Monday, 14 September 2009, 14.15 – 15.45

 

 

 

Privacy protection; control over one's personal data; privacy as both a fundamental human right and an essential facilitator for a global economy; privacy as a business competitive advantage; current situation with regard to online privacy, profiling and targeting: widespread practice of collecting information about the activities and interests of users; privacy and human rights at work place, problem of surveillance of employees and work councils; privacy enhancing technologies: minimization on the collection of one's personal information; towards global data protection standards that are legally enforceable.

 

 

Facilitator: Annette Mühlberg, verdi, ALAC / EURALO, DE

Adela Danciu, DiploFoundation, RO
Jean Marc Dinant, Universit of Namur, BE
Kevin Fraser, Council of Europe Consultative Committee of convention 108
Katitza Rodriguez - Electronic Privacy Information Center (EPIC), USA
Vladimir Radunovic, DiploFoundation, Serbia
Ren Reynolds, Virtual Policy Network, UK
Andreana Stankova, Viveka Positive Communications, BG
Cristos Velasco, NACPEC, ES

 

 

Moderator

Annette Mühlberg, verdi, ALAC / EURALO,

 

 

 

Stefano Rodota, University of Rome, IT

 

 

 

 

 

 

We had a multistakeholder panel, with a very dynamic discussion…

• It was stressed in this workshop that the following issues should be discussed on a European and on a global level:


Need for a user-centric approach:
• The general approach to applications requires that the environment and development of issues must put the User in control of their privacy (user-centric). In order to achieve this, informed consent is necessary: This is on two levels: 1, the user clicks and has no idea what happens, where his information goes, and who is collecting his information, where it is linked to, and how much he is giving away, to which and how many companies, entities or governments. On a second level: if the user does not read and understand the terms of service, and even if they do understand, do they have any real choice? Options must be provided that offer a realistic possibility that does not require an exchange of your data for the desired service.

Need for a user-centric legal regulation:
• While online advertising plays a critically important role in the Internet and Web 2.0, the majority of users are not well-informed about the potential impact personal data collection will have on their daily lives.
• The advertising revenue model has not been addressed as yet adequately by policy makers. Furthermore, increasing vertical consolidation between search engines and online advertising companies give them unprecedented control over large personal information databases, and the issue between competition and privacy should be addressed.

• The principles of privacy, data protection and self-determination must be included in the concept and design of applications and IT projects, whether they be private or governmental, national or transnational processes. This also includes fostering open standards and open design.

• We are more and more constructed by world data collectors outside of our influence. We are not only leaving our information behind: our identity is actually being constructed by other players in the online world. The environment is producing information about us, creating our identity without the participation and awareness of the data subject.

• Priority must be given to privacy of the body in Internet discourse both from a medical viewpoint as well as in the workplace, where RFID or other kinds of locators may be inserted into workplace ID or clothing, as well as medical apparatus.

• Employees have a right to privacy at the workplace; existing rights must be enforced. Basic rights such as freedom of speech and freedom of assembly must be strengthened in the Information Society. Online communications between employee associations and employees must be facilitated and free from monitoring.

• Best Practice: In many European countries, any introduction of technology that can serve to monitor workers must be co-determined by workers’ representatives.

• Access to online services must be possible in an anonymous way.

• Data retention must be considered a threat to privacy and to basic human rights such as freedom of expression, freedom of press and freedom of association.

• We call upon countries to adopt and enforce data protection laws covering all sectors, both online and offline, based on International Privacy standards that are built on the rule of law, that support democratic institutions, and safeguard human rights like the EU Data Protection Directive and the Privacy Convention 108.

 

Brief report of the workshop and the final outcome in Spanish by Cristos Velasco, Director General, North American Consumer Project on Electronic Commerce (NACPEC) on the blog on "data protection in Mexico and at the international level" http://www.protecciondedatos.org.mx/?p=111