The Right to Be Forgotten: Analyzing Conflicts Between Free Expression and Privacy Rights

Weston, Mindy

01 May 2017

As modern technology continues to affect civilization, the issue of electronic rights grows in a global conversation. The right to be forgotten is a data protection regulation specific to the European Union but its consequences are creating an international stir in the fields of mass communication and law. Freedom of expression and privacy rights are both founding values of the United States which are protected by constitutional amendments written before the internet also changed those fields. In a study that analyzes the legal process of when these two fundamental values collide, this research offers insight into both personal and judicial views of informational priority. This thesis conducts a legal analysis of cases that cite the infamous precedents of Melvin v. Reid and Sidis v. F-R Pub. Corp., to examine the factors on which U.S. courts of law determinewhether freedom or privacy rules.

freedom of expression

privacy rights

right to be forgotten

General Data Protection Regulation

electronic data control

data controllers

data processors

personal data control

Communication

Le droit de l'économie numérique en République Démocratique du Congo à la lumière des expériences européennes et Françaises / The law on digital economy in the Democratic Republic of Congo in the light of European and French experiences

Ndukuma Adjayi, Kodjo

16 November 2017

L'expansion des télécoms et la numérisation sont à la base de la révolution numérique. Leurs aspects sociétaux constituent une véritable source matérielle du droit face au commerce en ligne et à l'économie informationnelle. Le premier axe d'analyse a construit le modèle d'encadrement juridique réalisé à travers le temps pour le commerce en ligne européen et français. La réglementation a suivi l'évolution des techniques de communication à distance : téléachat (1989), contrats à distance (1997), fourniture des services financiers à distance (2002). Mais, la voie électronique a révolutionné les services de la société de l'information, dont la directive 2000/31/CE réglemente les aspects dès 2000. (1) Le deuxième axe appréhende l'évolution des politiques législatives sur les télécoms et les communications électroniques en Europe et en France. Le droit international du commerce a transplanté en Afrique (RDC) les standards juridiques de l'Europe des télécoms, grâce à la mondialisation des marchés, à la diffusion technologique, à l'internationalisation des réseaux et à la multinationalisation. (II) Ainsi, l'ordre juridique congolais a suivi le modèle de dérégulation. L'ouverture des droits de l'accès aux télécoms, jadis monopolistiques, a engagé la transformation des services publics dans l'économie de marché. Partout, le droit de la régulation a suscité des défis nouveaux pour la séparation des fonctions de régulation, d'exploitation et de réglementation. Aussi, la concurrence soulève le défi de l'autorégulation du marché par les forces économiques. (III)Au fil des innovations, la législation telle que pensée au départ en RDC n'est pas en mesure de régir les contingences de la révolution numérique, notamment : les données personnelles et la cybercriminalité. Des travaux de lege ferenda sont en cours depuis avril 2017 au parlement congolais, précisant la prospective de refondation du droit de l'économie numérique en RDC au vu des expériences comparées. (IV). / The expansion of telecoms and digitalization has fuelled the digital revolution. Their societal aspects represent a tangible source for legal dealings within the e-commerce and the information economy. The first line of inquiry establishes a model for the legal framework created over time for the European and French e-commerce. It demonstrates that legal adjustments narrowly followed the evolution of telecommunications methods : teleshopping (1989), remote contracts (1997), supplies for remote financial services (2002). However, the rise of this "electronic gateway" revolutionized the services of the Information Society, regulated since 2000 by the directive 2000/31/CE. (I)The second line of inquiry analyses the evolution of legislative policies on telecoms and electronic communications in Europe and in France. Because of the globalization of trade, the expansion of technological communications, the internationalization of networks and the growth of multinational firms, the international trade law transferred European legal standards of telecoms in Africa (DRC). (II) Congolese legislation, for instance, has followed the European model of deregulation. By opening rights of access to the telecoms sector, which was previously monopolistic, the country is undergoing the transformation of public services into the market economy. Everywhere, the regulation right creates new challenges for the separation of regulation, operation and control services. In addition, competition raises a new challenge regarding the self-regulation of trade by economic powers. (III) As innovations continue, the initial law of telecoms in RDC is unable to regulate the contingencies of the digital revolution, in particular in the areas of personal data and cybercrime. Since April 2017, the Congolese parliament is working.

