Live blogging from the Public Voice Coalition - Global Privacy Standards for a Global World - check out the programme here. Held in conjunction with the International Conference of Data Protection and Privacy
Also watch #globalprivacy on twitter or EDRi’s twitter account
Marc Rotenberg starts talking about Public Coalition, thanking Katitza Rodriguez for her help and for her efforts to make this event publicly accesible. Noting that the DPA event will have more than 1 k participants.
Spanish DPA - Mr. Artemi Rallo Lombarte, Director, Agencia Española de Protección de Datos - praises the civil society for their efforts to support privacy and considers it essential. Today’s major newspaper from Spain - El pais- presents 2 main news from privacy ( see)- so this is an important topic in the today’s life.
First panel
Moderator: Dean Anita L. Allen, University of Pennsylvania Law School (USA)
First panel
Ms. Jaiok Kim, Consumer Korea (South Korea)- privacy and DP - social issues in the last year - introduces one case - Consumers Korea and other orgs (joint action) bring lawsuit against a big Telecom - started in Apr 2008. In Dec 2008 also submitted Joint Opinion on Privacy protection Act -now the law is in the National Assembly.
There is not a specific law on privacy and electronic communication - thus the work of the NGOs that asked amendment of the Privacy law.
Too many actors ask for the unique ID number.
Behavioural targeting of online activity - possible privacy infringement - study group that prepares a Guideline on this topic.
Ms. Meryem Marzouki, European Digital Rights (France)
A few words about EDRi - be able to see national and EU trends. This presentation taks abiout privacy EU enfocement coperation.
Stockholm programm - full integration and access of databases of Police from EU.
Proposal to give access to Europol and others to EURODAC databases. (even though some countries run huge number of databases - with lacking proper control) - big content of senstive data. Enlargement of scope of databases - target vulnerable groups - minors (see Uk where the DNA is taken , France - intelligence database for public security - keep data o children from 13). Data protection Framework decision has only been adopted in dec 2008 - it lack protection from transferring of data from member countries to third countries.
It does not protects from lost data ( see events from 2007). Revision of Telecom Package includes data breach notifications, but only for ISPS.
Biometric passports - some countries go beyond the Eu requirements (see French national database). Same for the data retention directive.
Ms. Katitza Rodriguez, Electronic Privacy Information Center (Peru/USA)
Talks about Public Voice coalition, but represents EPIC - Privacy and Human Rights Report started in 1991 - joint project EPIC + PI. Contributors - experts, academics, lawyers, DPAs, Govt, EPIC staff.
In this edition 80 countries - added new countries Cuba, Indonesia. Topics: cloud computing, DNA, copyright enforcement privacy,
Major findings:
- raising CCTVs usage - to what extent it has impact to reduce crime? did not affect vanadalism or other minor or major crimes
- developing countries to implement smart ID cards - Mexico or Indonesia. The Indian govt - unique random ID - database with fingerprints and photo. Countries (israel, morroco) include fingerprints in national databases.
- Facebook - change of Terms of services - asked by EPIC.
- The biggest event Germany against data protection. In Australia more important events.
- a lot of countries change laws - including CoE - convention 108
- Important changes - many govts move fwd with biometric cards. Data protection schemes not clear how they stoped that. Next year - important on how we can support each other.
Ms. Ofelia Tejerina, Asociación de Internautas (Spain)
Key problems that Spain is seeing:
- protection of personal data in online
- CCTVs - not only buy govt, but also privat institutions
- social networks (dangers and advantages explained to minors)
- privacy in communications - legal wiretapping - asking for a better law on telecom - as on organic law (so more important). Needs judicial authority and Judge to decide reasons
- lack of resources to guarantee the security to make the most of the technology and training of staff.
Mr. Matias Altamira, Iberoamerican Information Society Research Institute (Argentina)
Editorial of Er Mercurio from Chile - 31 Oct - controversy - by the Chilean - draft law in asking telecom companies of traffic data. (police and ministry asking the data directly from telecom companies) - examples to discuss.
Discussing if the traffic data is enough for a privacy invasion. Yes (with examples).
Nothing to hide - nothing to worry about ? - key to our Constitution right to privacy - it doesn’t means that you need to hide smtg.
Questions
To Meryem : status on Edvige
M: Edvige - example of intelligence database where minors older than 13 can be registered. Last year huge mobiliazation from civil society, legal action - Govt had to withdraw the Decree.
Then law proposal to give some guarantees and to strenghen teh French DPA in respect of police database, but the govt did not want to discuss. After that - new Edvige law - so same kind of mobilisations - compliant againts this.
The law register religous beliefs, minors - legal and democratic issues.
