Open Data, Privacy, and Fair Information Principles: Towards a Balancing Framework

Open Data, Privacy, and Fair Information Principles: Towards a Balancing Framework external link

Zuiderveen Borgesius, F. & van Eechoud, M.

2015

Abstract

Open data are held to contribute to a wide variety of social and political goals, including strengthening transparency, public participation and democratic accountability, promoting economic growth and innovation, and enabling greater public sector efficiency and cost savings. However, releasing government data that contain personal information may threaten privacy and related rights and interests. In this paper we ask how these privacy interests can be respected, without unduly hampering benefits from disclosing public sector information. We propose a balancing framework to help public authorities address this question in different contexts. The framework takes into account different levels of privacy risks for different types of data. It also separates decisions about access and re-use, and highlights a range of different disclosure routes. A circumstance catalogue lists factors that might be considered when assessing whether, under which conditions, and how a dataset can be released. While open data remains an important route for the publication of government information, we conclude that it is not the only route, and there must be clear and robust public interest arguments in order to justify the disclosure of personal information as open data.

Links

http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2695005

anonymous data, Big data, Data protection, fair information principles, Freedom of information, Grondrechten, OECD privacy Guidelines, Privacy, public sector data

RIS

TY  - JOUR
AU  - Zuiderveen Borgesius, F.
AU  - van Eechoud, M.
PY  - 1203
DA  - 2015-12-03
T1  - Open Data, Privacy, and Fair Information Principles: Towards a Balancing Framework
UR  - http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2695005
AB  - Open data are held to contribute to a wide variety of social and political goals, including strengthening transparency, public participation and democratic accountability, promoting economic growth and innovation, and enabling greater public sector efficiency and cost savings. However, releasing government data that contain personal information may threaten privacy and related rights and interests. In this paper we ask how these privacy interests can be respected, without unduly hampering benefits from disclosing public sector information. We propose a balancing framework to help public authorities address this question in different contexts. The framework takes into account different levels of privacy risks for different types of data. It also separates decisions about access and re-use, and highlights a range of different disclosure routes. A circumstance catalogue lists factors that might be considered when assessing whether, under which conditions, and how a dataset can be released. While open data remains an important route for the publication of government information, we conclude that it is not the only route, and there must be clear and robust public interest arguments in order to justify the disclosure of personal information as open data.
K1  - anonymous data
K1  - Big data
K1  - Data protection
K1  - fair information principles
K1  - Freedom of information
K1  - Grondrechten
K1  - OECD privacy Guidelines
K1  - Privacy
K1  - public sector data
ER  -

Save .RIS

Bibtex

Article{nokey,
	title = {Open Data, Privacy, and Fair Information Principles: Towards a Balancing Framework},
	author = {Zuiderveen Borgesius, F. and van Eechoud, M.},
	year = {1203},
	date = {2015-12-03},
	abstract = {Open data are held to contribute to a wide variety of social and political goals, including strengthening transparency, public participation and democratic accountability, promoting economic growth and innovation, and enabling greater public sector efficiency and cost savings. However, releasing government data that contain personal information may threaten privacy and related rights and interests. In this paper we ask how these privacy interests can be respected, without unduly hampering benefits from disclosing public sector information. We propose a balancing framework to help public authorities address this question in different contexts. The framework takes into account different levels of privacy risks for different types of data. It also separates decisions about access and re-use, and highlights a range of different disclosure routes. A circumstance catalogue lists factors that might be considered when assessing whether, under which conditions, and how a dataset can be released. While open data remains an important route for the publication of government information, we conclude that it is not the only route, and there must be clear and robust public interest arguments in order to justify the disclosure of personal information as open data.},
	keywords = {anonymous data, Big data, Data protection, fair information principles, Freedom of information, Grondrechten, OECD privacy Guidelines, Privacy, public sector data},
}

Save .bib

New Data Security Requirements and the Proceduralization of Mass Surveillance Law after the European Data Retention Case external link

Zuiderveen Borgesius, F. & Arnbak, A.

