerce, available at http://www.epic.org/privacy/intl/EP_SH_resolution_0700.html. 69Commission Decision on the adequacy of the protection provided by the Safe Harbour Privacy Principles and related Frequently Asked Questions issued by the USDepartment of Commerce, available at http://europa.eu.int/comm/internal_market/en/media/dataprot/news/decision.pdf. 70http://web.ita.doc.gov/safeharbor/shlist.nsf/webPages/safe+harbor+list!OpenDocument&Start=407 71 see http://www.export.gov/safeharbor/SHPRINCIPLESFINAL.htm for the final text of the agreement 72 Henry Farrell, supra FN 29 73 ibid 74See, e.g.the earlier Statement of the Transatlantic Consumer Protection Dialogue on USDepartment of Commerce Draft International Safe Harbor Privacy Principles and FAQs March 30, 2000, available at http://www.tacd.org/ecommercef.html#usdraft. 75European Commission Staff Working Paper, February 2002, Working Paper SEC (2002) 196 76http://reidenberg.home.sprynet.com/Safe_Harbor.htm 77Working Document on the Functioning of the Safe Harbor Agreement," Article 29 Data Protection Working Party, 11194/02/EN, July 2, 2002, available at http://europa.eu.int/comm/internal_market/en/dataprot/wpdocs/wp62_en.pdf ...read more.

The above preview is unformatted text

This student written piece of work is one of many that can be found in our GCSE Legislation & The Legal Framework section.

Found what you're looking for?

  • Start learning 29% faster today
  • 150,000+ documents available
  • Just £6.99 a month

Not the one? Search for your essay title...
  • Join over 1.2 million students every month
  • Accelerate your learning by 29%
  • Unlimited access from just £6.99 per month

See related essaysSee related essays

Related GCSE Legislation & The Legal Framework essays


    It stops me from losing or abusing other student's information. ? It helps to keep confidential information about me safe. HOW THE DATA PROTECTION ACT AFFECTS THE COMMUNITY: ? Prevents the police from copying personal information of other people for sale for their own benefits ?

  2. The Data Protection Act 1998 - questions and answers

    What is the 1998 Act directed at? The 1998 Act applies to processing of personal data. What amounts to 'processing'? The definition of processing is extremely wide. If you think about data you are probably processing it. Processing includes, in relation to information or data, obtaining and recording or holding

  1. Computer Crime and the Law.

    Task: Suggest some ways in which computers can help solve crime > Computers prove invaluable in the detection and prevention of crime > Detection is about collecting huge amounts of information until a key piece of evidence emergese. > Databases of fingerprints, stolen vehicles and criminal records are all essential tools in todays's fight against crime.

  2. The following report will compare differences between internal and external information sources relevant to ...

    compensation, which can ruin a person's career or indeed bankrupt a company. The act applies to personal data (information that relates to a living person) whether it is held on a computer system or a piece of paper and there are particularly strict rules surrounding certain sensitive data.

  1. Discussing legislation - Data Protection act, Copyright, Computer Misuse, Health and Safety at Work ...

    * Hacking - unauthorized people gaining access to computer networks * Data Misuse and unauthorized transfer or copying - file sharing * Copying and distributing software, music and film - Including copying CD's on your computer and sharing them on the internet * Email and chat room abuses - Impersonation

  2. Legal Aspects of Using Information Technology

    update a written policy of the company and pass this to all employees * allow for the appointment of safety representatives selected by a recognised trade union Under the Health and Safety Act 1974, all employees have to: * take reasonable care of their own health and safety and that

  1. Data Protection Act

    Schedule 2 of the Act provides conditions for the processing of any personal data relevant for the purposes of the First Principle, whilst Schedule 3 provides conditions for the processing of sensitive data relevant for the purposes of the First Principle over and above those set out in Schedule 2.

  2. Critically evaluate the extent to which it can be said that copyright law gives ...

    works of art, the problem when trying to protect theses pieces is that are all very similar, but deserve copyright protection in each case. I suppose the hardest thing for a judge to decide in determining whether a piece should gain copyright is that, does it really distinguish itself from

  • Over 160,000 pieces
    of student written work
  • Annotated by
    experienced teachers
  • Ideas and feedback to
    improve your own work