legal frameworks print.ppt preconditions2 - legal... · • spectrum, airwaves, networks, ... are...
TRANSCRIPT
1
Legal frameworks for
information societies
Legal frameworks for
information societies
Preconditions for information exchange (2)Steven Segaert
Main topicsMain topics
1. What law is relevant to the existing of
information societies?
What can you expect to find?
2. How to take into account, and use, law?
October 7-8, 2008 Tirana 2
Legal framework of information
societies
Legal framework of information
societies
What is this “information society”?
What kind of law applies to information societies?
Is it special? Why?
What do we need to regulate?
October 7-8, 2008 Tirana 3
2
Information society...Information society...
October 7-8, 2008 Tirana 4
Our starting point is the commonplace observation that
we are in a period of intense social change. Numerous
writers have argued that the West is currently
experiencing a profound shift from an industrial
society to a post-industrial, Information Society. Some
argue that the shift has affected people's ability to
make sense of the rapid changes in which society is
immersed. These changes contrast with commonly
understood ways of seeing the world and with our
taken-for-granted ways of understanding such familiar
terms as "information", "location", and "knowledge".
“An inclusive global information
society is one where all
persons, without distinction,
are empowered freely to
create, receive, share and
utilize information and
knowledge for their economic,
social, cultural and political
development”.
(WSIS)
A society where communication and information technologies
influence the everyday lives of most of its members. Helped by the
advance of the Internet and a 'wired' culture, technology is used for a
wide range of personal, social, educational and business activities, and
to transmit receive and exchange digital data rapidly between places
despite great distances. In an information society, information is as
powerful a resource as the manufacturing and agricultural industries
were in previous eras. Also known as the knowledge economy, digital
era or information superhighway.
Information society...Information society...
October 7-8, 2008 Tirana 5
An information society is a society in which the creation, distribution,
diffusion, use, integration and manipulation of information is a significant
economic, political, and cultural activity. The knowledge economy is its
economic counterpart whereby wealth is created through the economic
exploitation of understanding.
Specific to this kind of society is the central position information
technology has for production, economy, and society at large. Information
society is seen as the successor to industrial society.
(Wikipedia)
Information society...Information society...
October 7-8, 2008 Tirana 6
3
Why do we need law?Why do we need law?
Law is instrumental: it needs to facilitate societal
developments...
... while protecting us from the state and from
ourselves
Law can not create, nor should it dictate, reality.
The information society is a reality. Law
should enable it to develop; not impede it...
October 7-8, 2008 Tirana 7
What needs to be regulated?What needs to be regulated?
�������� Common resources and infrastructure
�������� The flow of information
�������� Protect the new environment
October 7-8, 2008 Tirana 8
Common resources and
infrastructure
Common resources and
infrastructure• Spectrum, airwaves, networks, ... are all limited;
allowing it to be monopolized is unfair and
hampers development
• Telecommunications Act, Cable Distribution Act,
etc.
• To create favourable conditions for development
• To regulate the use of limited resources through
purposeful planning
• To establish the requirements for telecommunications
networks and provision of services
• To install a level of state supervision to market players
October 7-8, 2008 Tirana 9
4
The flow of informationThe flow of information
October 7-8, 2008 Tirana 10
The flow of informationThe flow of information
Historical trend...
1. State secrets acts
2. Freedom of information lawsIn the OECD: 20% in 1980
40% in 1990
80% in 2000 (24/30 countries)
3. Protection of the individual
4. Copyright and patent laws as protection of
property rights
October 7-8, 2008 Tirana 11
Freedom of informationFreedom of information
You can expect to find...
• A constitutional provision on right to information
• A Public Information Act
Goal: “to provide everyone and anyone with access to
public information ... and to create possibilities for the
public to monitor the performance of public duties”
October 7-8, 2008 Tirana 12
5
Freedom of informationFreedom of information
What is public informationpublic information?
Information which is recorded and documented in
execution of public power as directed by laws and other
legal acts
(irrespective of the way it is recorded and documented,
the medium or the location)
October 7-8, 2008 Tirana 13
Freedom of informationFreedom of information
Who is the ownerowner of public information?
