ELECTRONIC GOVERNANCE AND ELECTRONIC DEMOCRACY: LIVING AND WORKING IN THE CONNECTED WORLD

CHAPTER FIVE:

CURRENT ISSUES IN RELATION TO DEVELOPMENTS IN PRIVACY AND DATA PROTECTION

A.

1. Introduction - Privacy and the Data Protection Challenge
   
2. Current Data Matching Practices and Concerns
   
   1. Generally
   2. United Kingdom
   3. United States
   4. Canada
   5. Australia
   6. Concerns about Matching
3. Data Protection Initiatives
   1. Background
   2. Data Protection Regimes in Europe

B.

Privacy and the Canadian Charter of Rights and Freedom: An Opinion Piece
Appendix A: General Comment on Article 17 of the International Covenant on Civil and Political Rights
Appendix B: Data Protection Related Recommendations by Council of Europe's Project Group on Data Protection

A.

^{I. Introduction - Privacy and the Data Protection Challenge}

^{New information and communications technologies ("ICTs") that promote the collection, manipulation and exchange of information have done more than offer increased efficiencies and new channels of service delivery. At a fundamental level, they have altered our social relationship to data, especially in electronic form.}

^{The ongoing entrenchment of ICTs in both the private and public sectors has established the virtue of efficient data flow as the cornerstone of e-commerce and e-government strategies. More than just facilitating rapid access and enhanced portability of information, ICTs allow users to assemble scattered and diverse pieces of data into meaningful groupings and identify a wide variety of previously unrealized linkages. In a commercial setting, this allows businesses to learn a great deal about prospective consumers and their personal preferences, build comprehensive customer profiles, micro-target marketing campaigns and deliver enhanced customer service. Within the context of public administration, these information management tools can assist governments to identify incidents of fraud, deliver services more cost-effectively, and respond more quickly to citizen expectations.}

^{At the same time, new ICTs, and their ability to facilitate the flow and manipulation of electronic data have a potentially devastating role to play in the erosion of personal privacy.}

^{Traditional democratic mechanisms seek to put reasonable limits on political and social control exercised by the state, while placing greater political and social control into the hands of the individual. Privacy, while not easily compartmentalized or even quantified, is defined by the individual's ability to control the boundaries of his or her personal spaces. As those boundaries are contracted by new data processing technologies, that control passes from the individual to the wielder of the technology.}

^{This loss cannot be easily undone. In the words of Senator Sheila Finestone:}

^{[Privacy] is a core human value that goes to the very heart of preserving human dignity and autonomy. It is a precious resource because once lost, whether intentionally or inadvertently, it can never be recaptured.99}

^{Without control over the nature, quantity and destination of personal information that is transmitted into public and commercial spaces, individuals will be constrained in the exercise of political rights such as free expression and assembly, and in the pursuit of social and personal goals. It is a reality that underlines the special role that privacy plays in democratic intercourse, serving as a foundational human right that makes possible the exercise of other defining political and social rights. By invading previously personal spaces and recording each keystroke of activity, these information technologies set the stage for what Italian writer Giorgio Bocca calls a "soft dictatorship" built on the mining, control and exploitation of data.}

^{Italy's Data Protection Commissioner Stefano Rodotà describes the nature of this evolving technological dictatorship in the following terms:}

^{As they increasingly penetrate the fabric of our daily lives, these technologies bring along a meticulous, relentless recording of personal information, preferences and contacts, movements and meetings. Just click on a Web page, and immediately the image of the Web as a tool for achieving an infinite amount of knowledge turns into that of a web in which we are entangled - in which every movement can be followed and recorded.}

^{It has been said that electronic communications free us of the tyranny of space and time; we can go anywhere, whenever and how we wish. But at the same time we become the subject of new forms of spatial and temporal slavery: the place and time of each credit card purchase, the duration of each telephone call, the time spent visiting each single Web site - all information is mercilessly recorded. Information on people, their tastes and their activities, is by now a raw material that businesses and the economy simply cannot do without. The demands for security, predicated even beyond the needs suggested by statistical evidence, would seem to make all forms of personal surveillance perfectly legitimate.100}

^{The collection and use of electronic data is at the heart of this ideological struggle, with battle lines drawn along a multitude of fronts: in the workplace; at the cyber-malls of e-commerce; and within the virtual hospital walls of the health industry. As governments, citizens, consumers, employers and employees wrestle with these new and invasive technologies, concerns over privacy in general, and data protection in particular, continue to escalate.}

^{In its review of the leading privacy stories of 2000, The Privacy Foundation, based at the University of Denver, highlighted the following American developments that illustrate some of the diverse privacy challenges that have arisen in data collection and exchange:101}

^{The rise of workplace surveillance: With employers enjoying substantial economic, legal and now, technical, clout over employees, millions of employees worldwide are now subject to electronic monitoring by employers using inexpensive technologies such as mini-surveillance cameras and keystroke monitoring software. Concern about productivity and unauthorized use of email and the Internet by employees has led two-thirds of major American firms now do some type of in-house electronic surveillance, with 27 percent engaged in the monitoring of email.}

^{U.S. Federal government rules to address patient privacy: Widespread public concerns that personal medical information disclosed to doctors and hospitals will end up in the hands of databanks, insurance companies and prospective employers led the U.S. Department of Health and Human Services in December, 2000 to propose 1,553 pages of new patient privacy rules under the Health Insurance Portability and Accountability Act (HIPAA).102 If implemented, these rules will oblige doctors to seek patient consent to use medical records in routine matters, and give patients greater access to their own records. Although the rules were originally scheduled to begin taking effect on February 26, 2001, Tommy G. Thompson, the new secretary of health and human services, announced that the effective date would be postponed to April 14, as the new administration reviewed them to ensure they would "work as intended throughout the complex field of health care, without creating unanticipated consequences that might harm patients, access to care or the quality of care."}

^{Controversy over the deployment of Carnivore by the Federal Bureau of Investigation: Acknowledgment by the FBI of an email surveillance technology named Carnivore led to calls for more public disclosures about Carnivore's capabilities, and restraint in its use. Operated under existing wiretap laws that allow an estimated two million phone conversations to be monitored annually by law enforcement agencies, Carnivore had reportedly only been used 25 times, primarily in national security cases. Fears have arisen that Carnivore could be used to tap the data pipes of Internet Service Providers and cast a wide net for emails, not just those sent and received by the targets of specific investigations.}

^{Aggressive collection, merging and mining of consumer information: Increasingly, businesses have signalled the intent to collect and exploit the personal data of consumers, particularly data gathered over the Internet.103 The merger of database marketer Abacus Direct with online ad company DoubleClick sparked a federal investigation in January 2000 when it was revealed that the company had compiled profiles of 100,000 online users without their knowledge and intended to sell them. Although the plan was abandoned under intense public pressure, and online marketers Avenue A and MatchLogic were named in proposed class-action lawsuits alleging that they track customers without permission, the matching of consumers' web-surfing habits with traditional "offline" personal data, such as name, address, and income, remains attractive for marketers. For example:}

• ^{Amazon.com, a bellwether of the Internet economy with 20 million customers, changed its privacy policy in September, 2000 to warn that customer data will be considered a marketable asset if the company is ever acquired, or sells off operations.}
• ^{The auction of the customer database of bankrupt e-commerce company Toysmart.com was halted only after the intervention of the Federal Trade Commission.}
• ^{As a result of complaints from online advertisers, Microsoft backtracked on a software patch for Internet Explorer that would allow a computer user to automatically block third-party "cookies"104. Instead, Microsoft will support the P3P (Platform for Privacy Preferences) standard in the upcoming Internet Explorer 6.0, that will users to set privacy preferences for sites while web surfing. Earlier in the year revelations that the National Drug Control Policy Office's Anti Drug Web placed "cookies" on user's computers led to an executive order banning cookies on U.S. federal websites.}
• ^{The Gramm-Leach-Bliley Act went into effect in November, 2000, permitting banks, brokerages and insurance companies under the same roof to share customer information (possibly with third parties) if customers are notified how the confidential information will be used and allowed to opt-out. In the face of an extension passed earlier in the year that gave financial institutions until July 2001 to comply with the new rules, privacy advocates argued that the act did little to protect the online transfer of information.}
• ^{Wireless privacy concerns: The U.S. government is mandating the deployment of location-sensing E911 service for cell phones in 2001. Following in the footsteps of wireline telemarketers, a wide range of data-service providers and marketers look to piggyback on the new wireless technology to send text ads and discount offers to cell phone subscribers.}
• ^{Public access to private communications: In a variety of cases, computer server logs of government agencies and schools have been sought by the media, and by individuals, as public records. Among the incidents that illustrate this trend, a county prosecutor's secretary, fired in Washington state, had her email traffic disclosed to the media, and a school superintendent who resigned his position had his alleged web-surfing activities published in the local newspaper.}
• ^{The appearance of the Chief Privacy Officer ("CPO") in corporate boardrooms: While law professor Peter Swire wrapped up his two-year tenure as the America's first chief privacy counsellor to the president, Microsoft, IBM, American Express and dozens of other firms of varied sizes have created a new executive position called Chief Privacy Officer ("CPO"). Drawing on varied backgrounds ranging from law to marketing, the position involves both public relations, and fledgling efforts to coordinate their company's strategic, legal and technical teams to enforce the company's own posted privacy policies.}

