BEFORE THE EUROPEAN COMMITTEE ON LEGAL COOPERATION OF THE COUNCIL OF EUROPE PLENARY MEETING OCTOBER 11-14, 2010

Similar documents
EUROPEAN PARLIAMENT COMMITTEE ON CIVIL LIBERTIES, JUSTICE AND HOME AFFAIRS

DIRECTIVE 95/46/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL. of 24 October 1995

COMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER THE DEPARTMENT OF HOMELAND SECURITY. [Docket No. DHS ] February 27, 2012

COMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER. to the DEPARTMENT OF HOMELAND SECURITY U.S. CUSTOMS AND BORDER PROTECTION

COMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER. to the DEPARTMENT OF HOMELAND SECURITY U.S. CUSTOMS AND BORDER PROTECTION

South Carolina Department of Motor Vehicles

IN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF COLUMBIA

PRIVACY POLICY. 1. OVERVIEW MEGT is committed to protecting privacy and will manage personal information in an open and transparent way.

AP3. APPENDIX 3 CONTROLLED UNCLASSIFIED INFORMATION

DEPARTMENT OF HOMELAND SECURITY Border and Transportation Directorate

Policy Framework for the Regional Biometric Data Exchange Solution

Case 1:17-cv CKK Document 21 Filed 07/07/17 Page 1 of 12 IN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF COLUMBIA

PROTECTION OF PERSONAL INFORMATION ACT NO. 4 OF 2013

SECOND AMENDED COMPLAINT FOR INJUNCTIVE RELIEF

Mandate of the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression

HAUT-COMMISSARIAT AUX DROITS DE L HOMME OFFICE OF THE HIGH COMMISSIONER FOR HUMAN RIGHTS PALAIS DES NATIONS 1211 GENEVA 10, SWITZERLAND

STATOIL BINDING CORPORATE RULES - PUBLIC DOCUMENT

COMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER THE DEPARTMENT OF HOMELAND SECURITY. [Docket No. DHS ]

The modernised Convention 108: novelties in a nutshell

Green Freight Asia Privacy Policy

February 8, The Honorable Jerrold Nadler Chairman U.S. House Committee on the Judiciary 2141 Rayburn House Office Building Washington, DC 20515

AmCham EU Proposed Amendments on the General Data Protection Regulation

EUROPEAN PARLIAMENT Committee on the Internal Market and Consumer Protection

Condominium Management Regulatory Authority of Ontario Access and Privacy Policy

USER AGREEMENT GRANTING DEPARTMENT OF REAL ESTATE ACCESS TO USER S ELECTRONIC MANAGEMENT SYSTEM

Privacy. Purpose. Scope. Policy. Appendix A

SCHNEIDER GROUP OOO POLICY OF THE COMPANY REGARDING TO THE PERSONAL DATA PROCESSING

Act CXII of on the Right of Informational Self-Determination and on Freedom of Information 1 CHAPTER I GENERAL PROVISIONS. 1.

Art. I Right to Access to Personal Data

An immediate report concerning the appointment of a Director

Official Gazette No. 55 issued on 8 May Data Protection Act. of 14 March 2002

IN THE ILLINOIS SUPREME COURT

1. What sort of passenger information will be transferred to US authorities?

COMP Article 1. Article 1 Subject matter and objectives

The Freedom of Information and Protection of Privacy Act

THE SURVEILLANCE AND COMMUNITY SAFETY ORDINANCE

16 March Purpose & Introduction

Transition Team. Attached List of Organizations. National Security Classification of Information. DATE: November 12, 2008

INTERNATIONAL CONVENTION ON MUTUAL ADMINISTRATIVE ASSISTANCE IN CUSTOMS MATTERS. Brussels 27 June, 2003

Interstate Commission for Adult Offender Supervision

Comments of EPIC 1 Department of Interior

5418/16 AV/NT/vm DGD 2

ACCESS AND PRIVACY POLICY

UNITED STATES DISTRICT COURT FOR THE DISTRICT OF COLUMBIA

AFRICAN DECLARATION. on Internet Rights and Freedoms. africaninternetrights.org

THE PRIVACY ACT OF 1974 (As Amended) Public Law , as codified at 5 U.S.C. 552a

Results report Missing Persons Act What was this engagement about? The Yukon Government was looking to develop legislation as a mechanism to assist

UNITED STATES DISTRICT COURT FOR THE DISTRICT OF COLUMBIA

The Privacy Policy links to the following Objective contained within the City Plan

Case 1:17-cv Document 1 Filed 07/19/17 Page 1 of 15 IN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF COLUMBIA

