Online Privacy Guide for Internet Users, Practical Suggestions and Recommendations

INTRODUCTION

The purpose of this guide is to help users understand their online privacy rights and remedies, and to know how and where to obtain relevant information about protection of their privacy rights. Privacy over the Internet is an evolving issue. This guide provides links to available resources users can resort to learn about legislative updates regarding online privacy.  This guide will provide information on both existing and pending legislatures. For instance, it provides information on how the European member states are updating their domestic criminal laws to be able to prosecute online criminal activities pertaining the use and misuse of consumer personal data or misappropriation of consumer private information.

Protection of Privacy  

People have a right to privacy under international laws and most countries'' domestic legislation. Privacy, therefore, became the main concern for legislators, consumers, and businesses. Your personal information is circulating on the Internet, are you aware of this as a consumer?  Maybe you are not, but cybercriminals are. The availability of important and confidential information on the Internet has led to an increase in cybercrimes, including identity theft. Before you put your information out there, check the privacy disclosure on the website you are visiting or visit the following Web pages to obtain more information about protection of privacy.

Links: Laws http://www.techlawjournal.com/cong107/privacy/hollings/20020418summary.asp  

Text of the legislation:  http://www.cdt.org/legislation/107th/privacy/hollings.shtml  

Legislation and other links: http://www.cdt.org/legislation/107th/privacy/hollings.shtml  

Center for Democracy and Technology: http://www.ftc.gov/os/2002/04/index.htm  

FTC"s response to this legislation: http://www.publishers.org/congrpt/onlineprivacy.htm  

Comparison of the legislation: http://www.virsci.com/pharmaNetTRUST/fpw1_1.html#1  

Comparison of the Consumer Privacy Protection Act of 2002 and the Online Personal Privacy Act   

http://www.epic.org/privacy/cable_tv/ctpa.htmlhttp://www.epic.org/privacy/cable_tv/ctpa.html  

 U.S. Family Privacy and Security Act of 2002 or S.2137

This United States legislation was passed to protect minors using the Internet from harmful material. This bill is still pending approval. It is necessary legislation that helps prevent images created by video voyeurism and posted on the Internet. Do you know what your children are doing on the internet? Have you installed parental control on your children''s computers to protect them from predators and from pornography that is advertently spam to users'' computer while surfing the Internet?

 

Links: http://thomas.loc.gov/cgi-bin/bdquery/z? d107: s.02729, Bill Summary and Status: http://www.netcoalition.com/bills/index.phtml?  rindex=69&issue=privacy&issueTitle=Privacy: Summary of the Legislation and text:  http://www.cdt.org/legislation/107th/wiretaps/  

Wiretap legislation: http://www.netcoalition.com/bills/billresources//2002-04-16.256.htm  

Introductory remarks to the legislation: http://www.senate.gov/~landrieu/releases/02/2002417521.html  

Landrieu Press Release: http://www.techtv.com/cybercrime/features/story/0,23008,3380883,00.html  

Videotape voyeurism and state legislation: http://www.techtv.com/print/story/0,23102,3013505,00.html  

 

Online Personal Privacy Act

This United States bill is directed to online businesses and a step ahead to protect and enhance consumer privacy. This legislation is similar to the Consumer Privacy Protection Act of 2002. Yet, one bill addresses business concerns regarding privacy issues, while the other closely addresses individuals'' privacy.  Ultimately, whichever bill is passed, it will have an effect on electronic commerce and the Internet. The objective of this bill is to tighten existing loopholes and non-compliance issues that have infested the Internet and affected consumers'' privacy rights.  Consumers must give permission before a business may collect any "sensitive personally identifiable information," such as race, financial information, medical data, and religious and political affiliations; if the information is "no sensitive personally identifiable information," you as the consumer may choose to "opt out." Under this bill, you have the right to bring a lawsuit against any commercial Web site operator who collects, discloses, or uses a customer''s "sensitive personally identifiable information." The legislation preempts state laws that regulate Internet privacy. This legislation also supersedes the privacy sections of Gramm-Bliley-Leach Act and other federal privacy laws creating a patchwork of privacy laws regarding online transactions. The legislation identifies "Internet companies as an Internet service provider, online service provider or commercial Web site operator and states that they may not collect, use, or disclose personally identifiable information without complying with this legislation." This requirement also applies to any third party, including advertising networks that use an Internet service provider, online service provider, or commercial Web site operator to collect information about users of that service or website.

