Privacy in the Post-NSA Era: Time for a Fundamental Revision?

Privacy in the Post-NSA Era: Time for a Fundamental Revision? external link

JIPITEC, num: 1, 2014

Abstract

Big Brother Watch and others have filed a complaint against the United Kingdom under the European Convention on Human Rights about a violation of Article 8, the right to privacy. It regards the NSA affair and UK-based surveillance activities operated by secret services. The question is whether it will be declared admissible and, if so, whether the European Court of Human Rights will find a violation. This article discusses three possible challenges for these types of complaints and analyses whether the current privacy paradigm is still adequate in view of the development known as Big Data.

Links

http://www.ivir.nl/publicaties/download/1437.pdf

Grondrechten, Privacy

RIS

Save .RIS

Bibtex

Save .bib

Deltaplan voor online privacy & beveiliging external link

Arnbak, A.

Het Financieele Dagblad, 2014

Links

https://www.axelarnbak.nl/2014/11/04/derde-column-in-financieele-dagblad-deltaplan-online-privacy-en-beveiliging/

Cybersecurity, data retention, ECHR, Grondrechten, hacking, NSA, Privacy, Surveillance, wiretapping

RIS

Save .RIS

Bibtex

Save .bib

Behavioural Sciences and the Regulation of Privacy on the Internet external link

Zuiderveen Borgesius, F.

2014

Abstract

This chapter examines the policy implications of behavioural sciences insights for the regulation of privacy on the Internet, by focusing in particular on behavioural targeting. This marketing technique involves tracking people’s online behaviour to use the collected information to show people individually targeted advertisements. Enforcing data protection law may not be enough to protect privacy in this area. I argue that, if society is better off when certain behavioural targeting practices do not happen, policymakers should consider banning them.

Links

http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2513771

behavioural economics, behavioural targeting, cookies, Data protection, e-Privacy Directive, Grondrechten, nudge, nudging, Privacy, profiling, tracking

RIS

Save .RIS

Bibtex

Save .bib

Google Spain v. González: Did the Court forget about freedom of expression? external link

Zuiderveen Borgesius, F. & Kulk, S.

European Journal of Risk Regulation, num: 3, 2014

Abstract

In this note we discuss the controversial judgment in Google Spain v. González of the Court of Justice of the European Union (CJEU). Our focus is on the judgment’s implications for freedom of expression. First, the facts of the case and the CJEU’s judgment are summarised. We then argue that the CJEU did not give enough attention to the right to freedom of expression. By seeing a search engine operator as a controller regarding the processing of personal data on third party web pages, the CJEU assigns the operator the delicate task of balancing the fundamental rights at stake. However, such an operator may not be the most appropriate party to balance the rights of all involved parties, in particular in cases where such a balance is hard to strike. Furthermore, it is a departure from human rights doctrine that according to the CJEU privacy and data protection rights override, “as a rule”, the public’s right to receive information. In addition, after the judgement it has become unclear whether search engine operators have a legal basis for indexing websites that contain special categories of data. We also discuss steps taken by Google to comply with the judgment.

Links

http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2491486

Data protection, Freedom of expression, Grondrechten, intermediary liability, Privacy, right to be forgotten, search engines, Vrijheid van meningsuiting

