Data retention - ukládání provozních a lokalizačních údajů / Data retention -depositing operational and localizing data

Jirovský, Lukáš

January 2015

DP - Lukáš Jirovský, Data retention, 2015 Abstract Data retention - storing of traffic and location metadata The topic of this thesis is data retention - traffic and location metadata storing (and providing to state) by telecommunication providers according to Czech and European law (including rulings of constitutional courts). It also describes compliance or conflict with the users right to privacy and also possibilities to provide this data to users. There is also technical description of the data with their meaning and statistics of crimes detection according to validity of this law.

The Right to Be Forgotten: Analyzing Conflicts Between Free Expression and Privacy Rights

Weston, Mindy

01 May 2017

As modern technology continues to affect civilization, the issue of electronic rights grows in a global conversation. The right to be forgotten is a data protection regulation specific to the European Union but its consequences are creating an international stir in the fields of mass communication and law. Freedom of expression and privacy rights are both founding values of the United States which are protected by constitutional amendments written before the internet also changed those fields. In a study that analyzes the legal process of when these two fundamental values collide, this research offers insight into both personal and judicial views of informational priority. This thesis conducts a legal analysis of cases that cite the infamous precedents of Melvin v. Reid and Sidis v. F-R Pub. Corp., to examine the factors on which U.S. courts of law determinewhether freedom or privacy rules.

freedom of expression

privacy rights

right to be forgotten

General Data Protection Regulation

electronic data control

data controllers

data processors

personal data control

Communication

公務機關之間傳輸個人資料保護規範之研究－以我國、美國及英國法為中心 / A Comparative Study of Regulations for the Protection of Personal Data Transmitted between Government Agencies in Taiwan, the U.S. and the U.K.

林美婉, Lin, Mei Wan

Unknown Date

政府利用公權力掌握之個人資訊包羅萬象，舉凡姓名、生日、身分證字號、家庭、教育、職業等。科技進步與網際網路發達，使原本散置各處之資料，可以迅速連結、複製、處理、利用；而為了增加行政效率與減少成本，機關透過網路提供公眾服務日益頻繁，藉由傳輸共用個人資料等情況已漸成常態。這些改變雖然對政府與民眾帶來利益，但是也伴隨許多挑戰，尤其當數機關必須共用資訊時，將使管理風險更添複雜與難度，一旦過程未加妥善管制，遭人竊取、竄改、滅失或洩露，不僅當事人隱私受損，也嚴重傷害政府威信。因此，凡持有個人資料的政府機關，均必須建立適當行政、技術與實體防護措施，以確保資料安全與隱密，避免任何可能危及資料真實之威脅與機會，而造成個人人格與公平之侵害。 　　隨著全球經濟相互連結以及網路普及，個人資料保護如今已是國際事務，這個趨勢顯現在愈來愈多的國家法律與跨國條款如OECD、歐盟、APEC等國際組織規範。而在先進國家中，美國與英國關於資訊隱私法制發展有其不同歷史背景，目前美國聯邦機關持有使用個人資料必須遵循的主要法規為隱私法、電腦比對與隱私保護法、電子化政府法、聯邦資訊安全管理法，以及預算管理局發布的相關指導方針；英國政府則必須遵守人權法與歐盟指令架構所制定的資料保護法，並且受獨立資訊官監督審核。此外，為了增加效率，減少錯誤、詐欺及降低個別系統維護成本，公務機關之間或不同層級政府所持有之個人資料流用有其必要性，故二國在資料傳輸實務上亦有特殊規定或作業規則。相較之下，我國2012年10月1日始施行的「個人資料保護法」對於公部門間傳輸個人資料之情形並無具體規定，機關內外監督機制亦付之闕如，使個人資料遭不當使用與揭露之風險提高。 為了保障個人資訊隱私權，同時使公務機關之間傳輸利用個人資訊得以增進公共服務而不違反當事人權益，本研究建議立法或決策者可參酌美國與英國法制經驗，明定法務部負責研擬詳細實施規則與程序以供各機關傳輸個人資料之遵循，減少機關資訊流用莫衷一是的情況；而為保證個人資訊受到適當保護，除了事先獲得當事人同意外，機關進行資料共用之前，應由專業小組審核，至於考慮採取的相關重要措施尚有：（1）建置由政策、程序、人力與設備資源所組成之個人資訊管理系統（PIMS），並使成為整體資訊管理基礎設施的一部分；（2）指派高階官員負責施行及維護安全控制事項；（3）教育訓練人員增加風險意識，塑造良好組織文化；（4）諮詢利害關係人，界定共用資料範圍、目的與法律依據；（5）實施隱私衝擊評估（PIA），指出對個人隱私的潛在威脅並分析風險減緩替代方案；（6）簽定正式書面契約，詳述相關權利與義務；（7）執行內外稽核，監督法規遵循情況，提升機關決策透明、誠信與責任。 關鍵詞：個人資料保護、隱私權、資訊隱私、資料傳輸、資料共用 / Governments have the power to hold a variety of personal information about individuals, such as the name, date of birth, I.D. Card number, family, education, and occupation. Due to advanced technology and the use of the Internet, personal data stored in different places can be connected, copied, processed, and used immediately. It is relatively common for government agencies to provide people with services online as well as transmit or share individual information to improve efficiency and reduce bureaucratic costs. These changes clearly deliver great benefits for governments and for the public, but they also bring new challenges. Specifically, managing risks around sharing information can sometimes become complicated and difficult when more than one agency is involved. If the government agency which keeps personal information cannot prevent it from being stolen, altered, damaged, destroyed or disclosed, it can seriously erode personal privacy and people’s trust in the government. Therefore, each agency that maintains personal data should establish appropriate administrative, technical, and physical safeguards to insure the security and confidentiality of data and to protect against any anticipated threats or hazards to the integrity which could result in substantial harm on personality and fairness to any individual . As the global economy has become more interconnected and the Internet ubiquitous, personal data protection is by now a truly international matter. The trend is fully demonstrated by the growing number of national laws, supranational provisions, and international regulations, such as the OECD, the EU or the APEC rules. Among those developed countries, both the U.S. and the U.K. have their historical contexts of developing legal framework for information privacy. The U.S. Federal agency use of personal information is governed primarily by the Privacy Act of 1974, the Computer Matching and Privacy Protection Act of 1988, the E-Government Act of 2002 , the Federal Information Security Management Act of 2002, and related guidance periodically issued by OMB. The U.K. government has to comply with the Human Rights Act and the Data Protection Act of 1998 which implemented Directive 95/46/EC. Its use of individual data is overseen and audited by the independent Information Commissioner. Further, because interagency data sharing is necessary to make government more efficient by reducing the error, fraud, and costs associated with maintaining a segregated system, both countries have made specific rules or code of practice for handling the transmission of information among different agencies and levels of government. By contrast, Taiwan Personal Information Protection Act of 2010 which finally came into force on 1 October 2012 contains no detailed and clear provisions for data transmitted between government agencies. Moreover, there are also no internal or external oversight of data sharing practices in the public sector. These problems will increase the risk of inappropriate use and disclosure of personal data. To protect individual information privacy rights and ensure that government agencies can enhance public services by data sharing without unreasonably impinging on data subjects’ interests, I recommend that law makers draw on legal experiences of the U.S. and the U.K., and specify that the Ministry of Justice has a statutory duty to prescribe detailed regulations and procedures for interagency data transmission. This could remove the fog of confusion about the circumstances in which personal information may be shared. Also, besides obtaining the prior consent of the data subject and conducting auditing by a professional task force before implementing interagency data sharing program, some important measures as follows should be taken: (1) Establish a Personal Information Management System which is composed of the policies, procedures, human, and machine resources to make it as part of an overall information management infrastructure; (2) Appoint accountable senior officials to undertake and maintain the implementation of security controls; (3) Educate and train personnel to raise risk awareness and create a good organizational culture; (4) Consult interested parties and define the scope, objective, and legal basis for data sharing; (5) Conduct privacy impact assessments to identify potential threats to individual privacy and analyze risk mitigation alternatives; (6) Establish a formal written agreement to clarify mutual rights and obligations; (7) Enforce internal as well as external auditing to monitor their compliance with data protection regulations and promote transparency, integrity and accountability of agency decisions. Key Words: personal data protection, privacy rights, information privacy, data transmission, data sharing