 

Links: Laws: http://www.techlawjournal.com/cong107/privacy/hollings/20020418summary.asp  

Text of the legislation: http://www.cdt.org/legislation/107th/privacy/hollings.shtml  

Legislation and other Links: http://www.cdt.org/legislation/107th/privacy/hollings.shtml  

Center for Democracy and Technology: http://www.ftc.gov/os/2002/04/index.htm  

FTC''s response to this legislation: http://www.publishers.org/congrpt/onlineprivacy.htm  

Comparison of the legislation: http://www.virsci.com/pharmaNetTRUST/fpw1_1.html#1  

 

 Federal Trade Commission and Privacy

Computer technology makes it easier to collect detailed information about people and easily share it. Today, law enforcement can easily track down criminals, and consumers can easily learn about new products and services, which allow better-informed purchasing decisions. The adverse effect of these is that personal information becomes more accessible. Thus, each of us - companies, associations, government agencies, and consumers - must take precautions to protect against the misuse of that information.  The Federal Trade Commission is enlightening consumers and businesses about the significance of privacy regarding personal information. The Federal Trade Commission investigates violations of privacy; especially those dealing with fraud, identity theft and personal information being illegally shared among business entities and others.

 

Links: Laws

http://www.netcoalition.com/bills/index.phtml? rindex=71&issue=privacy&issueTitle=Privacy   

Link to the legislation: http://www.techlawjournal.com/cong107/privacy/stearns/hr4678ih.asp  

Text of the legislation; http://www.wow-com.com/pdf/hr4678_intro_stearns.pdf  

EPIC''s response to privacy concerns http://www.epic.org/privacy/fipsltr5.8.02.html  

Boucher introduces Consumer Privacy Protection Act of 2002 http://www.house.gov/boucher/docs/privacybill-pr.htm  http://www.publishers.org/congrpt/onlineprivacy.htm  

Comparison of privacy legislation, http://www.virsci.com/pharmaNetTRUST/fpw1_1.html#1  

 

The Federal Agency Protection of Privacy Act

Another privacy bill pending on the United States Congress is the Federal Agency Protection of Privacy Act. This legislation orders federal agencies to consider the potential impact on citizens'' privacy, and requires a privacy impact analysis be included when agencies circulate rules or regulations for public comment. This legislation seeks to promote the privacy of individuals and prevents governmental encroachment. The legislation is a method to advance the privacy protection for American citizens. This legislation also requires each agency to "(1) carry out a periodic review of promulgated rules that have such impact to determine whether each such rule can be amended or rescinded in a manner that minimizes such impact while remaining in accordance with applicable statutes; (2) carry out such review in accordance with a plan that provides for the review of each rule every ten years after the rule was published as a final rule; and (3) publish annually a list of the rules to be reviewed. H.R.4561"

 

The legality of the encryption Products Export regulation

Cryptographic technologies have many applications that could aid privacy, but it is subject to export controls due to the fact that it can be used for criminal purposes or even as a weapon of war. Three cases have challenged the legality of the encryption export regulations. The following are the arguments made in these cases,

Ø  Are unconstitutional prior restraints on speech under the First Amendment

Ø  Violate the plaintiffs'' rights to due process under the Fifth Amendment

Ø  Are not authorized by the International Emergency Economic Powers Act (IEEPA),

 

Links: Sample court documents: http://people.qualcomm.com/karn/export/amended_complaint.html  

Karn amended complaint: http://samsara.law.cwru.edu/comp_law/jvd/pdj3.html  

Amended complaint for Junger: http://www.epic.org/crypto/export_controls/bernstein_brief.html  

Epic Amicus Brief filed for Bernstein: http://people.qualcomm.com/karn/export/index.html  

Karn''s homepage of litigation case: http://samsara.law.cwru.edu/comp_law/jvd/  

Junger''s Web site: Http://www.cdt.org/crypto/litigation/ 

Cryptography litigation: http://www.eff.org//Privacy/ITAR_export/Bernstein_case/Legal  

 

Email Encryption Measures

As more people and business relies on the increasing use of electronic mail for personal and business use, its security has been the source of debate. This is due to the magnitude of confidential information and contractual matters being exchanged between parties on the Internet. Hence, this exchange may not be secure and the need for encryption measures must be considered.  Encryption is "the transformation of data into a form that is as close to impossible as possible to read without the appropriate knowledge. The purpose of encryption is to ensure privacy by keeping information hidden from anyone for whom it is not intended including even individuals that have access to this encrypted data."

