Documente Academic
Documente Profesional
Documente Cultură
Privacy is a fundamental human right. It underpins human dignity and other values such as
freedom of association and freedom of speech. It has become one of the most important human
rights of the modern age. Privacy is recognized around the world in diverse regions and cultures.
It is protected in the Universal Declaration of Human Rights, the International Covenant on Civil
and Political Rights, and in many other international and regional human rights treaties. Privacy
is a fundamental human right. It underpins human dignity and other values such as freedom of
association and freedom of speech. It has become one of the most important human rights of the
modern age. Here we review this essential human right.
The Internet seems, at first glance, a place without rules and government, a beautiful, anarchic
free-for-all beyond the bounds of government interference. In fact, of course, the Internet is as
hidebound and rule bound as most anything else, different only in its fundamental nature. From
technological constraints and rules -- basic protocols governing the functioning of data transfer --
to how domain names are assigned and what activity has been criminalized "hacking", child
pornography, etc.
Here we find two forms of code dominating the Internet: legal code (law) and machine code (the
technology supporting the Internet). It almost sounds like heresy to talk about regulation of
the Internet, but, of course, there is a structure to it, there are protocols and regulations governing
it. Regulation is both necessary and inevitable. Regulation comes from within as well -- not
imposed by government, but imposed by code itself (i.e. on a purely technical level), by how
programs run and how data is exchanged and how access is restricted or made available.
Four constraints regulate behavior: law, the market, norms, and architecture. Architecture has a
profound effect, for example filtering mechanisms that can restrict access to sites. While these
may seem desirable to allow parents, for example, to prevent their children from gaining access
to disagreeable sites they could theoretically also be installed at higher levels of the computer
chain, blocking access of certain sites for a large number of users. The Internet is very open, but
it is not completely open -- and the potential to close much of it off is increasing daily.
1
PART 1
Code and Data Privacy
2
1.1) According to Lessig
Privacy is a major concern on the Internet. What constitutes privacy on the Internet? Complete
anonymity is impossible. Your ISP knows all your keys on the Internet, and can easily connect
your name and address with your habits and interests. What information should be safeguarded
and how? This can be left to the market -- but the architecture of the web and of browsers makes
it difficult for users to stay properly informed. Relatively few users are aware that they are being
monitored as they skip about the Internet. Cookies are automatically placed on a user's computer,
without notification; unless users set their browser to either send a warning every time a cookie
is offered, or decline them straight-out. The burden is on users, most of whom remain blissfully
unaware of the ongoing rape of their computers and the collection of extensive private
information by companies such as Double Click.
Norms can have some influence, the norms of cyberspace are also different from (and change
differently than) those in the real world. "Privacy policies" are popular on almost all commercial
and many information sites, but study after study indicates that sites do not actually do what they
claim in these policies. Abuse is rife -- and consumers are limited in what they can do to affect
change. Government has made a great effort to regulate the Internet: pornography, gambling,
encryption (and back-doors that allow the government to "eavesdrop"). In many areas legislators
have been stymied by the Internet -- taxation of goods sold over the Internet is one area that will
certainly get a lot more attention in the near future. Government is playing by the old rules, most
of which are ill-suited for this new world.
Without concerted effort, these ever-increasing layers of control will turn the Internet from the
transformative and creative technology it has the potential to be into a perfectly controlled
medium. There are choices to be made about how this network evolves. These choices will affect
fundamentally what values are built into the network.
3
1.3) The Madrid Declaration
The Madrid Declaration affirmed that privacy is a fundamental human right and reminded "all
countries of their obligations to safeguard the civil rights of their citizens and residents." It
warned that "privacy law and privacy institutions have failed to take full account of new
surveillance practices." The Declaration urged countries "that have not yet established a
comprehensive framework for privacy protection and an independent data protection authority to
do so as expeditiously as possible." The civil society groups and experts recommend a
"moratorium on the development or implementation of new systems of mass surveillance."
Finally, the Declaration called for the "establishment of a new international framework for
privacy protection, with the full participation of civil society, which is based on the rule of law,
respect for fundamental human rights, and support for democratic institutions."
4
PART 2
Privacy and Data Protection Legislation in Malta
5
2.1) Data Holding Responsibilities.
