JacketFlap connects you to the work of more than 200,000 authors, illustrators, publishers and other creators of books for Children and Young Adults. The site is updated daily with information about every book, author, illustrator, and publisher in the children's / young adult book industry. Members include published authors and illustrators, librarians, agents, editors, publicists, booksellers, publishers and fans. Join now (it's free).
Login or Register for free to create your own customized page of blog posts from your favorite blogs. You can also add blogs by clicking the "Add to MyJacketFlap" links next to the blog name in each post.
Blog Posts by Tag
In the past 7 days
Blog Posts by Date
Click days in this calendar to see posts by day or month
Viewing: Blog Posts Tagged with: International Data Privacy Law, Most Recent at Top [Help]
Results 1 - 6 of 6
How to use this Page
You are viewing the most recent posts tagged with the words: International Data Privacy Law in the JacketFlap blog reader. What is a tag? Think of a tag as a keyword or category label. Tags can both help you find posts on JacketFlap.com as well as provide an easy way for you to "remember" and classify posts for later recall. Try adding a tag yourself by clicking "Add a tag" below a post's header. Scroll down through the list of Recent Posts in the left column and click on a post title that sounds interesting. You can view all posts from a specific blog by clicking the Blog name in the right column, or you can click a 'More Posts from this Blog' link in any individual post.
‘Territoriality’ plays a central role under our current paradigm of jurisdictional thinking. Indeed, a State’s rights and responsibilities are largely defined by reference to territoriality. States have exclusive powers in relation to everything that occurs within their respective territories, and this right is combined with a duty to respect the exclusive powers of other States over their respective territories.
Defining “privacy” has proven akin to a search for the philosopher’s stone. None of the numerous theories proposed over the years seems to encompass all the varied facets of the concept. In considering the meaning of privacy, it can be fruitful to examine how a great artist of the past has dealt with aspects of private life that retain their relevance in the Internet age.
It is customary to distinguish between three different forms of jurisdiction. As is well known, prescriptive (or legislative) jurisdiction relates to the power to make law in relation to a specific subject matter. Judicial (or adjudicative) jurisdiction, as the name suggests, deals with the power to adjudicate a particular matter. And, finally, enforcement jurisdiction relates to the power to enforce the law put in place, in the sense of, for example, arresting, prosecuting and/or punishing an individual under that law.
Children have become heavy new media users. Empirical data shows that a number of children accessing the internet – contrary to the age of users – is constantly increasing. It is estimated that about 60% of European children are daily or almost daily internet users, and therefore, by many they are considered to be “digital natives”.
However, in our view, the use of this “digital natives” concept is misleading and poorly founded, and is based on the assumption that children are quick to pick up new technologies. A recent EU Kids Online study invalidates this assumption. The study shows that even though children actively surf on various online applications, they lack digital skills such as bookmarking a website, blocking unwanted communications, and changing privacy settings on social networking sites. Many children are not capable of critically evaluating information and changing filter preferences.Interestingly, the lack of skills to perform specific tasks while being online does not impinge on children’s beliefs in their abilities – 43% of surveyed children believe to know more about the internet than their parents. At the moment, no correlation between this proclaimed self-confidence and their actual understanding of how internet works can be done due to the lack of data. Nevertheless, it is worth questioning whether, and to what extent, it is reasonable to expect that children understand the implications of their behaviour and what measures could mitigate children’s online risks in the most efficient and effective way.
It is probably closer to the truth to say that, in terms of privacy and data protection awareness, children are anything but “digital natives”.
Indeed, children’s actions online are being recorded, commercialised and serve for the purposes of behavioural advertising without them actually realising. This media illiteracy is tackled by awareness raising campaigns and policy measures on domestic and EU levels. However, it seems that these measures only partially address the challenges posed by children’s online engagement.
The European Commission (EC) seems to be in favour of legislative measures providing for a stronger legal protection of children’s personal data in the online environment. In Article 8 of the proposal for the General Data Protection Regulation, the EC introduces verifiable parental (or custodian) consent that would serve as a means of legitimising the processing of a child’s personal data on the internet.
Article 8 of the proposal foresees that parental consent would be required in cases where the processing operations entail personal data of children under the age of 13. The age of 13 would be the bright-line from which the processing of children’s personal data would be subjected to fewer legal constraints.
In practice, this would divide all children into two groups; children that are capable to consent (i.e. 13-18 year olds) to the processing of their personal data and children that are dependent on parental approval of their online choices (i.e. 0-13 year olds). Drawing such a strict line opposes the stages of physical and social development. Also, it requires the reconsideration of the general positive perception of the proposed parental consent from a legal point of view. In particular, it is necessary to evaluate whether the proposed measure is proportionate and whether it coincides with the human rights framework.