 

Links: http://ecommercetimes.com/perl/story/18860.html  

Email encryption: http://gigalaw.com/articles/2000-all/halberstam-2000-03-all.html 

Electronic mail disclaimers: http://www.wired.com/news/culture/0,1284,10555,00.html  

Web-Based mail and anonymity: http://ecommercetimes.com/perl/story/18860.html  

Email encryption: http://www.certifiedmail.com/  

Certified mail: http://www.epic.org/  

EPIC Web site: http://www.nai.com/

Network associates: http://www.pgpi.org/  

PGP System: http://www.privacy.net/  

Demonstration of the lack of the security of electronic mail

https://www.hushmail.com/?PHPSESSID=c8dbe21ffb87a3edb61fba90a8b5f286  

 

Using the Internet brings with it a concern of who may be collecting your personal information. See Senator Ernest F. Hollings in response to this concern and on the Gramm-Leach-Bliley Financial Privacy Act on how businesses will treat financial data in any context. European Data Protection Directive strictly regulates personal data collection, processing and transfer. On this Directive, personal data can only be transferred to countries outside the E.U. that "guarantee an adequate level of protection." See also a detailed discussion on how the French government is trying to protect its citizen''s privacy by speeding up the development of online administrative services. For further information or assistance visit the following links.

 

http://www.e-recht24.de/artikel/datenschutz/16.html "Datenschutz im Internet" (in German)

http://www.ius-it.de/  Jens Engelhardt "Datenschutzrechtliche Anforderungen an Internetdienste- und Mediendiensteanbieter" (in German) http://www.legamedia.net/legapractice/gleiss/2000/00- 02/0002_hamann_christian_datenschutz.php, Christian Hamann "Datenschutz bei E-Commerc " (in German)  

 

How to transfer Electronic Personal data from Europe to the United States

The European Data Protection Directive strictly controls personal data collection, processing and transfer. Pursuant to this Directive, personal data can only be transferred to countries outside the E.U. that guarantee an adequate level of protection. U.S. companies willing to transfer personal data from the E.U. to the U.S. must comply with either the "Safe Harbor" or the "Model Contract" alternative.

 

Information Sharing by Financial Services Provider

The Electronic Privacy Information Center (EPIC) has expressed concern about information sharing that occurs among financial services institutions. EPIC says that the Gramm-Leach-Bliley Act (GLBA) has failed to adequately protect consumer privacy in the financial services industry.

 

http://www.epic.org/news/  EPIC''S news page including links to its report about the GLBA Bill and links to attorney generals'' comments;

http://www.epic.org/privacy/financial/ag_glb_comments.html    

Attorney Generals'' Comments about the GLBA; http://www.newsbytes.com/news/02/176335.h tml   

Privacy Groups Criticize Information Sharing by Financial Institutions   

http://www.epic.org/  Electronic Privacy Information Center''s Web site  

 

Other Pending legislation in America: The Online Personal Privacy Act

Watch out for the following pending legislation: Collecting your personal information, Senator Ernest F. Hollings Online Personal Privacy Act.

 

 Employer/Employee and privacy issues regarding Use of the Internet  

Employers are using Internet filters to block users'' access to certain Web sites for security purposes.

The use of these filters has been challenged in the context of the workplace. While the Internet has been a forum of free expression and marketplace of ideas, the use of filters would prevent that potential. However, the workplace may hold a different context for determining the legality of these filters. Parents, employers, school districts, and other government entities are using privately manufactured Internet rating and filtering programs with increasing frequency.

