Paul De Hert

Findings and Recommendations

In this final, concluding chapter, we present our key findings and recommendations from the contributors to this book for privacy impact assessment (PIA) policy and practice. They are addressed to those who undertake PIAs and those who set policy with regard to the use of PIAs. Not surprisingly, we do recommend much wider use of PIAs in the public and private sectors.

Legal safeguards for privacy and data protection in ambient intelligence

To get the maximum benefit from ambient intelligence (AmI), we need to anticipate and react to possible drawbacks and threats emerging from the new technologies in order to devise appropriate safeguards. The SWAMI project took a precautionary approach in its exploration of the privacy risks in AmI and sought ways to reduce them. It constructed four “dark scenarios” showing possible negative implications of AmI, notably for privacy protection. Legal analysis of the depicted futures showed the shortcomings of the current legal framework in being able to provide adequate privacy protection in the AmI environment. In this paper, the authors, building upon their involvement in SWAMI research as well as the further advancement of EU privacy analysis, identify various outstanding issues regarding the legal framework that still need to be resolved in order to deal with AmI in an equitable and efficacious way. This article points out some of the lacunae in the legal framework and postulates several privacy-specific safeguards aimed at overcoming them.

European Data Protection: Coming of Age

On 25 January 2012, the European Commission presented its long awaited new Data protection package. With this proposal for a drastic revision of the data protection framework in Europe, it is fair to say that we are witnessing a rebirth of European data protection, and perhaps, its passage from an impulsive youth to a more mature state. Technology advances rapidly and mobile devices are significantly changing the landscape. Increasingly, we carry powerful, connected, devices, whose location and activities can be monitored by various stakeholders. Very powerful social network sites emerged in the first half of last decade, processing personal data of many millions of users. Updating the regulatory network was imminent and the presentation of the new package will initiate a period of intense debate in which the proposals will be thoroughly commented upon and criticized, and numerous amendments will undoubtedly be proposed. This volume brings together some 19 chapters offering conceptual analyses, highlighting issues, proposing solutions, and discussing practices regarding privacy and data protection. In the first part of the book, conceptual analyses of concepts such as privacy and anonymity are provided. The second section focuses on the contrasted positions of digital natives and ageing users in the information society. The third section provides four chapters on privacy by design, including discussions on roadmapping and concrete techniques. The fourth section is devoted to surveillance and profiling, with illustrations from the domain of smart metering, self-surveillance and the benefits and risks of profiling. The book concludes with case studies pertaining to communicating privacy in organisations, the fate of a data protection supervisor in one of the EU member states and data protection in social network sites and online media. This volume brings together some 19 chapters offering conceptual analyses, highlighting issues, proposing solutions, and discussing practices regarding privacy and data protection. In the first part of the book, conceptual analyses of concepts such as privacy and anonymity are provided. The second section focuses on the contrasted positions of digital natives and ageing users in the information society. The third section provides four chapters on privacy by design, including discussions on roadmapping and concrete techniques. The fourth section is devoted to surveillance and profiling, with illustrations from the domain of smart metering, self-surveillance and the benefits and risks of profiling. The book concludes with case studies pertaining to communicating privacy in organisations, the fate of a data protection supervisor in one of the EU member states and data protection in social network sites and online media.

Introduction to Privacy Impact Assessment

If privacy is a cornerstone of democracy,1 then democracy is in trouble. Especially since the advent of the computer, the encroachments on privacy have proliferated. Terrorist attacks in the early 21st century have given governments all the justifications they need to bolster national security by forcing telecom companies to retain telephone records, to justify warrantless eavesdropping on our phone calls, to examine our bank records, to fuse personally identifiable information from multiple sources, to profile citizens to determine who presents a risk to the established order. Many companies have either aided and abetted governmental efforts or engaged in their own surreptitious amassing of the details of our lives. Personal data in real time has become the fuel of today’s economy.