In a recent article published in the International Data Privacy Law Journal, we have analysed the proposal to distinguish between children younger and older than 13 years and found many practical and principled objections. Apart from the practical objections, which are often self-evident (e.g. what about the protection of children in the age group from 13 to 18 year old? How to ensure the enforcement of the proposed parental consent?), there are several fundamental problems with the proposed 13 years-rule.
The bright-line rule, which would require data controllers to obtain parental consent before processing personal data of children aged under 13, seems to be incompatible with the notion of evolving capacities. The proposed measure is based on the assumption that from the age of 13 all children are able to provide an independent consent for the processing of their personal data in the online environment. The proposed Article 8 ignores the fact that every child develops at a different pace and that the introduction of parental consent does not ensure more guidance regarding online data processing. We also regret that Article 8 in its current form doesn’t foresee a way in which children could express their own views regarding the data processing operation; the responsibility to consent would rest exclusively with a parent or a legal guardian. This set-up opposes the idea of children’s participation in the decision-making process that concerns them, an idea anchored in the UN Convention on the Rights of the Child (UNCRC) and that is recognised by both the EU and its Member States.
Finally, our analysis suggests that children’s rights to freedom of expression and privacy may be undermined, if the proposed parental consent is introduced. As a result of Article 8, children’s access to information could become limited and dependent on parents. Also, the scope of their right to privacy would shrink as parents would be required to intervene in children’s private spaces (e.g. gaming accounts) to make informed choices. Therefore, it can be observed that the introduction of parental consent contradicts the key principles of human rights law enshrined in the UNCRC.
Featured image credit: Student on iPod at school. Photo by Brad Flickinger. CC-BY-2.0 via Flickr.
One of the most prominent features of jurisdictional rules is a focus on the location of actions. For example, the extraterritorial reach of data privacy law may be decided by reference to whether there was the offering of goods or services to EU residents, in the EU.
Already in the earliest discussions of international law and the Internet it was recognised that this type of focus on the location of actions clashes with the nature of the Internet – in many cases, locating an action online is a clumsy legal fiction burdened by a great degree of subjectivity.
I propose an alternative: a doctrine of ‘market sovereignty’ determined by reference to the effective reach of ‘market destroying measures’. Such a doctrine can both delineate, and justify, jurisdictional claims in relation to the Internet.
It is commonly noted that the real impacts of jurisdictional claims in relation to the Internet is severally limited by the intrinsic difficulty of enforcing such claim. For example, Goldsmith and Wu note that:
“[w]ith few exceptions governments can use their coercive powers only within their borders and control offshore Internet communications only by controlling local intermediaries, local assets, and local persons” (emphasis added)
However, I would advocate the removal of the word ‘only’. From what unflatteringly can be called a cliché, there is now a highly useful description of a principle well-established at least 400 years ago.
The word ‘only’ gives the impression that such powers are of limited significance for the overall question, which is misleading. The power governments have within their territorial borders can be put to great effect against offshore Internet communications. A government determined to have an impact on foreign Internet actors that are beyond its directly effective jurisdictional reach may introduce what we can call ‘market destroying measures’ to penalise the foreign party. For example, it may introduce substantive law allowing its courts to, due to the foreign party’s actions and subsequent refusal to appear before the court, make a finding that:
that party is not allowed to trade within the jurisdiction in question;
debts owed to that party are unenforceable within the jurisdiction in question; and/or
parties within the control of that government (e.g. residents or citizens) are not allowed to trade with the foreign party.
In light of this type of market destroying measures, the enforceability of jurisdictional claims in relation to the Internet may not be as limited as it may seem at a first glance.
In this context, it is also interesting to connect to the thinking of 17th century legal scholars, exemplified by Hugo de Groot (better known as Hugo Grotius). Grotius stated that:
“It seems clear, moreover, that sovereignty over a part of the sea is acquired in the same way as sovereignty elsewhere, that is, [...] through the instrumentality of persons and territory. It is gained through the instrumentality of persons if, for example, a fleet, which is an army afloat, is stationed at some point of the sea; by means of territory, in so far as those who sail over the part of the sea along the coast may be constrained from the land no less than if they should be upon the land itself.”
A similar reasoning can usefully be applied in relation to sovereignty in the context of the Internet. Instead of focusing on the location of persons, acts or physical things – as is traditionally done for jurisdictional purposes – we ought to focus on marketplace control – on what we can call ‘market sovereignty’. A state has market sovereignty, and therefore justifiable jurisdiction, over Internet conduct where it can effectively exercise ‘market destroying measures’ over the market that the conduct relates to. Importantly, in this sense, market sovereignty both delineates, and justifies, jurisdictional claims in relation to the Internet.
The advantage market destroying measures have over traditional enforcement attempts could escape no one. Rather than interfering with the business operations worldwide in case of a dispute, market destroying measures only affect the offender’s business on the market in question. It is thus a much more sophisticated and targeted approach. Where a foreign business finds compliance with a court order untenable, it will simply have to be prepared to abandon the market in question, but is free to pursue business elsewhere. Thus, an international agreement under which states undertake to only apply market destroying measures and not seek further enforcement would address the often excessive threat of arrests of key figures, such as CEOs, of offending globally active Internet businesses.