 

Monitoring of Employees Electronic mails and Internet Usage

Employers are monitoring their employees'' e-mail usage and courts have been reluctant to get involved in the employer''s practices. Employers'' action will stand constitutional challenges since a governmental actor is not involved. The practices and policies of private employers will, therefore, have no probabilities of being successfully challenged. The usage of electronic mail and Internet access has proved to be a temptation for employees. These employees think that their e-mail should be private, even if it is sent over a company-owned system.

Employee misuse of these systems can lead to:

(1) "the disclosure of trade secrets;

(2) harassment and hostile environment claims;

(3) copyright penalties (up to $100,000 statutory damages);

(4) criminal penalties, including seizure of computers used in criminal activity; and

(5) potentially harming the company''s position in litigation."

  

The Failure of A Company to Remove a Former Employee''s name from its Web site is not unauthorized use

In Leary v. Punzi, the failure of a company to remove a former employee''s name from their Web site was not deemed an unauthorized use in terms of advertising. "The use of the individual''s name must be considered to determine the extent of the use and also to determine how much control has been exerted over the website and whether or not a commercial element is present."

 

Is reposting candid photos of women fair use?  http://tushnet.blogspot.com/search/label/right%20of%20publicity   

The Right of Publicity -- Names, Likeness, and Photos and beyond: http://www.iplegal.com/lib/rtpblct.html  http://www.law.cornell.edu/wex/index.php/Publicity  

The Right of Publicity: http://www.perkinscoie.com/resource/ecomm/netcase/Cases-22.htm  

Right of Publicity Cases: http://www.mediainstitute.org/ONLINE/FAM2003/6-c.html

 

The Monitoring of Emails under French law

The Monitoring of email is legal, provided the employer respects certain conditions.

http://www.juriscom.net/pro/2/priv20020408.pdf  

Martine Ricouart-Maillet and Caroline Requillard, "Le role de l''administrateur réseau dans la cyber surveillance" (in French); http://www.legalbiznext.com/cgi-bin/news/viewnews.cgi?category=8&id=1013771444   

"Cybersurveillance des salariés: l''analyse" (in French); http://www.njuris.com/breves/brev_0102.htm  

"Précisions jurisprudentielles sur la cybersurveillance des salaries" (in French)  

  

Concerns Over A Company''s privacy Practices regarding Its Consumers

In FTC v. Eli Lilly and Company, the issue was the use of consumer''s personal information. A computer malfunction resulted in numerous customers'' information to be included in an email.

 

Links: http://www.ftc.gov/os/2002/01/lillyana.htm    FTC''S Proposed Consent Order

http://www.ftc.gov/opa/2002/01/elililly.htm, FTC Settlement Commentary

http://www.ftc.gov/os/2002/01/lillyswindlestat.htm  

 

U.S. Economic Espionage Act of 1996

Dissemination of trade secrets has become common with the use of the Internet because it allows for the quick dissemination of this information.

 

http://articles.corporate.findlaw.com/articles/file/firms/cg/cg000035/title/Subject/topic/Intellectual%20Property%20Law_Trade%20Secrets/filename/intellectualpropertylaw_1_238    

http://www.usdoj.gov/usao/eousa/foia_reading_room/usam/title9/59mcrm.htm  

Economic Espionage: http://my.execpc.com/~mhallign/crime.html  

http://www.tms.org/pubs/journals/JOM/matters/matters-9711.html Federal Liability for Theft of Trade Secrets:

 

 Non-Competition Agreements

There is criminal liability for violation of non-competition agreements, because employers want to protect their intellectual property investments. Courts generally will enforce non-competition agreements that (1) are limited in terms of their prohibited activity, (2) contain a time limitation, and (3) include a reasonable geographic limitation.

 

Links: Non-Competition agreements: http://jobsearchtech.about.com/library/weekly/aa042202-2.htm   

Is a Non-Compete agreement legal: http://jobsearchtech.about.com/library/weekly/aa042202-3.htm  

Breaking a Non-Compete agreement: http://www.alllaw.com/forms/employment/employee_non-compete/   

Another Example of a Non-Compete agreement: http://www.humanresourcesupply.com/emconandnonc.html    

 

Employees Monitoring of Email can involve Invasion of Privacy Claims

There may be a state law action for violating privacy rights. Yet, U.S. states have taken different approaches to their interpretation and development of privacy violations. The right of employers to monitor their employees'' e-mail has constituted a claim arising under the privacy torts. However, even though many companies have electronically monitored their employees'' Internet and e-mail usage, they can potentially face lawsuits for invasion of privacy. State privacy laws include the torts of public disclosure of private facts, false light and false intrusion. Each state has taken a different approach to these torts and whether or not there is a right to sue for the various theories of action."