RIS

TY  - JOUR
AU  - Zuiderveen Borgesius, F.
AU  - Kulk, S.
PY  - 1030
DA  - 2014-10-30
T1  - Google Spain v. González: Did the Court forget about freedom of expression?
JO  - European Journal of Risk Regulation
NV  - 3
UR  - http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2491486
AB  - In this note we discuss the controversial judgment in Google Spain v. González of the Court of Justice of the European Union (CJEU). Our focus is on the judgment’s implications for freedom of expression. First, the facts of the case and the CJEU’s judgment are summarised. We then argue that the CJEU did not give enough attention to the right to freedom of expression. By seeing a search engine operator as a controller regarding the processing of personal data on third party web pages, the CJEU assigns the operator the delicate task of balancing the fundamental rights at stake. However, such an operator may not be the most appropriate party to balance the rights of all involved parties, in particular in cases where such a balance is hard to strike. Furthermore, it is a departure from human rights doctrine that according to the CJEU privacy and data protection rights override, “as a rule”, the public’s right to receive information. In addition, after the judgement it has become unclear whether search engine operators have a legal basis for indexing websites that contain special categories of data. We also discuss steps taken by Google to comply with the judgment.
K1  - Data protection
K1  - Freedom of expression
K1  - Grondrechten
K1  - intermediary liability
K1  - Privacy
K1  - right to be forgotten
K1  - search engines
K1  - Vrijheid van meningsuiting
ER  -

Save .RIS

Bibtex

Article{nokey,
	title = {Google Spain v. González: Did the Court forget about freedom of expression?},
	author = {Zuiderveen Borgesius, F. and Kulk, S.},
	year = {1030},
	date = {2014-10-30},
	journal = {European Journal of Risk Regulation},
	number = {3},
	abstract = {In this note we discuss the controversial judgment in Google Spain v. González of the Court of Justice of the European Union (CJEU). Our focus is on the judgment’s implications for freedom of expression. First, the facts of the case and the CJEU’s judgment are summarised. We then argue that the CJEU did not give enough attention to the right to freedom of expression. By seeing a search engine operator as a controller regarding the processing of personal data on third party web pages, the CJEU assigns the operator the delicate task of balancing the fundamental rights at stake. However, such an operator may not be the most appropriate party to balance the rights of all involved parties, in particular in cases where such a balance is hard to strike. Furthermore, it is a departure from human rights doctrine that according to the CJEU privacy and data protection rights override, “as a rule”, the public’s right to receive information. In addition, after the judgement it has become unclear whether search engine operators have a legal basis for indexing websites that contain special categories of data. We also discuss steps taken by Google to comply with the judgment.},
	keywords = {Data protection, Freedom of expression, Grondrechten, intermediary liability, Privacy, right to be forgotten, search engines, Vrijheid van meningsuiting},
}

Save .bib

Inzage in de minuten van de asielprocedure: persoonsgegevens of geen persoonsgegevens? external link

Zuiderveen Borgesius, F.

Asiel & Migrantenrecht, num: 7, 2014

Links

http://www.asielenmigrantenrecht.nl/inhoudsopgave.cfm?jr=2014&nr=7

Grondrechten, Privacy

RIS

Save .RIS

Bibtex

Save .bib

Welcome to the jungle: de aansprakelijkheid van internet-intermediairs voor privacyschendingen in Europa external link

van der Sloot, B.

SEW - Tijdschrift voor Europees en economisch recht, num: 10, pp: 420-431., 2014

Abstract

In Europa zijn globaal drie regimes van toepassing op de aansprakelijkheid van internetintermediairs voor privacyschendingen begaan door hun gebruikers via hun netwerk. Dit zijn de e-commercerichtlijn, die providers onder bepaalde voorwaarden uitsluit van aansprakelijkheid, de Richtlijn bescherming persoonsgegevens, die providers die actief persoonsgegevens verwerken tal van plichten en verantwoordelijkheden oplegt, en de in het EVRM vervatte vrijheid van meningsuiting, die internetproviders onder voorwaarden bepaalde privileges en vrijheden toekent. Deze stelsels zijn ieder op een eigen gebied van toepassing, maar kennen ook een gedeeltelijke overlap, terwijl ze elk een geheel eigen ration en beschermingsregime kennen. In de praktijk brengt dit rechtsongelijkheid en onzekerheid met zich mee, voornamelijk voor providers die actief betrokken zijn bij de inrichting van online platforms.

