ID cards

I came across the latest press release about ID cards bill in the UK, which (if it is correct) is likely to be opposed by the Tories and Lib Dems in the House of Lords. If this is the case, we are likely to see a delay in the introduction of ID cards, if and when the Bill goes through. As I reiterated in my previous posting, I still cannot see how such an expensive measure (ID cards) could be justified, when there are other proportionate, cost effective ways that could be used. I do not know what the latest public poll is to ID cards, but even if we rely on the last survey back in November, the public is still divided over the issue. See more here.

Data Retention Directive - latest developments

The latest developments on the Data Retention Directive is that the EU justice and interior ministers have approved the controversial Directive. The storage of data (be it telephone calls or internet) is between 6 to 24 months. It should be added that it is not details about the content of the telephone calls that are stored but rather a record that a telephone call was made. More information of the latest press release can be found here.

As a starting point, see:

• Data Retention Petition Campaign
• EPIC: Data Retention
• Statewatch on Mandatory Data Retention of all Telecommunications

Not heard the last of Durant!

I have finally finished writing my paper, but in the process of doing so, there was a press release about the latest saga to the case of Durant.

For those who are unaware of the case of Durant, please see here for more information. Anyway, Durant is expected to submit an application to the ECHR against the UK government. The principle ground is that Durant had suffered a breach of Art. 8(1) ECHR which states that 'everyone has the right to respect for his private and family life, his home and his correspondence.' Once the application is submitted, the Court in Strasbourg has to decide whether Durant has a case and a decision is not expected until several years.

If the court decides to listen to Durant's case, I would be interested to see whether Durant would contend that the state had failed to take positive measures to protect D's right under Art. 8(1) ECHR. For more on privacy and its legal interpretation, I would refer you to a chapter I wrote a few years ago on privacy.

Photographs and other things....

Still trying to finish writing a paper, but I came across this press release about fining three photographers the equivalent of $1.37 Cdn each for invasion of privacy by taking pictures of Diana, Princess of Wales, and boyfriend Dodi Fayed the night of their fatal 1997 car crash, officials said yesterday. See here for further details.

Privacy Officer

A report that was recently published by Marketing Improvement found that most firms within the FTSE 100 were unable to respond properly to a request to speak to the company’s Privacy Officer. Only 28% of companies were able to direct the query to the correct person. The recommendation from the report is that companies appoint a Chief Privacy Officer who can deal with queries relating to privacy and data protection. However, the appointment would also assist the company in the compliance of the relevant data protection laws. Much more work still needs to be done to raise the awareness about data protection in companies and the UK Information Commissioner has gone some way to redress this.

For more details about the report, see the link (pdf) here.

Papers to write

I have been busy trying to write a paper which I hope to submit to a conference in Germany. As it raises some vital questions about data protection and its direction, I am keen that the paper is accepted, so that I am given the opportunity to discuss about this. I can't say anything more on this, but if accepted, I will make this available at some point later in the year.

Diverging from this slightly, Art. 29 Working Party (established under the Data Protection Directive 95/46/EC) has issued a paper on whistleblowing compliance.

The Working Party reported that cultural differences around the EU have made it impractical to issue general guidance at this stage. It has therefore chosen to focus on those areas that need guidance most – especially those affected by new legislation such as the US Sarbanes-Oxley Act, which penalises firms that do not comply with whistleblowing rules.

More details can be found here.

Annual report on data protection published

Just a quick note that the latest annual report on data protection by Art. 29 Working Party has been published. It also includes latest caselaw from each country and developments from countries outside the EEA (including Canada and the US).

Singapore to look at laws on privacy

I came across this latest press release about Singapore looking at laws to protect an individual's privacy. A report is expected by October this year, which will not only consider guidelines but also legislation in this area.

Information, Communications and The Arts Minister Lee Boon Yang admits that wider protection for personal information is definitely needed. Dr Lee told Parliament, "We also recognise the need to protect personal data and personal information and the possible misuse of personal information or even identity thefts. This is especially critical as infocomm technology can be misused and distributed with potentially adverse impact on the individuals concerned. MICA appreciates the need to take a wider perspective on data protection. We recognise that an effective data protection regime will be an important pillar to develop Singapore's position as a trusted IT hub."

It is certainly a step in the right direction. I am hoping to present a paper on Asian laws of privacy, so I would be interested to see what developments arise.

