ebook img

Enforcing Privacy: Regulatory, Legal and Technological Approaches PDF

503 Pages·2016·7.231 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Enforcing Privacy: Regulatory, Legal and Technological Approaches

Law, Governance and Technology Series 25 David Wright Paul De Hert Editors Enforcing Privacy Regulatory, Legal and Technological Approaches Law, Governance and Technology Series Volume 25 Series editors Pompeu Casanovas Institute of Law and Technology, UAB Bellaterra, Barcelona Spain Giovanni Sartor University of Bologna (Faculty of Law-CIRSFID) and European University Institute of Florence Bologna Italy The L aw-Governance and Technology Series is intended to attract manuscripts arising from an interdisciplinary approach in law, artifi cial intelligence and information technologies. The idea is to bridge the gap between research in IT law and ITapplications for lawyers developing a unifying techno-legal perspective. The series will welcome proposals that have a fairly specifi c focus on problems or projects that will lead to innovative research charting the course for new interdisciplinary developments in law, legal theory, and law and society research as well as in computer technologies, artifi cial intelligence and cognitive sciences. In broad strokes, manuscripts for this series may be mainly located in the fi elds of the Internet law (data protection, intellectual property, Internet rights, etc.), Computational models of the legal contents and legal reasoning, Legal Information Retrieval, Electronic Data Discovery, Collaborative Tools (e.g. Online Dispute Resolution platforms), Metadata and XML Technologies (for Semantic Web Services), Technologies in Courtrooms and Judicial Offi ces (E-Court), Technologies for Governments and Administrations (E-Government), Legal Multimedia, and Legal Electronic Institutions (Multi-Agent Systems and Artifi cial Societies). More information about this series at h ttp://www.springer.com/series/8808 David Wright • Paul De Hert Editors Enforcing Privacy Regulatory, Legal and Technological Approaches Editors David Wright Paul De Hert Trilateral Research Faculty of Law and Criminology London , UK Vrije Universiteit Brussel Brussels , Belgium ISSN 2352-1902 ISSN 2352-1910 (electronic) Law, Governance and Technology Series ISBN 978-3-319-25045-8 ISBN 978-3-319-25047-2 (eBook) DOI 10.1007/978-3-319-25047-2 Library of Congress Control Number: 2016937934 © Springer International Publishing Switzerland 2016 T his work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifi cally the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfi lms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. T he use of general descriptive names, registered names, trademarks, service marks, etc. in this publication does not imply, even in the absence of a specifi c statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use. T he publisher, the authors and the editors are safe to assume that the advice and information in this book are believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the editors give a warranty, express or implied, with respect to the material contained herein or for any errors or omissions that may have been made. Printed on acid-free paper This Springer imprint is published by Springer Nature The registered company is Springer International Publishing AG Switzerland Contents 1 Introduction to Enforcing Privacy......................................................... 1 David Wright and Paul De Hert 2 Enforcing Privacy .................................................................................... 13 David Wright Part I Countries 3 Failures of Privacy Self-Regulation in the United States .................... 53 Robert Gellman and Pam Dixon 4 From a Model Pupil to a Problematic Grown-Up: Enforcing Privacy and Data Protection in Hungary............................ 79 Ivan Szekely 5 A Tale of Two Privacies: Enforcing Privacy with Hard Power and Soft Power in Japan .......................................... 105 Hiroshi Miyashita 6 The Spanish Experience of Enforcing Privacy Norms: Two Decades of Evolution from Sticks to Carrots ............................... 123 Artemio Rallo Lombarte 7 Data Protection and Enforcement in Latin America and in Uruguay .............................................................. 145 Ana Brian Nougrères Part II International Mechanisms 8 The International Working Group on Data Protection in Telecommunications: Contributions to Transnational Privacy Enforcement ........................ 183 Alexander Dix v vi Contents 9 Enforcing Privacy Across Different Jurisdictions ................................ 