INTRODUCTION
The purpose of this guide is to help users understand their online privacy rights and remedies, and to know how and where to obtain relevant information about protection of their privacy rights. Privacy over the Internet is an evolving issue. This guide provides links to available resources users can resort to learn about legislative updates regarding online privacy. This guide will provide information on both existing and pending legislatures. For instance, it provides information on how the European member states are updating their domestic criminal laws to be able to prosecute online criminal activities pertaining the use and misuse of consumer personal data or misappropriation of consumer private information.
Protection of Privacy
People have a right to privacy under international laws and most countries'' domestic legislation. Privacy, therefore, became the main concern for legislators, consumers, and businesses. Your personal information is circulating on the Internet, are you aware of this as a consumer? Maybe you are not, but cybercriminals are. The availability of important and confidential information on the Internet has led to an increase in cybercrimes, including identity theft. Before you put your information out there, check the privacy disclosure on the website you are visiting or visit the following Web pages to obtain more information about protection of privacy.
Links: Laws http://www.techlawjournal.com/cong107/privacy/hollings/20020418summary.asp
Text of the legislation: http://www.cdt.org/legislation/107th/privacy/hollings.shtml
Legislation and other links: http://www.cdt.org/legislation/107th/privacy/hollings.shtml
Center for Democracy and Technology: http://www.ftc.gov/os/2002/04/index.htm
FTC"s response to this legislation: http://www.publishers.org/congrpt/onlineprivacy.htm
Comparison of the legislation: http://www.virsci.com/pharmaNetTRUST/fpw1_1.html#1
Comparison of the Consumer Privacy Protection Act of 2002 and the Online Personal Privacy Act
http://www.epic.org/privacy/cable_tv/ctpa.htmlhttp://www.epic.org/privacy/cable_tv/ctpa.html
U.S. Family Privacy and Security Act of 2002 or S.2137
This United States legislation was passed to protect minors using the Internet from harmful material. This bill is still pending approval. It is necessary legislation that helps prevent images created by video voyeurism and posted on the Internet. Do you know what your children are doing on the internet? Have you installed parental control on your children''s computers to protect them from predators and from pornography that is advertently spam to users'' computer while surfing the Internet?
Links: http://thomas.loc.gov/cgi-bin/bdquery/z? d107: s.02729, Bill Summary and Status: http://www.netcoalition.com/bills/index.phtml? rindex=69&issue=privacy&issueTitle=Privacy: Summary of the Legislation and text: http://www.cdt.org/legislation/107th/wiretaps/
Wiretap legislation: http://www.netcoalition.com/bills/billresources//2002-04-16.256.htm
Introductory remarks to the legislation: http://www.senate.gov/~landrieu/releases/02/2002417521.html
Landrieu Press Release: http://www.techtv.com/cybercrime/features/story/0,23008,3380883,00.html
Videotape voyeurism and state legislation: http://www.techtv.com/print/story/0,23102,3013505,00.html
Online Personal Privacy Act
This United States bill is directed to online businesses and a step ahead to protect and enhance consumer privacy. This legislation is similar to the Consumer Privacy Protection Act of 2002. Yet, one bill addresses business concerns regarding privacy issues, while the other closely addresses individuals'' privacy. Ultimately, whichever bill is passed, it will have an effect on electronic commerce and the Internet. The objective of this bill is to tighten existing loopholes and non-compliance issues that have infested the Internet and affected consumers'' privacy rights. Consumers must give permission before a business may collect any "sensitive personally identifiable information," such as race, financial information, medical data, and religious and political affiliations; if the information is "no sensitive personally identifiable information," you as the consumer may choose to "opt out." Under this bill, you have the right to bring a lawsuit against any commercial Web site operator who collects, discloses, or uses a customer''s "sensitive personally identifiable information." The legislation preempts state laws that regulate Internet privacy. This legislation also supersedes the privacy sections of Gramm-Bliley-Leach Act and other federal privacy laws creating a patchwork of privacy laws regarding online transactions. The legislation identifies "Internet companies as an Internet service provider, online service provider or commercial Web site operator and states that they may not collect, use, or disclose personally identifiable information without complying with this legislation." This requirement also applies to any third party, including advertising networks that use an Internet service provider, online service provider, or commercial Web site operator to collect information about users of that service or website.