Primarily in the collection of personal data. Organizations wishing to collect and process the
personal information of data subjects are required to adhere to the following: Must inform the
data commissioner, and agree to abide by the rules that ensure that the privacy rights of the data
subject are respected. Must have assigned a data controller that is responsible for ensuring that
the personal information of the data subjects is collected, stored, and removed as per the data
privacy principles laid out by the data commissioner relating to data quality. Must not collect
personal information without the consent of the data subject. Must inform the data subject that
data collection will happen. Must inform the data subject that that personal information is being
collected for whatever reason. Must ensure that the data subject has the choice to opt-out of the
collection of personal information and/ or that which is shared with third parties Data subjects
residing in member states of the European Union.. Nonetheless, what is important when talking
about data privacy best practices is that the data subject has a choice.
The assigned controller “must implement appropriate technical and organizational measures to
protect personal data against accidental or unlawful destruction or accidental loss, alteration,
unauthorized disclosure or access.” This is the information security part. The data holding
authority must have the security mechanisms in place to ensure the confidentiality, integrity, and
availability of data stored and transmitted by the data holding authority. In addition the
requirement on the processing and storage of personal data states that the data shall: Be
processed fairly and lawfully. Be kept accurate. Be kept up-to-date. Not be transferred to a
country or territory outside the country of origin. The exception being that the. Country has an
adequate level of protections pertaining to the rights and freedoms of the data subject.
The right for access to his personal information as a data subject is guaranteed combined with the
transparency on the processing of his personal data. What this means is that the individual can
request if his personal data is being processed, and if so, which data, and to whom the data is
being disclosed. So long as the request is reasonable, the data holding authority must comply
with the request of the data subject. The data subject can question the integrity of the data
collected. For example, if the data holding authority has not updated their records, and the data
subject has hard evidence that the personal information held is wrong, the data holding authority
must comply with the request to correct the error. The data subject has the right to object to
6
information being stored if the data is being used for activities that are outside of the scope of
what it was collected for, e.g., for marketing activities.
Malta enacted the Data Protection Act in 2001, in force in 2003. The Office of the Data
Protection Commissioner, which falls under the Ministry for Justice and Home Affairs, is
charged with enforcing data protection in Malta. Pursuant to the Act, the Republic named a Data
Protection Commissioner and a Data Protection Appeals Tribunal in March 2002. The Act
outlines nine principles to ensure the protection of personal information. Data collectors must
state to individuals the specific purpose for the collection of information, and the data may not be
used for other purposes. The Act also contains accuracy requirements, mandating that
"reasonable measures" be taken to "complete, correct, block or erase data to the extent that such
data is incomplete or incorrect." The individual's "unambiguous" consent is required in order to
process personal information (absent several exceptions) and "explicit" consent it necessary in
order to process "sensitive personal data." All entities in Malta, including the Government, are
subject (with some exceptions) to the Constitution of Malta and to the Data Protection Act
(together with the relevant subsidiary legislation). The Security Services alone are not subject to
the Data Protection Act; however, a limitation to their monitoring is provided.
7
subscribers maintain their privacy. The Regulations require electronic communications providers
to take appropriate technical and organizational measures to safeguard the security of the
services it provides and to inform their subscribers of the existence of situations where their
information may be unintentionally made available to third parties. The Regulations also require
electronic communications carriers to provide the option of disabling caller ID functions.
8
Conclusion
Though, one may say, much has been done, both locally and/or as a follow up to EU Directives,
when one looks at the notion of how rapidly technology changes, for example, the newest issue
with Cloud Computing, or chips inserted in the Human Body, one could be right to say that the
law, as currently written, is/and will always be ill-equipped to deal with the new frontiers of
cyberspace. The legal and regulatory issues in cyberspace according to the system on which our
other laws are based is fraught with danger. Property is not the same in cyberspace. Privacy is
not the same. Sovereignty is not the same. Indeed, very little is the same.
9
Bibliography
Bygrave, LA: “Data Protection Pursuant to the Right to Privacy in Human Rights Treaties”,
International Journal of Law & Information Technology, 1998,
Bygrave, LA & Aarø, AH: “Privacy, Personality and Publicity – An Overview of Norwegian
Law”, in M. Henry (ed.), International Privacy, Publicity and Personality Laws (London:
Butterworths, 2001)
Bygrave, LA: “Determining Applicable Law pursuant to European Data Protection Legislation”,
Computer Law & Security Report, 2000,
Bing, J: “Data protection, jurisdiction and the choice of law”, Privacy Law & Policy Reporter,
1999,
Karanja, SK: “The Schengen Co-operation: Consequences for the Rights of EU Citizens”,
Mennesker og rettigheter, 2000,
Karanja, S.K.: “SIS II Legislative Proposals 2005: Gains and Losses!”, in G.P. Krog & A.G.B.