195 Dan Svantesson 10 Cross-Border Breach Notification ......................................................... 223 Blair Stewart 11 Responsive Regulation of Data Privacy: Theory and Asian Examples .................................................................. 233 Graham Greenleaf 12 Enforcement and Reform of the EU-US Safe Harbor Agreement .......................................................................... 261 Chris Connolly and Peter van Dijk Part III Instruments 13 How Effective Are Fines in Enforcing Privacy? ................................... 287 Hazel Grant and Hannah Crowther 14 Enforcing Privacy Rights: Class Action Litigation and the Challenge of c y pres ................................................. 307 Marc Rotenberg and David Jacobs 15 Data Protection Certification: Decorative or Effective Instrument? Audit and Seals as a Way to Enforce Privacy ................................................................... 335 Kirsten Bock 16 The Co-existence of Administrative and Criminal Law Approaches to Data Protection Wrongs ....................................... 357 Paul De Hert and Gertjan Boulet 17 Whom to Trust? Using Technology to Enforce Privacy ....................... 395 Daniel Le Métayer Part IV Challenges for the Future 18 The Irish DPA and Its Approach to Data Protection ........................... 441 Billy Hawkes 19 Getting Our Act Together: European Data Protection Authorities Face Up to Silicon Valley .................................................... 455 Jacob Kohnstamm 20 Regaining Control and Sovereignty in the Digital Age ........................ 473 Jan Philipp Albrecht 21 Privacy Enforcement in Search of Its Base ........................................... 489 James B. Rule Index ................................................................................................................. 499 About the Authors Jan Philipp Albrecht is from Germany, a member of the European Parliament (MEP) representing the group of the Greens/European Free Alliance. He is also vice-chair of the Committee on Civil Liberties, Justice and Home Affairs (“the LIBE Committee”), which has been shepherding the proposed data protection leg- islation through the parliament. His committee considered more than 4,000 pro- posed amendments. Kirsten Bock is the legal counsel at the Data Protection Commissioner’s offi ce in Schleswig-Holstein, Germany, the Unabhängiges Landeszentrum für Datenschutz, ULD (Independent Centre for Privacy Protection). She was the initiator and head of the European Privacy Seal EuroPriSe and responsible for EuroPriSe certifi cation criteria, policy and governance. She works with industry, government and NGOs on programmes, standards, best practice and regulation in privacy and data protection. Kirsten studied law and legal philosophy in Germany and the UK and has lectured in criminal and data protection law. Gertjan Boulet i s a Ph.D. candidate in law at the Vrije Universiteit Brussel (Free University Brussels, Belgium) and a consortium member of the EU-funded PHAEDRA project (“Improving Practical and Helpful cooperAtion betweEn Data PRotection Authorities”). His doctoral degree focuses on cross-border law enforce- ment investigations on the Internet. Ana Brian Nougrères works as a lawyer and as a consultant at the Senate and Chamber of Representatives in Uruguay and teaches graduate and undergraduate students the principles of data protection and legal informatics at the School of Law of the public Uruguayan University (Facultad de Derecho, Universidad de la República). She is the director of the Privacy and Data Protection branch at Estudio Jurídico BrianN and Associates, based in Montevideo, Uruguay. vii viii About the Authors Chris Connolly i s a director of Galexia, a privacy advocate and researcher and the author of signifi cant reports on Safe Harbor compliance, privacy trustmarks and privacy regulatory structures. Hannah Crowther i s an associate solicitor at Bristows LLP. Her practice involves advising on a wide variety of data protection issues, ranging from large-scale com- pliance projects to individual subject access requests. She is also increasingly involved in contentious work, assisting clients in relation to data breaches, individ- ual complaints and regulatory investigations. Paul De Hert is a professor of law at Vrije Universiteit Brussel and an associate professor at the Institute of Law and Technology at Tilburg University. He has co- authored many articles and co-edited numerous books on data protection. Alexander Dix is the Berlin commissioner for Data