• Join over 1.2 million students every month
  • Accelerate your learning by 29%
  • Unlimited access from just £6.99 per month
  1. 1
  2. 2
  3. 3
  4. 4
  5. 5
  6. 6
  7. 7
  8. 8
  9. 9
  10. 10
  11. 11
  • Level: GCSE
  • Subject: ICT
  • Word count: 6759

Privacy and Data Protection: IT Law

Extracts from this document...


IT Law (Public Law Aspects) Seminar 4: Privacy and Data Protection Seminar Paper: The matter of transfer of personal data to a third country particularly in relation to the differences between the EU and the US; The Safe Harbor Principle Teacher: Dr. Gerrit Betlem and Mr. Martin Truman Student: Katharina v. Boehm-Bezing I. Introduction 1.) An old issue, growing in importance Searching the web, one can see that privacy on the Internet is a big issue. Countless US or EU based human rights initiatives are fighting for the right to privacy. What is the reason for this? Although concerns about consumers' ability to protect their privacy have been in existence for decades, the Internet makes the issue more delicate: Businesses have access to a larger audience, which allows them to collect more data from more people. Furthermore, collection of more specific behavioural information is possible attaching cookies to a hard drive, reporting which websites someone enters.1 In addition, data collection and storage having become much easier, faster and cheaper, cost concerns do not limit data-collection practices.2 At the same time, the market for information about consumers and consumer behaviour is continuously growing, side by side with the expansion of e-commerce. 2.) Definition of the issue Privacy can be defined as "the right of the individual to be protected against intrusion into his personal life or affairs, or those of his family, by direct physical means or by publication of information."3 This paper will focus purely on information privacy, also known as "data protection", which means the rules governing the collection and handling of personal data such as a person's name, address, phone number, family status, social security or other identification number or even medical, financial or government records. Data protection concerns the process of gathering, storing, analysis and distribution of personal data. Privacy issues can be divided into relations with the public sector and with the private sector.4 In this paper, I will concentrate on the private sector, especially relevant because of the growing importance of e-commerce. ...read more.


Examples illustrating the weakness of the US approach In the recent past, several profitable companies, including eBay.com, Amazon.com and Yahoo.com have either changed users' privacy settings or have changed privacy policies to the detriment of users.54 A series of companies, including Intel and Microsoft, were discovered to have released products that secretly track the activities of Internet users.55 In several cases, TRUSTe ruled that the practices compromised consumer trust and privacy but did not violate its privacy seal program.56 Significant controversy arose around "online profiling", the practice of advertising companies to track Internet users and compile dossiers on them in order to target banner advertisements. The largest of these advertisers, DoubleClick, attached personal information from a marketing firm it purchased to about 100 million previously anonymous profiles it had collected.57 The company backed down due to public opposition, a dramatic fall in its stock price and investigations from the FTC and several state attorneys general. In July 2000 the FTC reached an agreement with the Network Advertisers Initiative, a group consisting of the largest online advertisers including DoubleClick, which will allow for online profiling and any future merger of such databases to occur with only the opt-out consent. In January 2001, the FTC dropped its investigation of DoubleClick.58 These cases show, that self-regulation can only work, if it will cost the business more, either directly through damages or indirectly through declining competitiveness, to breach those rules than to respect them.59 This is the rule of the market. As long as there is no enforcement, this won't be the case. In fact, legislative action would solve two consistent problems found in self-regulatory efforts: Lack of enforceability and thus of incentive. V. Dataflow between the systems One might think that Data protection laws could be circumvented by simply transferring personal information to third countries with none or less rigid data protection law where it could then be processed without any limitations. ...read more.