Links

http://www.ivir.nl/publicaties/download/1429.pdf

Grondrechten, Privacy

RIS

TY  - JOUR
AU  - van der Sloot, B.
PY  - 1030
DA  - 2014-10-30
T1  - Welcome to the jungle: de aansprakelijkheid van internet-intermediairs voor privacyschendingen in Europa
JO  - SEW - Tijdschrift voor Europees en economisch recht
NV  - 10
SP  - 420-431.
UR  - http://www.ivir.nl/publicaties/download/1429.pdf
AB  - In Europa zijn globaal drie regimes van toepassing op de aansprakelijkheid van internetintermediairs voor privacyschendingen begaan door hun gebruikers via hun netwerk. Dit zijn de e-commercerichtlijn, die providers onder bepaalde voorwaarden uitsluit van aansprakelijkheid, de Richtlijn bescherming persoonsgegevens, die providers die actief persoonsgegevens verwerken tal van plichten en verantwoordelijkheden oplegt, en de in het EVRM vervatte vrijheid van meningsuiting, die internetproviders onder voorwaarden bepaalde privileges en vrijheden toekent. Deze stelsels zijn ieder op een eigen gebied van toepassing, maar kennen ook een gedeeltelijke overlap, terwijl ze elk een geheel eigen ration en beschermingsregime kennen. In de praktijk brengt dit rechtsongelijkheid en onzekerheid met zich mee, voornamelijk voor providers die actief betrokken zijn bij de inrichting van online platforms.
K1  - Grondrechten
K1  - Privacy
ER  -

Save .RIS

Bibtex

Article{nokey,
	title = {Welcome to the jungle: de aansprakelijkheid van internet-intermediairs voor privacyschendingen in Europa},
	author = {van der Sloot, B.},
	year = {1030},
	date = {2014-10-30},
	journal = {SEW - Tijdschrift voor Europees en economisch recht},
	number = {10},
	pages = {420-431.},
	abstract = {In Europa zijn globaal drie regimes van toepassing op de aansprakelijkheid van internetintermediairs voor privacyschendingen begaan door hun gebruikers via hun netwerk. Dit zijn de e-commercerichtlijn, die providers onder bepaalde voorwaarden uitsluit van aansprakelijkheid, de Richtlijn bescherming persoonsgegevens, die providers die actief persoonsgegevens verwerken tal van plichten en verantwoordelijkheden oplegt, en de in het EVRM vervatte vrijheid van meningsuiting, die internetproviders onder voorwaarden bepaalde privileges en vrijheden toekent. Deze stelsels zijn ieder op een eigen gebied van toepassing, maar kennen ook een gedeeltelijke overlap, terwijl ze elk een geheel eigen ration en beschermingsregime kennen. In de praktijk brengt dit rechtsongelijkheid en onzekerheid met zich mee, voornamelijk voor providers die actief betrokken zijn bij de inrichting van online platforms.},
	keywords = {Grondrechten, Privacy},
}

Save .bib

De noodzaak om privacy als publiek belang te herfomuleren external link

van der Sloot, B.

Christen Democratische Verkenningen, num: 3, pp: 125-132., 2014

Abstract

Privacy wordt tegenwoordig geformuleerd als individueel recht dat bescherming biedt aan persoonlijke belangen. Deze benadering is echter niet langer houdbaar in Big Data-processen, die niet op specifieke individuen zijn gericht, maar potentieel eenieder betreffen. Privacy zou dan ook moeten worden geherformuleerd als maatschappelijke waarde. Een dergelijke benadering ondervangt de knelpunten van het huidige privacyparadigma en kan voorkomen dat grootscheepse gegevensverzameling door inlichtingendiensten en instellingen elementaire rechtsbeginselen schendt.

Links

http://www.ivir.nl/publicaties/download/1428.pdf

Grondrechten, Privacy

RIS

Save .RIS

Bibtex

Save .bib

Do data protection rules protect the individual and should they? An assessment of the proposed General Data Protection Regulation external link

van der Sloot, B.

