legal frameworks print.ppt preconditions2 - legal... · • spectrum, airwaves, networks, ... are...

1

Legal frameworks for

information societies

Legal frameworks for

information societies

Preconditions for information exchange (2)Steven Segaert

Main topicsMain topics

1. What law is relevant to the existing of

information societies?

What can you expect to find?

2. How to take into account, and use, law?

October 7-8, 2008 Tirana 2

Legal framework of information

societies

Legal framework of information

societies

What is this “information society”?

What kind of law applies to information societies?

Is it special? Why?

What do we need to regulate?


2

Information society...Information society...


Our starting point is the commonplace observation that

we are in a period of intense social change. Numerous

writers have argued that the West is currently

experiencing a profound shift from an industrial

society to a post-industrial, Information Society. Some

argue that the shift has affected people's ability to

make sense of the rapid changes in which society is

immersed. These changes contrast with commonly

understood ways of seeing the world and with our

taken-for-granted ways of understanding such familiar

terms as "information", "location", and "knowledge".

“An inclusive global information

society is one where all

persons, without distinction,

are empowered freely to

create, receive, share and

utilize information and

knowledge for their economic,

social, cultural and political

development”.

(WSIS)

A society where communication and information technologies

influence the everyday lives of most of its members. Helped by the

advance of the Internet and a 'wired' culture, technology is used for a

wide range of personal, social, educational and business activities, and

to transmit receive and exchange digital data rapidly between places

despite great distances. In an information society, information is as

powerful a resource as the manufacturing and agricultural industries

were in previous eras. Also known as the knowledge economy, digital

era or information superhighway.



An information society is a society in which the creation, distribution,

diffusion, use, integration and manipulation of information is a significant

economic, political, and cultural activity. The knowledge economy is its

economic counterpart whereby wealth is created through the economic

exploitation of understanding.

Specific to this kind of society is the central position information

technology has for production, economy, and society at large. Information

society is seen as the successor to industrial society.

(Wikipedia)



3

Why do we need law?Why do we need law?

Law is instrumental: it needs to facilitate societal

developments...

... while protecting us from the state and from

ourselves

Law can not create, nor should it dictate, reality.

The information society is a reality. Law

should enable it to develop; not impede it...


What needs to be regulated?What needs to be regulated?

�� Common resources and infrastructure

�� The flow of information

�� Protect the new environment


Common resources and

infrastructure

Common resources and

infrastructure• Spectrum, airwaves, networks, ... are all limited;

allowing it to be monopolized is unfair and

hampers development

• Telecommunications Act, Cable Distribution Act,

etc.

• To create favourable conditions for development

• To regulate the use of limited resources through

purposeful planning

• To establish the requirements for telecommunications

networks and provision of services

• To install a level of state supervision to market players


4

The flow of informationThe flow of information


The flow of informationThe flow of information

Historical trend...

1. State secrets acts

2. Freedom of information lawsIn the OECD: 20% in 1980

40% in 1990

80% in 2000 (24/30 countries)

3. Protection of the individual

4. Copyright and patent laws as protection of

property rights


Freedom of informationFreedom of information

You can expect to find...

• A constitutional provision on right to information

• A Public Information Act

Goal: “to provide everyone and anyone with access to

public information ... and to create possibilities for the

public to monitor the performance of public duties”


5


What is public informationpublic information?

Information which is recorded and documented in

execution of public power as directed by laws and other

legal acts

(irrespective of the way it is recorded and documented,

the medium or the location)



Who is the ownerowner of public information?

• State and local government

• Public legal persons

• Private legal persons, if...

• they execute public tasks

• receive public funds

• or have a natural monopoly



Obligations Obligations as an owner of public information?

The owner of public information is obliged to grant

access...

in the quickest and easiests manner...

while protecting private data.

Access should not cost anything extra (the law can

contain charges for the carrier, not for the information)

Everybody has the right to contest a restriction on access

to information


6


Exceptions Exceptions (when is access not to be granted)

• When openness ruins the possibility of work,

• Puts something into danger,

• Puts someone groundlessly into danger,

• Or there are obligations to the contrary from a higher

level (international agreements, constitution)

Even then: time limit to restrictions



Active measures and good practices?

Not always found in Freedom of Information laws.

e.g. Law can have a list of obligatory online content

Law can provide that you have to have a website, or

join a portal site

Law can tell you to publish a document register, what is

kept and why, and the rules to get access



Active measures and good practices?

Still a good idea to organise a humane process yourself...

• Register a request only if you cannot satisfy it

immediately

• Move requests from official to official (one entry point

for requests)

• Answer immediately or within a very short timeframe

• Tell people clearly where they can complain


7


Your organisation...Your organisation...


Way too much work!

We can’t let all that information go

public, surely?!

How much will all that cost?

Don’t tell people what we do; they won’t

understand it anyway...