 

Links: Monitoring of e-mails: http://www.phillipsnizer.com/int-art168.htm

http://www.tomwbell.com/NetLaw/Ch05/Bourke.html

Bourke v. Nissan Motor Corp: http://courtstuff.com/cgi-bin/as_web.exe?c05_99.ask+D+10706510  

McLaren v. Microsoft Corp.: http://www.marquette.edu/law/course/priv_98/kmart.htm  

K-Mart Corp. State No. 7441 v. Trotti: http://www.tomwbell.com/NetLaw/Ch05/Bourke.html  

 

Creation of the Website by an Employee under French law

When a company allocates the creation of its Web site to one of its employees, this company must assure that it is entitled to use this site. The employee might be the copyright holder of the Web site of the company, could sue this company for copyright infringement, and even restrain the company from using the Web site.

http://www.en-droit.com/intellex/ouvrages/creation_salariee_site_web.pdf

http://www.legalis.net/legalnet/judiciaire/tcomm_edirom_0198.htm  

Edirom vs. Global Market Network, Commercial Court of Nanterre, January 27, 1998 (in French)

 

Australia''s New Private Sector Privacy laws

The discussion gives an overview and considers the implications of the touchstone of the new privacy laws, the "10 National Privacy Principles." http://www.privacy.gov.au/publications/IS12_02.PDF

http://www.privacy.gov.au/publications/IS1_01.pdf  

Privacy Commissioner''s Information Sheet 1 - Overview of the Private Sector Provisions

Links: http://www.privacy.gov.au/   Australian Privacy Commissioner''s website

 

Company Internet and Email policies

Companies regulate the exchange of e-mail system, including incoming and outgoing messages. Companies'' directors want to know how their employees are using their system and what information is being exchanged. "The use of the electronic mail system may lead to the disclosure of trade secrets, harassment and hostile environment claims, copyright penalties of exchanging copyrighted information, criminal penalties and harm to the company''s reputation and position in litigation. These strong interests have led many employers to draft Internet and electronic mail policies. These policies will influence electronic commerce matters." 

 

Sample Email Policy: http://www.phillipsnizer.com/int-art168.htm  

 http://eon.law.harvard.edu/privacy/McLaren_v_Microsoft.htm  

 

Devising a Privacy Policy for Corporations

Privacy policies for online businesses are worrisome to all, especially when it involves sharing consumer information with third parties. Companies have attempted to combine consumers'' data, but efforts need to be made to protect shoppers'' privacy.

eBay Changes Policy: http://news.com.com/2100-1017-845911.html  

Best Buy Changes Policy: Best Buy Changes Policy http://news.com.com/2100-1017-932157.html  

Yahoo Changes Its Privacy Policy: http://news.com.com/2100-1023-870270.html  

Legislation Aimed to Protect Online Privacy:  http://news.com.com/2100-1023-916662.html  

Epic''s Privacy Policy: http://www.epic.org/epic/privacy_policy.html  

FTC Privacy Policy: http://www.ftc.gov/ftc/privacy.htm 

Microsoft Privacy Policy: http://www.microsoft.com/info/privacy.htm  

 

 Drafting a Company internet policy Complaint with the Computer Fraud and Abuse Act

The Computer Fraud and Abuse Act (CFAA) has an effect on electronic commerce. The legislation and its ensuing cases have shown that there must be a specific and detailed electronic mail and Internet usage policy in place to limit the usage of computers at the workplace. The Computer Fraud and Abuse Act (CFAA), 18 U.S.C. Sec. 1030, was passed in 1984 and has been amended on two different occasions. The CFAA has become of great importance with the increasing use of the Internet especially in the workplace. http://www.usdoj.gov/criminal/cybercrime/1030_new.html

