Digital Civil Rights in Europe

Moderator: Ms. Anna Fielder, TACD, Privacy International (UK)

Mr. Michael Donohue, OECD

Cloud computing = industralization of IT. No formal defition, cloud servicies – convienient on-demand access to services over the Internet.

Policy – security & privacy. But also procurement (govt buyer of claud services), broadband access, competition policy, IP + consumer protection.

Tension between user control and cloud opportunites (mashups, etc.)

OECD is preparing a report focusing on tech changes in ref. cloud computing.

Mr. Alexander B. Van Eesteren, Ixquick

This too commercial for my taste, just check www.ixquick.com/ 🙂

Ms. Ann Cavoukian, Ph.D., Information & Privacy Commissioner Ontario, (Canada)

Cloud computing – next wave, qualitative step. We call for a higher standard, that exceeds regulation.

Privacy by design – a much higher standard that regulatory compliance in 3 key areas

Goal of data minimalization – once the info is in the cload – it will be further than the user and thefore difficult to control. Issued a paper last year in Privacy Impact Assesments (PIA) than Privacy of the Clouds – April 2008.

If you can strive to make privacy as default – this is the gold standard.

I am seeking to get organisation to make the privacy the default – both for private and public sector, because privacy trancends borders.

Mr. Andreas Kirsch, EDRi (Austria)- Data protection in the Cloud

What is new – cloud computing 2010 – several mainframes for millions of users, a few data processors, distributed across the globe, connected via the Internet.

Some potential problems:

– the location of the data – where is it?

– how to ensure proper processing ?

– data protection vs ad-financed services

– usage data – every data is recorded

– owenership data (see social networks)

– Access

– Pay per use or pay once, use freely.

– security – are you (still) in control ?

Cloud users – do not use insecure services , stay in control (keep ownership of data)

See also: Andreas: Security issues – Security Guidance for Critical Areas of Focus in Cloud Computing from Cloud Security Alliance http://bit.ly/SQbZz

Prof. Hong Xue, Director Institute for the Internet Policy & Law, Beijing Normal University (China)

Hong Xue APEC has largest internet pop, challenges? legal protection weak, wiki leaks orig in Asia, CJK China Korea Japan

Example: a woman was posted that she worked as an Internet worker and is HIV positive and combinated that info with her telephones, residence address, birthday and even her parents were discovered and were posted on the forum – but the whole posting was a hoax as a revange from her ex-boyfriend.

In 2008 first court decision for Human flesh searching – Bejing court convicted webmaster because published a a diary of a wife to commit suicide, the ex-husband that was harresed after this publication got damages from the court.

Mr. Cristos Velasco, General Director, North American Consumer Project on Electronic Commerce (Mexico)

Personal data of Internet users must receive the same protection in the claud.

First legal issue related to claud computing – conflict of law and jurisdiction. (see some countries that have no legislation – Mexico, Guatemala). How to comply with laws in different jurisdiction ?

Cross-border data transfers – under the EU data protection – data operator takes security measures and it might breach the eu law .

Is it possible under some laws to make and invetsigation in the cloud ? Are there international agreements to allow that ? What is the role of ISP ?

Also legal problem – electronic evidence in the cloud.

Due to the general concers, there is a need of policy and recommandation for cloud computing.

Questions

Sorry – no time to cover that as well, see twitter for some answers.

Ideas to conclude to include in a global standards: data breach notification, security, data minimalisation, responsability for IT infrastructure introduce in the market (see rfid), but not different standards for law enforcement usage.

Cavoukian: data minimalisation, strenghening security requirements, accountability.

Michael: global networks of privacy enforcement

</ end session>

Author :
Print