International Data Privacy Law, num: 4, pp: 307-325., 2014

Abstract

Currently under discussion is the European Commission's proposal for a General Data Protection Regulation, which will replace the Data Protection Directive from 1995 over time. The Regulation proposes introducing a number of specific obligations and rights in order to protect the interests of citizens and consumers and provides far-reaching powers for governmental agencies to enforce these rules. However, this is directly against the original purpose of and rationale behind data protection rules and, moreover, an increased emphasis on consumer interests and rights to control personal data seems like an inadequate tool for solving the current problems involved with Big Data.

Links

http://idpl.oxfordjournals.org/content/4/4/307.full.pdf+html

Grondrechten, Privacy

RIS

TY - JOUR
AU - van der Sloot, B.
PY - 1028
DA - 2014-10-28
T1 - Do data protection rules protect the individual and should they? An assessment of the proposed General Data Protection Regulation
JO - International Data Privacy Law
NV - 4
SP - 307-325.
UR - http://idpl.oxfordjournals.org/content/4/4/307.full.pdf+html
AB - 
	Currently under discussion is the European Commission\'s proposal for a General Data Protection Regulation, which will replace the Data Protection Directive from 1995 over time. 
	The Regulation proposes introducing a number of specific obligations and rights in order to protect the interests of citizens and consumers and provides far-reaching powers for governmental agencies to enforce these rules. 
	However, this is directly against the original purpose of and rationale behind data protection rules and, moreover, an increased emphasis on consumer interests and rights to control personal data seems like an inadequate tool for solving the current problems involved with Big Data.
K1 - Grondrechten
K1 - Privacy
ER -

Save .RIS

Bibtex

Article{nokey,
	title = {Do data protection rules protect the individual and should they? An assessment of the proposed General Data Protection Regulation},
	author = {van der Sloot, B.},
	year = {1028},
	date = {2014-10-28},
	journal = {International Data Privacy Law},
	number = {4},
	pages = {307-325.},
	abstract = {
	Currently under discussion is the European Commission\'s proposal for a General Data Protection Regulation, which will replace the Data Protection Directive from 1995 over time. 
	The Regulation proposes introducing a number of specific obligations and rights in order to protect the interests of citizens and consumers and provides far-reaching powers for governmental agencies to enforce these rules. 
	However, this is directly against the original purpose of and rationale behind data protection rules and, moreover, an increased emphasis on consumer interests and rights to control personal data seems like an inadequate tool for solving the current problems involved with Big Data.},
	keywords = {Grondrechten, Privacy},
}

Save .bib

Loopholes for Circumventing the Constitution: Unrestrained Bulk Surveillance on Americans by Collecting Network Traffic Abroad external link

Arnbak, A.

pp: 1-24, 2014

Abstract

We reveal interdependent legal and technical loopholes that the U.S. intelligence community could use to circumvent constitutional and statutory safeguards for Americans. These loopholes involve the collection of Internet traffic on foreign territory, and leave Americans as unprotected as foreigners by current U.S. surveillance laws. We also describe how modern Internet protocols can be manipulated to deliberately divert American's traffic abroad, where traffic can then be collected under a more permissive legal regime (Executive Order 12333) that is overseen solely by the Executive branch of the U.S. government. While the media has reported on some of the techniques we describe, we cannot establish the extent to which these loopholes are exploited in practice.

An actionable short-term remedy to these loopholes involves updating the antiquated legal definition of "electronic surveillance" in the Foreign Intelligence Surveillance Act (FISA), that has remained largely intact since 1978. On the long term, however, a fundamental reconsideration of established principles in U.S. surveillance law is required, since these loopholes cannot be closed by technology alone. Legal issues that require reconsideration include: the determination of applicable law by the geographical point of collection of network traffic; the lack of general constitutional or statutory protection for network traffic collection before users are "intentionally targeted"; and the fact that constitutional protection under the Fourth Amendment is limited to "U.S. persons" only. The combination of these three principles means that Americans remain highly vulnerable to bulk surveillance when the U.S. intelligence community collects their network traffic abroad.