Strategies for Internet policies: http://www.infoworld.com/articles/op/xml/00/11/20/001120opborck.xml  

Secretary of State-Washington: http://www.secstate.wa.gov/archives/pdf/E-mail%20Guidelines.pdf  

Fair Measures on Internet Usage Policies: http://www.fairmeasures.com/pcm_iepolicy.html  

 

Online Advertising and Spamming

Spamming is an Internet advertising method. Spamming takes place when an Internet user indiscriminately distributes large amounts of unsolicited information, in the form of e-mail messages, to large numbers of other Internet users. Internet users and service providers consider spamming "wrongful" conduct because the excessive data that comprises the e-mail messages slows or disrupts the computer servers processing Internet data transfers, resulting in a possible loss of service to the user. The excessive quantities of e-mail generated by spammers causes both Internet users and service providers alike to incur unwanted expenses. The recipients of these unsolicited e-mail advertisements may incur additional expenses because they are to pay the service provider for any online time required to retrieve or delete these messages, while the service provider must expend valuable computer storage area by holding the recipients'' unretrieved messages.

 

See The FTC Act and advertising on the Internet: http://www.ftc.gov/bcp/conline/pubs/buspubs/dotcom/index.html

FTC''s Guidelines to Disclosures for Internet Sites: http://www.ftc.gov/bcp/conline/pubs/buspubs/ruleroad.shtm; Advertising and Marketing on the Internet: Rules of the Road:  http://www.ftc.gov/bcp/icpw/comments/era.htm  

Interpretation of Rules and Guides for Electronic Media:

http://www.ftc.gov/bcp/rulemaking/elecmedia/workshop/index.shtm 

FTC v. Odysseus Marketing, Inc. http://www.ftc.gov/os/caselist/0423205/080131motion.pdf 

  

The Use of SMS Messages and Political SPAM

Federal election regulators exempted text-based wireless advertisement (Ads) from campaign disclosure rules. Consumers could find their mobile phones subject to a flood of political spam. The Federal Election Commission (FEC) approved a New Jersey technology firm''s petition to waive disclosure rules for political Ads delivered via SMS -- or "short messaging service." 

 

The First Amendment, Junk Faxes and Spam:  http://www.washingtonpost.com/wp-dyn/articles/A49356-2002Aug22.html

SMS Political Ads Effects: http://www.zdnet.com/products/stories/reviews/0,4161,2795550,00.html  

 

 European Union Anti-Spam Directive

This European Union Directive allows an "opt-in" opportunity for consumers if they desire to have unsolicited email. "If there is no prior relationship with the company, they are not permitted to bother the consumer with the unsolicited email." http://www.euro.cauce.org/en/amendments.html#cult  

http://www.cauce.org/pressreleases/20020531.shtml  

 

Spyware / Cookies and  Privacy Concerns

The use of cookies has raised privacy concerns.  The use of cookies and its legal implications pertaining to privacy issues and whether or "not the cookies have lead viruses or other spyware to become present on one''s personal computer have become issues in the increasing use of computers for online shopping and electronic commerce."  Privacy concerns will continue to exist on the Internet as long as monitoring and privacy standards are not implemented.

http://news.bbc.co.uk/1/hi/sci/tech/1868395.stm  

Google Hit by Link Bombers: http://www.microcontentnews.com/articles/googleblogs.htm  

Weblogs: http://www.microcontentnews.com/articles/googlebombs.htm  

Google Bombings: http://www.wordspy.com/words/Googlebombing.asp  

Google Bombing: http://www.google.com/technology/index.html  Google Press Release:

http://www.cookiecentral.com/faq/#1.1  Cookies FAQ: http://www.epic.org/privacy/internet/cookies/  

Electronic Privacy Information Center Primer on Cookies

http://www.epic.org/privacy/internet/ftc/DCLK_comp_pr.html  EPIC''s Press Release about DoubleClick lawsuit  

 

Privacy Standards Set For the Use of Cookies

Cookies and their use of tracking users'' Internet movement have raised privacy flags. Privacy standards, therefore, have been determined for the use of cookies. Privacy concerns will continue to exist on the Internet as long as monitoring and privacy standards are not implemented.  This issue consistently has become an "opt-out" system instead of an "opt-in" system, which privacy advocates have found troubling. http://www.cookiecentral.com/faq/#1.1 