Links: Laws: http://www.techlawjournal.com/cong107/privacy/hollings/20020418summary.asp
Text of the legislation: http://www.cdt.org/legislation/107th/privacy/hollings.shtml
Legislation and other Links: http://www.cdt.org/legislation/107th/privacy/hollings.shtml
Center for Democracy and Technology: http://www.ftc.gov/os/2002/04/index.htm
FTC''s response to this legislation: http://www.publishers.org/congrpt/onlineprivacy.htm
Comparison of the legislation: http://www.virsci.com/pharmaNetTRUST/fpw1_1.html#1
Federal Trade Commission and Privacy
Computer technology makes it easier to collect detailed information about people and easily share it. Today, law enforcement can easily track down criminals, and consumers can easily learn about new products and services, which allow better-informed purchasing decisions. The adverse effect of these is that personal information becomes more accessible. Thus, each of us - companies, associations, government agencies, and consumers - must take precautions to protect against the misuse of that information. The Federal Trade Commission is enlightening consumers and businesses about the significance of privacy regarding personal information. The Federal Trade Commission investigates violations of privacy; especially those dealing with fraud, identity theft and personal information being illegally shared among business entities and others.
Links: Laws
http://www.netcoalition.com/bills/index.phtml? rindex=71&issue=privacy&issueTitle=Privacy
Link to the legislation: http://www.techlawjournal.com/cong107/privacy/stearns/hr4678ih.asp
Text of the legislation; http://www.wow-com.com/pdf/hr4678_intro_stearns.pdf
EPIC''s response to privacy concerns http://www.epic.org/privacy/fipsltr5.8.02.html
Boucher introduces Consumer Privacy Protection Act of 2002 http://www.house.gov/boucher/docs/privacybill-pr.htm http://www.publishers.org/congrpt/onlineprivacy.htm
Comparison of privacy legislation, http://www.virsci.com/pharmaNetTRUST/fpw1_1.html#1
The Federal Agency Protection of Privacy Act
Another privacy bill pending on the United States Congress is the Federal Agency Protection of Privacy Act. This legislation orders federal agencies to consider the potential impact on citizens'' privacy, and requires a privacy impact analysis be included when agencies circulate rules or regulations for public comment. This legislation seeks to promote the privacy of individuals and prevents governmental encroachment. The legislation is a method to advance the privacy protection for American citizens. This legislation also requires each agency to "(1) carry out a periodic review of promulgated rules that have such impact to determine whether each such rule can be amended or rescinded in a manner that minimizes such impact while remaining in accordance with applicable statutes; (2) carry out such review in accordance with a plan that provides for the review of each rule every ten years after the rule was published as a final rule; and (3) publish annually a list of the rules to be reviewed. H.R.4561"
The legality of the encryption Products Export regulation
Cryptographic technologies have many applications that could aid privacy, but it is subject to export controls due to the fact that it can be used for criminal purposes or even as a weapon of war. Three cases have challenged the legality of the encryption export regulations. The following are the arguments made in these cases,
Ø Are unconstitutional prior restraints on speech under the First Amendment
Ø Violate the plaintiffs'' rights to due process under the Fifth Amendment
Ø Are not authorized by the International Emergency Economic Powers Act (IEEPA),
Links: Sample court documents: http://people.qualcomm.com/karn/export/amended_complaint.html
Karn amended complaint: http://samsara.law.cwru.edu/comp_law/jvd/pdj3.html
Amended complaint for Junger: http://www.epic.org/crypto/export_controls/bernstein_brief.html
Epic Amicus Brief filed for Bernstein: http://people.qualcomm.com/karn/export/index.html
Karn''s homepage of litigation case: http://samsara.law.cwru.edu/comp_law/jvd/
Junger''s Web site: Http://www.cdt.org/crypto/litigation/
Cryptography litigation: http://www.eff.org//Privacy/ITAR_export/Bernstein_case/Legal
Email Encryption Measures
As more people and business relies on the increasing use of electronic mail for personal and business use, its security has been the source of debate. This is due to the magnitude of confidential information and contractual matters being exchanged between parties on the Internet. Hence, this exchange may not be secure and the need for encryption measures must be considered. Encryption is "the transformation of data into a form that is as close to impossible as possible to read without the appropriate knowledge. The purpose of encryption is to ensure privacy by keeping information hidden from anyone for whom it is not intended including even individuals that have access to this encrypted data."