Links

http://www.ivir.nl/publicaties/download/1375.pdf

Grondrechten, Privacy

RIS

TY  - JOUR
AU  - Arnbak, A.
PY  - 0708
DA  - 2014-07-08
T1  - Loopholes for Circumventing the Constitution: Unrestrained Bulk Surveillance on Americans by Collecting Network Traffic Abroad
SP  - 1-24
UR  - http://www.ivir.nl/publicaties/download/1375.pdf
AB  - We reveal interdependent legal and technical loopholes that the U.S. intelligence community could use to circumvent constitutional and statutory safeguards for Americans. These loopholes involve the collection of Internet traffic on foreign territory, and leave Americans as unprotected as foreigners by current U.S. surveillance laws. We also describe how modern Internet protocols can be manipulated to deliberately divert American's traffic abroad, where traffic can then be collected under a more permissive legal regime (Executive Order 12333) that is overseen solely by the Executive branch of the U.S. government. While the media has reported on some of the techniques we describe, we cannot establish the extent to which these loopholes are exploited in practice.
	
	An actionable short-term remedy to these loopholes involves updating the antiquated legal definition of "electronic surveillance" in the Foreign Intelligence Surveillance Act (FISA), that has remained largely intact since 1978. On the long term, however, a fundamental reconsideration of established principles in U.S. surveillance law is required, since these loopholes cannot be closed by technology alone. Legal issues that require reconsideration include: the determination of applicable law by the geographical point of collection of network traffic; the lack of general constitutional or statutory protection for network traffic collection before users are "intentionally targeted"; and the fact that constitutional protection under the Fourth Amendment is limited to "U.S. persons" only. The combination of these three principles means that Americans remain highly vulnerable to bulk surveillance when the U.S. intelligence community collects their network traffic abroad.
K1  - Grondrechten
K1  - Privacy
ER  -

Save .RIS

Bibtex

Article{nokey,
	title = {Loopholes for Circumventing the Constitution: Unrestrained Bulk Surveillance on Americans by Collecting Network Traffic Abroad},
	author = {Arnbak, A.},
	year = {0708},
	date = {2014-07-08},
	pages = {1-24},
	abstract = {We reveal interdependent legal and technical loopholes that the U.S. intelligence community could use to circumvent constitutional and statutory safeguards for Americans. These loopholes involve the collection of Internet traffic on foreign territory, and leave Americans as unprotected as foreigners by current U.S. surveillance laws. We also describe how modern Internet protocols can be manipulated to deliberately divert American's traffic abroad, where traffic can then be collected under a more permissive legal regime (Executive Order 12333) that is overseen solely by the Executive branch of the U.S. government. While the media has reported on some of the techniques we describe, we cannot establish the extent to which these loopholes are exploited in practice.
	
	An actionable short-term remedy to these loopholes involves updating the antiquated legal definition of "electronic surveillance" in the Foreign Intelligence Surveillance Act (FISA), that has remained largely intact since 1978. On the long term, however, a fundamental reconsideration of established principles in U.S. surveillance law is required, since these loopholes cannot be closed by technology alone. Legal issues that require reconsideration include: the determination of applicable law by the geographical point of collection of network traffic; the lack of general constitutional or statutory protection for network traffic collection before users are "intentionally targeted"; and the fact that constitutional protection under the Fourth Amendment is limited to "U.S. persons" only. The combination of these three principles means that Americans remain highly vulnerable to bulk surveillance when the U.S. intelligence community collects their network traffic abroad.},
	keywords = {Grondrechten, Privacy},
}

Save .bib

Als u niet akkoord gaat met deze onleesbare privacyvoorwaarden, klik toch maar op OK external link

Zuiderveen Borgesius, F.

De Correspondent, 2014

Links

https://decorrespondent.nl/1290/als-u-niet-akkoord-gaat-met-deze-onleesbare-privacyvoorwaarden-klik-toch-maar-op-ok/39675240-a02863dc

Grondrechten, Privacy

RIS

Save .RIS

Bibtex

Save .bib