Personal and professional privacy – WS 02 2009

From EuroDIG Wiki
Jump to navigation Jump to search

14 September 2009 | 14:15-15:45
Programme overview 2009

Keywords and questions

Privacy protection; control over one's personal data; privacy as both a fundamental human right and an essential facilitator for a global economy; privacy as a business competitive advantage; current situation with regard to online privacy, profiling and targeting: widespread practice of collecting information about the activities and interests of users; privacy and human rights at work place, problem of surveillance of employees and work councils; privacy enhancing technologies: minimization on the collection of one's personal information; towards global data protection standards that are legally enforceable.

Session focus

Workshop focus: privacy protection, control over one's personal data; privacy as both a fundamental human right and an essential facilitator for a global economy; privacy as a business competitive advantage; standards for online privacy, profiling and targeting: collecting information about the activities and interests of users; privacy and human rights in the workplace: the problem of surveillance of employees and work councils; privacy enhancing technologies: minimisation on the collection of one’s personal information; towards global data protection standards that are legally enforceable.

Messages

Need for a user-centric approach

A user-centric approach to privacy at the European and global level was underlined with general consensus regarding the need for users to be able to control of their privacy. In this connection, there were two situations in which the informed consent of the user is required:

  • When the users click but have no idea what happens, who/where personal information is sent to, who is collecting this personal information, and if and how much personal information is being transferred to third parties (e.g. which and how many companies, entities or governments).
  • When the users do not read and understand the terms of service (and even if they do understand) – do they have any real choice of services considering viable alternatives? Options should be provided that offer a realistic possibility that does not require an exchange of personal data for the desired service.

Furthermore, we are more and more constructed by world data collectors outside of our influence. We are not only leaving our information behind: our identity is actually being constructed by other players in the online world. The issue should be addressed that the environment is producing information about us, creating our identity without the participation and awareness of the data subject.

Need for user-centric legal regulation and next steps:

While online advertising plays a critically important role in the Internet and Web 2.0, the majority of users are not well-informed about the potential impact personal data collection will have on their daily lives. The advertising revenue model has not been addressed as yet adequately by policy makers.

Furthermore, increasing vertical consolidation between search engines and online advertising companies gives them unprecedented control over large personal information databases, and the issue between competition and privacy should be addressed.

The principles of privacy, data protection and self-determination should be included in the concept and design of applications and IT projects irrespective of whether they are private or governmental, national or transnational processes. This also includes fostering open standards and open design.

Priority should be given to privacy of the body in Internet discourse both from a medical viewpoint as well as in the workplace, where RFID or other kinds of locators may be inserted into workplace ID or clothing, as well as medical apparatus.

Employees have a right to privacy at the (online) workplace; and their rights should be enforced. Basic rights such as freedom of speech and freedom of assembly should be strengthened in the information society. Online communications between employee associations (trade unions) and employees should be facilitated and free from monitoring.

A noteworthy best practice for many European countries would be that any introduction of technology that can serve to monitor workers must be co-determined by workers’ representatives.

Access to online services should be possible in an anonymous way.

Data retention should be considered as a threat to privacy and to basic human rights such as freedom of expression, freedom of press and freedom of association.

Countries are encouraged to adopt and enforce data protection laws covering all sectors, both online and offline, based on international privacy standards that are built on the rule of law, supportive of democratic institutions, and safeguard human rights such as Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the 108 Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data.