Introduction
Every action is recording in today’s digital world. There are many web forums, blogs, or personal pages and ‘on the Internet, nobody knows you’re a dog’[1] but with surveillance governments and corporate know many things more than you know about yourself. This paper critically analyses the statement of Bruce Schneier within legal framework. Briefly Schenier says recording of individuals data information’s by government and corporate is for protection and convenience which calls mass surveillance has done by the society’s itself.[2] In the below of the paper by explaining privacy and data protection right with applicable legal principle some electronically stored data such as e-mails, messages, faxes photos, databases will critically analyse.
The Universal Declaration of Human Rights [3] and the International Covenant on Civil and Political Rights [4] are about fundamental human rights.[5] Through law protection of privacy is controlling in the physical sphere.[6] For the digital modern sphere, there are many private data need respect as a human right.[7] This fundamental right is aiming secure protection has reliable in personal data protection with the Privacy Directive.
Understanding Privacy and Data Protection Rights
The right to privacy is placed in the European Convention on Human Rights.[8] Even it contains ‘European’ it is an international treaty. According to ECHR Article 8 respecting for private life is a right.[9] The interference of privacy is banned by this Article 8. Digital world shouldn’t dictate our values so law tries to improve to protect our fundamental rights and values, including our right to privacy is based on ‘opacity of individual’ and data protection is based on ‘transparency and accountability’.[10] Therefore Article 8/2 illustrates that this ban isn’t absolute; in several conditions the right of privacy can limited by states in the sight of other benefits. The five exceptions are national security, public safety, prevention, protection of health or morals and others’ rights and freedom protection.
In European Court of Human rights the rules are assumed violations of the rights.[11] ECtHR is interpreted the Convention’s right to privacy a lot. In the case of Copland v. the United Kingdom case the court mentioned both monitoring communications content and monitoring metadata interferes with privacy and said e-mails, telephone calls and personal internet usage in business buildings are prima facie ‘private life’ and ‘correspondence’ for the aims of Article 8 as well as telephone conversations date and length with the dialled numbers.[12] There is no exception like necessary situation in a democratic society, too. As a result the collection and storage of personal information can interfere with privacy; regardless of how those data are used it is right to respect individual’s private life relates with sense of ECHR Article 8. All around the world, according to reports, in the digital area 196 bilion e-mails are sent or received, over 500 million tweets are submitted, and 475 billion pieces are shared on Facebook.[13] These numbers show individuals’ private life’s are in a risk seems powerful just on the legal documents, but weak in the digital world.
A. Data Protection
The European Union Charter of Fundamental Rights lists the important rights and freedoms accepted by the EU. The Charter has almost same right to private life as well as ECHR.[14] According to the Charter Article 7 for individual’s private life, family life, home and communication everyone has right to respect.[15] Facebook is the world’s largest electronic social network will be the 12th year in February 2016.[16] In this popular social networking site people can meet, share music or ideas, plan or join organization shortly it is a personal webpage with sharing personal stories.[17] According to last year’s research with 98% Facebook is the most commonly used followed by 79% Twitter and 75% Instagram.[18] To connect, communicate or share both personal and organization data billions of individuals and groups are using Twitter, Instagram, Lınked In, Pinterest and many other electronic social networks.[19] They contain private information like gender, sexual preference, religion, marital status, hobbies, phobia, photos, political ideas, relationship etc. As all social networks have different data and mechanism type for security, all have different ‘term of use and privacy setting’ for hiring data process.[20] Privacy settings of Facebook permit users limiting to access their personal information[21] however with just a basic search, social network site permits a user to access data without permitted access to the victim’s profile.[22] For instance before the face-to-face interview employers can get a valuable decision about job candidate personality with these profiles.[23] By sharing internet users’ daily life online they become domestic violence victims.[24] As a statistic one in six users never review their network’s privacy and security setting, four in six users review monthly or less.[25] Facebook’s privacy settings are constructed on basic groups such as ‘friends’, ‘friends of friends’, ‘everyone’, and ‘trusted friends’. Even photos have additional security like one Facebook friend can tag its friend’s ID name on the photo without knowledge.[26] There are two views one; being a friend on Facebook doesn’t give permission to tag on all photo, maybe she is ugly on that photo and doesn’t want to be known ugly by others. Second maybe just a photo of her, not a chair photo and tag her name on it. Facebook allows users to block others individuals viewing, users can select to block requests from finding individual data[27], but the security quality of data setting is still less. Shortly to stop this is be friend with no one, but on the other hand, it’s true that privacy and security online is trying to increase. According to the Charter Article 52 if there is any requirement to protect freedoms and rights may limit subject to the norm of proportionality. Article 52 of the Charter and ECHR Article 8 are including the limitations of private life in other words the right to protection of personal data is included by Article 8 of the Charter. Even everybody has the right the protection of personal data and right to access to data, these can control by law. This right to data protection in this Charter summarises some main fundamentals of the Data Protection Directive.