Bekken (eds.): Yulex 2005 (Oslo: Institutt for rettsinformatikk / Unipub, 2005)
Lessig, L: Code and Other Laws of Cyberspace (New York: Basic Books, 1999),
Rotenberg, M: “Fair Information Practices and the Architecture of Privacy (What Larry Doesn‟t
Get)”, Stanford Technology Law Review, 2001,
Bennett, C.J. & Raab, C.D.: The Governance of Privacy. Policy instruments in global
perspective (MIT Press, 2006).
10
Bygrave, L.A.: “Electronic Agents and Privacy: A Cyberspace Odyssey 2001”, International
Journal of Law and Information Technology, 2001,
Bygrave, L.A.: “Privacy-enhancing technologies – caught between a rock and a hard place”,
Privacy Law & Policy Reporter, 2002,
Bygrave, L.A.: “Digital Rights Management and Privacy – Legal Aspects in the European
Union”, in E. Bekker et al. (eds.), Digital Rights Management: Technological, Economic, Legal
and Political Aspects (Berlin / Heidelberg: Springer, 2003),
Grijpink, J.: “Biometrics and Privacy”, Computer Law & Security Report, 2001,
Koops, B-J & Leenes, R., “„Code‟ and the Slow Erosion of Privacy”, Michigan
Telecommunications and Technology Law Review, 2005,
Kuner, C.: European Data Privacy Law and Online Business (Oxford: Oxford University Press,
2007 2nd edition).
Lessig, L: “The Law of the Horse: What Cyberlaw might Teach”, Harvard Law Review, 1999,
Olsen, T. & Mahler, T.: “Identity management and data protection law: Risk, responsibility and
compliance in „Circles of Trust‟”, Computer Law & Security Report, 2007,
Olsen, T. & Mahler, T.: “Data Protection Issues in Collaborative Identity Management:
Compliance and Responsibility in Circles of Trust” (2006),
Shaffer, G.: “Globalization and Social Protection: The Impact of E.U. and International Rules in
Ratcheting Up of U.S. Privacy Standards”, Yale Journal of International Law, 2000,
Solove, D.: “Privacy and Power: Computer Databases and Metaphors for Information Privacy”,
Stanford Law Review, 2001,
Council of Europe‟s Convention on data protection (1981) – Convention for the Protection of
Individuals with regard to Automatic Processing of Personal Data
11
EC Directive on data protection (1995) – Directive 95/46/EC of 24 October 1995 on the
protection of individuals with regard to the processing of personal data and on the free
movement of such data (O.J. No. L 281, 23.11.1995, 31).
EC Directive on data retention (2006) – Directive 2006/24/EC of 15 March 2006 on the retention
of data generated or processed in connection with the provision of publicly available electronic
communications services or of public communications networks and amending Directive
2002/58/EC (O.J. No. L 105, 13.4.2006, 54).
OECD Guidelines on data protection (1980) – Guidelines Governing the Protection of Privacy
and Transborder Flows of Personal Data, adopted 23.9.1980;
OECD Guidelines on information security (2002) – Guidelines for the Security of Information
Systems and Networks: Towards a Culture of Security, adopted 25.7.2002,
Agre, Philip E. (Editor), Marc Rotenberg (Editor), Technology and Privacy : The New
Landscape, MIT Press, 1997
Burnham, David. The Rise of the Computer State: A chilling Account of the Computer's Threat
to Society. Random House, New York. 1980.
Cavoukian, Ann & Don Tapscott,Who Knows: Safeguarding Your Privacy in a Networked
World, Random House of Canada, Toronto. 1995.
Eaton, Joseph W., Card-Carrying Americans - Privacy, Security, and the National ID Card
Debate, Rowman & Littlefield, 1996.
12
Flaherty, David H., Privacy in Colonial New England 1630-1776, University Press of Virginia,
Charlottesville. (C) 1967 by David H. Flaherty;
Flaherty, David H., Privacy and Government Data Banks - An International Perspective, 1979
Garson, Barbara, The Electronic Sweatshop : How Computers Are Transforming the Office of
the Future into the Factory of the Past, Penguin USA, October 1989
Kennedy, Caroline, Ellen Alderman, The Right to Privacy, Vintage Books, 1995.
