Joris van Hoboken

Publications

A Roadmap to Enhancing User Control via Privacy Dashboards

Irion, K.

Thompson, M.

van Hoboken, J.

Yakovleva, S.

Amsterdam / Hong Kong: IViR, 2017.

This report presents and draws on multidisciplinary insights into what characterises effective user control over the collection and use of personal data. User controls arise from the interplay of a number of conditions. These are partly technical but also connected to different aspects of user behaviour, the intricacies of design, as well as the internal and external incentives in privacy governance that exist today. Our review of the state of research underscores that devising effective user controls require close collaboration between different disciplines, clear regulatory guidance and scientifically-backed assessments.

26-09-2017

An Assessment of the Commission's Proposal on Privacy and Electronic Communications

Fahy, R.

Irion, K.

Rozendaal, M.

van Hoboken, J.

Zuiderveen Borgesius, F.

This study, commissioned by the European Parliament’s Policy Department for Citizens’ Rights and Constitutional Affairs at the request of the LIBE Committee, appraises the European Commission’s proposal for an ePrivacy Regulation. The study assesses whether the proposal would ensure that the right to the protection of personal data, the right to respect for private life and communications, and related rights enjoy a high standard of protection. The study also highlights the proposal’s potential benefits and drawbacks more generally.

15-06-2017

Human rights and encryption

Schulz, W.,

van Hoboken, J.

The study provides an overview of encryption technologies and their impact on human rights. It analyzes in-depth the role of encryption in the media and communications landscape, and the impact on different services, entities and end users. It highlights good practices and examines the legal environment surrounding encryption as well as various case studies of encryption policies. Built on this exploration and analysis, the research provides recommendations on encryption policy that are useful for various stakeholders. These include signaling the need to counter the lack of gender sensitivity in the current debate, and also highlighting ideas for enhancing “encryption literacy”.

01-12-2016

Scoping Electronic Communication Privacy Rules: Data, Services and Values

van Hoboken, J.

Zuiderveen Borgesius, F.

We use electronic communication networks for more than simply traditional telecommunications: we access the news, buy goods online, file our taxes, contribute to public debate, and more. As a result, a wider array of privacy interests is implicated for users of electronic communications networks and services. . This development calls into question the scope of electronic communications privacy rules. This paper analyses the scope of these rules, taking into account the rationale and the historic background of the European electronic communications privacy framework. We develop a framework for analysing the scope of electronic communications privacy rules using three approaches: (i) a service-centric approach, (ii) a data-centric approach, and (iii) a value-centric approach. We discuss the strengths and weaknesses of each approach. The current e-Privacy Directive contains a complex blend of the three approaches, which does not seem to be based on a thorough analysis of their strengths and weaknesses. The upcoming review of the directive announced by the European Commission provides an opportunity to improve the scoping of the rules.

19-01-2016

Obscured by Clouds or How to Address Governmental Access to Cloud Data From Abroad

Arnbak, A.

van Eijk, N.

van Hoboken, J.

Draft paper presented at Privacy Law Scholars Conference 2013, 6-7 June, Berkeley, United States. Zie ook: Snowden saga reveals gap in protection of European data, Financial Times, 29 July 2013, p. 2. 

11-06-2013

Cloud Computing in Higher Education and Research Institutions and the USA Patriot Act

Arnbak, A.

van Eijk, N.

van Hoboken, J.

This is the English translation of a report that was released in September 2012 in The Netherlands. It was covered extensively in Dutch newspapers, on Radio1 and the 8 PM news bulletin of public broadcaster NOS. Politicians across the spectrum reacted on the report, both directly in the media and through Parliamentary questions. Meanwhile, the State Secretary of Security and Justice has responded to the Parliamentary questions on 15 October 2012.
The report is also available on SSRN.

See also:
- Patriot Act can "obtain" data in Europe, researchers say, CBS News, 4 December 2012;
- Im Bann des amerikanischen Schnüffelwahns, Süd Deutsche, 10 January 2013.