Spain: the Ministry of Interior - urgent tapping - yes, but needs to be reported and have judicial authority in 72 hours. (same in Argentina).
Peter Schaar - more dangerous from the privacy point of the view - registering ussual behavioural and used to create profiles. Edvige is a horror database for us, because it includes many persons that did not breach any laws - they are just “risky persons” .
Artificial DNA - new technology made by the Germany Police to identify things…
Meryem: answers how the surveilance techniques are very dangerous - ths is why we have seen in UK and other countries - within a EU project - eprivacy directive opened the way of systematic profiling.
Ann Cavoukian, Ontario DPA - collection biometrics beyond ID cards - administrative purposes - business related uses, marketing - which were never intended first. trying to restrict this…
Spain: employees of public admin companies - to enter public institutions - included biometric info and included fingerprints. Considered as a disporportionate measures, so considered excessive. The Madrid DPA said that it is not a problem.
Schaar: fingerprints are just within the biometric passports - not outside, no database
Coffee Break - time to rest my fingers… 
Second Session: “Privacy Activism: Major Campaigns”
Moderator: Prof. Colin Bennett, University Of Victoria (Canada)
Mr. Ralf Bendrath - Privacy Activism 2.0 - lessons learned from the fight against data retention
Feedom not Fear campaigns - biggest demonstration against surveillance in Germany. EVER.
We had no plan how to get there. Started in dec 2005, after the data retention directive was adopted. Open structures, using UGC.
Wiki AK vorrat - 2000 pages - waw ! - Javascript applet to put on your website. Special website for webmasters not to log visitors. Also Freedom speakers project. + Mass constitutional challenge - no fees on that. Creating a lot of attention for the case - with the high number of signatures.
Campaign becoming a Pop Culture, using Viral Marketing - see stasi 2.0 viral campaign.
Started with 250 participants, and then 2000 and then 15 000 part.
Good: - open structures, fun, experts for substance issues, give people jobs that they want to you.
Difficult : trust does not scale
BEUC - Ms. Willemiem Bax, BEUC (Belgium) - digital issues
Campaign for consumer rights - they’ve got an EP report on consumer confidence on the Internet, eYou Guide in the digital environment, Consumer summit, Recommandation of RFID
Mentions also the discussion on Am 138 - 4th novmber negociation.
Expert group on online marketing, Consultation on data protection directive - Privacy has become a sexy issue !
Conference next week - with 2 commissioners + EDPS at Beuc Forum
Ms. Renata Avila, Primera Palabra (Guatemala)
Guatemala - terrible history of privacy - monitoring activitis and making them dissapear - we’ve seen the abuses on personal data.
Second point - discussion forum with open source software - people who were listed on that forum worked with free software. Official media under control, so forum was the only source. Mini campaign within the members of the forum to explain how to hide their IP addresses.
Three point - Share technical tools to protect privacy - sometimes the discussion only at an academic level. Global - see Anonymous Blogging with Wordpress & Tor - http://advocacy.globalvoicesonline.org/projects/guide/
Mr. Antoni Farriols Solá, Comisión de Libertades e Informática (Spain)
Campaign - excessive collection of information by state from citizens, electronic IDs - adopted with any social debates or debate in Parliament. Campaign together with Internet users Association.
Citizens must be informed about it, informed consent - IDs are not used with the exception of tax authorities. RFID tags would also be used in passports (rumour, Antoni totally objects).
DP principles need to be respected !
David (Spain) - Association in the center in Madrid - campaigns aganist the CCTVs - as a measures to counter pickpokets or in other cases - for detecting prostitution cases….
Arguments against the relegious extremism, without pointing out… - according to official info - no one is monitoring in real time - images can be got only with a judge approval and can check the images.
Lack of information and clarity. - what would the security measures entailed - found out from the press. One of the measures adopted - public talk with an expert lawyer on CCTV, petition to collect signatures, blog. Using parody to the former olympic logo - showing other imagessubmitted for their campaign againts CCTV
Smile when you walk on the street !
See http://unbarriofeliz.wordpress.com/ for their website with nice images.
Questions
What can be done for privacy activism ? Example with the local DPA that wasn’t informed about Madrid metro system - work together DPA and civil society.
Ralf - involve people. In Germany it was about Internet, the politicianization of Internet generation. People did not understood why emails could be recorded. More attempt by the Govt to control.
There is no privacy interest, if there is an activity in a public place - this is why they allow CCTV in NY.
Guatemala: instead of raising privacy & saftey, our govts get only complicated CCTVs as the solution.
Ralf: we didn’t have impact on the law, that was adopted - but we are with it at the consitutional court. We put back privacy on the political agenda.
</end session>
I’ll blog the next sessions in seperate posts. Much easier this way.
]]>