2015

Abstract

This paper discusses the regulation of mass metadata surveillance in Europe through the lens of the landmark judgment in which the Court of Justice of the European Union struck down the Data Retention Directive. The controversial directive obliged telecom and Internet access providers in Europe to retain metadata of all their customers for intelligence and law enforcement purposes, for a period of up to two years. In the ruling, the Court declared the directive in violation of the human rights to privacy and data protection. The Court also confirmed that the mere collection of metadata interferes with the human right to privacy. In addition, the Court developed three new criteria for assessing the level of data security required from a human rights perspective: security measures should take into account the risk of unlawful access to data, and the data’s quantity and sensitivity. While organizations that campaigned against the directive have welcomed the ruling, we warn for the risk of proceduralization of mass surveillance law. The Court did not fully condemn mass surveillance that relies on metadata, but left open the possibility of mass surveillance if policymakers lay down sufficient procedural safeguards. Such proceduralization brings systematic risks for human rights. Government agencies, with ample resources, can design complicated systems of procedural oversight for mass surveillance – and claim that mass surveillance is lawful, even if it affects millions of innocent people.

Links

http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2678860

Data protection, data retention, GCHQ, Grondrechten, metadata, NSA, Privacy, security, Snowden, Surveillance, traffic data

RIS

TY  - JOUR
AU  - Zuiderveen Borgesius, F.
AU  - Arnbak, A.
PY  - 1027
DA  - 2015-10-27
T1  - New Data Security Requirements and the Proceduralization of Mass Surveillance Law after the European Data Retention Case
UR  - http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2678860
AB  - This paper discusses the regulation of mass metadata surveillance in Europe through the lens of the landmark judgment in which the Court of Justice of the European Union struck down the Data Retention Directive. The controversial directive obliged telecom and Internet access providers in Europe to retain metadata of all their customers for intelligence and law enforcement purposes, for a period of up to two years. In the ruling, the Court declared the directive in violation of the human rights to privacy and data protection. The Court also confirmed that the mere collection of metadata interferes with the human right to privacy. In addition, the Court developed three new criteria for assessing the level of data security required from a human rights perspective: security measures should take into account the risk of unlawful access to data, and the data’s quantity and sensitivity. While organizations that campaigned against the directive have welcomed the ruling, we warn for the risk of proceduralization of mass surveillance law. The Court did not fully condemn mass surveillance that relies on metadata, but left open the possibility of mass surveillance if policymakers lay down sufficient procedural safeguards. Such proceduralization brings systematic risks for human rights. Government agencies, with ample resources, can design complicated systems of procedural oversight for mass surveillance – and claim that mass surveillance is lawful, even if it affects millions of innocent people.
K1  - Data protection
K1  - data retention
K1  - GCHQ
K1  - Grondrechten
K1  - metadata
K1  - NSA
K1  - Privacy
K1  - security
K1  - Snowden
K1  - Surveillance
K1  - traffic data
ER  -

Save .RIS

Bibtex

Article{nokey,
	title = {New Data Security Requirements and the Proceduralization of Mass Surveillance Law after the European Data Retention Case},
	author = {Zuiderveen Borgesius, F. and Arnbak, A.},
	year = {1027},
	date = {2015-10-27},
	abstract = {This paper discusses the regulation of mass metadata surveillance in Europe through the lens of the landmark judgment in which the Court of Justice of the European Union struck down the Data Retention Directive. The controversial directive obliged telecom and Internet access providers in Europe to retain metadata of all their customers for intelligence and law enforcement purposes, for a period of up to two years. In the ruling, the Court declared the directive in violation of the human rights to privacy and data protection. The Court also confirmed that the mere collection of metadata interferes with the human right to privacy. In addition, the Court developed three new criteria for assessing the level of data security required from a human rights perspective: security measures should take into account the risk of unlawful access to data, and the data’s quantity and sensitivity. While organizations that campaigned against the directive have welcomed the ruling, we warn for the risk of proceduralization of mass surveillance law. The Court did not fully condemn mass surveillance that relies on metadata, but left open the possibility of mass surveillance if policymakers lay down sufficient procedural safeguards. Such proceduralization brings systematic risks for human rights. Government agencies, with ample resources, can design complicated systems of procedural oversight for mass surveillance – and claim that mass surveillance is lawful, even if it affects millions of innocent people.},
	keywords = {Data protection, data retention, GCHQ, Grondrechten, metadata, NSA, Privacy, security, Snowden, Surveillance, traffic data},
}