• State and local government
• Public legal persons
• Private legal persons, if...
• they execute public tasks
• receive public funds
• or have a natural monopoly
October 7-8, 2008 Tirana 14
Freedom of informationFreedom of information
Obligations Obligations as an owner of public information?
The owner of public information is obliged to grant
access...
in the quickest and easiests manner...
while protecting private data.
Access should not cost anything extra (the law can
contain charges for the carrier, not for the information)
Everybody has the right to contest a restriction on access
to information
October 7-8, 2008 Tirana 15
6
Freedom of informationFreedom of information
Exceptions Exceptions (when is access not to be granted)
• When openness ruins the possibility of work,
• Puts something into danger,
• Puts someone groundlessly into danger,
• Or there are obligations to the contrary from a higher
level (international agreements, constitution)
Even then: time limit to restrictions
October 7-8, 2008 Tirana 16
Freedom of informationFreedom of information
Active measures and good practices?
Not always found in Freedom of Information laws.
e.g. Law can have a list of obligatory online content
Law can provide that you have to have a website, or
join a portal site
Law can tell you to publish a document register, what is
kept and why, and the rules to get access
October 7-8, 2008 Tirana 17
Freedom of informationFreedom of information
Active measures and good practices?
Still a good idea to organise a humane process yourself...
• Register a request only if you cannot satisfy it
immediately
• Move requests from official to official (one entry point
for requests)
• Answer immediately or within a very short timeframe
• Tell people clearly where they can complain
October 7-8, 2008 Tirana 18
7
October 7-8, 2008 Tirana 19
Your organisation...Your organisation...
October 7-8, 2008 Tirana 20
Way too much work!
We can’t let all that information go
public, surely?!
How much will all that cost?
Don’t tell people what we do; they won’t
understand it anyway...
Ok, I got it. Give us three years, we will
make it then!
Journalists would have a field day...
Freedom of informationFreedom of information
• Radical?
No – it is necessary!
• Controversial?
Only until implemented...
• Success comes from working together
• Training and awareness-building is necessary
for all: civil servants, politicians, citizens and
even journalists
October 7-8, 2008 Tirana 21
8
Protection of personal dataProtection of personal data
Personal data?“personal data” shall mean any information
relating to an identified or identifiable natural
person (‘Data Subject’); an identifiable person is
one who can be identified, directly or indirectly, in
particular by reference to an identification number
or to one or more factors specific to his physical,
physiological, mental, economic, cultural or social
identity.
(Directive 95/46/EC, 24/10/1995 on the protection of
individuals with regard to the processing of personal data and
on the free movement of such data)
broad definition; technology neutral
October 7-8, 2008 Tirana 22
Protection of personal dataProtection of personal data
SensitiveSensitive personal data?
A subset of personal data; separately defined; more conditions are set
for processing to be legal (usually the consent of the person involved
is required).
EC Directive: “personal data revealing racial or ethnic origin, political
opinions, religious or philosophical beliefs, trade-union membership,
and the processing of data concerning health or sex life”
... but the definition can be larger in your own law.
Rule: no processing, with exceptions
October 7-8, 2008 Tirana 23
Protection of personal dataProtection of personal data
For who?
• All legal entities (public or private) that control
personal data
• The individual or the legal person who controls
and is responsible for the keeping and use of
personal information on computer or in structured
manual files.
October 7-8, 2008 Tirana 24
9
Protection of personal dataProtection of personal data
Personal data should not be processed at all, except
when certain conditions are met...
• Transparency
The data subject must be informed; the controller must
provide its contact data, the prupose of processing, the
recipients of the data and all other relevant information
required to ensure the processing is fair.
The data subject can access, demand rectification, deletion
or blocking if the conditions are not met.
October 7-8, 2008 Tirana 25
Protection of personal dataProtection of personal data
Personal data should not be processed at all, except
when certain conditions are met...
• Legitimate purpose
Personal data can only be processed for specified explicit
and legitimate purposes, and for nothing else.
