1 / 20

The Geopolitics of Personal Data and the Governance of Privacy

The Geopolitics of Personal Data and the Governance of Privacy. Colin J. Bennett Department of Political Science University of Victoria BC, Canada www.colinbennett.ca cjb@uvic.ca Presentation to Conference on “Power and Difference,” Tampere, Finland, August 29 th.

tyrell
Télécharger la présentation

The Geopolitics of Personal Data and the Governance of Privacy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Geopolitics of Personal Data and the Governance of Privacy Colin J. Bennett Department of Political Science University of Victoria BC, Canada www.colinbennett.ca cjb@uvic.ca Presentation to Conference on “Power and Difference,” Tampere, Finland, August 29th

  2. Trends in Surveillance Practices – The “New Transparency” • Routinizationand expansion of "everyday surveillance” • Ambiguity about the nature of personal information • Surveillance of mobility and location • Embedding of surveillance in material objects • Peer-to-peer (horizontal) surveillance • Globalization of surveillance practices and processes Is the concept and regime of “privacy” appropriate to meet these challenges?

  3. Justifications for Privacy in the West • As a Right of the Person • La Vie Privée (France) • Privatsphäre (Germany) • The “Right to be Let Alone” (United States) • “Integritet” (Sweden) • As a Political Value: A Check against Powerful State and Private Organizations • As an Instrumental Value • To ensure that the right data are used by the right people for the right purposes • To build “trust”in e-commerce and e-government • To manage “risk”

  4. The Sociological Critique of “Privacy” • Rooted in individualism • A rights-based discourse • Excessive use of spatial metaphors • Insensitive to discrimination and “social sorting” • Cultural relativism

  5. The Information Privacy Principles • Accountability • Purpose identification at time of collection • Informed consent for collection • To limit use and disclosure (finality) • Retention limitation • Data quality • Data security • Openness about policies and practices • Individual access and correction

  6. A principled-based approach appears in: • Comprehensive data protection laws in around 80 countries • Sectoral Legislation in information intensive industries • International agreements from Council of Europe, OECD, European Union, Asia-Pacific Economic Cooperation • Self-regulatory codes and management and technical standards

  7. International Policy Convergence • International policy learning • Elite networking • Policy harmonization • Policy penetration

  8. The European Union • Directive 95/46/EC on Personal Data Protection • Harmonization of all European Data Protection laws to higher and common standard • Insistence on a “supervisory authority” with common powers in each state • An “adequate level of protection” in countries that receive European personal data • Directive 2009/136/EC: The “Cookie Rules” • Draft Regulation on Data Protection, January 2012

  9. The EU’s “Adequacy Standards” • Articles 25 and 26 of the EU Data Protection Directive (1995) 95/46/EC • Personal data should not be transferred outside EU unless an “adequate level of protection” which requires: • Basic content principles: Purpose limitation; data quality and proportionality; transparency; security; rights of access, rectification and opposition; restrictions on onward transfers • Procedural/enforcement principles: good level of compliance with the rules; support and help provided to individual data subjects; appropriate redress provided to the injured party • Administered by Article 29 Working Party of Supervisory authorities

  10. The Council of Europe Regime • 1981 Convention on the Protection of Individuals with Regard to the Automatic Processing of Personal Data (Treaty 108) • Ratified by 25 countries • Signed by 33 countries • Recommendations on specific practices

  11. The OECD Regime • Guidelines on the Protection of Privacy and Transborder Flows of Personal Data(1981) • Guidelines for the Security of Information Systems (1992) • Guidelines for Cryptography Policy (1997) • 30 year anniversary of guidelines and analysis of their future?

  12. The APEC Regime • The APEC Privacy Principles (2005) • Pathfinder process for accountable cross-border flows of personal data within APEC

  13. International Standards Regime • ISO 27000 series (Data Security) • ISO 24745 (Biometric Information Protection) • ISO 24760 –( Framework for Identity Management). • ISO 29100 – (A Privacy Framework) • ISO 29101 (Privacy Reference Architecture)

  14. The Policy Dilemma ADEQUATE LAWS? • The presence of key legal principles • An independent supervisory authority • A good level of compliance ACCOUNTABLE ORGANIZATIONS? • Makes original collector of personal data ‘responsible’ – ‘liable?’ • Evaluates the “due diligence” of the organization • Use of contracts • Binding corporate rules • Self-certification schemes • Third-party certification to management and technical standards

  15. The Framing (Discursive) Dilemma • The Protection of “Privacy”? • The Minimization of “Surveillance”?

  16. The Geo-Political Dilemma • National Sovereignty • Personal Identity and Subjectivity • The “Anti-Geography” of the Internet

More Related