Links: http://ecommercetimes.com/perl/story/18860.html
Email encryption: http://gigalaw.com/articles/2000-all/halberstam-2000-03-all.html
Electronic mail disclaimers: http://www.wired.com/news/culture/0,1284,10555,00.html
Web-Based mail and anonymity: http://ecommercetimes.com/perl/story/18860.html
Email encryption: http://www.certifiedmail.com/
Certified mail: http://www.epic.org/
EPIC Web site: http://www.nai.com/
Network associates: http://www.pgpi.org/
PGP System: http://www.privacy.net/
Demonstration of the lack of the security of electronic mail
https://www.hushmail.com/?PHPSESSID=c8dbe21ffb87a3edb61fba90a8b5f286
Using the Internet brings with it a concern of who may be collecting your personal information. See Senator Ernest F. Hollings in response to this concern and on the Gramm-Leach-Bliley Financial Privacy Act on how businesses will treat financial data in any context. European Data Protection Directive strictly regulates personal data collection, processing and transfer. On this Directive, personal data can only be transferred to countries outside the E.U. that "guarantee an adequate level of protection." See also a detailed discussion on how the French government is trying to protect its citizen''s privacy by speeding up the development of online administrative services. For further information or assistance visit the following links.
http://www.e-recht24.de/artikel/datenschutz/16.html "Datenschutz im Internet" (in German)
http://www.ius-it.de/ Jens Engelhardt "Datenschutzrechtliche Anforderungen an Internetdienste- und Mediendiensteanbieter" (in German) http://www.legamedia.net/legapractice/gleiss/2000/00- 02/0002_hamann_christian_datenschutz.php, Christian Hamann "Datenschutz bei E-Commerc " (in German)
How to transfer Electronic Personal data from Europe to the United States
The European Data Protection Directive strictly controls personal data collection, processing and transfer. Pursuant to this Directive, personal data can only be transferred to countries outside the E.U. that guarantee an adequate level of protection. U.S. companies willing to transfer personal data from the E.U. to the U.S. must comply with either the "Safe Harbor" or the "Model Contract" alternative.
Information Sharing by Financial Services Provider
The Electronic Privacy Information Center (EPIC) has expressed concern about information sharing that occurs among financial services institutions. EPIC says that the Gramm-Leach-Bliley Act (GLBA) has failed to adequately protect consumer privacy in the financial services industry.
http://www.epic.org/news/ EPIC''S news page including links to its report about the GLBA Bill and links to attorney generals'' comments;
http://www.epic.org/privacy/financial/ag_glb_comments.html
Attorney Generals'' Comments about the GLBA; http://www.newsbytes.com/news/02/176335.h tml
Privacy Groups Criticize Information Sharing by Financial Institutions
http://www.epic.org/ Electronic Privacy Information Center''s Web site
Other Pending legislation in America: The Online Personal Privacy Act
Watch out for the following pending legislation: Collecting your personal information, Senator Ernest F. Hollings Online Personal Privacy Act.
Employer/Employee and privacy issues regarding Use of the Internet
Employers are using Internet filters to block users'' access to certain Web sites for security purposes.
The use of these filters has been challenged in the context of the workplace. While the Internet has been a forum of free expression and marketplace of ideas, the use of filters would prevent that potential. However, the workplace may hold a different context for determining the legality of these filters. Parents, employers, school districts, and other government entities are using privately manufactured Internet rating and filtering programs with increasing frequency.