^{At the heart of many of these privacy-related developments is the ubiquitous practice of data matching.}

^{II. Current Data Matching Practices and Concerns}

^{A. Generally}

^{Data matching is the computerized comparison of separate sets of personal data, relating to the same individual but generally collected for unrelated purposes, in order to identify unwarranted differences and duplications. For example: governments may compare their lists of people receiving housing benefit against lists of people in receipt of student awards in order to identify housing benefit fraud, where recipients of one are not permitted to receive the other; insurance companies or banks may match applicants' personal data against medical databases to identify potential health risks; and businesses may match consumer preferences against personal data to identify and micro-target to consumers. It is a powerful means of assisting a variety of management and audit purposes, and also a practice that is potentially one of the most intrusive of an individual's privacy.}

^{In the governmental context, data matching and merging entire databases has become a quick and efficient way to verify a person's identity, detect fraud, track benefit recipients and child support delinquents, and assist in law enforcement.}

^{It is a practice that is utilized widely by all levels of government, and which is growing at a rapid pace. The following examples illustrate data matching practices in several nations.}

^{B. United Kingdom}

^{In 1998, the Audit Commission utilized data-matching techniques to uncover £41million in fraud against local councils, an increase of over 166% from the previous year's audit.}

^{The Audit Commission's National Fraud Initiative (NFI) 1998 involved matching data supplied by over 400 councils and police and fire authorities in England and Wales as well as contributors such as the Civil Service Pension Scheme, NHS Pensions Agency and the Contributions Agency. By identifying data 'matches' - instances whereby data appeared on different systems - auditors were alerted that a potential fraud was occurring.105}

^{C. United States}

^{The American Civil Liberties Union of Wisconsin's 1995 Data Privacy Project106 identified over 140 data matching programs run by 22 different government entities. The Project noted two trends. First, a significant percentage of these programs were devoted to identifying parents who were delinquent in making legally required child support payments. Secondly, a significant number of private businesses have sought to join with government to compare and integrate databases. Heading that list are well-known national data brokers such as TRW, Equivax, Trans Union and Metro Mail. Telephone companies and private sector data processors are also mentioned as being providers or recipients of commingled personal information.107}

^{D. Canada}

^{A survey conducted by the Canadian federal Privacy Commissioner108 In 1995 revealed that Revenue Canada (now the Canada Customs and Revenue Agency) had entered into some 200 written agreements to share a variety of client information with other federal, provincial and foreign government institutions, ranging from computer tapes of the entire tax filing population to small quantities of information in paper format.}

^{The number of sharing agreements at Revenue Canada has increased significantly since 1995. According to the Revenue Agency, it now has more than 300 written agreements for the exchange of information with outside organizations, a rapid growth driven by increased pressure to deliver services more efficiently and effectively as well as by the Agency's emerging role administering benefits for outside partners. The collection and release of taxpayer information pursuant to these agreements is governed by the federal Privacy Act and Access to Information Act. Additionally, the Treasury Board of Canada has issued detailed data matching guidelines. 109}

^{E. Australia}

^{The Data-matching Program (Assistance and Tax) Act 1990 regulates the use of the tax file number in comparing personal information held by the Australian Taxation Office and by assistance agencies (Centrelink and the Department of Veterans' Affairs). Personal information is supplied by the assistance agencies and compared with taxpayer information to detect inappropriate payments. All applicants for welfare assistance must give their tax file number as a precondition to payment. The Data-matching Act authorises its use to obtain income details from the Australian Taxation Office to check that the payments made are correct.}

^{The Act and guidelines contain a number of technical controls and fairness provisions, which are overseen by the Privacy Commissioner. A breach of the Act or guidelines constitutes an interference with privacy under s.13 of the Privacy Act and a person may complain to the Privacy Commissioner if he or she considers a breach may have occurred. The Commissioner has also issued advisory Guidelines for the use of data-matching in Commonwealth administration for voluntary adoption by agencies conducting matching other than the programs specifically regulated by the 1990 Act. These guidelines therefore apply when the TFN is not used in the matching process. The Guidelines were first issued in September 1991 and revised guidelines were issued in October 1994 (with effect from February 1995).}

^{F. Concerns About Matching}

^{A crucial difference between traditional methods of fraud detection and data matching, as articulated by Professor Simon Rogerson110 , lies in the fact that whereas traditional investigation is triggered by some evidence of a wrong-doing by an individual, such as tax evasion or bogus benefit claims, data matching is targeted at entire categories of people. It is initiated not by any reasonable suspicion concerning an individual but because the profile of a particular group is of interest. As Rogerson points out:}

^{In order to detect sophisticated fraud there is need to use complex data analysis techniques which may well involve methods based on partial match interpretation which in turn increases the risks of incorrect hits. Simple fraud detection lends itself to data matching systems that have little or no human intervention and the pressure to use such systems will grow.111}

^{In this context, data matching has the potential to undermine a number of key rights and legal protections, including:}

• ^{Privacy: Data matching most often involves matching personal records compiled for unrelated purposes. This secondary use of data raises serious questions about an individual's right to control personal information and prevent its use without consent for purposes unrelated to those for which it was collected.}
• ^{Due process of law: Those identified by data matching as potential violators are in jeopardy of being charged with wrong doing. Because it is unlikely that these individuals will be given any notice of their situation, since doing so might affect the investigation, or an opportunity to contest the results of the match at an early stage, their right to due process of law is curtailed.}
• ^{The presumption of innocence: Data matching singles out individuals for investigation, and because the technology of data matching is so plausible and the detection of fraud so much applauded, these powerful influences will weigh heavy in favour of the notion that those identified must be guilty.}

^{In addition, data merging and matching raises real concerns about the security of constantly expanding networks over which data is shared. Automatic information sharing of information over a network may lead to the release of sensitive or erroneous data to unintended parties, particularly when individual organisations are not aware of all other organisations linked to the network, or their level of security. Correction or removal across this complex web of organisational relationships is problematic at best for an individual who is the victim of mistakes in their data records.112}

^{Even more worrisome, in the broader context of civic and economic relationships, is the danger that data records flowing over ubiquitous networks will come to be seen as indistinguishable from the real world human beings that they describe. The translation of human circumstances, intentions, and needs into mobile packets of binary code strikes at the core of individual autonomy and dignity which gives meaning to the concept of privacy.}

^{Echoing acknowledgements in the United Kingdom that the practice of data matching could threaten the right to privacy enshrined in article eight of the European convention on human rights and the Human Rights Act (U.K.),113 judge Sir Nicholas Browne-Wilkinson, before he was appointed a law lord, noted:}

^{If the information obtained by the police, the inland revenue, the social security services, the health service and other agencies were to be gathered together in one file, the freedom of the individual would be gravely at risk... The dossier of private information is the badge of the totalitarian state.114}

^{Browne-Wilkinson's road to totalitarianism, much like Giorgio Bocca 's soft dictatorship, begins, ironically, with the best of intentions. As the U.S. Privacy Protection Study Commission cautioned as long ago as 1977, the gradual erosion of individual liberties comes about "through the automation, integration and interconnection of many small, separate record-keeping systems, each of which alone may seem innocuous, even benevolent, and wholly justifiable."115}

^{To quote the report of the American Civil Liberties Union of Wisconsin's 1995 Data Privacy Project:}

^{That statement has proved prophetic, as increasingly sophisticated computer applications enable the inexpensive and routine assembly of virtual "data dossiers" that at their worst can jeopardize the employability and insurability of unsuspecting citizens and at their most benign rob us all of accustomed expectations of privacy. 116}

^{III. Data Protection Initiatives}

^{A. Background}

^{1. Growing Calls for Action}

^{Despite the growing pervasiveness of encroachments on personal privacy, citizens, consumers, and advocates are increasingly reluctant to go quietly into a dark night lacking in meaningful privacy protection. In the area of data collection and exchange, the serious concerns canvassed above have given rise to widespread demands for privacy-enhancing data protection on a global scale.}