Protection and Freedom of Information and chairman of the International Working Group on Data Protection in Telecommunications (internationally known as the “Berlin Group”). Pam Dixon i s a researcher, author and the founder and executive director of the World Privacy Forum, a public interest research group. Her work in privacy includes ground-breaking reports, books and testimony in the area of privacy regulation and public policy, medical identity theft and health privacy and privacy issues related to emerging technologies. Robert Gellman is a privacy and information policy consultant, based in Washington, DC. He has also been chief counsel to a subcommittee in the US House of Representatives; a senior fellow, Center on Law and Information Policy, Fordham University School of Law; and a fellow at the Institute for Quantitative Social Science, Harvard University. Hazel Grant is a partner and head of the Privacy and Information Law Group at Fieldfi sher in London. She has had 20 years’ experience of advising on data privacy matters and has advised on freedom of information law issues since the implemen- tation of the law in England and Wales. Her work includes advising on general data privacy compliance issues for global businesses, carrying out privacy impact assess- ments in new public sector programmes and advising on data breaches, claims and enforcements. She is an editor of the E ncyclopedia of Data Protection and Privacy and a contributing editor on data protection and freedom of information matters for the Encyclopaedia of IT Law (both Sweet and Maxwell). Graham Greenleaf is professor of law and information systems at UNSW Australia. He has been involved in privacy issues for 40 years and is Asia-Pacifi c editor of P rivacy Laws & Business International Report. His most recent book is Asian Data Privacy Laws: Trade and Human Rights Perspectives (OUP 2014). In About the Authors ix 2010, he was made a member of the Order of Australia for his contributions to pri- vacy protection and free access to legal information. Billy Hawkes served as Ireland’s data protection commissioner from 2005 to 2014. He also served as chair of INTERPOL’s data protection oversight body, the Commission for the Control of Interpol Files (CCF). His previous career was in the Irish Civil Service. David Jacobs was formerly consumer protection counsel at the Electronic Privacy Information Center. He is a graduate of the University of Wisconsin-Eau Claire and Harvard Law School. At Harvard, he was involved with the Cyberlaw Clinic at the Berkman Center for Internet and Society and worked as a research assistant to for- mer professor John Palfrey. Jacob Kohnstamm is the chairman of the Dutch Data Protection Authority (College bescherming persoonsgegevens), whose six-year term was renewed in August 2010. He was also chairman of the Article 29 Data Protection Working Party between 2010 and 2014. Daniel Le Métayer i s research director for INRIA, the French National Institute for Research in Computer Science and Control, and has been involved in various international projects on privacy, IT security, software design and analysis. Artemio Rallo Lombarte is the chair of Constitutional Law of the Jaume I University of Castellón, Spain. While the director of the Spanish Data Protection Agency (2007–2011), he hosted the 31st International Conference of Data Protection and Privacy Commissioners in Madrid. He was also a director general of the Centre for Legal Studies of the Spanish Ministry of Justice from 2004 to 2007. Hiroshi Miyashita i s an associate professor, Faculty of Policy Studies, Chuo University, Tokyo. In 2012–2013, he was a visiting scholar at the Harvard Law School. He is also an advisor in the Offi ce of Personal Information Protection, in the Cabinet Offi ce. Marc Rotenberg i s the president and executive director of the Electronic Privacy Information Center (EPIC) in Washington, DC. He teaches information privacy law at Georgetown University Law Center and frequently testifi es before Congress on emerging privacy and civil liberties issues. James B. Rule has been doing research and writing on surveillance and privacy protection throughout his career. He is author, co-author or editor of four books and many articles on privacy and personal information. He has held teaching and research positions at MIT, Oxford University, the University of Bordeaux, Stony Brook University and the University of California, Berkeley, where he is now affi li- ated with the Center for the Study of Law and Society. He has also been a fellow at

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.