Monitoring of Employees Electronic mails and Internet Usage
Employers are monitoring their employees'' e-mail usage and courts have been reluctant to get involved in the employer''s practices. Employers'' action will stand constitutional challenges since a governmental actor is not involved. The practices and policies of private employers will, therefore, have no probabilities of being successfully challenged. The usage of electronic mail and Internet access has proved to be a temptation for employees. These employees think that their e-mail should be private, even if it is sent over a company-owned system.
Employee misuse of these systems can lead to:
(1) "the disclosure of trade secrets;
(2) harassment and hostile environment claims;
(3) copyright penalties (up to $100,000 statutory damages);
(4) criminal penalties, including seizure of computers used in criminal activity; and
(5) potentially harming the company''s position in litigation."
The Failure of A Company to Remove a Former Employee''s name from its Web site is not unauthorized use
In Leary v. Punzi, the failure of a company to remove a former employee''s name from their Web site was not deemed an unauthorized use in terms of advertising. "The use of the individual''s name must be considered to determine the extent of the use and also to determine how much control has been exerted over the website and whether or not a commercial element is present."
Is reposting candid photos of women fair use? http://tushnet.blogspot.com/search/label/right%20of%20publicity
The Right of Publicity -- Names, Likeness, and Photos and beyond: http://www.iplegal.com/lib/rtpblct.html http://www.law.cornell.edu/wex/index.php/Publicity
The Right of Publicity: http://www.perkinscoie.com/resource/ecomm/netcase/Cases-22.htm
Right of Publicity Cases: http://www.mediainstitute.org/ONLINE/FAM2003/6-c.html
The Monitoring of Emails under French law
The Monitoring of email is legal, provided the employer respects certain conditions.
http://www.juriscom.net/pro/2/priv20020408.pdf
Martine Ricouart-Maillet and Caroline Requillard, "Le role de l''administrateur réseau dans la cyber surveillance" (in French); http://www.legalbiznext.com/cgi-bin/news/viewnews.cgi?category=8&id=1013771444
"Cybersurveillance des salariés: l''analyse" (in French); http://www.njuris.com/breves/brev_0102.htm
"Précisions jurisprudentielles sur la cybersurveillance des salaries" (in French)
Concerns Over A Company''s privacy Practices regarding Its Consumers
In FTC v. Eli Lilly and Company, the issue was the use of consumer''s personal information. A computer malfunction resulted in numerous customers'' information to be included in an email.
Links: http://www.ftc.gov/os/2002/01/lillyana.htm FTC''S Proposed Consent Order
http://www.ftc.gov/opa/2002/01/elililly.htm, FTC Settlement Commentary
http://www.ftc.gov/os/2002/01/lillyswindlestat.htm
U.S. Economic Espionage Act of 1996
Dissemination of trade secrets has become common with the use of the Internet because it allows for the quick dissemination of this information.
http://articles.corporate.findlaw.com/articles/file/firms/cg/cg000035/title/Subject/topic/Intellectual%20Property%20Law_Trade%20Secrets/filename/intellectualpropertylaw_1_238
http://www.usdoj.gov/usao/eousa/foia_reading_room/usam/title9/59mcrm.htm
Economic Espionage: http://my.execpc.com/~mhallign/crime.html
http://www.tms.org/pubs/journals/JOM/matters/matters-9711.html Federal Liability for Theft of Trade Secrets:
Non-Competition Agreements
There is criminal liability for violation of non-competition agreements, because employers want to protect their intellectual property investments. Courts generally will enforce non-competition agreements that (1) are limited in terms of their prohibited activity, (2) contain a time limitation, and (3) include a reasonable geographic limitation.