^{At the 22nd International Conference on Privacy and Personal Data Protection, held in Venice in September 2000, data protection commissioners from around the world adopted the "Venice Declaration", calling for a universal system of data protection.}

^{Recognizing privacy as a fundamental personal right and as constitutive element of citizens' freedom, the Declaration seeks implementation of guidelines for the processing of personal data that:}

• ^{reaffirm the binding nature of these privacy principles, with particular regard to the purposes of data collection, the need for fair, transparent processing operations (especially in respect of the so-called invisible processing operations), proportionality, quality of data, time for which the data can be kept, access and the other data subjects' rights;}
• ^{provide data subjects with more effective protection via the independent supervision of processing operations and the availability of user-friendly remedies;}
• ^{strengthen the safeguards applying to the processing of certain categories of data such as genetic data or data related to the various types of electronic surveillance.}

^{This "would allow citizens worldwide to attain an adequate, more widely shared level of protection regardless of the place where the processing is performed and irrespective of the instruments used for implementing protection in national and international fora."117}

^{In the United States, a broad, bipartisan coalition of privacy organizations and constituencies, such as American Library Association, the United Automobile Workers, U.S. Public Interest Research Group, Electronic Frontier Foundation and Privacy International appealed to President Bush, the Congressional Leadership and State representatives the adoption of a comprehensive framework for privacy protection to safeguard the rights of Americans in the years ahead. The framework includes:}

• ^{The implementation and enforcement of strong Fair Information Practices, including the right to access one's own information held by others, to limit the use of the information, and to obtain redress when information is improperly used, as well as notice, consent, and security.}
• ^{The creation of a privacy commission to address emerging privacy issues.}
• ^{Limitations on new surveillance technologies, including locational tracking, video surveillance, and workplace monitoring.}
• ^{Support for genuine Privacy Enhancing Techniques that limit the collection and use of personal information.}

^{This climate of concern over privacy has spawned a number of initiatives involving the transborder flow of data. Those relating to the Europe are outlined below. First, however, it is helpful to briefly examine the "Fair Information Practices" upon which most data protection regimes are based.}

^{2. The Fair Information Practices}

^{The term "Fair Information Practices" ("FIPs") refers to a general set of 8 standards or principles governing the collection, accuracy and use of personal data. Although these principles were first set out in a formal way by the OECD's 1980 Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, the Fair Information Practices have been adopted, modified and expanded by different commercial organizations and political bodies around the world.}

^{The Fair Information Practices consist of:}

^{Collection Limitation Principle: There should be limits to the collection of personal data and any such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject.}

^{Data Quality Principle: Personal data should be relevant to the purposes for which they are to be used, and, to the extent necessary for those purposes, should be accurate, complete and kept up-to-date.}

^{Purpose Specification Principle: The purposes for which personal data are collected should be specified not later than at the time of data collection and the subsequent use limited to the fulfilment of those purposes or such others as are not incompatible with those purposes and as are specified on each occasion of change of purpose.}

^{Use Limitation Principle: Personal data should not be disclosed made available or otherwise used for purposes other than those specified in accordance with the Purpose Specification Principle except:}

^{a) with the consent of the data subject; or}

^{b) by the authority of law.}

^{Security Safeguards Principle: Personal data should be protected by reasonable security safeguards against such risks as loss or unauthorized access, destruction, use, modification or disclosure of data.}

^{Openness Principle: There should be a general policy of openness about developments, practices and policies with respect to personal data. Means should be readily available of establishing the existence and nature of personal data, and the main purposes of their use, as well as the identity and usual residence of the data controller.}

^{Individual Participation Principle: An individual should have the right:}

^{a) to obtain from a data controller, or otherwise, confirmation of whether or not the data controller has data relating to him;}

^{b) to have communicated to him, data relating to him within a reasonable time; at a charge, if any, that is not excessive; in a reasonable manner; and in a form that is readily intelligible to him;}

^{c) to be given reasons if a request made under subparagraphs(a) and (b) is denied, and to be able to challenge such denial; and}

^{d) to challenge data relating to him and, if the challenge is successful to have the data erased, rectified, completed or amended.}

^{Accountability Principle: A data controller should be accountable for complying with measures which give effect to the principles stated above.}

^{The Fair Information Practices provide guiding principles and a general framework within which data protection rules can be formulated, such as those relating to Safe Harbor, (discussed below).}

^{In Canada, for example, the Canadian Standards Association has created a voluntary national standard for the protection of personal information, called the Model Code for the Protection of Personal Information. This Model Code has been augmented to include 2 more fair information practices, namely to require the consent of an individual to the collection of his or her personal information, and to allow an individual to broadly challenge an organization's compliance with any of the principles. Canada's federal Personal Information Protection and Electronic Documents Act, in force January 1, 2001, specifically adopts the CSA Model Code and requires private sector compliance with the Code's 10 fair information practices.}

^{B. Data Protection Regimes in Europe}

^{1. European Union}

^{The European Community has enacted two data protection Directives, one in 1995 118 and one in 1997 119. The rationale for these has been said to be "to harmonize laws throughout the EU to ensure consistent levels of protections for citizens and to allow for the free flow of personal information throughout the EU."}

^{The 1995 Directive required member states to pass legislation blocking the transfer of information to non-member states that do not provide an adequate level of data protection. This Directive has led to the Safe Harbor agreement between the United States and the EU, as will be discussed below, and motivated Canada's new Personal Information Protection and Electronic Documents Act, which came into force January 1, 2001.}

^{The 1995 Directive focuses on the protection of individual rights. A recent study120 examines the data protection accorded to the rights and interests of legal persons, and:}

• ^{examines in detail the current (and, to a lesser extent, the proposed future) situation in the Member States of the EC with regard to the applicability of the Member States' national data protection laws to legal persons;}
• ^{describes and evaluate the risks to the free movement of data within the internal market resulting from the differences between the national laws in this respect and;}
• ^{makes recommendations as to the ways in which the provisions of the 1995 Directive could be extended to the protection of the rights and interests of legal persons.}

^{But the Directive is not without its critics. Jacob Palme, a professor of computer science at Stockholm University, has documented how Sweden's implementation of the directive has censored anti-bank and animal rights activists and limits search engines. "The Swedish Data Inspection Board has in general interpreted the law in such a way that it allows all activities which it likes, but disallows all activities which it dislikes. The general view in Sweden is that it is not enough to make slight changes in the directive. The whole directive should be rewritten." 121}

^{The 1997 Directive, more commonly known as the Telecommunications Directive, "establishes specific protections covering telephone, digital television, mobile networks and other telecommunications systems." However, it will likely be replaced by a proposed new Directive, introduced in July 2000, "on the processing of personal data and the protection of privacy in the electronic communications sector" 122 that will extend an individual's telecommunications protections "to a broader, more technology neutral category of "electronic communications."}

^{The proposed directive will:}

• ^{replace existing definitions of telecommunications services and networks with new definitions of "electronic communications services and networks."}
• ^{add new definitions and protections for "calls," "communications," "traffic data" and "location data" in order to enhance the consumer's right to privacy and control with respect to a variety of data processing practices. For example, it would ensure the protection of all information ("traffic") transmitted across the Internet, prohibit unsolicited commercial marketing by e-mail (spam) without opt-in consent, and protect mobile phone users from precise location tracking and surveillance.}
• ^{give subscribers to all electronic communications services (such as GSM and e-mail) the right to chose whether they are listed in a public directory.}
• ^{Allow member states to restrict provisions of the Directive in the interests of law enforcement and public security.123}

^{The latter exemption for law enforcement is indicative of the growing tension between the impetus towards data protection and privacy and concern of European bodies (both the Council of Europe and the EU) about the growing phenomena of "cyber crime". While data matching and other uses of technologies can be extremely helpful in combating criminal activity, particularly in cyberspace, it can also lead to serious invasions of privacy not just in regard to suspected or accused individuals, but also in regard to the thousands or millions or innocent individuals caught in a data matching net.124}

^{Following in the footsteps of several of its member states, the G8 and the U.S., the European Commission plans on establishing a Forum on cybercrime to enhance cooperation across borders and discuss sensitivities involved with the issue, such as the appropriate balance between privacy, law enforcement and business. The Forum which will bring together law enforcers, service providers, network operators, consumer groups and data protection authorities in order to enhance the current level of co-operation and awareness of the issue. The Forum will serve as both a rapid alert body to tackle incidences of cybercrime and as a general platform for information exchange.}