44Federal Trade Commission, High School Student Survey Companies Settle FTC Charges, Oct. 2, 2002 http://www.ftc.gov/opa/2002/10/student1r.htm, cited on http://www.privacyinternational.org/survey/phr2003/countries/unitedstates.htm 45http://www.privacyinternational.org/survey/phr2003/countries/unitedstates.htm 46Charlesworth, supra FN 8 47http://www.privacyinternatioal.org/survey/phr2003/countries/unitedstates.htm 48Charlesworth, supra FN 8 49Privacy Online: Fair Information Practices in the Electronic Marketplace: A Federal Trade Commission Report to Congress (May 2000), available at http://www.ftc.gov/os/2000/05/index.htm#22. 50http://www.ftc.gov/speeches/muris/privisp1002.htm 51Charlesworth, supra FN 8 52http://www.privacyinternational.org/survey/phr2003/countries/unitedstates.htm 53http://www.privacyinternational.org/survey/phr2003/countries/unitedstates.htm 54http://www.privacyinternational.org/survey/phr2003/countries/unitedstates.htm 55See Big Brother Inside Campaign http://www.bigbrotherinside.org. 56Microsoft case sited by Charlesworth, supra FN 9; www.truste.com/users_w1723.html 57See EPIC DoubleClick Pages http://www.epic.org/privacy/doubletrouble/. 58ibid 59Charlesworth, supra FN 8 60Council of Europe, Convention for the Protection of Individuals with regard to the Automatic Processing of Personal Data, 1981, available at http://www.coe.fr/eng/legaltxt/108e.htm 61It states: "The Member States shall provide that the transfer to a third country of personal data which are undergoing processing or are intended for processing after transfer may take place only if the third country in question ensures an adequate level of protection." 62http://europa.eu.int/eur-lex/pri/en/oj/dat/2001/l_181/l_18120010704en00190031.pdf (text of the descision and clauses) 63Henry Farrell, supra FN 29 64ibid 65Paul M. Schwartz and Joel R. Reidenberg, Data Privacy Law (Michie 1996), cited at www.privacyinternational.org 66Henry Farrell, supra FN 29 67See, e.g., Public Comments Received by the USDepartment of Commerce in Response to the Safe Harbor Documents April 5, 2000, available at http://www.ita.doc.gov/td/ecom/Comments400/publiccomments0400.html. 68European Parliament Resolution on the Draft Commission Decision on the Adequacy of the Protection Provided by the Safe Harbour Privacy Principles and related Frequently Asked Questions issued by the USDepartment of Commerce, available at http://www.epic.org/privacy/intl/EP_SH_resolution_0700.html. 69Commission Decision on the adequacy of the protection provided by the Safe Harbour Privacy Principles and related Frequently Asked Questions issued by the USDepartment of Commerce, available at http://europa.eu.int/comm/internal_market/en/media/dataprot/news/decision.pdf. 70http://web.ita.doc.gov/safeharbor/shlist.nsf/webPages/safe+harbor+list!OpenDocument&Start=407 71 see http://www.export.gov/safeharbor/SHPRINCIPLESFINAL.htm for the final text of the agreement 72 Henry Farrell, supra FN 29 73 ibid 74See, e.g.the earlier Statement of the Transatlantic Consumer Protection Dialogue on USDepartment of Commerce Draft International Safe Harbor Privacy Principles and FAQs March 30, 2000, available at http://www.tacd.org/ecommercef.html#usdraft. 75European Commission Staff Working Paper, February 2002, Working Paper SEC (2002) 196 76http://reidenberg.home.sprynet.com/Safe_Harbor.htm 77Working Document on the Functioning of the Safe Harbor Agreement," Article 29 Data Protection Working Party, 11194/02/EN, July 2, 2002, available at http://europa.eu.int/comm/internal_market/en/dataprot/wpdocs/wp62_en.pdf ...read more.

The above preview is unformatted text

This student written piece of work is one of many that can be found in our GCSE Legislation & The Legal Framework section.

Found what you're looking for?

  • Start learning 29% faster today
  • 150,000+ documents available
  • Just £6.99 a month

Not the one? Search for your essay title...
  • Join over 1.2 million students every month
  • Accelerate your learning by 29%
  • Unlimited access from just £6.99 per month

See related essaysSee related essays

Related GCSE Legislation & The Legal Framework essays

  1. Marked by a teacher

    Ict and the law

    4 star(s)

    must be kept no longer than necessary; * Data stored must be kept accurate and up-to-date; * Data must be obtained and processed lawfully; * Data must be processed within the data subject rights; * Data must be obtained and specified for lawful purposes; * Data must not be transferred to countries without adequate data protection laws.


    It stops me from losing or abusing other student's information. ? It helps to keep confidential information about me safe. HOW THE DATA PROTECTION ACT AFFECTS THE COMMUNITY: ? Prevents the police from copying personal information of other people for sale for their own benefits ?

  1. The Data Protection Act 1998 - questions and answers

    What is the 1998 Act directed at? The 1998 Act applies to processing of personal data. What amounts to 'processing'? The definition of processing is extremely wide. If you think about data you are probably processing it. Processing includes, in relation to information or data, obtaining and recording or holding

  2. Data Protection Act

    The data processed if necessary for compliance with any legal obligation to which the data controller is subject. This is an order to protect the vital interests of the data subject. This introduces the requirements that as a requisite of fair and lawful processing, personal data shall not be processed

  1. Discussing legislation - Data Protection act, Copyright, Computer Misuse, Health and Safety at Work ...

    For this reason it is illegal to do hacking and sending viruses is kind of the same thing as it also affects the computer and may even destroy it. It is also illegal to print fake money and then use it in the community or even produce fake credit cards

  2. The Legislation That Protects Individuals and Groups using IT. Use of It by myself ...

    But if the Data Protection Act is broken, then my safety is put into compromise. But this gives me the right to hold charges against the school for breaking the act and breaching my rights. It further gives an incentive to the school to keep my data personal and safe.

  1. Ict and the law

    It also deals with the problems that weren't around in 1984. Mr Hulse, Mr James and I have a lot of information stored by companies such as schools, doctors and dentists. This law means that any information they have about us is stored correctly, up-to-date, accurate and not sent out to companies who don't abide by the data protection act.

  2. 3E-The legislation that protects individuals and groups from the misuse of ICT

    Obrien's because his personal information/data is stored by the organisation he works at, which is the Lammas secondary school and is an area where this specific law is enforced. The data protection law protects Mr. Obrien's because it ensures that his personal details is safely secured and restricted for the

  • Over 160,000 pieces
    of student written work
  • Annotated by
    experienced teachers
  • Ideas and feedback to
    improve your own work