Links: Non-Competition agreements: http://jobsearchtech.about.com/library/weekly/aa042202-2.htm
Is a Non-Compete agreement legal: http://jobsearchtech.about.com/library/weekly/aa042202-3.htm
Breaking a Non-Compete agreement: http://www.alllaw.com/forms/employment/employee_non-compete/
Another Example of a Non-Compete agreement: http://www.humanresourcesupply.com/emconandnonc.html
Employees Monitoring of Email can involve Invasion of Privacy Claims
There may be a state law action for violating privacy rights. Yet, U.S. states have taken different approaches to their interpretation and development of privacy violations. The right of employers to monitor their employees'' e-mail has constituted a claim arising under the privacy torts. However, even though many companies have electronically monitored their employees'' Internet and e-mail usage, they can potentially face lawsuits for invasion of privacy. State privacy laws include the torts of public disclosure of private facts, false light and false intrusion. Each state has taken a different approach to these torts and whether or not there is a right to sue for the various theories of action."
Links: Monitoring of e-mails: http://www.phillipsnizer.com/int-art168.htm
http://www.tomwbell.com/NetLaw/Ch05/Bourke.html
Bourke v. Nissan Motor Corp: http://courtstuff.com/cgi-bin/as_web.exe?c05_99.ask+D+10706510
McLaren v. Microsoft Corp.: http://www.marquette.edu/law/course/priv_98/kmart.htm
K-Mart Corp. State No. 7441 v. Trotti: http://www.tomwbell.com/NetLaw/Ch05/Bourke.html
Creation of the Website by an Employee under French law
When a company allocates the creation of its Web site to one of its employees, this company must assure that it is entitled to use this site. The employee might be the copyright holder of the Web site of the company, could sue this company for copyright infringement, and even restrain the company from using the Web site.
http://www.en-droit.com/intellex/ouvrages/creation_salariee_site_web.pdf
http://www.legalis.net/legalnet/judiciaire/tcomm_edirom_0198.htm
Edirom vs. Global Market Network, Commercial Court of Nanterre, January 27, 1998 (in French)
Australia''s New Private Sector Privacy laws
The discussion gives an overview and considers the implications of the touchstone of the new privacy laws, the "10 National Privacy Principles." http://www.privacy.gov.au/publications/IS12_02.PDF
http://www.privacy.gov.au/publications/IS1_01.pdf
Privacy Commissioner''s Information Sheet 1 - Overview of the Private Sector Provisions
Links: http://www.privacy.gov.au/ Australian Privacy Commissioner''s website
Company Internet and Email policies
Companies regulate the exchange of e-mail system, including incoming and outgoing messages. Companies'' directors want to know how their employees are using their system and what information is being exchanged. "The use of the electronic mail system may lead to the disclosure of trade secrets, harassment and hostile environment claims, copyright penalties of exchanging copyrighted information, criminal penalties and harm to the company''s reputation and position in litigation. These strong interests have led many employers to draft Internet and electronic mail policies. These policies will influence electronic commerce matters."
Sample Email Policy: http://www.phillipsnizer.com/int-art168.htm
http://eon.law.harvard.edu/privacy/McLaren_v_Microsoft.htm
Devising a Privacy Policy for Corporations
Privacy policies for online businesses are worrisome to all, especially when it involves sharing consumer information with third parties. Companies have attempted to combine consumers'' data, but efforts need to be made to protect shoppers'' privacy.