^{The Forum flows from the wider e-Europe Action Plan, agreed by EU heads of state at the Lisbon summit last March, to integrate Europe into the new economy by 2002. Put forward by the commissioner for information society, Erkki Liikanen, and the commissioner for justice and home affairs, Antonio Vitorino, one of the key objectives behind this latest initiative is to inspire consumer confidence and boost e-commerce, and to address a serious gap in the EU's current resources for fighting cybercrime. A parallel measure contemplates the creation of specialised cybercrime police units in countries where they do not already exist, and technical training to further enhance European network security.}

^{2. Council Of Europe}

^{The Council of Europe ("CoE") has been a leading force in regard to data protection since 1950.}

^{Article 8 of the 1950 European Convention on the Protection of Human Rights and Fundamental Freedoms, promoted protection and respect for "private life". Article 8 states:}

^{Everyone has the right to respect for his private and family life, his home and his correspondence.}

^{There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.}

^{Emphasizing the importance of data protection in the interpretation of Article 8, the Convention, the European Court of Human Rights has stated that:}

^{"the protection of personal data (...) is of fundamental importance to a person's enjoyment of his or her right to respect for private and family life as guaranteed by Article 8 of he Convention". 125}

^{Article 8 is the European regional variation of:}

^{Article 12 of the Universal Declaration on Human Rights, which states:}

^{"No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks."}

• ^{Article 17 of the International Covenant on Civil and Political Rights 126, which states:}

  ^{"No one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks." (For the text of the General Comment on Article 17 by the ICCPR Committee, see Appendix "A").}

  ^{In 1974, Resolutions (73) 22 (1973) and (74) 29 (1974), which established principles for the protection of personal data in automated data banks in the private sector and the public sector, culminated in the creation of "the first legally binding international instrument with worldwide significance on data protection," the Convention for the Protection of Individuals with regard to the Automatic Processing of Personal Data. Opened for signature on 28 January 1981, 127 this convention takes on increased weight because of its status as a treaty document. 128}

  ^{The 1981 Convention enunciates "data protection principles of "fair and lawful collection and automatic processing of data, storage for specified legitimate purposes and not for use for ends incompatible with these purposes, nor kept for longer than is necessary. They concern also the quality of the data, in particular that they must be adequate, relevant and not excessive (proportionality); their accuracy; the confidentiality of sensitive data, information of the data subject and his/her right of access and rectification."}

  ^{The Convention also deals with the conditions under which data may freely flow between States party to the Convention. Parties may derogate if the level of protection in the other State is not "equivalent" or the data is being sent to a third country that is not a Party to the Convention.}

  ^{In June 2000, the Consultative Committee of CoE (also known as the "T-PD") adopted a draft protocol to the 1981 Convention reinforcing the Supervisory Authorities and prohibiting the transfer of personal data to States or organizations that do not provide for an adequate level of protection. 129}

  ^{Supporting this is the publication of a model contract 130 as part of an effort to use contract law to facilitate transborder data flows between Parties to the Convention and states not Party to the Convention. The model contract has been developed by the Convention's Consultative Committee, the European Community and the International Chamber of Commerce. A related Report 131, published during 2000 on the role of contracts in transborder data flow, is currently being considered by the Consultative Committee.}

  ^{In addition to treaty-based agreements, the CoE also relies on a less formal system of recommendations to member governments. Such recommendations are easier to draw up, adopt and implement, as they only require unanimous adoption by the Committee of Ministers. These Recommendations 132 (attached as Appendix "B") are drawn up and submitted to the Committee of Ministers by a special work group, the Project Group on Data Protection ("CJ-PD"). Established in 1976, the CJ-PD is composed of experts and consultants from each of the 41 member states who are responsible for data protection in their respective countries.}

^{Current efforts of the Project Group include:}

• ^{a recommendation on the protection of personal data collected and processed for insurance purposes;}
• ^{a recommendation in the field of financial services;}
• ^{smart cards and electronic surveillance.}

^{The Project Group is also studying the use of personal data for police purposes 133. As with the European Community, the G8 and the United States, the issues of cybercrime, police powers and surveillance is of much interest to the CoE, just as the impact of greater law enforcement on data protection and privacy is to privacy advocates.}

^{CoE is involved in a number of important initiatives. On the issue of surveillance, a recent report134 by Giovanni Buttarelli, Secretary General of the Italian Data Protection Authority, on the relationship between surveillance and personal rights, is to be the subject of a public consultation.}

^{Perhaps most notably, in the area of "cyber crime", the CoE, with the USA, Japan and Canada as observers and probable signatories, has put forward a "Draft Convention on Cyber-crime", 135 developed by the European Committee On Crime Problems ("CDPC") Committee Of Experts On Crime In Cyber-Space ("PC-CY"), and declassified after the last Plenary meeting of Committee PC-CY ending in Strasbourg on December 15, 2000. It will be the first international treaty to address criminal law and procedural aspects of various types of criminal behaviour directed against computer systems, networks or data and other types of similar misuse, and will significantly extend and detail the exemptions from data protection for reasons of crime detection.}

^{After comment by the Parliamentary Assembly, which is expected in April 2001, and after any further revisions by the European Committee on Crime Problems, which are expected to be approved at its next Plenary session in June 2001, the text of the treaty will be submitted to the Committee of Ministers for adoption.}

^{3. OECD}

^{The OECD's concern with privacy has, arguably, undergone a significant evolution since the late 1970's, from an emphasis on privacy and data protection in the human rights context to a focus on privacy as an important and enabling component of e-commerce. During that period, the OECD has focused less on elaborating new standards than on elaborating mechanisms for implementing and enforcing those standards, such as contractual and technological "fixes" to the perceived privacy problems.}

^{In setting out its objectives with respect to privacy, the OECD 136 notes:}

^{An important question to be addressed before new technologies will be wholly embraced and electronic commerce can reach its full potential is how to build user confidence in network technologies and electronic transactions. Trust in electronic communications and commerce requires that: services and networks are secure and reliable; transactions are safe and private; personal data are protected; the origin, receipt and integrity of information received can be proved; means of identifying the parties involved are available; and there are appropriate redress mechanisms if something goes wrong. Secure and user-friendly technologies and a predictable regulatory environment to support them will form the framework for building business and consumer trust in electronic transactions. 137}

^{This emphasis on privacy as facilitator of e-commerce has been echoed, among other places, at both the OECD Conference "Dismantling the Barriers to Global Electronic Commerce" held in Turku, Finland, in November 1997 138, and the Emerging Market Economy Forum in Dubai, in January 2001. 139}

^{At a February, 1998 workshop on "Privacy Protection in a Global Networked Society", participants recognized that:}

^{...the growth of electronic commerce requires increased consumer confidence in privacy protection, and that the OECD Guidelines continue to provide a common set of fundamental principles for guiding efforts in this area. They affirmed the commitment to protect individual privacy in the increasingly networked environment, both to uphold human rights and to prevent interruptions in transborder data flows.}

^{In pursuing these objectives, the OECD has generally been guided by an approach that stresses:}

• ^{the development of "soft law" standards around which national laws and other instruments may be harmonized}
• ^{the negotiation of non-binding standards which establish authoritative, morally compelling yardsticks against which laws and practices can be measured}

^{Out of that approach has advanced a number of significant Recommendations, highlighted by the following e-commerce oriented initiatives:}

1. ^{1980 - Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. Adopted September 23, 1980. (In the view of the OECD, "The Privacy Guidelines are applicable to the online environment since they are technology-neutral and apply to all types of personal data; they still represent an international consensus on general guidance concerning the collection and management of personal information." 140)}
2. ^{1992- Guidelines for the Security of Information Systems. Adopted November 26, 1992.}
3. ^{1995 - The Declaration on Transborder Data Flows. Adopted April 11, 1985.}
4. ^{1997 - The Recommendation concerning Guidelines for Cryptography Policy. Adopted March 27, 1997}
5. ^{Ministerial Declaration On The Protection Of Privacy On Global Networks141. Adopted by Ottawa Ministerial Conference 7-9 October 1998, and integrated into the instruments of the Organization on October 19, 1998.142 The Ministers' Declaration reaffirms "their commitment to the protection of privacy on global networks in order to ensure the respect of important rights, build confidence in global networks, and to prevent unnecessary restrictions on transborder flows of personal data".143 A number of reports, conferences, publications and tools have resulted, in particular, from this Ministerial Conference.144}
6. ^{1999 - Guidelines for Consumer Protection in the Context of Electronic Commerce.}

   ^{Lastly, the OECD is pursuing the promotion of:}

   • ^{the use of privacy-enhancing technologies. ("PETs")}
   • ^{user education and awareness about online privacy issues}

   
   ^{Additional work is also being undertaken on the issue of privacy and security related to genetic testing.}