Professor Dan Jerker B. Svantesson is Managing Editor of the journal International Data Privacy Law. He is author of Internet and E-Commerce Law, Private International Law and the Internet, and Extraterritoriality in Data Privacy Law. Professor Svantesson is a Co-Director of the Centre for Commercial Law at the Faculty of Law (Bond University) and a Researcher at the Swedish Law & Informatics Research Institute, Stockholm University.
Combining thoughtful, high level analysis with a practical approach, International Data Privacy Law has a global focus on all aspects of privacy and data protection, including data processing at a company level, international data transfers, civil liberties issues (e.g., government surveillance), technology issues relating to privacy, international security breaches, and conflicts between US privacy rules and European data protection law.
Tension between different regulatory systems has long existed in certain areas (think of the disagreements between EU and US competition regulators regarding the aborted GE-Honeywell merger in the early 2000s). A similar power struggle is currently underway between different legal regimes regulating the collection, processing, and transfer of personal data (variously referred to in different legal systems as “data protection”, “data privacy”, or “information privacy” law), one that will shape the world in the 21st century.
Data protection law has traditionally been viewed as a dreary subject of interest only to a few specialists. But whether it involves filling out government forms, purchasing items on the web, communicating with friends and relatives online, or checking in for a flight, almost every activity we engage in nowadays involves the processing of personal data. The growing importance of data processing is reflected in the large number of countries (approximately 100) around the world that have enacted data protection laws, and the countries and international organisations (including the European Union, the OECD, and the United States) that are currently in the process of revising them to meet the challenges posed by globalisation and the rapid growth of the Internet.
Much personal data routinely flows across national borders, and the same data processing may result in the application of multiple laws. The ease with which data flows internationally also means that data privacy law has become a point of competition between different legal systems, with each one striving to achieve the seemingly impossible goal of simultaneously protecting the privacy of individuals, striking a balance between privacy and other important values (e.g., public security), and furthering economic growth.
This competition has been most pronounced between the European Union, which has recently asserted that other countries should follow the “gold standard” of its data protection legislation, and the United States, which believes that its system is even better. Such international regulatory spats illustrate that nations too often view the subject largely as a way to score political points, and that they have failed to grasp some basic facts about the processing of personal data:
Protection of data privacy is not just a transatlantic issue. Data protection laws have been enacted all over the world, including by regional organizations (APEC, ECOWAS, and others) and dozens of nations in Africa, Latin America, and Asia.
It is also not just an online issue. Nearly every economic and social activity nowadays involves the processing of personal data, including the most basic ones. Too often regulatory attention focuses on the online “flavour of the month” (e.g., social networks, search engines, etc.), and fails to recognize that data processing has become embedded in every aspect of society.
And it is not just an economic issue, but one that can help further important developmental goals as well. For example, the UN Secretary General has begun an initiative called “Global Pulse” involving projects such as the use of data analytics to better understand the global state of various infectious diseases, and using a centralized text messaging system to allow mobile phone users to report on people trapped under buildings following an earthquake, among others. Data protection law is currently not conceived to facilitate the large-scale use of data mining for purposes related to development, public health, and similar goals, but these uses will greatly increase in coming years, and will challenge our assumptions about the purposes and structure of regulation.
Part of the problem is that while data protection and privacy issues have global ramifications, the legal framework for them is still very much a matter of local or, at best, regional regulation. While some regional organizations (in particular the Council of Europe) are attempting to become more global, there are substantial differences in the way the subject is viewed in different countries and legal systems. In contrast to some other areas of the law, there is also a lack of legal instruments and institutions of a global scope covering privacy and data protection.
Legal regulation of data processing often stands in tension with economic pressures that encourage the processing and transfer of personal data, and political pressures that inhibit the development of coordinated and coherent regulation. States are only too happy to adopt legal requirements for the private sector that they are unwilling to comply with themselves (e.g., with regard to data processing for law enforcement purposes), and technology to process personal data advances faster than the law can keep up with.
From being considered a niche area, data protection law has evolved to the point that it is hard to find areas of human endeavour that it does not concern. The way that the struggles over data protection are resolved in the coming years will determine the kind of world we live in, and the kind of Internet we have.
Combining thoughtful, high level analysis with a practical approach, International Data Privacy Law has a global focus on all aspects of privacy and data protection, including data processing at a company level, international data transfers, civil liberties issues (e.g., government surveillance), technology issues relating to privacy, international security breaches, and conflicts between US privacy rules and European data protection law.
Subscribe to the OUPblog via email or RSS.
Subscribe to only law and politics articles on the OUPblog via email or RSS. Image credit: Laptop keyboard with fingerprint enlarged by magnifying glass – computer criminality concept. Image by Jirsak, iStockphoto.