Ok, I got it. Give us three years, we will

make it then!

Journalists would have a field day...


• Radical?

No – it is necessary!

• Controversial?

Only until implemented...

• Success comes from working together

• Training and awareness-building is necessary

for all: civil servants, politicians, citizens and

even journalists


8

Protection of personal dataProtection of personal data

Personal data?“personal data” shall mean any information

relating to an identified or identifiable natural

person (‘Data Subject’); an identifiable person is

one who can be identified, directly or indirectly, in

particular by reference to an identification number

or to one or more factors specific to his physical,

physiological, mental, economic, cultural or social

identity.

(Directive 95/46/EC, 24/10/1995 on the protection of

individuals with regard to the processing of personal data and

on the free movement of such data)

broad definition; technology neutral



SensitiveSensitive personal data?

A subset of personal data; separately defined; more conditions are set

for processing to be legal (usually the consent of the person involved

is required).

EC Directive: “personal data revealing racial or ethnic origin, political

opinions, religious or philosophical beliefs, trade-union membership,

and the processing of data concerning health or sex life”

... but the definition can be larger in your own law.

Rule: no processing, with exceptions



For who?

• All legal entities (public or private) that control

personal data

• The individual or the legal person who controls

and is responsible for the keeping and use of

personal information on computer or in structured

manual files.


9


Personal data should not be processed at all, except

when certain conditions are met...

• Transparency

The data subject must be informed; the controller must

provide its contact data, the prupose of processing, the

recipients of the data and all other relevant information

required to ensure the processing is fair.

The data subject can access, demand rectification, deletion

or blocking if the conditions are not met.





• Legitimate purpose

Personal data can only be processed for specified explicit

and legitimate purposes, and for nothing else.

There are certain conditions to be fulfilled before personal

data can be processed. When it involves sensitive personal

data, extra restrictions apply.





• Proportionality

Process only insofar as it is adequate, relevant and not

excessive in relation to the purposes.

Data must be kept accurate and up to date.

Don’t keep it longer than needed.

Decisions with legal or otherwise significant effects may not

be taken only on the automated processing of data. A form

of appeal is to be provided.


10


Supervisory authority

Must be an independent body that monitors, advises and

starts legal procedures when the rules are broken.

A controller of data must notify the supervisory authority

before he starts to process data – who controls what

data is kept in a public register.



• Personal data may only be transferred to third

countries IF that country provides an adequate

level of protection.

• Rules also apply whenever the controller uses

equipment situated in the EU, or processes data

in the EU.


Still...


What can you do?

• Adhere to the principles, even if you don’t have to

- they are valid and make sense

• Check your own situation (incl. your own laws)

• Plus: add the information used to come to a

decision to all decisions you communicate...


11

Database actDatabase act

What should be done in order to build and maintain

government databases?

2-level management

• Chief processors: the “politically” responsable

• Authorised processors: technically

responsable

Classification of data or classification of databases?


�� Protect the new environment

• Development needs to be facilitated

• Certain interests need to be protected


Digital signature lawDigital signature law

• Issues and needs:

• You can hardly put a handwritten signature on an

electronic document...

• What is an “original document” when you only have

elctronic “copies”?

• Solution: look at what a signature does

• Identifies the signer

• The signer takes ownership / responsability of the

document


12


• Issues and needs:

• You can hardly put a handwritten signature on an

electronic document...

• What is an “original document” when you only have

elctronic “copies”?

• False issues emerge...



Identifies the signer

The signer takes ownership / responsability of the

document



Digital signatures are equivalent to

handwritten ones, if...

• Uniquely identifies the signer

• Authenticates the signed document

• Allows to set a sequence of events


13


• Equivalent = you must accept it (might mean you

have to adapt your law)

• Technology-neutral

• When a certification authority adheres to the

rules, you must trust him

! Signing is not encrypting

! Also machines and entities can use digital

signatures


Other useful actsOther useful acts

• Identity documents act (EID?)

• Information society services act

ISP liability, spam legislation, conditions for providing

services online

• Re-use of public information by businesses

• Cyber-crime provisions

• Charter of electronic rights

Provide standards for public e-service delivery (possibility to

access services online, right to be involved in decision

making processes, ...)


Some conclusionsSome conclusions

• Law does not create an information society

... but impeding laws can hamper it

• Society without law is not realistic

• No need to re-invent, but also no use to copy –

using the principles is usually the best idea

• Eu integration can inspire

• Inaction is worse than not getting it perfect

straight away

• The order of enacting is of little importance


14

More information (lots of it)More information (lots of it)


www.ictregulationtoolkit.org

Thank you!Thank you!

Time for a break...

Steven Segaert

E-Governance Academy

[email protected]


legal frameworks print.ppt preconditions2 - legal... · • spectrum, airwaves, networks, ... are...

Documents