There are certain conditions to be fulfilled before personal
data can be processed. When it involves sensitive personal
data, extra restrictions apply.
October 7-8, 2008 Tirana 26
Protection of personal dataProtection of personal data
Personal data should not be processed at all, except
when certain conditions are met...
• Proportionality
Process only insofar as it is adequate, relevant and not
excessive in relation to the purposes.
Data must be kept accurate and up to date.
Don’t keep it longer than needed.
Decisions with legal or otherwise significant effects may not
be taken only on the automated processing of data. A form
of appeal is to be provided.
October 7-8, 2008 Tirana 27
10
Protection of personal dataProtection of personal data
Supervisory authority
Must be an independent body that monitors, advises and
starts legal procedures when the rules are broken.
A controller of data must notify the supervisory authority
before he starts to process data – who controls what
data is kept in a public register.
October 7-8, 2008 Tirana 28
Protection of personal dataProtection of personal data
• Personal data may only be transferred to third
countries IF that country provides an adequate
level of protection.
• Rules also apply whenever the controller uses
equipment situated in the EU, or processes data
in the EU.
October 7-8, 2008 Tirana 29
Still...
Protection of personal dataProtection of personal data
What can you do?
• Adhere to the principles, even if you don’t have to
- they are valid and make sense
• Check your own situation (incl. your own laws)
• Plus: add the information used to come to a
decision to all decisions you communicate...
October 7-8, 2008 Tirana 30
11
Database actDatabase act
What should be done in order to build and maintain
government databases?
2-level management
• Chief processors: the “politically” responsable
• Authorised processors: technically
responsable
Classification of data or classification of databases?
October 7-8, 2008 Tirana 31
�������� Protect the new environment
• Development needs to be facilitated
• Certain interests need to be protected
October 7-8, 2008 Tirana 32
Digital signature lawDigital signature law
• Issues and needs:
• You can hardly put a handwritten signature on an
electronic document...
• What is an “original document” when you only have
elctronic “copies”?
• Solution: look at what a signature does
• Identifies the signer
• The signer takes ownership / responsability of the
document
October 7-8, 2008 Tirana 33
12
Digital signature lawDigital signature law
• Issues and needs:
• You can hardly put a handwritten signature on an
electronic document...
• What is an “original document” when you only have
elctronic “copies”?
• False issues emerge...
October 7-8, 2008 Tirana 34
Digital signature lawDigital signature law
Identifies the signer
The signer takes ownership / responsability of the
document
October 7-8, 2008 Tirana 35
Digital signature lawDigital signature law
Digital signatures are equivalent to
handwritten ones, if...
• Uniquely identifies the signer
• Authenticates the signed document
• Allows to set a sequence of events
October 7-8, 2008 Tirana 36
13
Digital signature lawDigital signature law
• Equivalent = you must accept it (might mean you
have to adapt your law)
• Technology-neutral
• When a certification authority adheres to the
rules, you must trust him
! Signing is not encrypting
! Also machines and entities can use digital
signatures
October 7-8, 2008 Tirana 37
Other useful actsOther useful acts
• Identity documents act (EID?)
• Information society services act
ISP liability, spam legislation, conditions for providing
services online
• Re-use of public information by businesses
• Cyber-crime provisions
• Charter of electronic rights
Provide standards for public e-service delivery (possibility to
access services online, right to be involved in decision
making processes, ...)
October 7-8, 2008 Tirana 38
Some conclusionsSome conclusions
• Law does not create an information society
... but impeding laws can hamper it
• Society without law is not realistic
• No need to re-invent, but also no use to copy –
using the principles is usually the best idea
• Eu integration can inspire
• Inaction is worse than not getting it perfect
straight away
• The order of enacting is of little importance
October 7-8, 2008 Tirana 39
14
More information (lots of it)More information (lots of it)
October 7-8, 2008 Tirana 40
www.ictregulationtoolkit.org
Thank you!Thank you!
Time for a break...
Steven Segaert
E-Governance Academy
October 7-8, 2008 Tirana 41