The European Union Data Protection Directive[28] became one of the worlds’ most important data privacy texts. This Directives’ one of the purposes of is protecting the fundamental rights and freedoms of persons and with respect to personal right to privacy.[29] Article 12 of
The Directive is the right to access and correct one’s personal data is one of the fundamental principles of European data protection law. The data subject has the right to access all data processed about individual, even has the right to demand the rectification, deletion or blocking of data is incomplete, inaccurate or isn’t being processed in compliance with the data protection rules.[30] However according to this article it could be deletion systems as an opinion will be discuss in next part of the paper. However the e-Privacy Directive [31] specifies the general data protection directive for electronic communications and privacy. Many of the e-Privacy Directive’s rules apply for suppliers’ public communications networks and electronic communications services are publicly available.[32] In addition, In Convention for the Protection of Individuals the purpose is securing every individuals, and respect rights and fundamental freedoms, mainly right to privacy, regarding automatic method of private information relating to individuals.[33]
B. Data Retention
According to the e-Privacy Directive Articles 6 and 9, and the Data Retention Directive[34] Article 3 ‘traffic and location data must be deleted when they’re no longer required for billing or for conveying a communication, unless the user has given consent for another use’. Mobile device users allow by their browsing activities both physical location information even there are offline on Google Maps and personal detail information like phone numbers.[35] The communication time, communicating partners’ email address, and the IP address used to access the internet are traffic data examples. Location data show cell phone user’s location, in other words, it shows exact geographical location of user’s tool can publicly available in electronic communications service.[36] Traffic data and location data are different things. Even the e-Privacy Directive has strict rules for telecom providers, the e-Privacy Directive Article 15 has an significant exemption for traffic and location data which rule similar with Article 8(2) of ECHR, allows to limit under the conditions are ‘a necessary, appropriate, and proportionate measure within a democratic society to safeguard national security, defence, and crime prevention’.
The Court of Justice of European Union is different from European Court of Human Rights, because; in some cases the Court must, ask to the Court of Justice of the European Union for an opening judgment about the validity and interpretation of directives and other acts of the EU.[37] The Treaty on the European Union in Article 6 it mentions the significance of human rights. As an opinion, there is an obstacle for individuals, because persons don’t ‘enforce’ their right directly with the data controller; rather, they submit requests can be turned down, between June-August 2015 in the UK 21,000 rejected requests for de-indexing, only approximately 250 have been taken.[38] This the result of insufficient legal regulations. The court has given important judgments in the data privacy law, in the Google Spain[39] case the Data Retention judgment. It separates between public data and private persons in other words; it is about informing the public and an individual in protecting their privacy.[40] The Article 29 Working Party is an independent European working party deals with issues relating to the protection of privacy and personal data, and contains in application of Data Protection Directive 95/46/EC and Electronic Communications Directive 2002/58/EC.[41] The right to erasure or right to be forgotten is adopted in 2014, and subject to protection of personal data.[42] The decision of the EU Court of Justice is about process of internet with respect to individuals’ data accessing of internet users, shortly control over personal data and it is one of the signposts of the protection of privacy on the Internet in Europe.[43]
Government and Corporate Surveillances
Call detail records (CDRs), telephony and internet traffic and transaction data (IPDRs)’s storage is Data Retention are keeping by governments and commercial organisations.[44] The quantity and quality of online data collection technologies have raised, in the past decade.[45] Especially, after the terrorist attacks in the US 2001, in Madrid 2004, the UK 2005 the states have adopted the data retention conditions for telecom providers. Under the Data Retention Directive[46]; from the date of the communication telecom providers must retain metadata for a period between six months and two years.[47] Also contains types of traffic and location information must be kept. For example phone numbers have to be retained necessarily to clue and recognise the communication source or the log-in and log-off an Internet access service date and time, with the IP address and the user ID of the subscriber or registered user.