Save .bib

Making Access to Government Data Work external link

van Eechoud, M.

Masaryk University Journal of Law and Technology, num: 2, 2015

Abstract

The EU Directive on Re-use of Public Sector Information of 2013 (the PSI Directive) is a key instrument for open data policies at all levels of government in Member States. It sets out a general framework for the conditions governing the right to re-use information resources held by public sector bodies. It includes provisions on non-discrimination, transparent licensing and the like. However, what the PSI Directive does not do is give businesses, civil society or citizens an actual claim to access. Access is of course a prerequisite to (re)use. It is largely a matter for individual Member States to regulate what information is in the public record. This article explores what the options for the EC are to promote alignment of rights to information and re-use policy. It also flags a number of important data protection problems that have not been given serious enough consideration, but have the potential to paralyze open data policies.

Links

https://journals.muni.cz/mujlt/article/view/3717

Access to Government Information, Data protection, Directive 2003/98/EC, Freedom of information, Open Data, Overheidsinformatie, Re-use of Public Sector Information

RIS

TY  - JOUR
AU  - van Eechoud, M.
PY  - 1021
DA  - 2015-10-21
T1  - Making Access to Government Data Work
JO  - Masaryk University Journal of Law and Technology
NV  - 2
UR  - https://journals.muni.cz/mujlt/article/view/3717
AB  - The EU Directive on Re-use of Public Sector Information of 2013 (the PSI Directive) is a key instrument for open data policies at all levels of government in Member States. It sets out a general framework for the conditions governing the right to re-use information resources held by public sector bodies. It includes provisions on non-discrimination, transparent licensing and the like. However, what the PSI Directive does not do is give businesses, civil society or citizens an actual claim to access. Access is of course a prerequisite to (re)use. It is largely a matter for individual Member States to regulate what information is in the public record. This article explores what the options for the EC are to promote alignment of rights to information and re-use policy. It also flags a number of important data protection problems that have not been given serious enough consideration, but have the potential to paralyze open data policies.
K1  - Access to Government Information
K1  - Data protection
K1  - Directive 2003/98/EC
K1  - Freedom of information
K1  - Open Data
K1  - Overheidsinformatie
K1  - Re-use of Public Sector Information
ER  -

Save .RIS

Bibtex

Article{nokey,
	title = {Making Access to Government Data Work},
	author = {van Eechoud, M.},
	year = {1021},
	date = {2015-10-21},
	journal = {Masaryk University Journal of Law and Technology},
	number = {2},
	abstract = {The EU Directive on Re-use of Public Sector Information of 2013 (the PSI Directive) is a key instrument for open data policies at all levels of government in Member States. It sets out a general framework for the conditions governing the right to re-use information resources held by public sector bodies. It includes provisions on non-discrimination, transparent licensing and the like. However, what the PSI Directive does not do is give businesses, civil society or citizens an actual claim to access. Access is of course a prerequisite to (re)use. It is largely a matter for individual Member States to regulate what information is in the public record. This article explores what the options for the EC are to promote alignment of rights to information and re-use policy. It also flags a number of important data protection problems that have not been given serious enough consideration, but have the potential to paralyze open data policies.},
	keywords = {Access to Government Information, Data protection, Directive 2003/98/EC, Freedom of information, Open Data, Overheidsinformatie, Re-use of Public Sector Information},
}

Save .bib

Access to Personal Data and the Right to Good Governance during Asylum Procedures after the CJEU’s YS and M. and S. judgment (C-141/12 and C-372/12) external link

Zuiderveen Borgesius, F.

European Journal of Migration and Law, pp: 259-272., 2015

Abstract

In the YS. and M. and S. judgment, the Court of Justice of the European Union ruled on three procedures in which Dutch judges asked for clarification on the right of asylum seekers to have access to the documents regarding the decision on asylum applications. The judgment is relevant for interpreting the concept of personal data and the scope of the right of access under the Data Protection Directive, and the right to good administration in the eu Charter of Fundamental Rights. At first glance, the judgment seems disappointing from the viewpoint of individual rights. Nevertheless, in our view the judgment provides sufficient grounds for effective access rights to the minutes in future asylum cases.

Links

http://booksandjournals.brillonline.com/content/journals/10.1163/15718166-12342080

access to information, asylum procedure, Charter of Fundamental Rights of the European Union, Data protection, effective remedies, Grondrechten, peronal data, Privacy

RIS

TY  - JOUR
AU  - Zuiderveen Borgesius, F.
PY  - 0710
DA  - 2015-07-10
T1  - Access to Personal Data and the Right to Good Governance during Asylum Procedures after the CJEU’s YS and M. and S. judgment (C-141/12 and C-372/12)
JO  - European Journal of Migration and Law
SP  - 259-272.
UR  - http://booksandjournals.brillonline.com/content/journals/10.1163/15718166-12342080
AB  - In the YS. and M. and S. judgment, the Court of Justice of the European Union ruled on three procedures in which Dutch judges asked for clarification on the right of asylum seekers to have access to the documents regarding the decision on asylum applications. The judgment is relevant for interpreting the concept of personal data and the scope of the right of access under the Data Protection Directive, and the right to good administration in the eu Charter of Fundamental Rights. At first glance, the judgment seems disappointing from the viewpoint of individual rights. Nevertheless, in our view the judgment provides sufficient grounds for effective access rights to the minutes in future asylum cases.
K1  - access to information
K1  - asylum procedure
K1  - Charter of Fundamental Rights of the European Union
K1  - Data protection
K1  - effective remedies
K1  - Grondrechten
K1  - peronal data
K1  - Privacy
ER  -

Save .RIS

Bibtex

Article{nokey,
	title = {Access to Personal Data and the Right to Good Governance during Asylum Procedures after the CJEU’s YS and M. and S. judgment (C-141/12 and C-372/12)},
	author = {Zuiderveen Borgesius, F.},
	year = {0710},
	date = {2015-07-10},
	journal = {European Journal of Migration and Law},
	pages = {259-272.},
	abstract = {In the YS. and M. and S. judgment, the Court of Justice of the European Union ruled on three procedures in which Dutch judges asked for clarification on the right of asylum seekers to have access to the documents regarding the decision on asylum applications. The judgment is relevant for interpreting the concept of personal data and the scope of the right of access under the Data Protection Directive, and the right to good administration in the eu Charter of Fundamental Rights. At first glance, the judgment seems disappointing from the viewpoint of individual rights. Nevertheless, in our view the judgment provides sufficient grounds for effective access rights to the minutes in future asylum cases.},
	keywords = {access to information, asylum procedure, Charter of Fundamental Rights of the European Union, Data protection, effective remedies, Grondrechten, peronal data, Privacy},
}

Save .bib

Do privacy and data protection rules apply to legal persons and should they? A proposal for a two-tiered system external link

van der Sloot, B.

Computer Law & Security Review, num: 1, pp: 26-45, 2015

Abstract

Privacy and data protection rules are usually said to protect the individual against intrusive governments and nosy companies. These rights guarantee the individual's freedom, personal autonomy and human dignity, among others. More and more, however, legal persons are also allowed to invoke the rights to privacy and data protection. Prima facie, it seems difficult to reconcile this trend with the standard interpretation of those rights, as legal persons do not enjoy freedom, personal autonomy or human dignity and it seems uncertain why business interests should be protected under privacy and data protection rules. On second thoughts, however, it appears rather unproblematic to grant legal persons partial protection under these regimes, especially when it recognizes general duties of care for data processors and governmental agencies.

Links

http://www.sciencedirect.com/science/article/pii/S0267364914001812

Data protection, individual interests, legal persons, Privacy, societal interests

RIS

TY  - JOUR
AU  - van der Sloot, B.
PY  - 0424
DA  - 2015-04-24
T1  - Do privacy and data protection rules apply to legal persons and should they? A proposal for a two-tiered system
JO  - Computer Law &amp; Security Review
NV  - 1
SP  - 26-45
UR  - http://www.sciencedirect.com/science/article/pii/S0267364914001812
AB  - Privacy and data protection rules are usually said to protect the individual against intrusive governments and nosy companies. These rights guarantee the individual\'s freedom, personal autonomy and human dignity, among others. More and more, however, legal persons are also allowed to invoke the rights to privacy and data protection. Prima facie, it seems difficult to reconcile this trend with the standard interpretation of those rights, as legal persons do not enjoy freedom, personal autonomy or human dignity and it seems uncertain why business interests should be protected under privacy and data protection rules. On second thoughts, however, it appears rather unproblematic to grant legal persons partial protection under these regimes, especially when it recognizes general duties of care for data processors and governmental agencies.
K1  - Data protection
K1  - individual interests
K1  - legal persons
K1  - Privacy
K1  - societal interests
ER  -

Save .RIS

Bibtex

Article{nokey,
	title = {Do privacy and data protection rules apply to legal persons and should they? A proposal for a two-tiered system},
	author = {van der Sloot, B.},
	year = {0424},
	date = {2015-04-24},
	journal = {Computer Law &amp; Security Review},
	number = {1},
	pages = {26-45},
	abstract = {Privacy and data protection rules are usually said to protect the individual against intrusive governments and nosy companies. These rights guarantee the individual\'s freedom, personal autonomy and human dignity, among others. More and more, however, legal persons are also allowed to invoke the rights to privacy and data protection. Prima facie, it seems difficult to reconcile this trend with the standard interpretation of those rights, as legal persons do not enjoy freedom, personal autonomy or human dignity and it seems uncertain why business interests should be protected under privacy and data protection rules. On second thoughts, however, it appears rather unproblematic to grant legal persons partial protection under these regimes, especially when it recognizes general duties of care for data processors and governmental agencies.},
	keywords = {Data protection, individual interests, legal persons, Privacy, societal interests},
}

Save .bib

The Court of Justice and the Data Retention Directive in Digital Rights Ireland external link

Irion, K.

European Law Review, num: 6, pp: 835-850., 2015

Abstract

In Digital Rights Ireland, the Court of Justice invalidated the 2006 Data Retention Directive, which required private providers to retain for a considerable period electronic communication metadata for law enforcement purposes. In this landmark ruling, the EU judiciary introduced a strict scrutiny test for EU legislative acts that interfere seriously with important rights protected by the Charter of Fundamental Rights and the European Convention on Human Rights—in this case, the rights to privacy and data protection—and applied a rigorous assessment of the proportionality of the measure under the Charter, criticising numerous aspects of the Directive. This article presents and analyses the judgment, discussing its implications for constitutional review and constitutionalism in the European Union, and the substantive and procedural constraints that it imposes on EU and national data retention schemes. It concludes by reflecting on the ruling’s impact on European integration and data related policies.

Links

http://www.ivir.nl/publicaties/download/1456.pdf

Data protection, data retention, electronic communications, EU law, Fundamental rights, Grondrechten, Ireland, Personal data, Privacy, proportionality

RIS

TY  - JOUR
AU  - Irion, K.
PY  - 0115
DA  - 2015-01-15
T1  - The Court of Justice and the Data Retention Directive in Digital Rights Ireland
JO  - European Law Review
NV  - 6
SP  - 835-850.
UR  - http://www.ivir.nl/publicaties/download/1456.pdf
AB  - In Digital Rights Ireland, the Court of Justice invalidated the 2006 Data Retention Directive, which required private providers to retain for a considerable period electronic communication metadata for law enforcement purposes. In this landmark ruling, the EU judiciary introduced a strict scrutiny test for EU legislative acts that interfere seriously with important rights protected by the Charter of Fundamental Rights and the European Convention on Human Rights—in this case, the rights to privacy and data protection—and applied a rigorous assessment of the proportionality of the measure under the Charter, criticising numerous aspects of the Directive. This article presents and analyses the judgment, discussing its implications for constitutional review and constitutionalism in the European Union, and the substantive and procedural constraints that it imposes on EU and national data retention schemes. It concludes by reflecting on the ruling’s impact on European integration and data related policies.
K1  - Data protection
K1  - data retention
K1  - electronic communications
K1  - EU law
K1  - Fundamental rights
K1  - Grondrechten
K1  - Ireland
K1  - Personal data
K1  - Privacy
K1  - proportionality
ER  -

Save .RIS

Bibtex

Article{nokey,
	title = {The Court of Justice and the Data Retention Directive in Digital Rights Ireland},
	author = {Irion, K.},
	year = {0115},
	date = {2015-01-15},
	journal = {European Law Review},
	number = {6},
	pages = {835-850.},
	abstract = {In Digital Rights Ireland, the Court of Justice invalidated the 2006 Data Retention Directive, which required private providers to retain for a considerable period electronic communication metadata for law enforcement purposes. In this landmark ruling, the EU judiciary introduced a strict scrutiny test for EU legislative acts that interfere seriously with important rights protected by the Charter of Fundamental Rights and the European Convention on Human Rights—in this case, the rights to privacy and data protection—and applied a rigorous assessment of the proportionality of the measure under the Charter, criticising numerous aspects of the Directive. This article presents and analyses the judgment, discussing its implications for constitutional review and constitutionalism in the European Union, and the substantive and procedural constraints that it imposes on EU and national data retention schemes. It concludes by reflecting on the ruling’s impact on European integration and data related policies.},
	keywords = {Data protection, data retention, electronic communications, EU law, Fundamental rights, Grondrechten, Ireland, Personal data, Privacy, proportionality},
}

Save .bib

Behavioural Sciences and the Regulation of Privacy on the Internet external link

Zuiderveen Borgesius, F.

2014

Abstract

This chapter examines the policy implications of behavioural sciences insights for the regulation of privacy on the Internet, by focusing in particular on behavioural targeting. This marketing technique involves tracking people’s online behaviour to use the collected information to show people individually targeted advertisements. Enforcing data protection law may not be enough to protect privacy in this area. I argue that, if society is better off when certain behavioural targeting practices do not happen, policymakers should consider banning them.

Links

http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2513771

behavioural economics, behavioural targeting, cookies, Data protection, e-Privacy Directive, Grondrechten, nudge, nudging, Privacy, profiling, tracking

RIS

Save .RIS

Bibtex

Save .bib

Google Spain v. González: Did the Court forget about freedom of expression? external link

Zuiderveen Borgesius, F. & Kulk, S.

European Journal of Risk Regulation, num: 3, 2014

Abstract

In this note we discuss the controversial judgment in Google Spain v. González of the Court of Justice of the European Union (CJEU). Our focus is on the judgment’s implications for freedom of expression. First, the facts of the case and the CJEU’s judgment are summarised. We then argue that the CJEU did not give enough attention to the right to freedom of expression. By seeing a search engine operator as a controller regarding the processing of personal data on third party web pages, the CJEU assigns the operator the delicate task of balancing the fundamental rights at stake. However, such an operator may not be the most appropriate party to balance the rights of all involved parties, in particular in cases where such a balance is hard to strike. Furthermore, it is a departure from human rights doctrine that according to the CJEU privacy and data protection rights override, “as a rule”, the public’s right to receive information. In addition, after the judgement it has become unclear whether search engine operators have a legal basis for indexing websites that contain special categories of data. We also discuss steps taken by Google to comply with the judgment.

Links

http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2491486

Data protection, Freedom of expression, Grondrechten, intermediary liability, Privacy, right to be forgotten, search engines, Vrijheid van meningsuiting

RIS

TY  - JOUR
AU  - Zuiderveen Borgesius, F.
AU  - Kulk, S.
PY  - 1030
DA  - 2014-10-30
T1  - Google Spain v. González: Did the Court forget about freedom of expression?
JO  - European Journal of Risk Regulation
NV  - 3
UR  - http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2491486
AB  - In this note we discuss the controversial judgment in Google Spain v. González of the Court of Justice of the European Union (CJEU). Our focus is on the judgment’s implications for freedom of expression. First, the facts of the case and the CJEU’s judgment are summarised. We then argue that the CJEU did not give enough attention to the right to freedom of expression. By seeing a search engine operator as a controller regarding the processing of personal data on third party web pages, the CJEU assigns the operator the delicate task of balancing the fundamental rights at stake. However, such an operator may not be the most appropriate party to balance the rights of all involved parties, in particular in cases where such a balance is hard to strike. Furthermore, it is a departure from human rights doctrine that according to the CJEU privacy and data protection rights override, “as a rule”, the public’s right to receive information. In addition, after the judgement it has become unclear whether search engine operators have a legal basis for indexing websites that contain special categories of data. We also discuss steps taken by Google to comply with the judgment.
K1  - Data protection
K1  - Freedom of expression
K1  - Grondrechten
K1  - intermediary liability
K1  - Privacy
K1  - right to be forgotten
K1  - search engines
K1  - Vrijheid van meningsuiting
ER  -

Save .RIS

Bibtex

Article{nokey,
	title = {Google Spain v. González: Did the Court forget about freedom of expression?},
	author = {Zuiderveen Borgesius, F. and Kulk, S.},
	year = {1030},
	date = {2014-10-30},
	journal = {European Journal of Risk Regulation},
	number = {3},
	abstract = {In this note we discuss the controversial judgment in Google Spain v. González of the Court of Justice of the European Union (CJEU). Our focus is on the judgment’s implications for freedom of expression. First, the facts of the case and the CJEU’s judgment are summarised. We then argue that the CJEU did not give enough attention to the right to freedom of expression. By seeing a search engine operator as a controller regarding the processing of personal data on third party web pages, the CJEU assigns the operator the delicate task of balancing the fundamental rights at stake. However, such an operator may not be the most appropriate party to balance the rights of all involved parties, in particular in cases where such a balance is hard to strike. Furthermore, it is a departure from human rights doctrine that according to the CJEU privacy and data protection rights override, “as a rule”, the public’s right to receive information. In addition, after the judgement it has become unclear whether search engine operators have a legal basis for indexing websites that contain special categories of data. We also discuss steps taken by Google to comply with the judgment.},
	keywords = {Data protection, Freedom of expression, Grondrechten, intermediary liability, Privacy, right to be forgotten, search engines, Vrijheid van meningsuiting},
}

Save .bib

Any Colour You Like: the History (and Future?) of E.U. Communications Security Policy external link

Arnbak, A.

