[IRP] edits in the privacy section
Katitza Rodriguez
katitza
Thu Jan 14 16:52:09 EET 2010
Dear Lisa,
Thank you very much for your explanation. The process is now clear.
The language I added is on the link you provide here. Thanks. I tried
not to use Google products (when I am "able" to do so), so I am not
familiar with Googles docs (nor I will open an account and sign on).
Due to the fact that the Council of Europe is a member of the Steering
Committee, I proposed to focus on Convention 108 (and its protocol
2001). We can then discuss further documents/recommendations, etc.
All the best,
Katitza
On Jan 14, 2010, at 6:33 AM, Lisa Horner wrote:
> Hi
>
> Thanks for your comments Katitza. As making sure that the Charter
> aligns with international standards is one of the tasks of the
> expert group, they?ll take all of this on board. If people have
> thoughts about which standards/directives we should be working to,
> please do send them through to the list or make notes on the wiki.
> I?m not a privacy expert and so can?t comment in this instance.
>
> Please note that the Charter is here:
> http://docs.google.com/Doc?id=ajcs86p9dx2s_488rpfcbcc
>
> There?s been some confusion over the different versions, so please
> make sure you?re editing the right one. I?ve changed the link on
> the homepage at www.internetrigtsandprinciples.com so that it links
> right through to the correct version.
>
> Thanks,
>
> Lisa
>
> From: irp-bounces at lists.internetrightsandprinciples.org [mailto:irp-bounces at lists.internetrightsandprinciples.org
> ] On Behalf Of Katitza Rodriguez
> Sent: 13 January 2010 23:04
> To: irp
> Cc: Cedric Laurant
> Subject: Re: [IRP] edits in the privacy section
>
> Dear Lisa, Dear Meryem:
>
> Happy New Year. I want to submit some comments to the Privacy
> Section. Cedric Laurant and I submit some comments the other day.
> While editing the text, I start asking myself that the overall
> Privacy Section needs some thoughts.
>
> Please, noted that in comparison to other rights of the charter, in
> this section we have International Legal Frameworks. ie. The 1995
> Data Protection Directive, 1980 OECD Privacy Guidelines, the
> Convention 108 of the Council of Europe. Those instruments places
> obligations on those public and private organizations who collect
> and process personal information and gives RIGHTS to those
> individual whose personal information is collected.
>
> The old text, wrote by APC, is based in the EU Directive. The APC
> text (not the IRP text) use a common language based on that
> framework. Is that the objective? If its yes, we need an editor. It
> is ok to add more concrete actions that we want to see in the text
> but as minimum, we should mirror the language of the Directive/
> Convention 108?
>
> Meryem: As you will be working in the charter, can you take on board
> my comments? I would appreciate. Maybe Cedric is willing to do so?
>
> all the best,
>
> Katitza
> P.D I am happy to reviewed/revised the clean version after those
> editions.
>
> On Jan 13, 2010, at 3:12 PM, Katitza Rodriguez wrote:
>
>
> Dear Max:
>
> I am confuse reading the Privacy section of the charter. I would
> like to suggest that you use the language from the Madrid Privacy
> Declaration. Some of this language does not make sense. On the
> anonymity front, please, include the need for genuine Privacy
> Enhancing Techniques that minimize or eliminate the collection of
> personally identifiable information. We need to be sure whether
> those methods safeguard privacy and anonymity. Pls. read EPIC: Re-
> Identification: Concerning the Re-Identification of Consumer
> Information http://epic.org/privacy/reidentification/
>
> Also, I do not see any mentioned to the international legal
> framework. The 1995 Data Protection Directive, 1980 OECD Privacy
> Guidelines, the Convention 108 of the Council of Europe. Those
> instruments places obligations on those public and private
> organizations who collect and process personal information and gives
> rights to those individual whose personal information is collected.
>
> Are you re-writing those rights?
>
> My 2 cents,
>
> All the best and Happy New Year,
>
> Katitza
>
>
> On Jan 13, 2010, at 12:57 PM, Max Senges wrote:
>
>
> hi everybody
>
> i have made a number of edits in the privacy section and would like
> to ask a fundamental question
>
> 1) I thought it would be good to raise ease of access,
> comprehensiveness and usability of privacy settings:
> "Privacy policy and settings of all services should be easy to find
> and the management of privacy settings should be comprehensive and
> optimized for usability."
>
> 2) The following sentence seems rather ambiguous to me (esp. what is
> meant by "hidden mechanism") and I suggest to remove or amend it:
> "Social media networks must disclose when hidden mechanisms are
> being employed to harvest email personal data bases."
>
> 3) "Service providers have a responsibility to make clear in which
> legal jurisdiction(s) the user's personal data is being hosted, so
> that the user can make informed decisions."
> I have raised this before and even though I see how this is an
> important point, I think it needs to be formulated differently/
> thought through a bit more. If I create a file/data-point in the
> cloud say while I am in Germany, then I go on a trip and the file
> "moves with me" to servers in Asia... etc. etc. how can there be a
> final decision which jurisdiction is concerned? I mean wouldn't it
> make more sense to be determined in a case by case logic?
>
> 4) "Unless otherwise explicitly agreed, data should be deleted when
> it is no longer necessary for the purposes for which it was
> collected, or for legal reasons." I would think that it's important
> to limit this paragraph to personal data and ask for anonymization:
> "Unless otherwise explicitly agreed, personal data should be
> deleted or anonymized when it is no longer necessary for the
> purposes for which it was collected, or for legal reasons"
>
> 5) "People must be free to communicate without arbitrary
> surveillance or interception, or the threat of surveillance or
> interception. This includes the use of technologies such as deep
> packet inspection and the exercise of control over individuals such
> as in instances of domestic violence and cyberstalking."
> This paragraph seems to be mixing several points. The main
> points have been raised in other paragraphs and while I totally
> agree to the first sentence i think the second is controversial.
> E.g. deep packet inspection is a particular technology and we said
> we dont want to mention particular technologies.
>
> 6) "Service providers should communicate clearly with users the
> circumstances under which personal data will be shared with
> governments and/or with other private entities. Simultaneously
> provide options for unscribing from such networks. " I don't get the
> latter sentence. Unsubscribe from the Internet? i'd suggest we delete.
>
>
>
> Looking forward to your input
> Max
>
>
>
>
> --
>
>
> "The future is here. Its just not widely distributed yet."
> William Gibson
>
> ...........................................................................
>
> Max Senges
> Berlin
>
> www.maxsenges.com
>
> Mobile: 01622122755
> _______________________________________________
> IRP mailing list
> IRP at lists.internetrightsandprinciples.org
> http://lists.internetrightsandprinciples.org/listinfo.cgi/irp-internetrightsandprinciples.org
>
> _______________________________________________
> IRP mailing list
> IRP at lists.internetrightsandprinciples.org
> http://lists.internetrightsandprinciples.org/listinfo.cgi/irp-internetrightsandprinciples.org
>
> _______________________________________________
> IRP mailing list
> IRP at lists.internetrightsandprinciples.org
> http://lists.internetrightsandprinciples.org/listinfo.cgi/irp-internetrightsandprinciples.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.internetrightsandprinciples.org/pipermail/irp-internetrightsandprinciples.org/attachments/20100114/bf1db58b/attachment-0001.htm>
More information about the IRP
mailing list