Instructions on the processing of personal data in the election process

The Local Authority Freedom of Information and Protection of Privacy Act

CONVENTION FOR THE PROTECTION OF INDIVIDUALS WITH REGARD TO AUTOMATIC PROCESSING OF PERSONAL DATA [ETS No. 108] DRAFT EXPLANATORY REPORT 1

B I L L. No. 30 An Act to amend The Freedom of Information and Protection of Privacy Act

EUROPEAN COMMISSION DIRECTORATE-GENERAL JUSTICE. Directorate C: Fundamental rights and Union citizenship Unit C.3: Data protection

IN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF COLUMBIA

BILL NO. 42. Health Information Act

2.16 Freedom of Information and Protection of Privacy Act

Written Testimony of Marc J. Zwillinger. Founder. ZwillGen PLLC. United States Senate Committee on the Judiciary. Hearing on

60 th UIA CONGRESS Budapest / Hungary October 28 November 1, UIA Biotechnology Law Commission Sunday, October 30, 2016

HONG KONG DEALER ELECTRONIC SERVICE AGREEMENT

Fragomen Privacy Notice

ARTICLE 29 DATA PROTECTION WORKING PARTY

84 rd REGULAR SESSION OEA/Ser.Q March 10-14, 2014 CJI/doc. 450/14 Rio de Janeiro, Brazil February 25, 2014 Original: English * Limited

STORAGE TANK SYSTEM MANAGEMENT REGULATION

European Data Protection Supervisor Your personal information and the EU administration: What are your rights?

Privacy, personal information, law enforcement and lawful access

UNITED STATES DISTRICT COURT FOR THE DISTRICT OF COLUMBIA

INVESTIGATION OF ELECTRONIC DATA PROTECTED BY ENCRYPTION ETC DRAFT CODE OF PRACTICE

Policies and Procedures

Brussels, 16 May 2006 (Case ) 1. Procedure

a. Suspend or discontinue user access to the information;

Terms of Use. 1. Limited Use

COMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER. to the DEPARTMENT OF HOMELAND SECURITY

Resolution adopted by the General Assembly. [on the report of the Sixth Committee (A/56/588 and Corr.1)]

PRIVACY POLICY STATEMENT ON THE PROCESSING OF PERSONAL AND SENSITIVE DATA OF THE CUSTOMERS WITHIN THE MEANING OF ARTICLE 13 AND FF. OF REGULATION (EU)

***I DRAFT REPORT. EN United in diversity EN 2012/0010(COD)

Submission to the Joint Committee on the draft Investigatory Powers Bill

Privacy Impact Assessment. April 25, 2006

AUSTRALIA: STUDY ON HUMAN RIGHTS COMPLIANCE WHILE COUNTERING TERRORISM REPORT SUMMARY

GAMING SECURITY PROFESSIONALS OF CANADA PROFESSIONNELS EN SÉCURITÉ DU JEU DU CANADA

If you do not accept any items within our Privacy Policy, Disclaimer or these Terms and Conditions documents, then you must not use the Site

RESTREINT UE/EU RESTRICTED

GENERAL CONDITIONS OF USE OF THE SUPPLIER PORTAL

Privacy Act; System of Records: Legal Case Management Records, State- to amend an existing system of records, Legal Case Management Records,

General Rules on the Processing of Personal Data SCHEDULE 1 DATA TRANSFER AGREEMENT (Data Controller to Data Controller transfers)...

January 14, Dear Chairman Graham and Ranking Member Feinstein:

Calif. Privacy Act Will Increase Data Breach Liability

closer look at Rights & remedies

UGANDA REVENUE AUTHORITY TERMS AND CONDITIONS FOR WEB PORTAL USE

EUROPEAN COMMITTEE ON CRIME PROBLEMS (CDPC) Draft Council of Europe Convention against Trafficking in Human Organs

The NATIONAL CONGRESS decrees: CHAPTER I PRELIMINARY PROVISIONS

CHARTER OF DIGITAL FUNDAMENTAL RIGHTS OF THE EUROPEAN UNION

Decision 021/2005 Mr Michael Collie and the Common Services Agency for the Scottish Health Service

Page M.1 APPENDIX M NOAA ADMINISTRATIVE ORDER

UNITED STATES DISTRICT COURT DISTRICT OF OREGON PORTLAND DIVISION

Resolution adopted by the General Assembly. [on the report of the Third Committee (A/66/457)]

Privacy International's comments on the Brazil draft law on processing of personal data to protect the personality and dignity of natural persons

IN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF COLUMBIA

DATA PROTECTION POLICY

Transcription:

BEFORE THE EUROPEAN COMMITTEE ON LEGAL COOPERATION OF THE COUNCIL OF EUROPE PLENARY MEETING OCTOBER 11-14, 2010 Draft Recommendation on the Protection of Individuals with regard to Automatic Processing Personal Data in the Context of Profiling adopted on June 1-4, 2010 COMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER WASHINGTON, DC September 14, 2010 Pursuant to the notice published by the European Committee on Legal Cooperation (CDCJ) of the Council of Europe published on August 17, 2010 regarding the Draft Recommendation on the Protection of Individuals with regard to Automatic Processing Personal Data in the Context of Profiling adopted on June 1-4, 2010 by the Consultative Committee of the Convention 108 for the Protection of Individuals with regard to Automatic Processing of Personal Data (ETS No. 108) the Electronic Privacy Information Center (EPIC) submits the following comments. About EPIC EPIC is a public interest research center in Washington, D.C. It was established in 1994 to focus public attention on emerging civil liberties issues and to protect privacy, the First Amendment, and constitutional values. EPIC is a leading civil liberties organization that has reported on developments in privacy and human rights around the world for many years. 1 EPIC strongly supports Council of Europe Convention 108 and has launched a campaign urging the US Government to support the Council of Europe Privacy Convention by proposing a resolution for the U.S. Senate. 2 Also, on January 28, 2010, twenty-nine members of the EPIC Advisory Board wrote to Secretary of State Hillary Rodham Clinton to urge that the United States begin the process of ratification of Council of Europe Convention 108. 3 1 See, e.g., PRIVACY AND HUMAN RIGHTS: AN INTERNATIONAL SURVEY OF PRIVACY LAWS AND DEVELOPMENTS (EPIC 2004) (A 775 page report on recent developments in over sixty countries around the world), available online at http://www.privacyinternational.org/survey/phr2004/. 2 Resolution for the United States Senate, January 29, 2009 available at http://privacycoalition.org/resolution-privacy_day.pdf 3 EPIC Letter to Secretary of State Hillary Rodham Clinton, January 28, 2010 available at http://epic.org/privacy/intl/epic_clinton_ltr_1-10.pdf COE Convention 108 1 Comments of EPIC

EPIC appreciates this opportunity to comment on the Draft Recommendation on the Protection of Individuals with regard to Automatic Processing Personal Data in the Context of Profiling, as it is an issue of increasing public importance and affects a fundamental human right: privacy. Importance of Privacy in Context of Automated Profiling The Committee has the objective of securing in the territory of each nation for every individual, whatever his nationality or residence, respect for his rights and fundamental freedoms, and in particular his right to privacy, with regard to automatic processing of personal data. To protect individuals right to privacy and to prevent illegal collection and processing of personal data, the Committee has recommended a legal framework of specific principles setting standards for profiling and personal data protection. Profiling brings both benefits and risks to the society. Through the collection of public records and the increasing use of automated processing of personal data, private sector companies and governments are amassing troves of personal information on citizens. This action posses serious problems regarding, citizen access to profiles, their accuracy, and the potential for misuse of personal information. In evaluating the reasonableness of processing personal data in the profiling context the Committee must weight in favor how profiling interferes with the privacy interest of individuals against the significance of the public interests served by such profiling. The private and public sector must prove that they are able to regulate or wisely use the vast storage of information they collect regarding individuals. The approval of profiling carries with it all of the dangers inherent in allowing others to record and classify behaviors about individuals in a democratic society. United States privacy law anticipated this problem. In enacting the Privacy Act of 1974, Congress sought to restrict the amount of personal information that federal agencies could collect and required agencies to be transparent in their information practices. The Privacy Act is intended "to promote accountability, responsibility, legislative oversight, and open government with respect to the use of computer technology in the personal information systems and data banks of the Federal Government[.]" 4 The US federal Privacy Act specifically notes that the exceptions for statistical research are for "a system of records maintained for statistical research or reporting purposes only and not used in whole or in part in making determinations about an identifiable individual,..." 5 In this regard, the US Privacy Act anticipated that profiling, when it had effects on identifiable individuals, should be subject to legal frameworks. Suggested Changes to the Appendix EPIC urges the Committee to strengthen the legal protection of individuals with 4 S. Rep. No. 93-1183, at 1 (1974). 5 5 U.S.C. 552a(6). COE Convention 108 2 Comments of EPIC