Phone records

In the latest saga to the sale of cell phone records of users in the US, the House Energy and Commerce Committee leaders are demanding answers from operators of Internet sites like "phonebust.com" and"datafind.org" that offer criminals, stalkers and any other paying customer the detailed records of a person's private calls made on cellular, wire line or Internet-based phones. More details can be found in this latest press release. I don't think we will hear the last of this matter, but if it will halt these illegitimate activities, then it will have achieved something. Whatever outcome, there is a need for stronger legal protection in the US.

ID cards - latest developments

According to the latest report, MPs have voted against making the government carry out a report on costs before introducing identity cards. However, a report is expected on costs every six months for the first 10 years of the scheme being in place. Furthermore, MPs also supported the idea that it would be compulsory for people to be given cards - and put on a register - when they apply for passports. I will say more on this later this week.

Insights

I recently attended a conference on privacy and the discussions that arose made me think about the recent cases of Campbell (supermodel) and Von Hannover case.

What was perhaps surprising was that there was less attention given about privacy on the internet. I say this because there appears to be a focus on the mainstream media such as newspapers (online/offline) and television but nothing on blogging and podcasting (where users do rely as their alternative source of information). Although the conference was both informative and interesting, I would have liked more discussion in these areas.

I would definitely recommend the book entitled Genetic privacy by Graeme Laurie. The book touches on the issues of genetics and its implications on privacy. Worth reading!

Proposed Rome II Regulation

I was reading through the press release, which seemed to indicate that there is some support by the UK government to the 'country of origin' proposal under the Rome Regulation II. The draft Rome Regulation II deals with non-contractual disputes and includes a provision on privacy. The draft proposal can be found here (pdf). Art. 6 of the proposed regulation provides for the violation of privacy and rights relating to personality:

Art. 6

1. The law applicable to a non-contractual obligation arising out of a violation of privacy or rights relating to the personality shall be the law of the forum where the application of the law designated by Article 3 would be contrary to the fundamental principles of the forum as regards freedom of expression and information.
2. The law applicable to the right of reply or equivalent measures shall be the law of the country in which the broadcaster or publisher has its habitual residence.

Art. 3 provides that

1. The law applicable to a non-contractual obligation shall be the law of the country in which the damage arises or is likely to arise, irrespective of the country in which the event giving rise to the damage occurred and irrespective of the country or countries in which the indirect consequences of that event arise.

2. However, where the person claimed to be liable and the person sustaining damage both have their habitual residence in the same country when the damage occurs, the noncontractual obligation shall be governed by the law of that country.

3. Notwithstanding paragraphs 1 and 2, where it is clear from all the circumstances of the case that the non-contractual obligation is manifestly more closely connected with another country, the law of that other country shall apply. A manifestly closer connection with another country may be based in particular on a pre-existing relationship between the parties, such as a contract that is closely connected with the non-contractual obligation in question.

The provision is significant because if it goes through then theoretically if an applicant suffers damage in a country that has stronger privacy rights, he/she could use their laws rather than rely on the UK, which does not have a common law to privacy but has to rely on the Data Protection Act 1998, law of confidentiality and where relevant the Human Rights Act 1998 (Art. 8 of the ECHR). It might be worthwhile for me to write an article on the implications of the proposed regulation.

For more details on the Rome Regulation II, see Diane Wallis's (MEP) website as a starting point.

Report on Identity Fraud

A report has recently been published by Council of Better Business Bureaus and Javelin Strategy & Research involving 5000 interviews with consumers. In brief, it found that identity fraud had decreased amongst adult victims between 2003 and 2006 from 10.1 million to 8.9 million people in the US. The average fraud amount per case has increased from $5,249 to $6,383, over 2 years. The report also highlighted four misperceptions:

Misperception #1: "Consumers are helpless to protect themselves"

Misperception #2: "Consumers bear the brunt of the financial losses from identity fraud"

Misperception #3: "Internet use increases the risks of identity fraud"

Misperception #4: " Seniors are most frequent targets of fraud operators"

Although the report is not free, more information can be found from this link to the BBB website.

Surveillance Society

Last night, I was listening to the recent discussion on Newsnight about whether UK (with all its legal measures) was sleep walking into a surveillance society. The interview was between Shami Chakrabarti, Director of Liberty and John Denham, Minister of State for the Home Office. What was interesting was the discussion about consumers being willing to give over their information to companies (reward cards), but possibly not the case when we talk about large DNA databases of information. Although it was acknowledged by the interviewees that there was no absolute right to privacy, there was still a need for open debate (even for DNA databases). The idea of a surveillance society is not far from people's mind. See the UK Information Commissioner's website on this subject and the Surveillance and Society webpage.