Institutions have started to move their data and ICT operations into the cloud. It is becoming clear that this is leading to a decrease of overview and control over government access to data for law enforcement and national security purposes. This report looks at the possibilities for the U.S. government to obtain access to information in the cloud from Dutch institutions on the basis of U.S. law and on the basis of Dutch law and international co-operation. It concludes that the U.S. legal state of affairs implies that the transition towards the cloud has important negative consequences for the possibility to manage information confidentiality, information security and the privacy of European end users in relation to foreign governments. The Patriot Act from 2001 has started to play a symbolic role in the public debate. It is one important element in a larger, complex and dynamic legal framework for access to data for law enforcement and national security purposes. In particular, the FISA Amendments Act provision for access to data of non-U.S. persons outside the U.S. enacted in 2008 deserves attention. The report describes this and other legal powers for the U.S. government to obtain data of non-U.S. persons located outside of the U.S. from cloud providers that fall under its jurisdiction. Such jurisdiction applies widely, namely to cloud services that conduct systematic business in the United States and is not dependent on the location where the data are stored, as is often assumed. For non-U.S. persons located outside of the U.S., constitutional protection is not applicable and the statutory safeguards are minimal. In the Netherlands and across the EU, government agencies have legal powers to obtain access to cloud data as well. These provisions can also be be used to assist the U.S. government, when it does not have jurisdiction for instance, but they must stay within the constitutional safeguards set by national constitutions, the European Convention on Human Rights and the EU Charter.

29-11-2012

Search engine freedom: On the implications of the Right to Freedom of Expression for the Legal Governance of Web Search Engines

van Hoboken, J.

In this book, the author explores how search media can be incorporated into freedom of expression doctrine, as well as media and communications law and policy more generally. And the book develops a theory of the legal relations between national governments and search media providers on the one hand and between end-users and information providers on the other. Among the many issues covered are the following: role of government under the right to freedom of expression; lack of transparency about the ranking and selection of search results; search engine and ISP intermediary liability; filtering by access providers; freedom of expression and the governance of public libraries; the search engine market, its business model and the separation rule for advertising; search engine self-regulation; user profiling and personalization; decisions and actions for which search engines should be able to claim protection. The analysis draws on specific legal developments under Article 10 of the European Convention on Human Rights and the United States First Amendment, and investigates issues of diversity, pluralism, and freedom of expression as they relate to editorial control in other media. The author concludes with recommendations regarding search engine governance and the proper role of government, indicating which existing elements of the regulatory framework for search media can be improved and offering directions for future legal and empirical research. Considering the ever-growing cultural, political, and economic importance of the Internet and the World Wide Web in our societies, and the societal interests involved in the availability of effective search tools, this first in-depth legal analysis of search engine freedom will prove indispensable to the many practitioners and policymakers concerned with freedom of expression in the digital age

22-11-2012

Cloud diensten in hoger onderwijs en onderzoek en de USA Patriot Act

Arnbak, A.

van Eijk, N.

van Hoboken, J.

Rapport in opdracht van SURF, september 2012.

Zie ook:

Persbericht van SURF;
- Toezicht op gegevens in een cloud is hard nodig, NOS Journaal, zaterdag 13 oktober 2012;
- Cyberaanvallen nieuwe vorm van politieke acties, Joris van Hoboken op Radio 1, zaterdag 13 oktober 2012;
Reactie van Jeanine Hennis-Plasschaert, Radio 1, zaterdag 13 oktober 2012;
Kamervragen SP;
Antwoord Staatssecretaris Teeven op vragen SP;
- Onrust patiëntendossier neemt toe, website NOS, 30 november 2012;
- VS kan toegang tot EPD krijgen, video NOS journaal, 30 november 2012;
- 'De vraag is of VS medisch geheim Nederland zal respecteren', NOS journaal, 30 november 2012.

Instellingen en gebruikers gaan massaal over op de cloud, en daardoor vermindert de controle en het overzicht over de toegang tot onze gegevens door overheden. Dit heeft belangrijke consequenties voor de privacy en andere fundamentele belangen bij de vertrouwelijkheid van informatie. Er is de laatste tijd veel geroepen over de Patriot Act, maar niemand heeft goed zicht op de Amerikaanse wetgeving die de VS de mogelijkheid van toegang geeft tot gegevens in de cloud. Dit rapport van het IViR in opdracht van SURFdirect geeft antwoord op deze belangrijke vragen. De Amerikaanse Grondwet en de specifieke wetten beschermen buitenlanders in mindere mate dan Amerikanen. Cloudgegevens van niet-Amerikanen in het buitenland kunnen daarom sneller en makkelijker worden opgevraagd dan van Amerikanen, en dat zonder juridische waarborgen als transparantie over het aantal opvragingen en rechtsbescherming van het individu. Daarnaast wordt het maatschappelijke debat gedomineerd door hardnekkige misvattingen en een te grote focus op de Patriot Act. Er is sprake van een veel groter geheel aan wetgeving. Voor opvraging door Amerikaanse autoriteiten maakt het niet uit op welke plek in de wereld cloudgegevens zijn opgeslagen. Het hoeft ook geen Amerikaanse cloudprovider te zijn. Als een Nederlandse cloudaanbieder structureel zaken doet in de VS, dan geeft VS wet- en regelgeving in beginsel al de mogelijkheid voor VS autoriteiten om gegevens op te vragen vanuit Nederland. Voor afnemers van clouddiensten zullen zulke relaties in de praktijk moeilijk te achterhalen zijn en door overnames in de sector kan de situatie opeens veranderen.