Privacy in America, seen through US case law.
Marx, Gary, Undercover - Police Surveillance in America, University of California Press, 1988
Summarizes police impacts on personal privacy.
Packard, Vance. The Naked Society. David McKay Company, Inc., New York. 1964
Privacy Rights Clearinghouse, Dale Fetherling (Editor) The Privacy Rights Handbook : How to
Take Control of Your Personal Information, Avon Books, 1997
Smith, Jeff, Managing Privacy : Information Technology and Corporate America, Univ of North
Carolina Pr, June 1994.
Smith, Robert. War Stories - Accounts of Persons Victimized by Invasions of Privacy. Privacy
Journal, PO Box 28577, Providence, RI 02908. 401-274-7861. 1997.
13
Web Links
http://www.mca.org.mt/.
http://justiceservices.gov.mt/DownloadDocument.aspx?app=lom&itemid=10560....
http://www.justiceservices.gov.mt/LOM.aspx?pageid=27&mode=chrono&gotoID=399.
http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2006/9th_annual....
http://www.state.gov/g/drl/rls/hrrpt/2006/78827.htm.
http://www.dataprotection.gov.mt/article.aspx?art=112.
http://www.dataprotection.gov.mt/dbfile.aspx/Annual%20Report%202005.pdf.
http://ec.europa.eu/justice/policies/privacy/workinggroup/annual_reports....
http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2009/12th_annua....
http://justiceservices.gov.mt/DownloadDocument.aspx?app=lom&itemid=10563....
http://www.bna.com.
http://justiceservices.gov.mt/DownloadDocument.aspx?app=lom&itemid=10560....
http://justiceservices.gov.mt/DownloadDocument.aspx?app=lom&itemid=11052....
http://www.dataprotection.gov.mt/article.aspx?art=143
http://www.dataprotection.gov.mt/dbfile.aspx/LN198_2008.pdf
http://www.dataprotection.gov.mt/dbfile.aspx/LN199_2008.pdf
http://justiceservices.gov.mt/DownloadDocument.aspx?app=lom&itemid=11056....
http://www.dataprotection.gov.mt/article.aspx?art=117.
http://www.dataprotection.gov.mt/dbfile.aspx/Sample%20Privacy%20Policy.pdf.
http://www.smartmeters.com/the-news/446-ibm-bringing-smart-grid-to-malta....
http://www.timesofmalta.com/articles/view/20090505/local/enemalta-starts....
http://www.dataprotection.gov.mt/dbfile.aspx/DPCresearchguidelines.pdf
14
http://www.timesofmalta.com/articles/view/20100220/local/commission-for-....
http://ec.europa.eu/information_society/activities/sip/projects/completed/combined_nodes/malta
_supportline179/index_en.htm.
http://www.timesofmalta.com/technology/view/20080605/news/no-kidding-with-children-and-
their-mobile-phone.
http://www.vodafone.com.mt/file.aspx?f=295.
http://www.timesofmalta.com/articles/view/20071004/local/judge-bans-poli...
http://www.epractice.eu/en/document/288319
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32004R2252:E....
http://www.timesofmalta.com/articles/view/20100110/local/still-no-decisi....
http://www.justiceservices.gov.mt/DownloadDocument.aspx?app=lom&itemid=8....
http://www.independent.com.mt/news.asp?newsitemid=77029.
http://www.dataprotection.gov.mt/dbfile.aspx/Banking%20Guidelines.pdf.
http://www.dataprotection.gov.mt/dbfile.aspx/Insurance%20Guidelines.pdf.
http://www.epractice.eu/en/document/288320
http://www.ehealth.gov.mt/.
http://docs.google.com/viewer?a=v&q=cache:PpbsgGvWn6sJ:www.mjha.gov.mt/D...
http://www.timesofmalta.com/articles/view/20091201/local/pl-insists-data....
http://www.lifesitenews.com/ldn/2008/oct/08102308.html.
http://www.maltatoday.com.mt/2008/10/22/t11.html.
http://www.timesofmalta.com/articles/view/20091007/local/breach-of-data-....
http://www2.ohchr.org/english/law/index.htm.
15