Télécommunications

Economie numérique

Commerce électronique

Régulation

Déréglementation

Données personnelles

Cybercriminalité

République Démocratique du Congo

Telecoms

E-commerce

Information economy

Electronic communication

Cybercrime

Personal data

340.2

Facebook och Snapchats behandling av personuppgifter efter GDPR förordningens införande : en kvantitativ studie om användarnas attityder kring tillit, transparens och personlig integritet/säkerhet / Facebook and Snapchats processing of personal data after the entry of the GDPR regulation : a quantitative study of users' attitudes on trust, transparency and privacy

Persson, Felicia, Rydén, Annika, Svensson, Elina, Thorslund, Malin

January 2019

Läsare till denna studie får ta del av en undersökning där sociala medieföretagen Facebook och Snapchat står i fokus. Syftet för denna studie var att undersöka användare av Facebook och Snapchats attityder gällande hanteringen av personlig integritet/säkerhet, transparens och tillit. För att möjliggöra denna studie valdes en avgränsning där svensktalande användare av Facebook och Snapchat mellan 18-30 år medverkade. Dessa respondenter besvarade ett frågeformulär, som publicerades online i olika sociala forum och grupper. Detta skedde på grund av att urvalet av respondenter skulle bli så stort och spritt som möjligt, oavsett geografiskt läge och tid på dygnet. Frågeformuläret baserades på vetenskapliga teorier för att stärka frågornas relevansen för studiens syfte och frågeställning. Frågorna utformades för att täcka faktorerna personlig integritet/säkerhet, transparens och tillit gällande Facebook och Snapchat. Efter att 210 respondenter besvarat frågeformuläret sammanställdes den insamlade datan och en analys genomfördes, med en jämförelse av det valda teoretiska ramverket. Analys och resultat lade sedan grund för att föra en diskussion där respondenternas attityderna gällande personlig integritet/säkerhet, transparens och tillit. Efter diskussionen kunde slutsatser dras som presenterar studiens följd av insamlad data. Denna studie är skriven på svenska och har utgått från en kvantitativ metod med ett deduktivt tillvägagångssätt. Studien gynnar läsare som vill ta del av användares attityder om Facebook och Snapchat behandling av personuppgifter. / In this study, readers can take part in an examination of the social media companies Facebook and Snapchat. The purpose of this study was to explore user attitudes regarding privacy, transparency and trust in how Facebook and Snapchat process and treat personal data. In order to perform this study, a delimitation of survey participants in the data collection was made to Swedish speaking users of Facebook and Snapchat, between the ages of 18-30.These respondents answered a survey that was published in various social forums and groups, a decision that was made to enable a broad and varied group of respondents that could answer the survey regardless of geographical location and time. The survey was based on scientific theories in order to supply relevant questions that would fulfill the purpose of the study and lead to an answer of the phrased research question. Questions were designed to cover the factors of privacy, transparency and trust concerning Facebook and Snapchat, as well as the general knowledge of GDPR. After receiving survey-answers from 210 respondents, all collected data was compiled and an analysis of the results was made through a comparison of all empirically gathered data and previous scientific research. Onwards, the analysis and result laid a foundation for a discussion of respondents GDPR knowledge and attitudes towards privacy, transparency and trust. When the discussion was completed, conclusions were made based on the collected data. This study is written in the Swedish language and is based on quantitative methods with a deductive approach. The study is favorable for readers that wish to take part in the knowledge and attitudes of social media users regarding how Facebook and Snapchat process and treat personal data.

GDPR

trust

privacy

security

transparency

Facebook

Snapchat

processing

personal data

GDPR

tillit

integritet

säkerhet

transparens

Facebook

Snapchat

bearbetning

personuppgifter

Business Administration

Företagsekonomi

Personal data and direct marketing : Coase Theorem on EU Directive 95/46/EC

Edberg, Tobias

January 2000

<p>The right to personal data is compared with the right to land. The concept of rights may be regarded as bundles of rights of which the right to use of scarce resources, the right to exclude and the right transfer rights are the most important ones. The development of Information Technology has reduced considerably the cost of using personal data leadingto an increased use of the data in the context of direct marketing by different firms. However, the use and processing of personal data may cause externalities, both positive and negative ones, on the individual to whom the data relates. This situation can be analysed with the Coase Theorem, where the transaction costs have important function. In a state of zero transaction costs the parties, firms and individuals, can make agreements of an optimal use of the personal data, independently of the assignments of rights to the personal data. Such agreements internalise further the externalities. However, in the real life the transaction costs are high meaning that the assignments of rights are most significant leading to that the externalities remain. To pass by the problem of transaction costs and externalities, zoning procedure with transference of rights can be used. The background of bundles of right to personal data together with the Coase Theorem and zoning procedure are applied to the Directive 95 /46/EC adopted by the European Union regarding the processing of personal data and the protection of privacy. This Directive may however be interpreted in different ways leading to that the assignment of rights and level of direct marketing is different between Member States.</p>

