• Join over 1.2 million students every month
  • Accelerate your learning by 29%
  • Unlimited access from just £6.99 per month
  1. 1
  2. 2
  3. 3
  4. 4
  5. 5
  6. 6
  7. 7
  8. 8
  9. 9
  10. 10
  11. 11
  • Level: GCSE
  • Subject: ICT
  • Word count: 6759

Privacy and Data Protection: IT Law

Extracts from this document...


IT Law (Public Law Aspects) Seminar 4: Privacy and Data Protection Seminar Paper: The matter of transfer of personal data to a third country particularly in relation to the differences between the EU and the US; The Safe Harbor Principle Teacher: Dr. Gerrit Betlem and Mr. Martin Truman Student: Katharina v. Boehm-Bezing I. Introduction 1.) An old issue, growing in importance Searching the web, one can see that privacy on the Internet is a big issue. Countless US or EU based human rights initiatives are fighting for the right to privacy. What is the reason for this? Although concerns about consumers' ability to protect their privacy have been in existence for decades, the Internet makes the issue more delicate: Businesses have access to a larger audience, which allows them to collect more data from more people. Furthermore, collection of more specific behavioural information is possible attaching cookies to a hard drive, reporting which websites someone enters.1 In addition, data collection and storage having become much easier, faster and cheaper, cost concerns do not limit data-collection practices.2 At the same time, the market for information about consumers and consumer behaviour is continuously growing, side by side with the expansion of e-commerce. 2.) Definition of the issue Privacy can be defined as "the right of the individual to be protected against intrusion into his personal life or affairs, or those of his family, by direct physical means or by publication of information."3 This paper will focus purely on information privacy, also known as "data protection", which means the rules governing the collection and handling of personal data such as a person's name, address, phone number, family status, social security or other identification number or even medical, financial or government records. Data protection concerns the process of gathering, storing, analysis and distribution of personal data. Privacy issues can be divided into relations with the public sector and with the private sector.4 In this paper, I will concentrate on the private sector, especially relevant because of the growing importance of e-commerce. ...read more.


Examples illustrating the weakness of the US approach In the recent past, several profitable companies, including eBay.com, Amazon.com and Yahoo.com have either changed users' privacy settings or have changed privacy policies to the detriment of users.54 A series of companies, including Intel and Microsoft, were discovered to have released products that secretly track the activities of Internet users.55 In several cases, TRUSTe ruled that the practices compromised consumer trust and privacy but did not violate its privacy seal program.56 Significant controversy arose around "online profiling", the practice of advertising companies to track Internet users and compile dossiers on them in order to target banner advertisements. The largest of these advertisers, DoubleClick, attached personal information from a marketing firm it purchased to about 100 million previously anonymous profiles it had collected.57 The company backed down due to public opposition, a dramatic fall in its stock price and investigations from the FTC and several state attorneys general. In July 2000 the FTC reached an agreement with the Network Advertisers Initiative, a group consisting of the largest online advertisers including DoubleClick, which will allow for online profiling and any future merger of such databases to occur with only the opt-out consent. In January 2001, the FTC dropped its investigation of DoubleClick.58 These cases show, that self-regulation can only work, if it will cost the business more, either directly through damages or indirectly through declining competitiveness, to breach those rules than to respect them.59 This is the rule of the market. As long as there is no enforcement, this won't be the case. In fact, legislative action would solve two consistent problems found in self-regulatory efforts: Lack of enforceability and thus of incentive. V. Dataflow between the systems One might think that Data protection laws could be circumvented by simply transferring personal information to third countries with none or less rigid data protection law where it could then be processed without any limitations. ...read more.


44Federal Trade Commission, High School Student Survey Companies Settle FTC Charges, Oct. 2, 2002 http://www.ftc.gov/opa/2002/10/student1r.htm, cited on http://www.privacyinternational.org/survey/phr2003/countries/unitedstates.htm 45http://www.privacyinternational.org/survey/phr2003/countries/unitedstates.htm 46Charlesworth, supra FN 8 47http://www.privacyinternatioal.org/survey/phr2003/countries/unitedstates.htm 48Charlesworth, supra FN 8 49Privacy Online: Fair Information Practices in the Electronic Marketplace: A Federal Trade Commission Report to Congress (May 2000), available at http://www.ftc.gov/os/2000/05/index.htm#22. 50http://www.ftc.gov/speeches/muris/privisp1002.htm 51Charlesworth, supra FN 8 52http://www.privacyinternational.org/survey/phr2003/countries/unitedstates.htm 53http://www.privacyinternational.org/survey/phr2003/countries/unitedstates.htm 54http://www.privacyinternational.org/survey/phr2003/countries/unitedstates.htm 55See Big Brother Inside Campaign http://www.bigbrotherinside.org. 56Microsoft case sited by Charlesworth, supra FN 9; www.truste.com/users_w1723.html 57See EPIC DoubleClick Pages http://www.epic.org/privacy/doubletrouble/. 58ibid 59Charlesworth, supra FN 8 60Council of Europe, Convention for the Protection of Individuals with regard to the Automatic Processing of Personal Data, 1981, available at http://www.coe.fr/eng/legaltxt/108e.htm 61It states: "The Member States shall provide that the transfer to a third country of personal data which are undergoing processing or are intended for processing after transfer may take place only if the third country in question ensures an adequate level of protection." 62http://europa.eu.int/eur-lex/pri/en/oj/dat/2001/l_181/l_18120010704en00190031.pdf (text of the descision and clauses) 63Henry Farrell, supra FN 29 64ibid 65Paul M. Schwartz and Joel R. Reidenberg, Data Privacy Law (Michie 1996), cited at www.privacyinternational.org 66Henry Farrell, supra FN 29 67See, e.g., Public Comments Received by the USDepartment of Commerce in Response to the Safe Harbor Documents April 5, 2000, available at http://www.ita.doc.gov/td/ecom/Comments400/publiccomments0400.html. 68European Parliament Resolution on the Draft Commission Decision on the Adequacy of the Protection Provided by the Safe Harbour Privacy Principles and related Frequently Asked Questions issued by the USDepartment of Commerce, available at http://www.epic.org/privacy/intl/EP_SH_resolution_0700.html. 69Commission Decision on the adequacy of the protection provided by the Safe Harbour Privacy Principles and related Frequently Asked Questions issued by the USDepartment of Commerce, available at http://europa.eu.int/comm/internal_market/en/media/dataprot/news/decision.pdf. 70http://web.ita.doc.gov/safeharbor/shlist.nsf/webPages/safe+harbor+list!OpenDocument&Start=407 71 see http://www.export.gov/safeharbor/SHPRINCIPLESFINAL.htm for the final text of the agreement 72 Henry Farrell, supra FN 29 73 ibid 74See, e.g.the earlier Statement of the Transatlantic Consumer Protection Dialogue on USDepartment of Commerce Draft International Safe Harbor Privacy Principles and FAQs March 30, 2000, available at http://www.tacd.org/ecommercef.html#usdraft. 75European Commission Staff Working Paper, February 2002, Working Paper SEC (2002) 196 76http://reidenberg.home.sprynet.com/Safe_Harbor.htm 77Working Document on the Functioning of the Safe Harbor Agreement," Article 29 Data Protection Working Party, 11194/02/EN, July 2, 2002, available at http://europa.eu.int/comm/internal_market/en/dataprot/wpdocs/wp62_en.pdf ...read more.

The above preview is unformatted text

This student written piece of work is one of many that can be found in our GCSE Legislation & The Legal Framework section.

Found what you're looking for?

  • Start learning 29% faster today
  • 150,000+ documents available
  • Just £6.99 a month

Not the one? Search for your essay title...
  • Join over 1.2 million students every month
  • Accelerate your learning by 29%
  • Unlimited access from just £6.99 per month

See related essaysSee related essays

Related GCSE Legislation & The Legal Framework essays

  1. Marked by a teacher

    Ict and the law

    4 star(s)

    Other things such as electrical cables being left across the floor have ended up causing people to trip and land hard on the ground, with the possibility of breaking any bones, including major bones such as the skull and the spine. Computer Misuse Act (1990) The Computer Misuse Act (CMA)


    It stops me from losing or abusing other student's information. ? It helps to keep confidential information about me safe. HOW THE DATA PROTECTION ACT AFFECTS THE COMMUNITY: ? Prevents the police from copying personal information of other people for sale for their own benefits ?

  1. Discussing legislation - Data Protection act, Copyright, Computer Misuse, Health and Safety at Work ...

    and use them as they harm the community as it will start to loose money because people will be using fake money and credit cards to get the money of the banks. All of the acts mentioned above affect the community in some way.

  2. The Data Protection Act 1998 - questions and answers

    What is the 1998 Act directed at? The 1998 Act applies to processing of personal data. What amounts to 'processing'? The definition of processing is extremely wide. If you think about data you are probably processing it. Processing includes, in relation to information or data, obtaining and recording or holding

  1. The Legislation That Protects Individuals and Groups using IT. Use of It by myself ...

    of the sites who would then pester him through his e-mail, sending advertisements and other sales offers. But the Data Protection Act really comes into play when Mr Ajaib uses sites where he enters important details such as an address or credit card details.

  2. 3E-The legislation that protects individuals and groups from the misuse of ICT

    restrict the access of his personal data and only allow access if it is necessary. The data protection act can be very advantageous to MR. Obrien who is an individual in employment. The act ensures more personal confidentiality and secures his personal data from hackers and individuals who intend on

  1. Data Protection Act

    The eight principles are sometimes referred to 'good information handling' which the data controller are required to comply with. The principles are set out in part I of Schedule 1 of the Act. Part II of Schedule 1 comprises the interpretation provisions which expand upon the First, Second, Fourth, Sixth, Seventh and Eighth Principles.

  2. Is the UK copyright act of 1988 still an adequate means of protecting intellectual ...

    Similarly this problem has been further exasperated as cyberspace has no geographical boundaries. Information and data are transmitted across state borders at incredible speeds. Bonds to geographical jurisdiction are fragmented, if non-existent, and questions as to where copyright infringements occur arise.

  • Over 160,000 pieces
    of student written work
  • Annotated by
    experienced teachers
  • Ideas and feedback to
    improve your own work