[48] For another instance is a mass retention of Passenger Name Records (PNR). Government conduct people’s online activities using law enforcement or national security powers.[49] This Directive requires metadata retention, not communication contents, only able to national authorities in specific cases.[50] This directive can apply just conventional telecom and Internet access providers. Several kinds of communication services are external because this directive is an exception of the E-Privacy Directive. Providers’ smart phone messaging apps, webmail services, and social network sites are external from this directive. Containing with webmail services and internet advertising agency[51] Google is one of the most popular search engine, stores identifying information for each web search.[52] Each pages have own advertisements or HTTP cookies.[53] When a user accesses certain websites, a cookie is a small file, basically of letters and numbers, downloaded on to a device[54] and is recorded users’ history of web surfing[55] by Google, shortly it monitors every computer activity. On the other hand freedom of contract is the main principle of commercial life. All individuals have free choice to accept. For instance Facebook has its own contract term and conditions. Users accept it, but the purpose of consent in data protection is different from its purpose in contract in other words this permission never give any right to corporations to violate data rights.[56]
In Ireland and Austria case ECHR Article 7 right to privacy, Article 8 the protection to personal data and Article 11 freedom of expression of the Charter[57] the national judges asked CJEU to examine the legality of the Data Retention Directive. The Court invalidated the directive, because there are limits of the privacy and data protection rights of the Charter.
Surveillance Cases
Klass and others v. Germany[58] is a proof the Court has ruled on numerous cases are about surveillance. In the case of Weber and Saravia v. Germany the Court says the importance of the government in protecting its domestic security over secret surveillance measures beside the importance of the interference with an individual right to esteem for his or her private life. It has regularly familiar the domestic authorities appreciate a ‘fairly wide margin of appreciation’ in choosing the means for succeeding the valid purpose of protecting national security.[59] Shortly, the Court is very serious of domestic laws permit secret surveillance measures, and the simple point is a nation permits mass surveillance interferes with privacy. In the case of Liberty and others v. the United Kingdom[60] is written clearly telephone, facsimile and e-mail communications are protected by the views of ‘private life’ and ‘correspondence’ within ECHR Article 8. Additionally, if a legislation permits a secret monitoring of communications, there is need of a risk of surveillance for all to whom the legislation applied. This risk necessarily bothers freedom of communication between users of the telecommunications services.[61]
Conclusion
The easiest and the most protective key for persons who want to protect their personal information would be to not use or create any social network at all, or any technological devices, almost impossible in today’s communication and technology world. To secure individuals’ personal information effectively user’s itself can spend enough significant amount of time with understanding the mechanism of the platforms privacy setting control, then use it safely. Under the right to the protection of personal data legal regulations mentioned above don’t contain enough rules guarantee privacy and integrity of personal data, and protection against any illegal access and using of data, it seems impossible on a paper to be an obstacle in front of developing technology world. The lawmakers should take the more responsibility of keeping law within human right’s needs.
Bibliography
- Table of Cases
Copland v. the United Kingdom (62617/00) 3 April 2007
Google v. Spain (131/12) 13 May 2014
Klass and others v. Germany (5029/71) September 1978.
Liberty and others v. the United Kingdom (58243/00) 1 July 2008
Weber and Saravia v. Germany, (54934/00) 29 June 2006
- Table of Legislation
Charter of Fundamental Rights of the European Union 2000
Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data 1981
Convention on Cybercrime ETS 185 2001
Data Retention Directive 24/EC 2006
European Convention on Human Rights (ECHR) 1950
European Union Data Privacy Directives 46/EC 1995
E- Privacy Directive 58/EC 2002
Framework Directive 21/EC 2002
International Covenant on Civil and Political Rights (ICCPR) 1966
Treaty on European Union (TEU) 2007
Universal Declaration of Human Rights (UDHR) 1948
III. Secondary Sources
- Texts and Journals
Balint B ‘Cybersnooping: I see What You Did There’ Belmont University Vol. 19 2015
Baughman L. ‘Friend Reguest or confirming The Misuse of Internet and Social Networking Sites by Domestic Violence Perpetrators’ vol. 19. 2010
Borghi M‘Online data processing consent under EU law: a theoretical framework and empirical evidence from the UK’Oxford University Press 2013, p.12.