SWIFT and the vulnerability of transatlantic data transfers

The ‘SWIFT affair’ eloquently illustrates the complexities of the protection of personal data in the context of global privacy-invading counterterrorist efforts. At the core of the issue there is not only the possibility for US authorities to secretly (and legally) access information on financial transactions taking place in the European Union (EU), as well as the concerns that this fact might raise regarding the effective protection of personal data guaranteed to European citizens. What is also at stake is the possibility for a European company not to comply with EU data protection legislation as interpreted by competent authorities without facing any sanctions. This paper reviews the developments of the ‘SWIFT affair’ assessing the system failures it portrays, particularly in the light of European data protection. It recalls how the facts were rendered public, focuses on the reactions from different European data protection authorities and bodies (the Belgian Privacy Commission, the Article 29 Working Party and the European Data Protection Supervisor) and offers a view of the ‘solutions’ discussed and implemented. By questioning their opportunity and convenience, it underlines that the major unsolved challenge of EU data protection is the need for a consistent approach to deal with transatlantic data transfers.

Computers, Privacy and Data Protection: an Element of Choice

Thank you very much for downloading computers privacy and data protection an element of choice. As you may know, people have look hundreds times for their favorite books like this computers privacy and data protection an element of choice, but end up in malicious downloads. Rather than reading a good book with a cup of coffee in the afternoon, instead they juggled with some malicious virus inside their computer.This timely interdisciplinary work on current developments in ICT and privacy/data protection, coincides as it does with the rethinking of the Data Protection Directive, the contentious debates on data sharing with the USA (SWIFT, PNR) and the judicial and political resistance against data retention. The authors of the contributions focus on particular and pertinent issues from the perspective of their different disciplines which range from the legal through sociology, surveillance studies and technology assessment, to computer sciences. Such issues include cutting-edge developments in the field of cloud computing, ambient intelligence and PETs; data retention, PNR-agreements, property in personal data and the right to personal identity; electronic road tolling, HIV-related information, criminal records and teenagers online conduct, to name but a few.

A Human Rights Perspective on Privacy and Data Protection Impact Assessments

This contribution looks at the concept of privacy impact assessments (PIA) from a human rights viewpoint within the European context. It explores the possibilities and limits of PIA by identifying the useful elements in the case law of the European Court on Human Rights with regard to the right to privacy as contained in Art. 8 of the European Convention on Human Rights (ECHR).

Accountability and system responsibility : New concepts in data protection law and human rights law

The principle of accountability is one of the features of current reform proposals of the EU Data Protection Regime and it is called upon to enhance the current responsibilities of data controllers. This contribution will first look at a possible definition of the principle, then turn to its application in the area of data protection law, and finally turn to European human rights law. In data protection law the principle of accountability is available to complement existing regulatory policies with the aim of making organisations more actively responsible for their information practices. There is far from universal agreement that the principle itself should be reformed. Some have questioned the integrity of some of the accountability pleas and regard them as new arguments by those that advocate self-regulation of firms so as to avoid being caught by binding regulation.

Ethics, e-Inclusion and Ageing

Ethical questions about information and communications technologies (ICT) have been debated since World War II. Western democracies have had more than 50 years of experience in addressing and organising the ethical, social and legal aspects (ESLA) of scientific and technological developments. However, this expertise, tradition and experience are not enough to manage the most urgent ethical and social issues and contemporary challenges involving ICT. A systematic and institutional organisation of social values in the context of modern ICT tools is needed.This paper focuses on four major areas: (i) developing a specific approach to ethical issues raised by ICT; (ii) describing in more detail the age-related digital divide in Europe; (iii) identifying technology trends and emerging challenges; and (iv) defining the legal framework for inclusion of senior citizens in the digital society. The paper then concludes with a summary of its key points on the basis of which it makes three proposals as a contribution to efforts aimed at overcoming the exclusion of senior citizens from todays Information Society.

Reforming European Data Protection Law

This book on privacy and data protection offers readers conceptual analysis as well as thoughtful discussion of issues, practices, and solutions. It features results of the seventh annual International Conference on Computers, Privacy, and Data Protection, CPDP 2014, held in Brussels January 2014. The book first examines profiling, a persistent core issue of data protection and privacy. It covers the emergence of profiling technologies, on-line behavioral tracking, and the impact of profiling on fundamental rights and values. Next, the book looks at preventing privacy risks and harms through impact assessments. It contains discussions on the tools and methodologies for impact assessments as well as case studies. The book then goes on to cover the purported trade-off between privacy and security, ways to support privacy and data protection, and the controversial right to be forgotten, which offers individuals a means to oppose the often persistent digital memory of the web. Written during the process of the fundamental revision of the current EU data protection law by the Data Protection Package proposed by the European Commission, this interdisciplinary book presents both daring and prospective approaches. It will serve as an insightful resource for readers with an interest in privacy and data protection.