Embed Size (px)
Citation preview
Copyright1988-2006 1
Digital Privacy
Roger Clarke, Xamax Consultancy, CanberraBoard Member, Australian Privacy
Foundation Visiting Professor, Unis. of Hong Kong, U.N.S.W., ANU
http://www.anu.edu.au/Roger.Clarke/......../DV/DigPriv-0611 {.html,.ppt}
ACMA Information Communications Entertainment
Conference, Canberra, 23-24 November 2006
Copyright1988-2006 2
What is Privacy ?The interest that individuals havein sustaining a 'personal space',
free from interferenceby other people and organisations
Dimensions of Privacy• The Physical Person• Personal Behaviour• Personal Communications• Personal Data
Copyright1988-2006 3
Privacy is a Fundamental Human Right
• UDHR 1948 (Art. 12)• ICCPR 1966 (Art. 17)• Euro Convention on Human Rights (Art. 8)• Charter of Fundamental Rights of the European Union (Arts. 7
and 8)• National Constitutions and Bills of Rights
Privacy is not an ‘Optional Extra’Privacy is not a Mere Economic
Right
Copyright1988-2006 4
Why is Privacy ?
• Physical Needs• Psychological Needs• Social / Sociological Needs• Economic Needs• Political Needs• The Philosophical Level
Copyright1988-2006 5
Privacy Protection
• Privacy can conflict with other interests:• personal conflict of interests• interests of another person• interests of a group or community• interests of an organisation• interests of society as a whole
• Privacy Protection is a process of finding appropriate balances between privacy and multiple competing interests
Copyright1988-2006 6
The Elements of Effective Solutions
• Legal Frameworks
• Constructive Dialogues
• Codes• Ongoing
Consultative Processes
• Organisational Protections
• Technical Protections
• Laws• Sanctions• Enforcement
Regimes
Copyright1988-2006 7
The Vacuousness of Data Protection Laws
• FIPs (‘Fair Information Practices’) were designed for ‘administrative convenience’
• OECD Guidelines were designed to protect businesses from inconsistent national laws
• Exceptions, Exemptions, Loop-Holes• Over-Rides and Small-Print Amendments• 1980 Provisions for 1970s Computing
http://www.anu.edu.au/people/Roger.Clarke/DV/PP21C.html
Copyright1988-2006 8
The Privacy Amendment (Private Sector) Act 2000
• Ignored the Outcomes of Consultation• 253 pages; > 3,000 words of 'Principles',
containing 24 instances of 'reasonable'• Full of exemptions and exceptions• Far short of the OECD Guidelines of 1980• Thoroughly inadequate cf. the EU Directive• A Poor Attempt at a 3Q 20th Century Law• World's Worst Privacy Legislation,
or, more simply, Anti-Privacy Legislation
Copyright1988-2006 9
Community Ethos >>
• Inter-Personal Communications
• Egalitarianness• Openness• Participation• Mutual Service• Community• Freedoms• Gratis Services
Cyberculture Ethos• Inter-Personal
Communications• Internationalism• Egalitarianness• Openness• Participation• Mutual Service• Community• Freedoms• Gratis Services
And the Impact of Digital?
Copyright1988-2006 10
Public Dissatisfactions Are Piling Up
• Spam and Telemarketing Abuse continue to be bad for eBusiness
• Malware has been bad for eBusinessand change is going to be slow
• Regulatory activity is near-non-existent (TIO, ACA/ACMA, OFPC)
• Employee Use of the Internet
• Many More Major Issues:
• cookies that breachthe IETF standard
• web-bugs• adware• spyware• silent numbers• IPND• ENUM• RFID• ...
Copyright1988-2006 11
The Privacy Advocacy Core
• Privacy International – http://www.privacyinternational.org/
• U.S.A. – many, including:• ACLU – http://www.aclu.org/privacy/• EPIC – http://www.epic.org/privacy/id_cards/
• U.K. – many, especially:• SayNo2ID – http://www.no2id.net/
• Australia – many, especially:• Aust Privacy Foundation –
http://www.privacy.org.au/• Electronic Frontiers Aust– http://www.efa.org.au/
Copyright1988-2006 12
PRIVACY as a Strategic Factor
• Privacy is much more than mere Data Protection, and mere Fair Information Practices
• Elements of a Privacy Strategy• A Proactive Stance• An Express Strategy• An Articulated Plan• Resourcing• Monitoring of Performance against the Plan
