lecture to carleton university, center for european studies, december 1, 2010
Post on 21-Dec-2015
214 views
TRANSCRIPT
![Page 1: Lecture to Carleton University, Center for European Studies, December 1, 2010](https://reader030.vdocuments.us/reader030/viewer/2022032521/56649d5e5503460f94a3d210/html5/thumbnails/1.jpg)
Social Networking and Privacy Protection: The Risks and TransAtlantic Responses
Lecture to Carleton University, Center for European Studies, December 1, 2010
![Page 2: Lecture to Carleton University, Center for European Studies, December 1, 2010](https://reader030.vdocuments.us/reader030/viewer/2022032521/56649d5e5503460f94a3d210/html5/thumbnails/2.jpg)
![Page 3: Lecture to Carleton University, Center for European Studies, December 1, 2010](https://reader030.vdocuments.us/reader030/viewer/2022032521/56649d5e5503460f94a3d210/html5/thumbnails/3.jpg)
![Page 4: Lecture to Carleton University, Center for European Studies, December 1, 2010](https://reader030.vdocuments.us/reader030/viewer/2022032521/56649d5e5503460f94a3d210/html5/thumbnails/4.jpg)
![Page 5: Lecture to Carleton University, Center for European Studies, December 1, 2010](https://reader030.vdocuments.us/reader030/viewer/2022032521/56649d5e5503460f94a3d210/html5/thumbnails/5.jpg)
![Page 6: Lecture to Carleton University, Center for European Studies, December 1, 2010](https://reader030.vdocuments.us/reader030/viewer/2022032521/56649d5e5503460f94a3d210/html5/thumbnails/6.jpg)
![Page 7: Lecture to Carleton University, Center for European Studies, December 1, 2010](https://reader030.vdocuments.us/reader030/viewer/2022032521/56649d5e5503460f94a3d210/html5/thumbnails/7.jpg)
![Page 8: Lecture to Carleton University, Center for European Studies, December 1, 2010](https://reader030.vdocuments.us/reader030/viewer/2022032521/56649d5e5503460f94a3d210/html5/thumbnails/8.jpg)
![Page 9: Lecture to Carleton University, Center for European Studies, December 1, 2010](https://reader030.vdocuments.us/reader030/viewer/2022032521/56649d5e5503460f94a3d210/html5/thumbnails/9.jpg)
![Page 10: Lecture to Carleton University, Center for European Studies, December 1, 2010](https://reader030.vdocuments.us/reader030/viewer/2022032521/56649d5e5503460f94a3d210/html5/thumbnails/10.jpg)
![Page 11: Lecture to Carleton University, Center for European Studies, December 1, 2010](https://reader030.vdocuments.us/reader030/viewer/2022032521/56649d5e5503460f94a3d210/html5/thumbnails/11.jpg)
![Page 12: Lecture to Carleton University, Center for European Studies, December 1, 2010](https://reader030.vdocuments.us/reader030/viewer/2022032521/56649d5e5503460f94a3d210/html5/thumbnails/12.jpg)
![Page 13: Lecture to Carleton University, Center for European Studies, December 1, 2010](https://reader030.vdocuments.us/reader030/viewer/2022032521/56649d5e5503460f94a3d210/html5/thumbnails/13.jpg)
![Page 14: Lecture to Carleton University, Center for European Studies, December 1, 2010](https://reader030.vdocuments.us/reader030/viewer/2022032521/56649d5e5503460f94a3d210/html5/thumbnails/14.jpg)
![Page 15: Lecture to Carleton University, Center for European Studies, December 1, 2010](https://reader030.vdocuments.us/reader030/viewer/2022032521/56649d5e5503460f94a3d210/html5/thumbnails/15.jpg)
![Page 16: Lecture to Carleton University, Center for European Studies, December 1, 2010](https://reader030.vdocuments.us/reader030/viewer/2022032521/56649d5e5503460f94a3d210/html5/thumbnails/16.jpg)
![Page 17: Lecture to Carleton University, Center for European Studies, December 1, 2010](https://reader030.vdocuments.us/reader030/viewer/2022032521/56649d5e5503460f94a3d210/html5/thumbnails/17.jpg)
![Page 18: Lecture to Carleton University, Center for European Studies, December 1, 2010](https://reader030.vdocuments.us/reader030/viewer/2022032521/56649d5e5503460f94a3d210/html5/thumbnails/18.jpg)
![Page 19: Lecture to Carleton University, Center for European Studies, December 1, 2010](https://reader030.vdocuments.us/reader030/viewer/2022032521/56649d5e5503460f94a3d210/html5/thumbnails/19.jpg)
Risks to Privacy
Cyber-stalking Cyber-bullying Reputational Damage Identity Theft Commercial Exploitation
(from www.cippic.ca)
![Page 20: Lecture to Carleton University, Center for European Studies, December 1, 2010](https://reader030.vdocuments.us/reader030/viewer/2022032521/56649d5e5503460f94a3d210/html5/thumbnails/20.jpg)
Defaults
![Page 21: Lecture to Carleton University, Center for European Studies, December 1, 2010](https://reader030.vdocuments.us/reader030/viewer/2022032521/56649d5e5503460f94a3d210/html5/thumbnails/21.jpg)
![Page 22: Lecture to Carleton University, Center for European Studies, December 1, 2010](https://reader030.vdocuments.us/reader030/viewer/2022032521/56649d5e5503460f94a3d210/html5/thumbnails/22.jpg)
![Page 23: Lecture to Carleton University, Center for European Studies, December 1, 2010](https://reader030.vdocuments.us/reader030/viewer/2022032521/56649d5e5503460f94a3d210/html5/thumbnails/23.jpg)
![Page 24: Lecture to Carleton University, Center for European Studies, December 1, 2010](https://reader030.vdocuments.us/reader030/viewer/2022032521/56649d5e5503460f94a3d210/html5/thumbnails/24.jpg)
Complaints to Federal Trade Commission, December 2009 and May 2010 by Electronic Privacy Information Center and broad coalition of public interest groups
Possible “Do Not Track” register as part of federal privacy protection legislation?