Bosset E, Private Actions Challenging Online Data Collection Practices are Increasing: Assessing the Legal Landscape, INTELL. PROP. & TECH. L.J., Feb. 2011, p.3.
Clark and Robert ‘ Employer’s Use of Social Networking Sites: A Socially Irresponsible Practice Journal of Business Ethics’ 2010
I-Way S, E-Commerce Developments: Privacy Commissioners Declare Universal Rights of Data Protection and Privacy, IOS Press 2005
Gutwirth and De Hert ‘Privacy, Data Protection and Enforcement’ Oxford 2006
Joshi, P ‘Every move you make, Google will be watching you’ 2009
Kim R,’15 Percent of Mobile Apps Launched While Offline, GIGAOM’ <https://gigaom.com/2011/05/10/15-percent-of-mobile-apps-launched-while-offline/ >accessed 4 December 2015
Krošlák D, ‘Practical Implementation Of The Right To Be Forgotten In The Context Of Google Spain Decision’ , Communication Today, Vol. 6, No. 1. 2015
Lenhart, A. ‘The Democratization of Social Networks’. 2009
O’Hara K, ‘Not So Easy To Forget’ Communications of the ACM Vol. 58 Southampton 1 August 2015
Soghoian, C “Debunking Google’s log anonymization propaganda“CNET News 2009
Spiekermann S, ‘The Challenges of Person Data Market and Privacy’ Institute of ınformation Management, University of St. Gallen 2015
Steiner P, On the Internet, Nobody Knows You’re a Dog, New Yorker, July 5, 1993.
Stone and Frier ‘Facebook Turns 10: The Mark Zuckerberg Interview’ Bloomberg Businessweek. 2014
Borghi M, ‘Online data processing consent under EU law: a theoretical framework and empirical evidence from the UK’Oxford University Press 2013
Wong R, ‘ Data security breaches and privacy in Europe’ 2013
Joyce D, ‘Privacy in The Digital Era: Human Rights Online’ Melbourne Journal of International Law. Vol. 16 Issue 1 August 2015
- Other Sources
Guthrie S ‘Facebook is turning ten years old’ NBC News Universal, Inc. 2014.
Guides on the Rules on Use of Cookies and Similar Technologies 2012. <https://ico.org.uk/media/for-organisations/documents/1545/cookies_guidance.pdf> accessed 7 December 2015
Law FYW ‘Protecting digital data privacy in Computer Forensic Examination’, 2011. <http://www.oit.umd.edu/Publications/Data-Classification-Presentation-022908.pdf >accessed 2 December 2015.
Schneier B, ‘Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World’ 2015 <https://www.schneier.com/news/archives/2015/03/bruce_schneier_prese.html > accessed 24 November 2015
Tipton H, ‘Information Security Management Handbook’, Vol. 5 CRC Press 2012
<http://www.coe.int/en/web/about-us/who-we-are> accessed 24 November 2015
<http://www.coe.int/en/web/portal/country-profiles> accessed 25 November 2015
<https://www.facebook.com/policy.php> accesseed 2 december 2015
<https://www.privacyrights.org/fs/fs18-cyb.htm > accessed 2 December 2015
[1] Peter Steiner, On the Internet, Nobody Knows You’re a Dog, New Yorker, July 5, 1993, p. 61.
[2] Bruce Schneier , ‘Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World’ (2015) <https://www.schneier.com/news/archives/2015/03/bruce_schneier_prese.html> accessed 29 November 2015.
[3] UDHR 1948 art.12.
[4] ICCPR 1966 art. 17.
[5] Daniel Joyce ‘Privacy In The Digital Era: Human Rights Online’ Melbourne Journal of International Law. Aug2015, Vol. 16 Issue 1, p. 272.
[6].Law FYW ‘Protecting digital data privacy in Computer Forensic Examination’, 2011. <http://www.oit.umd.edu/Publications/Data-Classification-Presentation-022908.pdf >accessed in 2 December 2015.
[7] Ibid.
[8] ECHR art. 8.
[9] In this essay the words of ‘privacy’ and ‘private life’ are used in the same meaning.
[10] Gutwirth and De Hert ‘Privacy, Data Protection and Enforcement’ Oxford 2006 p.65
[11] ECHR 19 and 34.