regard to automatic processing of personal information in the context of profiling. EPIC has addressed the following issues as raising most concern on the Draft Recommendation: Appendix Should Include Definition of "Privacy Enhancing Technology" Since the beginning of the online privacy debate, EPIC has urged the wide adoption of privacy-enhancing technologies to protect individuals. Without legal guarantees that data is collected for limited specific purposes, privacy technologies can currently do little to help individuals utilize their rights. Only when existing law provides those rights will technologies develop to help individuals take advantage of them. There is however, one area in which technology can address privacy in the absence of laws. That is in the promotion of anonymity and elimination of the need to collect personal data. Most of the activities conducted online such as reading news, shopping for products, searching for information, can be done without the collection of information from individuals. However, the current trend towards "personalization" results in the increased storage and analysis of these basic online activities. Info media companies that seek to provide information according to user preferences do not provide this anonymity. Rather than reinforcing that the dispersal of information should not be the norm, they seek to encourage more information collection by making it easier than ever for personal data to be disclosed. It is necessary a definition of "privacy enhancing technologies" in order for member states set up appropriate measures against the inaccurate development and use of technologies aimed at the illicit circumvention of technological measures protecting privacy. "Privacy Enhancing Technology" - "Techiques that minimize or eliminate the collection of Personally Identifiable Information" "Sex" as part of the definition of "Sensitive Data" The users of new technologies have employed personal data to violate autonomy and human dignity of others. Personal Data refers to any information relating to an identified or identified individual. Individuals can use privacy invasive technologies and behaviors against men or women in order to degrade or control. However, users of some of these behaviors and technologies disproportionately or entirely target women. These behaviors sexually objectify women. "Sex life" as defined in "Sensitive Data" does not refer to the identification of an individual s sex. Implementation of a Research Framework to monitor Profiling from the Private and Public Sector Private companies and Governments are at liberty to gather, process, and share individual s data without obtaining consent to specific data aggregation, archival, COE Convention 108 3 Comments of EPIC

and sharing policies and procedures. With profiling the reconstruction of a person's movements or transactions over a specific period of time, usually to ascertain something about the individual's habits, tastes, or predilections is necessary. The Madrid Declaration Our communication to Secretary of State Hillary Rodham Clinton also calls attention to the Madrid Privacy Declaration, in which civil society groups have urged countries that have not yet ratified the Council of Europe Convention to do so as soon as possible. 6 The signatories state, privacy is a fundamental human right. In the 21st century, it may become one of the most critical human rights of all. As an advocate for the Madrid Privacy Declaration, EPIC acknowledges that States must establish a comprehensive legal framework for privacy protection and an independent data protection authority that aids in assessing any adverse effect in individual privacy. The Madrid Declaration reminds the European Union member countries and Organization for Economic Co-operation and Development member countries of their obligations to protect the civil rights of their citizens under national constitutions and laws. Noting the increase in secret surveillance and lack of independent oversight in corporation's data collection practices, the Madrid Declaration sets forth warnings and urges action on the part of the members countries. The Madrid Declaration warns, "privacy law and privacy institutions have failed to take full account of new surveillance practices." Such failures to protect the privacy interests of citizens "jeopardize[]associated freedoms... and ultimately the stability of constitutional democracies." The Madrid Privacy Declaration also urges countries to develop means of properly implementing and enforcing such legal frameworks, and ensure that individuals are notified after a data breach has occurred. Furthermore, the Declaration encourages research into the effectiveness of data anonymous techniques, in an effort to determine whether such practices properly safeguard personal information. Civil society groups and experts recommend a "moratorium on the development or implementation of new systems of mass surveillance." Finally, the Declaration calls for the "establishment of a new international framework for privacy protection, with the full participation of civil society, that is based on the rule of law, respect for fundamental human rights, and support for democratic institutions." The COE 108 must incorporate the essentials on which the Madrid Declaration lays foundations. Conclusion The free flow of information is a principle of fundamental importance for individuals as well as nations. The Committee of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data must ensure that 6 The Madrid Privacy Declaration, adopted November 3, 2009, available at http://www.thepublicvoice.org/madrid- declaration/ COE Convention 108 4 Comments of EPIC

individuals are able to freely exchange information without risk that improper profiles will be established. Failure to protect the fundamental right of privacy thus adversely impacts the free flow of information. Thus the work of the Committee on this issue is vitally important. Those in charge of data must also guard against unauthorized disclosure or misuse of the information, and protect the data, hardware and software against physical hazards. We hope that prior adopting the Recommendation on Profiling the Council of Europe takes in consideration our view and proposals in respect to profiling. EPIC urges the Council of Europe to adopt a comprehensive privacy legislation based in this standard. Respectfully submitted, Marc Rotenberg, EPIC President Leslie J. Rivera Pagan, EPIC Fellow Electronic Privacy Information Center (EPIC) 1718 Connecticut Ave., NW Suite 200 Washington, DC 20008 1 202 483 1140 (tel) 1 202 483 1248 (fax) September 14, 2010 COE Convention 108 5 Comments of EPIC

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback