Judith Rauhofer

Blowing the Whistle on Sarbanes-Oxley: Anonymous Hotlines and the Historical Stigma of Denunciation in Modern Germany

Abstract The Sarbanes-Oxley Act requires listed US companies as well as non-US companies listed on a US stock exchange to establish procedures for dealing with confidential, anonymous employee submissions regarding questionable accounting or auditing matters. Companies failing to comply with these ‘whistleblowing’ requirements are subject to heavy sanctions. This paper examines the compatibility of whistleblowing requirements contained in the US Sarbanes-Oxley Act with German data protection, employment and constitutional law, and analyses the roots of the historical unease with and the stigma attached to whistleblowing schemes in Germany which result from its experiences with denunciation during the Third Reich and in the former GDR.

‘Look to yourselves, that we lose not those things which we have wrought.’ What do the proposed changes to the purpose limitation principle mean for public bodies' rights to access third-party data?

This article analyses the proposed changes to the purpose limitation principles contained in the draft Data Protection Regulation adopted by the European Commission in January 2012. It examines the historical motives for the introduction of the principle as part of the 1995 Data Protection Directive, and looks at the constitutional framework under which it operates both at EU and member state level. It considers the risks and long-term consequences that EU citizens may face if the principle is eroded or substantially abandoned.

I am Spartacus: privacy enhancing technologies, collaborative obfuscation and privacy as a public good

The paper introduces an approach to privacy enhancing technologies that sees privacy not merely as an individual right, but as a public good. This idea finds its correspondence in our approach to privacy protection through obfuscation, where everybody in a group takes a small privacy risk to protect the anonymity of fellow group members. We show how these ideas can be computationally realised in an Investigative Data Acquisition Platform (IDAP). IDAP is an efficient symmetric Private Information Retrieval protocol optimised for the specific purpose of facilitating public authorities’ enquiries for evidence.

Protecting Their Own: Fundamental Rights Implications for EU Data Sovereignty in the Cloud

The recent PRISM scandal has illustrated the privacy risks that EU citizens take when their personal information is stored or processed in the cloud. Although EU data protection laws are designed to restrict the private actors handling that data from processing it in a way and for purposes that are unlawful, those laws have no effect on public bodies, including law enforcement and security agencies in third countries whose access to that data may be authorized by the laws of their own countries. This is the case even if such access would violate the individual’s fundamental human rights had it occurred within the EU. This article examines the means by which the existing EU data protection framework restricts the transfer of personal data from the EU to third countries particularly in a cloud context. It analyses whether the European Commission’s proposal for a new Data Protection Regulation in its current form is likely to increase or reduce the protection provided to EU citizens in this regard, and it looks at the potential threat that the laws of third countries may pose to EU citizens’ right to privacy with respect to data uploaded to the cloud. The article assesses, in particular, the laws authorising the US government’s access to personal data held or processed by US cloud providers, focusing specifically on the US Foreign Intelligence Surveillance Act of 1978 (FISA) . It also highlights the lack of equivalent protections currently granted to EU citizens by the US constitution. The article argues that in the light of the clear and present danger that provisions like §1881a of FISA represent to EU citizens’ right to privacy, the EU institutions - as part of their own obligation under the Charter of Fundamental Rights and, in the future, the European Convention on Human Rights must take the appropriate steps to protect their citizens from this kind of interference.

Pauli Sententiarum Fragmentum Leidense (Cod. Leid. B.P.L. 2589) ediderunt et commentariis instruxerunt G. G. Archi, M. David, E. Levy, R. Marichal, H. L. W. Nelson

Mallon Jean. Pauli Sententiarum Fragmentum Leidense (Cod. Leid. B.P.L. 2589) ediderunt et commentariis instruxerunt G. G. Archi, M. David, E. Levy, R. Marichal, H. L. W. Nelson. In: Scriptorium, Tome 11 n°2, 1957. pp. 320-323.