[IRP] edits in the privacy section

Katitza Rodriguez katitza
Thu Jan 14 01:04:19 EET 2010 

Dear Lisa, Dear Meryem:

Happy New Year. I want to submit some comments to the Privacy Section.  
Cedric Laurant and I submit some comments the other day. While editing  
the text, I start asking myself  that the overall Privacy Section  
needs some thoughts.

Please, noted that in comparison to other rights of the charter, in  
this section we have International Legal Frameworks. ie. The 1995 Data  
Protection Directive, 1980 OECD Privacy Guidelines, the Convention 108  
of the Council of Europe. Those instruments places obligations on  
those public and private organizations who collect and process  
personal information and gives RIGHTS to those individual whose  
personal information is collected.

The old text, wrote by APC, is based in the EU Directive. The APC text  
(not the IRP text) use a common language based on that framework. Is  
that the objective? If its yes, we need an editor. It is ok to add  
more concrete actions that we want to see in the text but as minimum,  
we should mirror the language of the Directive/Convention 108?

Meryem: As you will be working in the charter, can you take on board  
my comments? I would appreciate. Maybe Cedric is willing to do so?

all the best,

Katitza
P.D I am happy to reviewed/revised the clean version after those  
editions.

On Jan 13, 2010, at 3:12 PM, Katitza Rodriguez wrote:

> Dear Max:
>
> I am confuse reading the Privacy section of the charter. I would  
> like to suggest that you use the language from the Madrid Privacy  
> Declaration. Some of this language does not make sense. On the  
> anonymity front, please, include the need for genuine Privacy  
> Enhancing Techniques that minimize or eliminate the collection of  
> personally identifiable information. We need to be sure whether  
> those methods safeguard privacy and anonymity. Pls. read EPIC: Re- 
> Identification: Concerning the Re-Identification of Consumer  
> Information  http://epic.org/privacy/reidentification/
>
> Also, I do not see any mentioned to the international legal  
> framework. The 1995 Data Protection Directive, 1980 OECD Privacy  
> Guidelines, the Convention 108 of the Council of Europe. Those  
> instruments places obligations on those public and private  
> organizations who collect and process personal information and gives  
> rights to those individual whose personal information is collected.
>
> Are you re-writing those rights?
>
> My 2 cents,
>
> All the best and Happy New Year,
>
> Katitza
>
>
> On Jan 13, 2010, at 12:57 PM, Max Senges wrote:
>
>> hi everybody
>>
>> i have made a number of edits in the privacy section and would like  
>> to ask a fundamental question
>>
>> 1) I thought it would be good to raise ease of access,  
>> comprehensiveness and usability of privacy settings:
>> "Privacy policy and settings of all services should be easy to find  
>> and the management of privacy settings should be comprehensive and  
>> optimized for usability."
>>
>> 2) The following sentence seems rather ambiguous to me (esp. what  
>> is meant by "hidden mechanism") and I suggest to remove or amend it:
>> "Social media networks must disclose when hidden mechanisms are  
>> being employed to harvest email personal data bases."
>>
>> 3) "Service providers have a responsibility to make clear in which  
>> legal jurisdiction(s) the user's personal data is being hosted, so  
>> that the user can make informed decisions."
>> I have raised this before and even though I see how this is an  
>> important point, I think it needs to be formulated differently/  
>> thought through a bit more. If I create a file/data-point in the  
>> cloud say while I am in Germany, then I go on a trip and the file  
>> "moves with me" to servers in Asia... etc. etc. how can there be a  
>> final decision which jurisdiction is concerned? I mean wouldn't it  
>> make more sense to be determined in a case by case logic?
>>
>> 4) "Unless otherwise explicitly agreed, data should be deleted when  
>> it is no longer necessary for the purposes for which it was  
>> collected, or for legal reasons." I would think that it's important  
>> to limit this paragraph to personal data and ask for anonymization:  
>> "Unless otherwise explicitly agreed,  personal data should be  
>> deleted or anonymized when it is no longer necessary for the  
>> purposes for which it was collected, or for legal reasons"
>>
>> 5) "People must be free to communicate without arbitrary  
>> surveillance or interception, or the threat of surveillance or  
>> interception. This includes the use of technologies such as deep  
>> packet inspection and the exercise of control over individuals such  
>> as in instances of domestic violence and cyberstalking."
>>      This paragraph seems to be mixing several points. The main  
>> points have been raised in other paragraphs and while I totally  
>> agree to the first sentence i think the second is controversial.  
>> E.g. deep packet inspection is a particular technology and we said  
>> we dont want to mention particular technologies.
>>
>> 6) "Service providers should communicate clearly with users the  
>> circumstances under which personal data will be shared with  
>> governments and/or with other private entities. Simultaneously  
>> provide options for unscribing from such networks. " I don't get  
>> the latter sentence. Unsubscribe from the Internet? i'd suggest we  
>> delete.
>>
>>
>> Looking forward to your input
>> Max
>>
>>
>>
>>
>> --
>>
>>
>> "The future is here. It?s just not widely distributed yet."
>> ?William Gibson
>>
>> ...........................................................................
>>
>> Max Senges
>> Berlin
>>
>> www.maxsenges.com
>>
>> Mobile: 01622122755
>> _______________________________________________
>> IRP mailing list
>> IRP at lists.internetrightsandprinciples.org
>> http://lists.internetrightsandprinciples.org/listinfo.cgi/irp-internetrightsandprinciples.org
>
> _______________________________________________
> IRP mailing list
> IRP at lists.internetrightsandprinciples.org
> http://lists.internetrightsandprinciples.org/listinfo.cgi/irp-internetrightsandprinciples.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.internetrightsandprinciples.org/pipermail/irp-internetrightsandprinciples.org/attachments/20100113/8cfb0f5f/attachment-0001.htm>

More information about the IRP mailing list