Economics

Personal Data

Bundles of Rights

Direct Marketing

Send Outs

Externalities

Privacy

crowding effect

sorting cost

Coase Theorem

Zoning

Information Broker

Consent

Nationalekonomi

Economics

Nationalekonomi

Personal data and direct marketing : Coase Theorem on EU Directive 95/46/EC

Edberg, Tobias

January 2000

The right to personal data is compared with the right to land. The concept of rights may be regarded as bundles of rights of which the right to use of scarce resources, the right to exclude and the right transfer rights are the most important ones. The development of Information Technology has reduced considerably the cost of using personal data leadingto an increased use of the data in the context of direct marketing by different firms. However, the use and processing of personal data may cause externalities, both positive and negative ones, on the individual to whom the data relates. This situation can be analysed with the Coase Theorem, where the transaction costs have important function. In a state of zero transaction costs the parties, firms and individuals, can make agreements of an optimal use of the personal data, independently of the assignments of rights to the personal data. Such agreements internalise further the externalities. However, in the real life the transaction costs are high meaning that the assignments of rights are most significant leading to that the externalities remain. To pass by the problem of transaction costs and externalities, zoning procedure with transference of rights can be used. The background of bundles of right to personal data together with the Coase Theorem and zoning procedure are applied to the Directive 95 /46/EC adopted by the European Union regarding the processing of personal data and the protection of privacy. This Directive may however be interpreted in different ways leading to that the assignment of rights and level of direct marketing is different between Member States.

Economics

Personal Data

Bundles of Rights

Direct Marketing

Send Outs

Externalities

Privacy

crowding effect

sorting cost

Coase Theorem

Zoning

Information Broker

Consent

Nationalekonomi

Economics

Nationalekonomi

Aplikace zákona č. 101/2000 Sb. o ochraně osobních údajů v praxi / Application of the law No.101/2000 Sb. about protection of name and description in practice

MAŘÍKOVÁ, Magdalena

January 2008

The issue of protecting personal and sensitive datum belongs to one of the topics promoted in media in present. In diploma work I am dealing with protection name and description in health service in connection with the law No.101/2000 Sb. about protection name and description and further law and ethical questions which also concerns medical documentation and obligatory reticence for medical staff. The aim of experimental parts was to find out the informedness, attitudes and views of sample of Czech population about the protection name and description in health service in connection with the law No.101/2000 Sb. Partial the aim was to discover whether there are differences in this problem among laic and vocational public and younger and older generation of our population. I used a quantitative method of research to process experimental parts. To collect useful dates I used a method of questionnaire. This research was done from January to May 2008 and 225 informants from a laic and a vocational public took part in this research. Three defined hypothesis were checked. I think this dissertation could lead to wider discussion about other aspects of protection name and description in health service and help to improved services to informed laic and vocational public not only about the law No. 101/2000 Sb. but also about protection name and description and other questions related to medical documentation as basic sources of personal and sensitive datum of patients.

ANTECEDENTES DOS BENEFÍCIOS PERCEBIDOS DE COMPLIANCE ÀS POLÍTICAS DE PROTEÇÃO DE DADOS PESSOAIS NAS ORGANIZAÇÕES / Benefit antecedentes of compliance as personal data protection in organization