個人資料保護

隱私權

資訊隱私

資料傳輸

資料共用

personal data protection

privacy rights

information privacy

data transmission

data sharing

Electronic workplace surveillance and employee privacy : a comparative analysis of privacy protection in Australia and the United States

Watt, James Robert

January 2009

More than a century ago in their definitive work “The Right to Privacy” Samuel D. Warren and Louis D. Brandeis highlighted the challenges posed to individual privacy by advancing technology. Today’s workplace is characterised by its reliance on computer technology, particularly the use of email and the Internet to perform critical business functions. Increasingly these and other workplace activities are the focus of monitoring by employers. There is little formal regulation of electronic monitoring in Australian or United States workplaces. Without reasonable limits or controls, this has the potential to adversely affect employees’ privacy rights. Australia has a history of legislating to protect privacy rights, whereas the United States has relied on a combination of constitutional guarantees, federal and state statutes, and the common law. This thesis examines a number of existing and proposed statutory and other workplace privacy laws in Australia and the United States. The analysis demonstrates that existing measures fail to adequately regulate monitoring or provide employees with suitable remedies where unjustifiable intrusions occur. The thesis ultimately supports the view that enacting uniform legislation at the national level provides a more effective and comprehensive solution for both employers and employees. Chapter One provides a general introduction and briefly discusses issues relevant to electronic monitoring in the workplace. Chapter Two contains an overview of privacy law as it relates to electronic monitoring in Australian and United States workplaces. In Chapter Three there is an examination of the complaint process and remedies available to a hypothetical employee (Mary) who is concerned about protecting her privacy rights at work. Chapter Four provides an analysis of the major themes emerging from the research, and also discusses the draft national uniform legislation. Chapter Five details the proposed legislation in the form of the Workplace Surveillance and Monitoring Act, and Chapter Six contains the conclusion.