...
- Direct link - Call for Evidence on the Current Data Protection Legislative Framework, 6 July 2010.The responses will be assessed and used to inform the UK’s position in negotiations on a new EU instrument for data protection, "which are expected to begin in early 2011." This fits in with the expected publication by end 2010 of the Commission's draft of the new EU data protection legislation. http://www.justice.gov.uk/news/newsrelease060710a.htm
In global cyberspace, legal privacy instruments vary not only among jurisdictions but are currently changing and evolving inside jurisdictions. These change have an impact on public policy.
Legally there is a lot of activity that is changing the policy of organisations internationally. Some examples of this include:
In the UK the Information Commissioners Office (ICO) has receive this year (and is going to receive in the future) greater powers to audit and fine organisations who break privacy regulations. In addition, there are already laws that are due to be implemented that effect information sharing. In Europe these include 'Cookie Law' (Parliament, 2009) and in the UK the controversial Digital Economy Bill (Parliament, 2010), which imposes penalties for peer-to-peer file sharing of copyrighted material. An online regulation that will attempt to enforce privacy related public policy for Internet cafes and Internet Users in the UK.
The Article 29 Working Party released a report on the 26th of May 2010 revealing that the 3 major search engines, Yahoo, Google, Microsoft, are not compliant with data protection law (e.g. illegal) when managing search queried information. "Personal data related to search queries is very sensitive, and search history should be treated as confidential personal data. This legal guidance (also found in FIP principles) indicates that the retention period shouldn't be longer than necessary for the specific purpose. Even if IP address or cookies are replaced by a unique identifier, the individual can still be identified by correlating stored queries." (Article 29 Data Protection Working Party, 2010)
A draft of a Bill that is currently in progress is the Council Of Europe: The Consultative Committee Of The Convention For The Protection of Individuals with Regard To Automatic Processing of Personal Data (Council of Europe, 2009) Is a draft regulation that explicitly deals with quality of consent and profiling, implements regulation, provides a much greater degree of notice to the individual, and therefore, is intended to regulate information sharing transactions. (See section 5.1)
In the USA there are state laws regarding information sharing that have already been passed, a Massachusetts regulation 201 CMR 17.00 stipulates any business (in and out of Massachusetts) that holds personal information on residents of the state must be encrypted. Along with an online privacy bill, announced on May 4 2010 in the USA, proposes new legislation that would require companies to get a user’s explicit approval (that is, it would require users to “opt in”) before they “knowingly collect” information about a person’s medical history, financial records, Social Security number, sexual orientation or precise geographic location. (Ingram, 2010)