US regulatory developments
![Page 25: Lecture to Carleton University, Center for European Studies, December 1, 2010](https://reader030.vdocuments.us/reader030/viewer/2022032521/56649d5e5503460f94a3d210/html5/thumbnails/25.jpg)
On May 30, 2008, the Canadian Internet Policy and Public Interest Clinic (CIPPIC) filed a complaint with the Privacy Commissioner of Canada concerning the “unnecessary and non-consensual collection and use of personal information by Facebook.”
On July 16, 2009, the Privacy Commissioner’s Office found Facebook “in contravention” of Canada’s Personal Information Protection and Electronic Documents Act.
September 2010, Privacy Commissioner announced that Facebook changes “reasonable and meet expectations of Canadian law”
October 2010 Privacy Commissioner launched a fresh investigation into the privacy policies of Facebook Inc. after it was revealed that some of the most popular applications had been transmitting the personal information of users to dozens of Web tracking firms.
Canadian regulatory action
![Page 26: Lecture to Carleton University, Center for European Studies, December 1, 2010](https://reader030.vdocuments.us/reader030/viewer/2022032521/56649d5e5503460f94a3d210/html5/thumbnails/26.jpg)
Articles 25 and 26 of the EU Data Protection Directive (1995) 95/46/EC
Personal data should not be transferred outside EU unless an “adequate level of protection” which requires:
◦ Basic content principles: Purpose limitation; data quality and
proportionality; transparency; security; rights of access, rectification and opposition; restrictions on onward transfers
◦ Procedural/enforcement principles: good level of compliance with the rules; support and help provided to individual data subjects; appropriate redress provided to the injured party
Administered by Article 29 Working Party of Supervisory authorities
The EU’s “Adequacy Standards”
![Page 27: Lecture to Carleton University, Center for European Studies, December 1, 2010](https://reader030.vdocuments.us/reader030/viewer/2022032521/56649d5e5503460f94a3d210/html5/thumbnails/27.jpg)
SNS providers are data controllers under the Data Protection Directive. They provide the means for the processing of user data and provide all the “basic” services related to user management (e.g. registration and deletion of accounts). SNS providers also determine the use that may be made of user data for advertising and marketing purposes - including advertising provided by third parties.
EU Article 29 Working Party
![Page 28: Lecture to Carleton University, Center for European Studies, December 1, 2010](https://reader030.vdocuments.us/reader030/viewer/2022032521/56649d5e5503460f94a3d210/html5/thumbnails/28.jpg)
"Member states shall ensure that the storing of information, or the gaining of access to information already stored, in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information, in accordance with [the Data Protection] Directive 95/46/EC, inter alia about the purposes of the processing.”
Recital: “"Where it is technically possible and effective, in accordance with the relevant provisions of [the Data Protection Directive], the user's consent to processing may be expressed by using the appropriate settings of a browser or other application…. Exceptions to the obligation to provide information and offer the right to refuse should be limited to those situations where the technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user.”
Directive 2009/136/EC: A New Cookie Rule?
![Page 29: Lecture to Carleton University, Center for European Studies, December 1, 2010](https://reader030.vdocuments.us/reader030/viewer/2022032521/56649d5e5503460f94a3d210/html5/thumbnails/29.jpg)
"People have really gotten comfortable not only sharing more information and different kinds, but more openly and with more people…That social norm [privacy] is just something that has evolved over time.”Marc Zuckerberg, CEO Facebook, March 2010“If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.”Eric Schmidt, CEO Google, December 2009
“You have zero privacy anyway….get over it.” Scott McNealy, CEO Sun Microsystems, January 1999
THREE OF THE MOST SELF-SERVING THINGS EVER SAID ABOUT PRIVACY!
![Page 30: Lecture to Carleton University, Center for European Studies, December 1, 2010](https://reader030.vdocuments.us/reader030/viewer/2022032521/56649d5e5503460f94a3d210/html5/thumbnails/30.jpg)
In conclusion
Social network users care about their privacy
Even if they didn’t, it wouldn’t alter the obligations of data users to process personal data in conformity with privacy principles