eBay Changes Policy: http://news.com.com/2100-1017-845911.html
Best Buy Changes Policy: Best Buy Changes Policy http://news.com.com/2100-1017-932157.html
Yahoo Changes Its Privacy Policy: http://news.com.com/2100-1023-870270.html
Legislation Aimed to Protect Online Privacy: http://news.com.com/2100-1023-916662.html
Epic''s Privacy Policy: http://www.epic.org/epic/privacy_policy.html
FTC Privacy Policy: http://www.ftc.gov/ftc/privacy.htm
Microsoft Privacy Policy: http://www.microsoft.com/info/privacy.htm
Drafting a Company internet policy Complaint with the Computer Fraud and Abuse Act
The Computer Fraud and Abuse Act (CFAA) has an effect on electronic commerce. The legislation and its ensuing cases have shown that there must be a specific and detailed electronic mail and Internet usage policy in place to limit the usage of computers at the workplace. The Computer Fraud and Abuse Act (CFAA), 18 U.S.C. Sec. 1030, was passed in 1984 and has been amended on two different occasions. The CFAA has become of great importance with the increasing use of the Internet especially in the workplace. http://www.usdoj.gov/criminal/cybercrime/1030_new.html
Strategies for Internet policies: http://www.infoworld.com/articles/op/xml/00/11/20/001120opborck.xml
Secretary of State-Washington: http://www.secstate.wa.gov/archives/pdf/E-mail%20Guidelines.pdf
Fair Measures on Internet Usage Policies: http://www.fairmeasures.com/pcm_iepolicy.html
Online Advertising and Spamming
Spamming is an Internet advertising method. Spamming takes place when an Internet user indiscriminately distributes large amounts of unsolicited information, in the form of e-mail messages, to large numbers of other Internet users. Internet users and service providers consider spamming "wrongful" conduct because the excessive data that comprises the e-mail messages slows or disrupts the computer servers processing Internet data transfers, resulting in a possible loss of service to the user. The excessive quantities of e-mail generated by spammers causes both Internet users and service providers alike to incur unwanted expenses. The recipients of these unsolicited e-mail advertisements may incur additional expenses because they are to pay the service provider for any online time required to retrieve or delete these messages, while the service provider must expend valuable computer storage area by holding the recipients'' unretrieved messages.
See The FTC Act and advertising on the Internet: http://www.ftc.gov/bcp/conline/pubs/buspubs/dotcom/index.html
FTC''s Guidelines to Disclosures for Internet Sites: http://www.ftc.gov/bcp/conline/pubs/buspubs/ruleroad.shtm; Advertising and Marketing on the Internet: Rules of the Road: http://www.ftc.gov/bcp/icpw/comments/era.htm
Interpretation of Rules and Guides for Electronic Media:
http://www.ftc.gov/bcp/rulemaking/elecmedia/workshop/index.shtm
FTC v. Odysseus Marketing, Inc. http://www.ftc.gov/os/caselist/0423205/080131motion.pdf
The Use of SMS Messages and Political SPAM
Federal election regulators exempted text-based wireless advertisement (Ads) from campaign disclosure rules. Consumers could find their mobile phones subject to a flood of political spam. The Federal Election Commission (FEC) approved a New Jersey technology firm''s petition to waive disclosure rules for political Ads delivered via SMS -- or "short messaging service."
The First Amendment, Junk Faxes and Spam: http://www.washingtonpost.com/wp-dyn/articles/A49356-2002Aug22.html
SMS Political Ads Effects: http://www.zdnet.com/products/stories/reviews/0,4161,2795550,00.html
European Union Anti-Spam Directive
This European Union Directive allows an "opt-in" opportunity for consumers if they desire to have unsolicited email. "If there is no prior relationship with the company, they are not permitted to bother the consumer with the unsolicited email." http://www.euro.cauce.org/en/amendments.html#cult
http://www.cauce.org/pressreleases/20020531.shtml
Spyware / Cookies and Privacy Concerns
The use of cookies has raised privacy concerns. The use of cookies and its legal implications pertaining to privacy issues and whether or "not the cookies have lead viruses or other spyware to become present on one''s personal computer have become issues in the increasing use of computers for online shopping and electronic commerce." Privacy concerns will continue to exist on the Internet as long as monitoring and privacy standards are not implemented.