Cookies FAQ: http://www.oag.state.ny.us/press/2002/aug/aug26a_02.html Press Release for Cookie Standards

http://www.washingtonpost.com/wp-dyn/articles/A64716-2002Aug26.html  Settlement Agreement

 

Whether the Use of Cookies to Track Internet Usage can violate Anti-Stalking Laws

In Universal Image Inc. v. Yahoo!, Inc, the issue involved the use of cookies and the right to privacy. Yahoo''s privacy policy was examined. This case was revolutionary because it determined whether the use of cookies to track Internet usage can violate consumer privacy. Companies must fully disclose their privacy policies so that users can make informed decisions of whether they want their information stored on the advertisers'' systems. http://legal.web.aol.com/decisions/dlpriv/universal.html; Commentary and Resources

http://www.tomwbell.com/NetLaw/Ch09.html hacking resources

http://www.tomwbell.com/NetLaw/Ch09/UniversalvYahoo.html  Complaint in the case

 

Cryptography Standards

Cryptography can provide the means for identifying the source, authenticating the contents, and providing privacy against eavesdroppers. Cryptography standards are needed to create interoperability in the information security world and are seen as conditions and protocols set forth to allow uniformity within communication, transactions and virtually all computer activity. The evolution of cryptography has caused other standards to become known and used on the Internet.

http://csrc.nist.gov/encryption/aes/rijndael/  NIST Website About New AES Standard http://www.esat.kuleuven.ac.be/cosic/press/pr_aes_english.html

 http://www.rsasecurity.com/rsalabs/faq/3-3-1.html  

 

 Protection of Consumer Information from being Sold to the Third Parties

EPIC and Junkbusters filed objection to state Attorneys General urging them to protect records of book purchases collected by Amazon.com. Amazon.com changed its privacy policy in September 2000, and EPIC severed its relationship with the company and filed a complaint with the FTC.

 

Epic Filed For An Investigation of Amazon: http://epic.org/privacy/internet/amazon/ftcletterpr.html  

Letter to the Attorney General: http://www.epic.org/privacy/amazon/amazonltr10.8.02.html  

Epic Ends Relationship with Amazon: http://epic.org/privacy/internet/amazon/letter_pr.html  

Response of the Massachusetts Attorney General: http://www.epic.org/privacy/amazon/agresponse10.8.02.pdf   Junkbuster''s Archives of Amazon.com Issues: http://www.junkbusters.com/amazon.html  

Epic Privacy Links: http://www.epic.org/privacy/  

 

European Internet framework

Directive 2002/58/EC of the European Parliament.

http://publications.mediapost.com/index.cfm? fuseaction=Articles.showArticle&art_aid=84603   

 

EU Topic Privacy and the Internet In Europe

The resulting legal framework is found mainly in Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data adopted on 24 October 1995 ("the Data Protection Directive"). This Directive is available at http://www.europa.eu.int/comm/internal_market/en/dataprot/law/index.htm

http://www.europa.eu.int/comm/internal_market/en/dataprot/law/impl.htm   

This Directive provides that:  "(i) personal data should be collected only for specified, explicit and legitimate purposes, (ii) the persons concerned should be informed about such purposes and the identity of the controller, (iii) any person concerned should have a right of access to his/her data and the opportunity to change or delete data which is incorrect and (iv) if something goes wrong, appropriate remedies should be available to put things right, including compensation of damages through the competent national Courts." http://news.com.com/2010-1069-962993.html?tag=lh

The European Commission (http://europa.eu.int/comm/index_en.htm) has published a new guide entitled "Data Protection in the European Union," which provides citizens and businesses with information on their rights regarding the collection and use of personal data and on what to do when their rights are violated. This Guide is available at: http://europa.eu.int/comm/internal_market/en/data   

http://www.privacyinternational.org/intl_orgs/ec/dpd-proposed-amend-9-02.pdf

 

 

Published 10 November 09 06:45 by IBLS Editor

Comments

No Comments
Anonymous comments are disabled

Search

Go

This Blog

Syndication