Privacy on the InternetDr. Julia Sziklay

Office of the Parliamentary Commissioner for Data Protection and Freedom of Information

7-1-2009

Internet = "network of networks"

• a global data communications system - a hardware and software infrastructure that provides connectivity between computers

• consists of millions of private and public, academic, business, and government networks of local to global scope that are linked by various technologies

• carries all kind of information resources and services, such as electroniv mail, online chat, file transfer and file sharing, online gaming and the inter-linked hypertext documents and other resources of the World Wide Web.

History of the Internet

• 1946: a comic science-fiction by M. Leinster „A Logic Named Joe”• 1958: Advanced Research Projects Agency (first goal to connect

country-wide radar systems for the U.S. Air Force)• 1969: first network connection between the University of California

and Stanford Research Institute• 1978: International Packet Switched Service (first commercial use in

the telecommunication and the bank sector)• 1988: open for commercial use• 1991: European Organization for Nuclear Research publicized the

World Wide Web project (with a web browser one can view Web- pages that may contain text, images, videos and other multimedia and navigate between them using hyperlinks)

• 1993: WWW was declared as free to use for everyone• 2008, June: 1.463 billion people user

Characteristics of the Internet

• (+) public and available for anyone,• (+) a useful tool for opening access to data of

public interest • (+) serves freedom of thinking and freedom of

expression on a global levelBUT

• (-) rather vulnerable in terms of data security• (-) a potential source of inaccurate or untruthful

information;• (-) apt to make room for illegal activity

Relationship between privacy and the freedom of expression

right to share one’s thoughts and experiences with a community of fellow

Internet usersBUT

contributors should avoid infringing on other people’s individual rights, including their right to privacy and the protection of

personal data

Internet privacy

ability to control what information one reveals about oneself over the Internet,

and to control who can access that information

Risks to Internet privacy

User-tracking:

• Internet Service Providers (capable to observe any Internet-related activity of the user)

• Cookies (parcels of text sent by a server) tracking and maintaining specific information of the user

• Data logging (may include recording times when the computer is in use, or which web sites are visited)

• Spyware programs• Web bug• Social engineering• Phishing• Malicious proxy server• Search engines

Risks to Internet privacy (ctd.)Illegal and harmful content:

• A. Need to fight against the illegal content of the Internet with legal tools (top-down control):Council of Europe`s 2001 Convention on Cybercrime (child-pornography) – Additional Protocol, 2006 (racist and xenophobic materials), but only 11 countries ratified it…)

• OECD Recommendation on Cross-border Co-operation in the Enforcement of Laws Protecting Privacy

• European Commission: Safer Internet and Safer Internet Plus programs

• B. Need to fight against the harmful content of the Internet (bottom-up control): from self-regulation to co-regulation

Risks to Internet privacy (ctd.)

On-line social networks:

• Concept dates back to the 1960s, but participation increased in recent years (Hungary: 1.5 million registered iWiW users)

• Participants are offering self-profile in order to contact or being contacted.

• Risks range from identity theft to online and phisical stalking, embarrasment, discrimination and blackmailing.

Principle of personal data frugality and data avoidance

• Anonymising and pseudonym use e.g. nicknames

• Moderation principles

Problems: • which identifier used on the Internet qualify as

personal data? • uncontrollable manners of personal data

disclosure• lack of international cooperation

Concrete cases (Hungary) misuse of personal data on community sites

• An article posted at the web site of a Hungarian daily featured a series of conversations otherwise accessible

from a members-only forum (reserved

for qualified physicians).

The punishing tool of publicity…

• “Web Hall of Shame” featuring the uploaded data of persons who were found by the editors

to have violated the written or unwritten rules of various areas of daily life, e.g. by breaking or ignoring the traffic regulations.

• A planned web-site to set up by creators and beneficiaries of copy-right featuring writings without acknowledging the original authorship.

iWiW-cases grievances of insulting, obscene statements, innuendos,and

photos being published

Since this kind of activity qualifies as unlawful data processing, iWiW Kft., based on its data protection regulations, reserves the right to delete – without any further notice – any user who misuses any other person’s name, image, email address or other personal information, and to delete or to restrict users who harass other individuals, whether on message boards, in the form of private messages, by means of lists or any other manner. iWiW Kft. will – without any notice – remove documents which it finds to be unlawful, in conflict with someone else’s personality rights, indecent,threatening, libellous, defamatory, obscene or otherwise objectionable in its exclusive decision-making competence. Data subjects are also due the possibility of seeking remedy at a court of law, moreover to press criminal charges in case of significant injury.

Disturbances in Budapest, 2006

• The case of www.kuruc.info (a website with political far-right affiliation)

disclosing names, addresses, home

phone and mobile phone numbers of judges and prosecutors participating in criminal proceedings against the rioters.

Spams

• only with the previously gained consent of the recipient

• businesslike offering of the possibility of data transfer also qualifies as commercial advertising activity, as well as electronic advertising

Conclusions:EU „digital future” strategies

250 million European Internet users (40 million growth in 2007) BUT users’ lack of trust

→ already threatening economic development →EU Commission initiatives e.g. Launch Safer Internet 2009-13, guides on digital education etc.

Children being a special target group

• Children spend annual 300 billion $ of their pocket money on a global market!

• More vulnerability:

- underestimation of risks,

- ignorance of privacy information

→ need of additional protection!

USA, 1998: Children’s Online Privacy Protection Act (COPPA)

/children:under the age of 13/

The operator is strictly required:

- to provide notice on the website of what information is collected from children by the operator, how the operator uses such information, and the operator's disclosure practices for such information;

- to obtain verifiable parental consent for the collection, use, or disclosure of personal information from children;

- upon request of a parent a description of the specific types of personal information collected from the child ; the opportunity at any time to refuse to permit the operator's further use of personal information from that child;

- to prohibit conditioning a child's participation in a game, the offering of a prize, or another activity on the child disclosing more personal information than is reasonably necessary to participate in such activity;

- to establish and maintain reasonable procedures to protect the confidentiality, security, and integrity of personal information collected from children.

- to meet Safe Harbour requirements approved by the Federal Trade of Commission.

• Attorney general of a State may bring civil action on behalf of the residents in a district court

Awareness raising-programs for children

- by DPAs e.g. „DADUS” program /Portugal/

- by content-service providers

e.g.”Friendly Internet Campaign” /Hungary/

- by NGOs e.g.Media Awareness Network

/Canada/

The Web shall not be a realm of legal immunity!

Thank you for your attention!Office of the

Parliamentary Commissioner for

Data Protection and Freedom of Informationwww.obh.hu

H-1051 Budapest Nádor u. 22

privacy@obh.hu

tel: 4757186fax: 2693541