^{4. The U.S. - European Union Compromise: Safe Harbor}

^Background

^{In an environment of global information exchange, data exchange, and therefore data protection, cannot end at national borders. Not surprisingly, therefore, one of the cornerstones of European Union data protection policy is the 1995 Data Directive 145 that complying states block the transfer of information to non-member states that do not provide an adequate level of data protection.}

^{In the context of European Union - U.S. data flows, this has caused significant challenges, as the stricter rules of the European privacy regime has clashed with the sectoral, self-regulatory approach favoured by the United States.}

^{In order to ensure the free and continued flow of data between the EU and U.S., the U.S. began negotiating a "Safe Harbor" agreement with the EU in 1998. Applying to companies overseen by the Federal Trade Commission and Department of Transportation (excluding the financial and telecommunications sectors), "Safe Harbor" allows U.S. companies to voluntarily self-certify adherence to a set of privacy principles agreed to by the U.S. Department of Commerce and the Internal Market Directorate of the European Commission. These companies would then have a presumption of adequacy and they could continue to receive personal data from the European Union.}

^{Privacy and consumer advocates criticized the negotiations, arguing that Safe Harbor status rests on a self-regulatory system without a meaningful enforcement mechanism or a systematic review of compliance, and lacking an individual right to appeal or right to compensation for privacy infringements. Nevertheless, the Commission approved the agreement on July 26, 2000146 , while promising to re-open negotiations on the arrangement if the remedies available to European citizens prove inadequate. U.S. companies were permitted to join Safe Harbor starting in November, 2000, and an open-ended grace period was given for U.S. signatory companies to implement the Safe Harbor principles.}

^{The Safe Harbor Principles}

^{As enunciated by the U.S. Department Of Commerce 147 on July 21, 2000, those principles include:}

^{NOTICE: An organization must inform individuals about the purposes for which it collects and uses information about them, how to contact the organization with any inquiries or complaints, the types of third parties to which it discloses the information, and the choices and means the organization offers individuals for limiting its use and disclosure. This notice must be provided in clear and conspicuous language when individuals are first asked to provide personal information to the organization or as soon thereafter as is practicable, but in any event before the organization uses such information for a purpose other than that for which it was originally collected or processed by the transferring organization or discloses it for the first time to a third party.148}

^{CHOICE: An organization must offer individuals the opportunity to choose (opt out) whether their personal information is (a) to be disclosed to a third party or (b) to be used for a purpose that is incompatible with the purpose(s) for which it was originally collected or subsequently authorized by the individual. Individuals must be provided with clear and conspicuous, readily available, and affordable mechanisms to exercise choice. For sensitive information (i.e. personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying the sex life of the individual), they must be given affirmative or explicit (opt in) choice if the information is to be disclosed to a third party or used for a purpose other than those for which it was originally collected or subsequently authorized by the individual through the exercise of opt in choice. In any case, an organization should treat as sensitive any information received from a third party where the third party treats and identifies it as sensitive.}

^{ONWARD TRANSFER: To disclose information to a third party, organizations must apply the Notice and Choice Principles. Where an organization wishes to transfer information to a third party that is acting as an agent, as described in the endnote, it may do so if it first either ascertains that the third party subscribes to the Principles or is subject to the Directive or another adequacy finding or enters into a written agreement with such third party requiring that the third party provide at least the same level of privacy protection as is required by the relevant Principles. If the organization complies with these requirements, it shall not be held responsible (unless the organization agrees otherwise) when a third party to which it transfers such information processes it in a way contrary to any restrictions or representations, unless the organization knew or should have known the third party would process it in such a contrary way and the organization has not taken reasonable steps to prevent or stop such processing.}

^{SECURITY: Organizations creating, maintaining, using or disseminating personal information must take reasonable precautions to protect it from loss, misuse and unauthorized access, disclosure, alteration and destruction.}

^{DATA INTEGRITY: Consistent with the Principles, personal information must be relevant for the purposes for which it is to be used. An organization may not process personal information in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the individual. To the extent necessary for those purposes, an organization should take reasonable steps to ensure that data is reliable for its intended use, accurate, complete, and current.}

^{ACCESS: Individuals must have access to personal information about them that an organization holds and be able to correct, amend, or delete that information where it is inaccurate, except where the burden or expense of providing access would be disproportionate to the risks to the individual's privacy in the case in question, or where the rights of persons other than the individual would be violated.}

^{ENFORCEMENT: Effective privacy protection must include mechanisms for assuring compliance with the Principles, recourse for individuals to whom the data relate affected by non-compliance with the Principles, and consequences for the organization when the Principles are not followed. At a minimum, such mechanisms must include (a) readily available and affordable independent recourse mechanisms by which each individual's complaints and disputes are investigated and resolved by reference to the Principles and damages awarded where the applicable law or private sector initiatives so provide; (b) follow up procedures for verifying that the attestations and assertions businesses make about their privacy practices are true and that privacy practices have been implemented as presented; and (c) obligations to remedy problems arising out of failure to comply with the Principles by organizations announcing their adherence to them and consequences for such organizations. Sanctions must be sufficiently rigorous to ensure compliance by organizations.}

^{The Federal Trade Commission and the Department of Transportation are empowered to investigate complaints and to obtain relief against unfair or deceptive practices as well as redress for individuals in case of non-compliance with the Principles implemented in accordance with the agreement.}

^{It is important to emphasize that, certainly from the perspective of the EU, participation in the "safe harbor" is not intended to change the status quo ante for any organisation with respect to jurisdiction, applicable law or liability in the European Union. Moreover, "safe harbor" discussions "have not resolved nor prejudged the questions of jurisdiction or applicable law with respect to websites. All existing rules, principles, conventions and treaties relating to international conflicts of law continue to apply and are not prejudiced in any way by the "safe harbor" arrangement." 149}

^{Safe Harbour a Rocky Harbor?}

^{Safe Harbor has served as a lightening rod for criticisms that it undermines EU privacy protections, and does so without providing effective remedies for data protection violations. Although proponents counter that it has secured the free flow of US$350 billion in trade, and has laid the groundwork for future data protection agreements, Safe Harbor has enjoyed, at best, very mixed reviews.}

^{Most surprisingly, perhaps, is the fact that only 32 American companies have currently elected to participate in the Safe Harbor program. 150 The relatively simple certification process -- which can be done online -- asks questions such as an organization's name, the corporate officer in charge of compliance, URL to a privacy policy, the kind of data collected, and whether the firm is willing to "cooperate with the EU Data Protection Authority."}

^{Nevertheless, Commerce Secretary Norman Mineta has expressed optimism, calling safe harbor "the latest fruit of our joint efforts to tear down e-commerce barriers and rationalize our Internet policies." Mineta acknowledges that there remains much work to be done with Safe Harbor in the areas of intellectual property, taxation, free speech and privacy. 151}

^B

^{Following is an opinion piece by Professor Valerie, Steeves, Adjunct Professor of Law, Carleton University, Ottawa Canada.}

^{Human Rights and New Technologies}

^{The Canadian Charter of Rights and Freedoms:}

^{Twenty Years Later 152}

^ABSTRACT

^{The emergence of the surveillance state reflects a desire to assert greater levels of control over the citizen. As such, it conflicts with traditional human rights prescriptions, which seek to maintain a sphere of individual autonomy. The surveillance state sacrifices human rights in order to obtain greater security and convenience, and in doing so, no longer deals with the citizen as the source of political legitimacy. Instead, the citizen is recast as a consumer of government services and a potential risk to the public purse. The use of law in this environment as a form of social control becomes increasingly invasive and erodes the flexible forms of social control which occur within human community.}

^{HUMAN RIGHTS AND NEW TECHNOLOGIES}

^{The Canadian Charter of Rights and Freedoms was enacted twenty years ago. For the vast majority of us, there were no cell phones, no wireless communications, no voice mail, no customer loyalty programs, no satellite dishes, no junk faxes, no wearable wireless web cams on boys' toes looking up women's skirts, and the government ostensibly did not open our mail. The World Wide Web was not yet even a possibility, leading edge computer developers were arguing that no one would ever want a hard drive on a personal computer, and cookies were something we ate. Video cameras were not mounted on school buses, at corner traffic lights, or inside the bathroom stalls at your local shopping mall. The cameras that did point at us in banks did not see through walls, peer around corners, listen in on conversations taking place in passing cars, or take digital pictures of our faces so we could be identified. Twenty years ago, there was no confusion about the meaning of the word "human" in the expression human rights.}