[12] Copland v. the United Kingdom (62617/00) 3 April 2007 parag. 41-43.
[13] Sarah Spiekermann ‘The Challenges of Person Data Market and Privacy’ Institute of ınformation Management, University of St. Gallen 2015.
[14] The Charter Article 7 written ‘communications’ instead of ‘correspondence’.
[15] Almost the same protection as ECHR Article 8.
[16] Savannah Guthrie ‘Facebook is turning ten years old’ NBC News Universal, Inc. 2014.
[17] Lenhart, A. ‘The Democratization of Social Networks’. 2009
< http://www.pewinternet.org/Presentations/2009/41–The-Democratization-of-OnlineSocial-Networks.aspx > is accessed 02 December 2015.
[18] Bryon Balint ‘Cybersnooping: I see What You Did There’ Belmont University Vol. 19 2015 p. 78.
[19] Stone and Frier ‘Facebook Turns 10: The Mark Zuckerberg Interview’ Bloomberg Businessweek. 2014
[20] Ibid (n 18) p. 74.
[21] <https://www.facebook.com/policy.php> accesseed 2 december 2015.
[22] Ibid (n 24) also < https://www.privacyrights.org/fs/fs18-cyb.htm > accessed 2 December 2015.
[23] Clark and Robert ‘ Employer’s Use of Social Networking Sites: A Socially Irresponsible Practice Journal of Business Ethics’ 2010 p.510.
[24] Laurie L. Baughman ‘Friend Reguest or confirming The Misuse of Internet and Social Networking Sites by Domestic Violence Perpetrators’ 2010 vol. 19. p.935.
[25] Ibid (n 18) p. 81.
[26] Ibid (n 18) p. 75.
[27] Ibid
[28] Directive 95/46/EC art 1.
[29] Ibid art. 1.
[30] Harold Tipton, ‘Information Security Management Handbook’, Vol. 5 CRC Press 2012.
[31] Directive 2002/58/EC of the European Parliament and of the Council 2002.
[32] The Framework Directive 2002/21 art. 2 .
[33] 1981(ETS N 108) Art 1.
[34] 2006/24/EC.
[35] Ryan Kim,15 Percent of Mobile Apps Launched While Offline,
GIGAOM <https://gigaom.com/2011/05/10/15-percent-of-mobile-apps-launched-while-offline/ >accessed 4 December 2015.
[36] The e-Privacy Directive art. 14.
[37] The Treaty on European Union art. 19.
[38] Kieron O’Hara, ‘Not So Easy To Forget’ Communications of the ACM Vol. 58 Southampton 1 August 2015.
[39] Google v. Spain (131/12) 13 May 2014.
[40] Daniel Krošlák ‘Practical Implementation Of The Right To Be Forgotten In The Context Of Google Spain Decision’ , Communication Today, Vol. 6, No. 1. 2015. p. 69.
[41]Rebecca Wong, ‘ Data security breaches and privacy in Europe’ 2013.
[43]Ibid.
[44] Jay slides
[45] Eric C. Bosset, Private Actions Challenging Online Data Collection Practices are Increasing: Assessing the Legal Landscape, INTELL. PROP. & TECH. L.J., Feb. 2011, p.3.
[46] Ibid (n 29).
[47] Ibid (n 29) art. 6.
[48] Ibid 5.
[49] Regulation of Investigatory Powers Act 2000.
[50] Ibid 4.
[51] ‘Advertising and Privacy’ Google 2009.
[52] Chris Soghoian, “Debunking Google’s log anonymization propaganda“CNET News 2009.
[53] ‘HTTP State Management Mechanism ’ April 2011.
[54] Guides on the Rules on Use of Cookies and Similar Technologies 2012. <https://ico.org.uk/media/for-organisations/documents/1545/cookies_guidance.pdf> accessed 7 December 2015.
[55] Priyanki Joshi ‘Every move you make, Google will be watching you’ 2009.
[56]Maurizio Borghi ‘Online data processing consent under EU law: a theoretical framework and empirical evidence from the UK’Oxford University Press 2013, p.12.
[57] ECHR details are in above.
[58] Klass and others v. Germany (5029/71) September 1978.
[59] Ibid (n14).
[60] Liberty and others v. the United Kingdom ( 58243/00) 1 July 2008 para 56.
[61] Ibid (n 14) 78.
All rights reserved.