12-09-2012

The Right to be Forgotten and the Media Exception in the Proposed Data Protection Regulation

van Hoboken, J.

Contribution to the European Parliament Hearing on Data Protection for the Digital Age, 28 June 2012, Brussels.

05-07-2012

(Fast)food for thoughts: de uitspraak van het Hof van Justitie in de Scarlet/Sabam-zaak

Helberger, N.

van Hoboken, J.

Met Scarlet/Sabam heeft het Hof van Justitie een belangrijke uitspraak gedaan over de juiste balans in de handhaving van intellectuele eigendomsrechten op internet en zorgplichten van ISPs. Meer concreet gaat het over het controversiële gebruik van internet monitoring en filters door ISPs voor het verkeer van hun klanten in de 'strijd tegen piraterij'. De discussie rond de handhaving van auteursrechtschendingen op het internet en de betrokkenheid van ISPs is buitengewoon actueel, ook met het oog op een aantal recente ontwikkelingen in Europa, waaronder de aanvulling van delen uit de E-Commerce Richtlijn. Dit artikel plaatst de uitspraak in zijn grotere politieke context en biedt een aantal kritische reflecties.

13-03-2012

Little Brother Is Tagging You - Legal and Policy Implications of Amateur Data Controllers

Helberger, N.

van Hoboken, J.

This article argues that the instances in which amateur users will fall under the ambit of data protection law are not the exception, but rather the rule. Based on an analysis of the provisions of the European Data Protection Directive, the article demonstrates that existing data protection law burdens amateur users with provisions that exceed the personal, technical and financial capacities of most Social Network Sites (SNS) users, that do no fit the SNS context or that users are simply not able to comply with without assistance from the SNS provider. While it is unacceptable to burden amateurs with a number of obligations that exceed their capacities, it is also not feasible to place all the burdens on SNS providers, since many of the privacy problems of SNSs are in fact user-made. All this points to a concept of joint-responsibility of SNS users and providers. The article concludes with a number of concrete suggestions on how such a concept of joint responsibility could be given form.

15-03-2011

Het belang van privacy. Verwarring over het burgerrecht van de 21ste eeuw,

van Hoboken, J.

Voorbij privacy. Nieuwe opvattingen  over het private en publieke domein

03-06-2010

User-Created-Content: Supporting a participative Information Society, Final Report

Angelopoulos, C.

Guibault, L.

Helberger, N.

E. Swart

van Eijk, N.

van Hoboken, J.

Studie in opdracht van de Europese Commissie, uitgevoerd door IDATE, TNO en IViR.

28-10-2009

Privacy in het publieke domein (Universiteit van Amsterdam)

van Hoboken, J.

Opening Academisch Jaar 2009-2010, Universiteit van Amsterdam

 

30-09-2009

Workshop on Audiovisual Search: Summary of the Discussion

Angelopoulos, C.

van Hoboken, J.

In: Searching for Audiovisual Content, IRIS Special 2008, Strasbourg: European Audiovisual Observatory, p. 1-10.

30-03-2009

De aansprakelijkheid van zoekmachines: Uitzondering zonder regels of regels zonder uitzondering?

van Hoboken, J.

Deze bijdrage gaat in op een belangrijk en lastig juridisch vraagstuk voor zoekmachines, namelijk de aansprakelijkheid voor onrechtmatige zoekresultaten. Alvorens tot een bespreking van het geldende recht over te gaan, zal het onderwerp worden uitgewerkt (§ 2) en worden stilgestaan bij het beleid van de bekendste zoekmachines (§ 3). Daarna volgt een bespreking van de relevante wetgeving op Nederlands en Europees niveau (§ 4) en een bespreking van de Nederlandse jurisprudentie (§ 5). Gezien de bestaande onduidelijkheid zal deze bijdrage afsluiten met een schematische bespreking van de verschillende aanknopingspunten voor het bepalen van de zorgplicht van zoekmachines ten aanzien van onrechtmatige zoekresultaten (§ 6). Om alvast op de conclusie (§ 7) vooruit te lopen: er is nog veel werk te doen voor wetgever, rechtspraak en zoekmachines.

28-03-2008

More Publications