SANTOS, JULIANA GRACIELA DOS

23 November 2016

Submitted by Noeme Timbo (noeme.timbo@metodista.br) on 2017-01-27T14:19:22Z No. of bitstreams: 1 JulianaG.Santos.pdf: 965373 bytes, checksum: e9ac2dac85934fdcd07c615473464973 (MD5) / Made available in DSpace on 2017-01-27T14:19:22Z (GMT). No. of bitstreams: 1 JulianaG.Santos.pdf: 965373 bytes, checksum: e9ac2dac85934fdcd07c615473464973 (MD5) Previous issue date: 2016-11-23 / Personal data protect procedures are organizational tools that properly used by the employee help in the prevention and personal data protect within a safety and transparency organizational limit. This study analyzed the factors that have influenced the perception of the employees of Brazilian organizations about perceived benefits of compliance on the policies established in the prevention and protection of personal data. The research was conducted through a quantitative research approach with analysis of structural equations and the study data were collected through a survey tool to obtain a valid sample of 220 respondents. The study concluded that trust in organization and the risk of loss of personal data are stimulus that positive influence the benefits perceived of the compliance. The results also show that the employees who had your data improperly used, reduces your credibility in organizational controls and increases their perceived risk of privacy loss. The result of the study can help organizations managers to achieve greater adherence of employees with regard to personal data protection policy of organization in which they work, in addition to demonstrate the importance of credibility in internal controls and trust in the organization as predictors of perceived benefits of compliance. / Políticas de proteção de dados pessoais são ferramentas organizacionais que, se usadas de maneira adequada pelos colaboradores auxiliam na prevenção e proteção dos dados pessoais dentro de um limite de segurança e transparência organizacional. Este estudo objetiva analisar os fatores que influenciam a percepção dos empregados de organizações brasileiras quanto aos benefícios percebidos de compliance sobre as políticas estabelecidas na prevenção e proteção dos dados pessoais. A pesquisa foi conduzida através de uma abordagem de investigação quantitativa, com análise por equações estruturais e os dados do estudo foram coletados por meio de um instrumento de pesquisa com obtenção de uma amostra válida de 220 respondentes. O estudo concluiu que a Confiança na organização e a Percepção do risco de perda dos dados pessoais são estímulos que influenciam positivamente os benefícios percebidos de compliance. Os resultados também evidenciam que o empregado que teve seus dados utilizados de forma indevida reduz a sua credibilidade nos controles organizacionais e aumenta a sua Percepção do risco de perda de privacidade. O resultado do estudo pode auxiliar gestores de organizações a obter maior aderência dos empregados quanto às políticas de proteção de dados pessoais da organização em que trabalham, além de demonstrar a importância da credibilidade nos controles internos e a confiança na organização como preditores dos benefícios percebidos de compliance.

Postavení pověřence pro ochranu osobních údajů ve světle pracovního práva / The position of the data protection officer in the light of labour law

Mojzíková, Kateřina

January 2018

The position of the data protection officer in the light of labour law Abstract The data protection officer is a specialist in law and practices in the area of data protection. His task is to help to controller and processor to fulfil their obligations associated with data processing. He can perform his function as an employee of a controller or a processor or on the basis of a service contract. His status has certain specifications that the character of some labour law provisions doesn't count with. Although uncertainty about the possibility to give him a dismissal or ask him for damages does not cause problems due to only recent changes of legal regulation yet, disputes that may arise in the future will be expected not only before the Czech courts. The main problem of the issue is, whether the labour law regulation can be extended without further delay to the employed data protection officer in the light of his specific independent position, which is guaranteed him by data protection law. The aim of the thesis is to try to solve problematic aspects of the establishment of the data protection officer in the light of Czech labour law institutes. The main purpose of the thesis is to assess the way in which the prohibition of penalizing the data protection officer is projected in the form of the employment...

Direito à informação x proteção de dados pessoais: a publicação de decisões judiciais em casos de pornografia envolvendo crianças e adolescentes / Rights to information x personal data protection: the publication of judicial decisions in pornografy cases involving children and adolescents