http://news.bbc.co.uk/1/hi/sci/tech/1868395.stm
Google Hit by Link Bombers: http://www.microcontentnews.com/articles/googleblogs.htm
Weblogs: http://www.microcontentnews.com/articles/googlebombs.htm
Google Bombings: http://www.wordspy.com/words/Googlebombing.asp
Google Bombing: http://www.google.com/technology/index.html Google Press Release:
http://www.cookiecentral.com/faq/#1.1 Cookies FAQ: http://www.epic.org/privacy/internet/cookies/
Electronic Privacy Information Center Primer on Cookies
http://www.epic.org/privacy/internet/ftc/DCLK_comp_pr.html EPIC''s Press Release about DoubleClick lawsuit
Privacy Standards Set For the Use of Cookies
Cookies and their use of tracking users'' Internet movement have raised privacy flags. Privacy standards, therefore, have been determined for the use of cookies. Privacy concerns will continue to exist on the Internet as long as monitoring and privacy standards are not implemented. This issue consistently has become an "opt-out" system instead of an "opt-in" system, which privacy advocates have found troubling. http://www.cookiecentral.com/faq/#1.1
Cookies FAQ: http://www.oag.state.ny.us/press/2002/aug/aug26a_02.html Press Release for Cookie Standards
http://www.washingtonpost.com/wp-dyn/articles/A64716-2002Aug26.html Settlement Agreement
Whether the Use of Cookies to Track Internet Usage can violate Anti-Stalking Laws
In Universal Image Inc. v. Yahoo!, Inc, the issue involved the use of cookies and the right to privacy. Yahoo''s privacy policy was examined. This case was revolutionary because it determined whether the use of cookies to track Internet usage can violate consumer privacy. Companies must fully disclose their privacy policies so that users can make informed decisions of whether they want their information stored on the advertisers'' systems. http://legal.web.aol.com/decisions/dlpriv/universal.html; Commentary and Resources
http://www.tomwbell.com/NetLaw/Ch09.html hacking resources
http://www.tomwbell.com/NetLaw/Ch09/UniversalvYahoo.html Complaint in the case
Cryptography Standards
Cryptography can provide the means for identifying the source, authenticating the contents, and providing privacy against eavesdroppers. Cryptography standards are needed to create interoperability in the information security world and are seen as conditions and protocols set forth to allow uniformity within communication, transactions and virtually all computer activity. The evolution of cryptography has caused other standards to become known and used on the Internet.
http://csrc.nist.gov/encryption/aes/rijndael/ NIST Website About New AES Standard http://www.esat.kuleuven.ac.be/cosic/press/pr_aes_english.html
http://www.rsasecurity.com/rsalabs/faq/3-3-1.html
Protection of Consumer Information from being Sold to the Third Parties
EPIC and Junkbusters filed objection to state Attorneys General urging them to protect records of book purchases collected by Amazon.com. Amazon.com changed its privacy policy in September 2000, and EPIC severed its relationship with the company and filed a complaint with the FTC.
Epic Filed For An Investigation of Amazon: http://epic.org/privacy/internet/amazon/ftcletterpr.html
Letter to the Attorney General: http://www.epic.org/privacy/amazon/amazonltr10.8.02.html
Epic Ends Relationship with Amazon: http://epic.org/privacy/internet/amazon/letter_pr.html
Response of the Massachusetts Attorney General: http://www.epic.org/privacy/amazon/agresponse10.8.02.pdf Junkbuster''s Archives of Amazon.com Issues: http://www.junkbusters.com/amazon.html
Epic Privacy Links: http://www.epic.org/privacy/
European Internet framework
Directive 2002/58/EC of the European Parliament.
http://publications.mediapost.com/index.cfm? fuseaction=Articles.showArticle&art_aid=84603
EU Topic Privacy and the Internet In Europe
The resulting legal framework is found mainly in Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data adopted on 24 October 1995 ("the Data Protection Directive"). This Directive is available at http://www.europa.eu.int/comm/internal_market/en/dataprot/law/index.htm
http://www.europa.eu.int/comm/internal_market/en/dataprot/law/impl.htm
This Directive provides that: "(i) personal data should be collected only for specified, explicit and legitimate purposes, (ii) the persons concerned should be informed about such purposes and the identity of the controller, (iii) any person concerned should have a right of access to his/her data and the opportunity to change or delete data which is incorrect and (iv) if something goes wrong, appropriate remedies should be available to put things right, including compensation of damages through the competent national Courts." http://news.com.com/2010-1069-962993.html?tag=lh
The European Commission (http://europa.eu.int/comm/index_en.htm) has published a new guide entitled "Data Protection in the European Union," which provides citizens and businesses with information on their rights regarding the collection and use of personal data and on what to do when their rights are violated. This Guide is available at: http://europa.eu.int/comm/internal_market/en/data
http://www.privacyinternational.org/intl_orgs/ec/dpd-proposed-amend-9-02.pdf