^{Tim Times have changed.}

^{Any privacy advocate will tell you that new technologies are quickly eroding the traditional boundaries of our private lives, and that the law has been slow to adjust. A review of the caselaw indicates that the court's attempts to protect reasonable expectations of privacy under s. 7 and s. 8 of the Charter are ineffective in an environment where technology provides us with no expectation of privacy at all 153. More disturbing, however, is the way in which the emergence of the surveillance state over the past twenty years has recast the nature of citizenship. This paper will explore the changing relationship between the individual, the community, and the state, in order to examine whether or not our conception of human rights can protect individual freedom in a wired environment.}

^{The Panoptic State - Citizen as Suspect}

^{One of the most powerful metaphors for the invasive state is the panopticon, the circular prison designed in 1787 by English utilitarian Jeremy Bentham. Bentham conceptualized a prison in which the prisoners, each isolated in separate cells, would be under the continual gaze of a central tower which housed invisible watchers. His point was not to perfect surveillance, but to perfect the perception of surveillance. He reasoned that the fear of being constantly watched and punished for every transgression would ensure that prisoners internalized the rules and became self-monitoring.}

^{In the 1970's, French philosopher Michel Foucault called Bentham's panopticon a "political technology", "a state of conscious and permanent visibility that assures the automatic functioning of power"154. The goal of this technology is control, and not just control over convicted criminals. As Bentham argued in the 18th century, an engine of perfected surveillance has broad applications: "Morals reformed - health preserved - industry invigorated - instruction diffused - public burthens (sic) lightened - Economy seated, as it were, upon a rock - the Gordian knot of the Poor-laws . . . untied" 155. The individual in the panoptic state becomes an opportunity for a form of social engineering, in which total surveillance is used to control and manipulate individual choice in order to advance an economic and political agenda.}

^{Total state control over the individual is precisely what human rights laws and the principles of fundamental justice seek to mitigate. The fundamental and legal rights embodied in the Charter create and recreate a relationship between the state and the individual in which the state's ability to exercise invasive forms of control over behaviour is expressly curtailed. That is not to say that human rights are absolute; they are not. But in the past, when we have balanced individual rights, we have balanced them against other rights. With the introduction of networked technology, we have increasingly begun to balance individual rights against efficiency, cost-effectiveness and risk reduction.}

^{The panoptic vision is indeed driven by these goals. Bentham's belief that total surveillance can save us from diseases and make the distribution of social benefits efficient, all while promoting economic growth, resonates with current government policies to collect more and more personal information about citizens to advance its policy agenda. We are told we must be watched to catch cheaters and criminals; we must be watched to discover which of our lifestyle habits cause the diseases that necessitate health care spending; we must be watched to keep us safe.}

^{The panoptic citizen colludes in the destruction of her privacy and other fundamental rights by accepting increasing levels of surveillance in exchange for security and convenience. But the act of surveillance changes the relationship between government and citizen. The individual is no longer the source of political legitimacy, but becomes a consumer of government services and a potential risk to the public purse. Placing each individual under surveillance to decrease fraud and manage risk recasts the citizen as "suspect", and reverses the traditional presumption of innocence.}

^{The clearest example of this dynamic can be found in the practice of profiling. When the state created its firearms registration system, for example, it examined social science research to identify what "type" of person is at risk of committing a violent act with a weapon. It then created a registration form that requires people to disclose whether or not, in the past five years, they have been treated for depression, substance abuse, or emotional problems, considered suicide, been through a divorce or the dissolution of a significant relationship, lost their jobs or gone bankrupt. Following the logic of "risk reduction", anyone who checks off one of these boxes must be investigated. The applicant is asked for full written details--highly personal details of their depressed mental state, divorce, or drug problem--and a regional firearms officer then begins an investigation. The officer may speak to anyone associated with the applicant, including neighbors, bosses and ex-spouses, to decide whether or not that person is a risk to herself or others. If the officer is not satisfied, he or she can ask the local police to act as the firearms centre's agent to conduct a full investigation into whether or not the person is dangerous.}

^{This process may or may not catch a potentially violent offender, but it will easily catch a bankrupt, depressed or divorced farmer who, in need of a gun for his livelihood, is forced to reveal intimate details of his life to the state and, even worse, have the state call and discuss his life with his banker, neighbors, and ex-spouse. This willingness to invade privacy in the name of risk reduction means that the state is no longer dealing with individuals as "citizens", but as "suspects", "safety risks", or threats to "efficient" or "cost-effective government." And when that occurs, we have, as sociologist David Lyon says, "ignored human rights in the most profound sense"156, 157, It is also crucial to recognize that the panoptic gaze is not neutral.}

^{Researchers at the Centre for Criminology and Criminal Justice at Hull University report that closed circuit security camera operators are more likely to watch certain types of people for surveillance, for "no apparent reason". The most common targets included young black males, beggars, homeless persons, street traders and, especially, "anyone who directly challenged, by gesture or deed, the right of the cameras to monitor them" They also found that 1 in 10 women were watched by the male operators for entirely "voyeuristic" reasons.}

^{The burden of the invisible discrimination that occurs when the state has access to the intimate details of the citizen's life falls most harshly on persons who are already marginalized. The office of the British Columbia Privacy Commissioner reports, for example, that aboriginal persons are taking their children across the border to the United States when they need medical attention due to an accidental injury; they are afraid that their health information will be shared with child protection services and their children will be removed from their care. However, state surveillance is now targeting an ever broader section of society. A Canadian professor recently reported that he was questioned by the RCMP because he was organizing a panel discussion on the social impact of free trade to be held during the Quebec City Summit of the Americas. The investigating officer demanded he "explain" his political views. Leaked plans to use empty warehouses as jails for protesters at the Summit, and media images of riot-clad police officers pointing rifles at peaceful protestors in Toronto prior to the Quebec City meeting demonstrate just how far the state is willing to go to reduce risk.}

^{This move away from democratic values has not occurred in a vacuum. Respect for human rights requires a willingness to tolerate inefficiencies and risk. Democracy, after all, is notoriously inefficient. We accept its inefficiencies because it enables us to enjoy a sense of individual autonomy. That autonomy means that much of our social organization occurs at the informal level. In the early days of the Internet, for example, privacy and free speech coexisted because of a system of voluntary zoning. If you didn't want to see pornographic images on the Net, it was expected that you wouldn't go to sites which post it. The unrestricted freedom of cyberspeech, with its propensity for flaming and extremism, was also tempered by the social agreement of the people participating in any particular discussion. Discussion forums on politics or gardening, for example, generally did not tolerate sexual solicitations. But their intolerance was always tempered by the fact that there were plenty of other online places to go to participate in that kind of activity.}

^{Part of the reason this complex environment flourished was because the technology itself gave the users the power to construct their own limits on what they found acceptable. Filtering software, encryption algorithyms and freeware fixes to foil cookies 158, punish spammers 159 and finger intruders 160 abounded. However, the open architecture of a networked environment also means that the state can watch what are essentially private activities because they now take place on an open system. The existence of the massive communications spy system Echelon and the}

^{electronic citizen files accumulated by Human Resources Development Canada underline just how pervasive the panoptic gaze has become.}

^{In many ways, the tensions between government policies and individual rights is based upon conflicting conceptions of community. Our legal system assumes, correctly or not, that laws grow from the consensus of citizens, expressed through the democratic process. However, the community involvement in this process is a passive one; the power rests with the state, which articulates and enforces blanket prohibitions. The citizen is, in many respects, assumed to be only a passive participant in the legal process and fulfills his or her civic duty by complying with the law.}

^{But our experience of community is very different. Both in the real world and online, communities grow from interpersonal sharing and support--from the neighbour who looks after your children when you break your leg, to the newsgroup member who passes on a bread making tip. The kind of self-actualizing community rules which grow from online interaction can be censorious, but an offending individual can always choose to flow into another community. Because groups are self-selected, the use of social censure does not preclude participation. It merely sets the limits of how people in that particular group treat each other.}

^{This is not true of the law. The power of the state to censure and control certain activity is all-encompassing and people who fail to conform to the rules are punished. This power is why the law should not seek to intrude into private activity in all but the most exceptional circumstances. Legal sanctions must be applied thoughtfully in a democracy, because the state's monopoly over the use of force is, by definition, invasive.}

^{Before electronic communications, the law did not have entry into this personal aspect of community and citizens were able to set private standards for behaviour. Indeed, it was the line between public distribution and private consumption that enabled us to balance freedom of speech and the need to protect people from hate propaganda and obscenity. However, now that that line is no longer firm, the state's use of blanket prohibitions and monopolies creates a much broader sense of coercive censure and subsequent loss of freedom.}

^{As we move into a networked society, we must be mindful that our legal and technological choices will have social and political consequences. Policies which place efficiency and risk reduction ahead of individual rights will promote the economic agenda of the few at the price of the freedom of the many. Twenty years after the enactment of the Charter, the principles behind the rights it enshrines can still provide us with a roadmap to a fairer and freer society. But each generation has to recreate democracy on its own terms by facing its own challenges. If the Charter is to continue to be a touchstone for individual autonomy, then we must rethink the consequences that flow from a panoptic state, and ground ourselves in the importance of democratic expression and personal privacy.}