2014

Abstract

This descriptive legal analysis maps and evaluates a four decade legacy of communications security conceptualizations in E.U. law and policy, including four legislative proposals launched in 2013. As the first comprehensive historical analysis of its kind, the paper forwards a range of new scientific contributions in a time secure electronic communications are of historically unparalleled societal, economic and political relevance. Five communications security policy cycles are identified, and their ‘security’ definitions and scope are described. These cycles are: network and information security, data protection, telecommunications, encryption and cybercrime. An evaluation of the current E.U. ‘security’ conceptualizations illuminates the underlying values at stake, the protection offered in current regulations, the formulation of six research themes and an agenda for computer science, political theory and legal research. Despite constitutional values at stake such as privacy and communications freedom and a robust computer science literature, the paper observes a deep lack of conceptual clarity and coherence in E.U. security policymaking. It then concludes that the observed conceptual ambiguity has allowed powerful stakeholders to capture, or paint E.U. network and information security policies in any colour they like.

Links

http://www.ivir.nl/publicaties/download/1421.pdf

Constitutional and administrative law, Cybersecurity, Data protection, encryption, EU law, network and information security, securitization, Technologie en recht, the c.i.a.-triad

RIS

TY  - SLIDE
AU  - Arnbak, A.
PY  - 1014
DA  - 2014-10-14
T1  - Any Colour You Like: the History (and Future?) of E.U. Communications Security Policy
UR  - http://www.ivir.nl/publicaties/download/1421.pdf
AB  - This descriptive legal analysis maps and evaluates a four decade legacy of communications security conceptualizations in E.U. law and policy, including four legislative proposals launched in 2013. As the first comprehensive historical analysis of its kind, the paper forwards a range of new scientific contributions in a time secure electronic communications are of historically unparalleled societal, economic and political relevance. Five communications security policy cycles are identified, and their ‘security’ definitions and scope are described. These cycles are: network and information security, data protection, telecommunications, encryption and cybercrime. An evaluation of the current E.U. ‘security’ conceptualizations illuminates the underlying values at stake, the protection offered in current regulations, the formulation of six research themes and an agenda for computer science, political theory and legal research. Despite constitutional values at stake such as privacy and communications freedom and a robust computer science literature, the paper observes a deep lack of conceptual clarity and coherence in E.U. security policymaking. It then concludes that the observed conceptual ambiguity has allowed powerful stakeholders to capture, or paint E.U. network and information security policies in any colour they like.
K1  - Constitutional and administrative law
K1  - Cybersecurity
K1  - Data protection
K1  - encryption
K1  - EU law
K1  - network and information security
K1  - securitization
K1  - Technologie en recht
K1  - the c.i.a.-triad
ER  -

Save .RIS

Bibtex

Presentation{nokey,
	title = {Any Colour You Like: the History (and Future?) of E.U. Communications Security Policy},
	author = {Arnbak, A.},
	year = {1014},
	date = {2014-10-14},
	abstract = {This descriptive legal analysis maps and evaluates a four decade legacy of communications security conceptualizations in E.U. law and policy, including four legislative proposals launched in 2013. As the first comprehensive historical analysis of its kind, the paper forwards a range of new scientific contributions in a time secure electronic communications are of historically unparalleled societal, economic and political relevance. Five communications security policy cycles are identified, and their ‘security’ definitions and scope are described. These cycles are: network and information security, data protection, telecommunications, encryption and cybercrime. An evaluation of the current E.U. ‘security’ conceptualizations illuminates the underlying values at stake, the protection offered in current regulations, the formulation of six research themes and an agenda for computer science, political theory and legal research. Despite constitutional values at stake such as privacy and communications freedom and a robust computer science literature, the paper observes a deep lack of conceptual clarity and coherence in E.U. security policymaking. It then concludes that the observed conceptual ambiguity has allowed powerful stakeholders to capture, or paint E.U. network and information security policies in any colour they like.},
	keywords = {Constitutional and administrative law, Cybersecurity, Data protection, encryption, EU law, network and information security, securitization, Technologie en recht, the c.i.a.-triad},
}

Save .bib