Barros, Clarissa Teresinha Lovatto

23 February 2017

It is undeniable that the use of the communication and information technologies (TIC), developed in the XX and XXI centuries, can create new connections and positive interaction ways between civil society and State, making it indispensable the concern about the effects of the inappropriate use of those new technologies. In this scenery, there is the potential that confronts the fundamental rights, as the right of personal data protection, what can be done not only by private ones but also by the State, principally in cases in which the violation comes from the Judiciary Power itself. This is the subject to which this dissertation is about, and analyses the juridical treatment of personal data available for the Judiciary Power and the potential violation in the case of publication of the judicial decisions in the institutional websites, what is done with the aim of discussing the (in)existence of computing self determination rights up against the Judiciary Power. To build up the basis theory, some authors who dialogue concern Law and the Internet were chosen, using as a theoretical basis the contributions from Catarina Sarmento e Castro, Ingo Sarlet and Manuel Castells. The thematic allowed the dialetical analisys, because: a) it is started from the idea that democratic societies have wide information propagation in its support; b) it is confronted the idea of the defense as freedom of speech might be unlimited and irrestrictively used by the State Powers, highlighting the Judiciary Power, once its action cannot bring violation to the rights nor promote the discrimination of jurisdicioners (what can happen due to the propagation of determined data); c) it is evolved to a possible synthesis, when, from the practices observed in the tribunals websites, was aimed to propose alternatives of harmonizing the conflict. Concerning to the procedure method, a comparative and monographic one was used, revealing if there was violation of personal data and, if it have happened, it was seen how such transgression to essential rights happened. The research focused on Brazil, during the period from July to September of 2016, moment in which the website of five FRT were navigated, using the term “infant pornography on the web” in the jurisprudence-searching field. From the results in this field, it was done some analysis to verify if there were data exposed, victims or not, which were supposed to be in secret of justice. / É inegável que o uso das tecnologias de informação e comunicação (TIC), desenvolvidas nos século XX e XXI, tanto pode criar novas conexões e formas de interação positivas entre sociedade civil e Estado, quanto desenvolve novos riscos e vulnerabilidades aos direitos, tornando indispensável a reflexão dos efeitos da utilização inadequada das novas tecnologias. Nesse cenário, há o potencial de afronta a direitos fundamentais, como o direito de proteção de dados pessoais, o que pode ser feito tanto por particulares, quanto pelo Estado, mormente nos casos em que a violação parte do próprio Poder Judiciário. Essa é a problemática sobre a qual versa esta dissertação, que analisa tratamento jurídico dos dados pessoais sensíveis pelo Poder Judiciário e a potencial violação em caso de publicação das decisões judiciais envolvendo pornografia infantil nos portais institucionais, o que é feito com o objetivo de discutir a (in)existência do direito de autodeterminação informática em face do Poder Judiciário. Para compor a teoria de base, foram escolhidos autores que dialogam a respeito do Direito e da Internet, utilizando como marco teórico as contribuições de Catarina Sarmento e Castro, Ingo Sarlet e Manuel Castells. A temática permitiu a análise dialética, pois a) partiu-se da tese que as sociedades democráticas têm na ampla divulgação de informações o seu sustentáculo; b) contrapõe essa ideia pela defesa de que essa liberdade de informação não deve ser exercida de maneira irrestrita e ilimitada por parte dos Poderes do Estado, com destaque para o Poder Judiciário, pois sua atuação não pode gerar violação a direitos ou provocar a discriminação dos jurisdicionados (o que pode ocorrer em face da divulgação de determinados dados sensíveis); c) evoluindo para uma possível síntese, ocasião em que, à luz das práticas observadas nos sites dos tribunais, se intentou propor alternativas de harmonização desse conflito. No tocante ao método de procedimento, utilizou-se o comparativo e o monográfico, revelando se houve violação dos dados pessoais dos jurisdicionados e, caso tenha ocorrido, constatou-se de que maneira aconteceu tal transgressão de direitos fundamentais. A pesquisa centrou-se no Brasil, no período de julho a setembro de 2016, momento em que foram consultados os sítios eletrônicos dos cinco Tribunais Regionais Federais, colocando no campo de pesquisa de jurisprudência o termo “pornografia infantil na internet”. A partir do resultado nesse campo, realizou-se as análises para verificar se foram expostos dados dos jurisdicionados, vítimas e/ou réus, os quais deveriam permanecer em segredo de justiça.

Criança e adolescente

Crimes sexuais

Dados pessoais

Direito à informação

Poder Judiciário

Children and adolescents

Sexual crimes

Personal data

Right to information

Judiciary Power

GDPR: Securing Personal Data in Compliance with new EU-Regulations

Bitar, Hadi, Jakobsson, Björn

January 2017

New privacy regulations bring new challenges to organizations that are handling and processing personal data regarding persons within the EU. These challenges come mainly in the form of policies and procedures but also with some opportunities to use technology often used in other sectors to solve problems. In this thesis, we look at the new General Data Protection Regulation (GDPR) in the EU that comes into full effect in May of 2018, we analyze what some of the requirements of the regulation means for the industry of processing personal data, and we look at the possible solution of using hardware security modules (HSMs) to reach compliance with the regulation. We also conduct an empirical study using the Delphi method to ask security professionals what they think the most important aspects of securing personal data, and put that data in relation to the identified compliance requirements of the GDPR to see what organizations should focus on in their quest for compliance with the new regulation. We found that a successful implementation of HSMs based on industry standards and best practices address four of the 35 identified GDPR compliance requirements, mainly the aspects concerning compliance with anonymization through encryption, and access control. We also deduced that the most important aspect of securing personal data according to the experts of the Delphi study is access control followed by data inventory and classification.

GDPR

General Data Protection Regulation

Data Protection

Personal Data

EU

European Union

Encryption

Key Management

Hardware Security Module

HSM

Delphi Study

Compliance

Computer and Information Sciences

Data- och informationsvetenskap