^{CHAPTER FIVE}

^{Appendix A}

^{The ICCPR Committee has offered the following General Comment on Article 17 of the International Covenant on Civil and Political Rights:}

^{(Thirty-second session, 1988)}

^{1. Article 17 provides for the right of every person to be protected against arbitrary or unlawful interference with his privacy, family, home or correspondence as well as against unlawful attacks on his honour and reputation. In the view of the Committee this right is required to be guaranteed against all such interferences and attacks whether they emanate from State authorities or from natural or legal persons. The obligations imposed by this article require the State to adopt legislative and other measures to give effect to the prohibition against such interferences and attacks as well as to the protection of this right.}

^{3. The term "unlawful" means that no interference can take place except in cases envisaged by the law. Interference authorized by States can only take place on the basis of law, which itself must comply with the provisions, aims and objectives of the Covenant.}

^{4. The expression "arbitrary interference" is also relevant to the protection of the right provided for in article 17. In the Committee's view the expression "arbitrary interference" can also extend to interference provided for under the law. The introduction of the concept of arbitrariness is intended to guarantee that even interference provided for by law should be in accordance with the provisions, aims and objectives of the Covenant and should be, in any event, reasonable in the particular circumstances.}

^{6. The Committee considers that the reports should include information on the authorities and organs set up within the legal system of the State, which are competent to authorize interference allowed by the law. It is also indispensable to have information on the authorities which are entitled to exercise control over such interference with strict regard for the law, and to know in what manner and through which organs persons concerned may complain of a violation of the right provided for in article 17 of the Covenant. States should in their reports make clear the extent to which actual practice conforms to the law. State party reports should also contain information on complaints lodged in respect of arbitrary or unlawful interference, and the number of any findings in that regard, as well as the remedies provided in such cases.}

^{7. As all persons live in society, the protection of privacy is necessarily relative. However, the competent public authorities should only be able to call for such information relating to an individual's private life the knowledge of which is essential in the interests of society as understood under the Covenant. Accordingly, the Committee recommends that States should indicate in their reports the laws and regulations that govern authorized interferences with private life.}

^{8. Even with regard to interferences that conform to the Covenant, relevant legislation must specify in detail the precise circumstances in which such interferences may be permitted. A decision to make use of such authorized interference must be made only by the authority designated under the law, and on a case-by-case basis. Compliance with article 17 requires that the integrity and confidentiality of correspondence should be guaranteed de jure and de facto. Correspondence should be delivered to the addressee without interception and without being opened or otherwise read. Surveillance, whether electronic or otherwise, interceptions of telephonic, telegraphic and other forms of communication, wire-tapping and recording of conversations should be prohibited. Searches of a person's home should be restricted to a search for necessary evidence and should not be allowed to amount to harassment. So far as personal and body search is concerned, effective measures should ensure that such searches are carried out in a manner consistent with the dignity of the person who is being searched. Persons being subjected to body search by State officials, or medical personnel acting at the request of the State, should only be examined by persons of the same sex.}

^{9. States parties are under a duty themselves not to engage in interferences inconsistent with article 17 of the Covenant and to provide the legislative framework prohibiting such acts by natural or legal persons.}

^{10. The gathering and holding of personal information on computers, data banks and other devices, whether by public authorities or private individuals or bodies, must be regulated by law. Effective measures have to be taken by States to ensure that information concerning a person's private life does not reach the hands of persons who are not authorized by law to receive, process and use it, and is never used for purposes incompatible with the Covenant. In order to have the most effective protection of his private life, every individual should have the right to ascertain in an intelligible form, whether, and if so, what personal data is stored in automatic data files, and for what purposes. Every individual should also be able to ascertain which public authorises or private individuals or bodies control or may control their files. If such files contain incorrect personal data or have been collected or processed contrary to the provisions of the law, every individual should have the right to request rectification or elimination."}

^{Appendix B}

^{Data Protection Related Recommendations by Council of Europe's Project Group on Data Protection}

^{Recommendation No. R (99) 5 for the protection of privacy on the Internet (23 February 1999)}

^{Recommendation No. R(97) 18 on the protection of personal data collected and processed for statistical purposes (30 September 1997)}

^{Recommendation No. R(97) 5 on the protection of medical data (13 February 1997)}

^{Recommendation No. R(95) 4 on the protection of personal data in the area of telecommunication services, with particular reference to telephone services (7 February 1995)}

^{Recommendation No. R(91) 10 on the communication to third parties of personal data held by public bodies (9 September 1991)}

^{Recommendation No. R(90) 19 on the protection of personal data used for payment and other operations (13 September 1990)}

^{Recommendation No. R(89) 2 on the protection of personal data used for employment purposes (18 January 1989)}

^{Recommendation No. R(87) 15 regulating the use of personal data in the police sector (17 September 1987) and Second evaluation Report of the Recommendation}

^{Recommendation No. R(86) 1 on the protection of personal data for social security purposes (23 January 1986)}

^{Recommendation No. R(85) 20 on the protection of personal data used for the purposes of direct marketing (25 October 1985)}

^{Recommendation No. R(83) 10 on the protection of personal data used for scientific research and statistics (23 September 1983)}

^{Recommendation No. R(81) 1 on regulations for automated medical data banks (23 January 1981)}

^{Resolution (74) 29 on the protection of individuals vis-à-vis electronic data banks in the public sector}

^{Resolution (73) 22 on the protection of privacy of individuals vis-à-vis electronic data banks in the private sector}

Footnotes:

99. Privacy: where do we draw the line? Report of the House of Commons Standing Committee on Human Rights and the Status of Persons with Disabilities, The Hon Sheila Finestone, Chair, April 1997
100. The Standard Europe, December 13, 2000, at www.thestandardeurope.com/article/display/0,1151,13010,00.html
101. www.privacyfoundation.org/release/top10.html
102. President Clinton also signed an executive order prohibiting the use of genetic information in federal employment practices. The genetic screening issue is still unsettled in the private sector.
103. Privacy is an important issue for North American Internet users, with 80% of Canadians and 82% of Americans reporting that they are at least somewhat concerned about the privacy of their personal information when participating in online activities. Of those who only surf the Web, four in ten would be more inclined to participate in online transactions such as Internet bill pay or e-banking, if they were confident that their privacy would be respected. One quarter of these respondents would be more inclined to shop or trade online. Source Derivion Canada (www.derivion.com)
104. Cookies are small software files set on computer hard drives by Internet advertisers to track, often surreptitiously, customer surfing patterns.
105. Audit Commission, A Perfect Match: Report of the 1998 National Fraud Initiative (Update) ISBN 1 86240 223 X
106. See www.aclu-wi.org/issues/data-privacy/datmatch.html
107. Ibid. It is important to note that the survey dealt only with inter- and intra-government data exchanges, and did not even begin to take up the privacy implications of commercial vendors who obtain entire databases under Wisconsin's Open Records Act and further customize, link and sell the information for their own private gain.
108. See Privacy Commissioner of Canada, Annual Report 1999-2000, Cat. No. IP 30-1/2000, ISBN 0-662-64957-5. This publication is available on audio cassette, computer diskette and on the Office's Internet home page at www.privcom.gc.ca
109. www.tbs-sct.gc.ca/pubs_pol/gospubs/TBM_128/CHAP2_5_e.html
110. IMIS Journal, February 1997, www.ccsr.cse.dmu.ac.uk/resources/general/ethicol/Ecv6no6.html
111. Ibid
112. Ibid
113. See for example the Report of the Public Audit Forum; see also the Annual Report of Elizabeth France, data protection registrar, in which she sated that proposals for increased data matching "may well contravene" the Human Rights Act " (in force October 2, 2000) because of lack of safeguards for individuals". The consultation paper, Data Matching and the Role of Public Sector Auditors, can be accessed at www.public-audit-forum.gov.uk/publicat.htm
114. Source: www.guardianunlimited.co.uk/Archive/Article/0%2C4273%2C4049794%2C00.html
115. Cite to come
116. Http://www.aclu-wi.org/issues/data-privacy/datmatch.html
117. Http://www.dataprotection.org/garante/frontdoor/1,1003,,00.html?LANG=2
118. Directive 95/46/EC of the European Parliament and of the Council of 24 Oct. 1995 on the Protection of the Individual with respect to the Processing of Personal Data and on the Free Movement of Such Data.
119. Directive 97/66/EC of the European Parliament and of the Council of 15 Dec. 1997 Concerning the Processing of Personal Data and the Protection of Privacy in the Telecommunications Sector
120. See http://www.europa.eu.int/comm/internal_market/
     en/media/dataprot/studies/legalen.htm. See also "Privacy on the Internet - An integrated EU Approach to On-line Data Protection", Working Party On The Protection Of Individuals With Regard To The Processing Of Personal Data (November 2000)
121. Quoted in Wired News, http://www.wired.com/news/politics/0,1283,41004,00.html
122. For a useful description and analysis of the proposed directive, see the Opinion of the THE WORKING PARTY ON THE PROTECTION OF INDIVIDUALS WITH REGARD TO THE PROCESSING OF PERSONAL DATA , Opinion 7/2000 , "On the European Commission Proposal for a Directive of the European Parliament and of the Council concerning the processing of personal data and the protection of privacy in the electronic communications sector of 12 July 2000 COM (2000) 385 "
123. See http://europa.eu.int/ISPO/infosoc/telecompolicy/review99/Welcome.html and http://europa.eu.int/ISPO/infosoc/telecompolicy/press/ip00-749en.htm
124. In the United Kingdom, fro example, critics of the Regulation of Investigatory Powers Act 2000 argue that it poses grave threats to civil liberties in general and privacy rights in particular.
125. M.S. v. Sweden (27 August 1997)
126. With respect to the United Nations, the Commission on Human Rights has adopted several Decisions with on data protection, the most recent being E/CN.4/DEC/1999/109 Human rights and the follow-up to the guidelines for the regulation of computerized personal data files) and adopted various Reports such as E/CN.4/1999/88 Report of the Secretary-General on the question of the follow-up to the guidelines for the regulation of computerized personal data files. The Guidelines themselves were adopted by the General Assembly of the United Nations in its Resolution 45/95 of 14 December 1990.
127. See http://conventions.coe.int/treaty/EN/cadreprincipal.htm; An amendment to the Convention has been adopted permitting the European Community to accede to it (1999). (see http://www.coe.fr/dataprotection/Treaties/amend108e.htm).
128. Contrast this Convention, for example, with the OECD's Recommendation of the Council Concerning Guidelines Governing the Protection of Privacy and Transborder Data Flows (discussed further, below).
129. See also Report on "Revisiting Sensitive Data" (1999), by Mr. Spiros SIMITIS, Dr h. c. Dr, Professor at Johann Wolfgang Goethe University of Frankfurt am Main, Director of the Research Centre for Data Protection (Germany), considered by the T-PD
130. www.coe.fr/dataprotection/Etudes_Rapports/ectype.htm
131. "Contracts involving the transfer of personal data between Parties to Convention ETS N° 108 and third countries not providing an adequate level of protection" (2000) by Mr. Jèrome HUET, Agrégé des facultés de droit, Professor at Panthéon-Assas University of Paris II, Director of the Centre of Multimedia Legal and Economica Studies (France).
132. See http://www.coe.fr/dataprotection/edocs.htm
133. Report on "data protection in the police sector" (1998), by Mr. Alexandre Patijn, Legal Advisor, Ministry of Justice of the Netherlands, with regard to the evaluation of Recommendation R (87) 15 on police, considered by the CJ-PD
134. Report and Guiding Principles on the Protection of Personal Data with Regard to Surveillance. See http://www.coe.fr/dataprotection/eReport%20Buttarelli.htm
135. PC-CY (2000) Draft No. 25 Rev. See the full text at http://conventions.coe.int/treaty/EN/projets/; See also: Http://conventions.coe.int/treaty/EN/projets/projets.htm
136. OECD privacy and data protection policy is administered by the Directorate For Science, Technology And Industry: Committee For Information, Computer And Communications Policy : Working Party on Information Security and Privacy, chaired by Richard Beaird, Department of State (U.S.)
137. http://www.oecd.org/dsti/sti/it/secur/index.htm [objectives]
138. see http://www.oecd.org/dsti/sti/it/secur/index.htm
139. See http://www.oecd.org/dsti/sti/it/ec/act/dubai_ec/
140. See also in this regard Implementing the OECD Privacy Guidelines in the Electronic Environment: Focus on the Internet (October 1997), which, inter alia, encouraged businesses to adopt policies and technical solutions that guarantee individual privacy protection on in the Internet.
141. See http://appli1.oecd.org/olis/1998doc.nsf/linkto/dsti-iccp-reg(98)10-final
142. See in this regard, Practices to Implement the OECD Privacy Guidelines on Global Networks September 1998 The report "analyses current privacy practices on global networks and contains, in an annex, suggestions for a privacy-friendly Web site design." (http://appli1.oecd.org/olis/1998doc.nsf/linkto/dsti-iccp-reg(98)6-final)
143. In particular, the Declaration speaks about encouraging the adoption of privacy policies, whether implemented by legal, self-regulatory, administrative or technological means, the online notification of privacy policies to users, the use of privacy-enhancing technologies and the use of contractual solutions and the development of model contractual solutions for online transborder data flows; ensuring that effective enforcement mechanisms are available both to address non-compliance with privacy principles and policies and to ensure access to redress; promoting user education and awareness about online privacy issues and the means at their disposal for protecting privacy on global networks;
144. See Inventory of Instruments and Mechanisms Contributing to the Implementation and Enforcement of the OECD Privacy Guidelines on Global Networks (May 1999) (http://www.olis.oecd.org/olis/1998doc.nsf/linkto/dsti-iccp-reg(98)12-final); Report on Transborder Data Flow Contracts in the Wider Framework of Mechanisms for Privacy Protection on Global Networks (September 1999) http://www.oecd.org/dsti/sti/it/secur/index.htm); Building Trust in the Online Environment: Business-to-Consumer Dispute Resolution, an OECD co-sponsored conference which explored how online ADR can improve trust for global electronic commerce by helping to resolve B2C disputes arising from privacy and consumer protection; and see "OECD Privacy Policy Statement Generator", which offers guidance on compliance with the Guidelines and to help organisations develop privacy policies and statements for display on their web sites (see http://cs3-hq.oecd.org/scripts/pwv3/pwhome.htm);
145. Directive 95/46/EC of the European Parliament and of the Council of 24 Oct. 1995 on the Protection of the Individual with respect to the Processing of Personal Data and on the Free Movement of Such Data.
146. see http://www.export.gov/safeharbor/EUletter27JulyHeader.htm
147. See http://www.export.gov/safeharbor/SHPRINCIPLESFINAL.htm. The Department of Commerce notes that "these principles are intended for use solely by U.S. organizations receiving personal data from the European Union for the purpose of qualifying for the safe harbor and the presumption of "adequacy" it creates. Because the Principles were solely designed to serve this specific purpose, their adoption for other purposes may be inappropriate."
148. It is not necessary to provide notice or choice when disclosure is made to a third party that is acting as an agent to perform task(s) on behalf of and under the instructions of the organization. The Onward Transfer Principle, on the other hand, does apply to such disclosures.
149. See http://www.export.gov/safeharbor/EUletter27JulyHeader.htm
150. See http://web.ita.doc.gov/safeharbor/shlist.nsf/webPages/safe+harbor+list
151. See Appendix A and B at end of this paper on Human Rights and Data Protection
152. Parts of this paper were first developed in previous publications by the author: see "Privacy, Free Speech and Community: Applying Human Rights Laws to the Internet" in Human Rights and the Internet, edited by Steven Hicks, MacMillan Canada: 1999; and "Privacy, Property and Policy: Hidden Implications for the Information Highway" in the Information, Innovation and Impacts Series, Science and Technology Redesign Project, Statistics Canada, 1999.
153. See Valerie Steeves, "Censorship and Privacy Issues as Communications Become Increasingly Digital" in Adapting to New Realities: Canadian Telecommunications Policy, edited by David Conklin (London, Ontario: University of Western Ontario Press, 1998), pp. 153-166.
154. Michel Foucault, Discipline and Punish: The Birth of the Prison (N.Y.: Pantheon, 1978), pp. 207 and 201.
155. Standing Committee on Human Rights and the Status of Persons with Disabilities, 35th Parliament, 2nd Session, Evidence, 33:20.
156. Standing Committee on Human Rights and the Status of Persons with Disabilities, 35th Parliament, 2nd Session, Evidence, 33:20.
157. Standing Committee on Human Rights and the Status of Persons with Disabilities, 35th Parliament, 2nd Session, Evidence, 33:20.
158. Cookies are strings of digits which Web site providers can save on your hard drive to track your online movements.
159. Cookies are strings of digits which Web site providers can save on your hard drive to track your online movements.
160. Fingering software enables users to identify other people in an online discussion forum.