The implementation of the Data Retention Directive

This paper aims to provide a comparative analysis regarding the implementation of the EC Data Retention Directive (2006/24/EC) in the most important Member States including Germany, Great Britain and France in order to provide the reader with the necessary information on the current controversial matters relating to it and display the differences in the speed, intensity and form of its implementation.

Telecommunications Interception in Turkey

The paper discusses telecommunication interceptions in Turkey as a state surveilling itself as well as its citizens. While surveillance of state officials including the judiciary indicates a perception of threat from inside the state, these perceptions overlap with the ‘deep state’ phenomenon in Turkey. Despite the 2005 legal reforms which introduce strict legal standards for communications surveillance, current political developments reveal that wiretapping remains as a commonly used micro-power application. The paper, by utilizing Foucault’s theory, aims to uncover the ‘conditions of possibility’ for the use of this disciplinary technique in Turkey with a certain focus on the actual power relations and discourses of truth.

The Electronic Surveillance of Public Assemblies

The electronic surveillance of public assemblies has been an issue highly debated in the Greek public arena. The circumstances that brought this internationally contested topic in the public focus were the parliamentary introduction of Law 3625/2007 in Greece and the legislative enactment of an exemption from the data protection legislation for all police activities involving data processing during public assemblies. This paper will argue that the electronic surveillance of public assemblies affects both the privacy of political views (political privacy) and the activism (public anonymity) of a citizen. Along this line, the paper offers a combined analysis of the right to data protection [Art. 9A] and the right to free assembly [Art. 11] as acknowledged in the Greek Constitution (1975/86/01/08). As underlined, both rights constitute the basis for the protection of political privacy and public anonymity and preclude any legislatively posed limitations to their enjoyment. In the end, three key cases of the European Court of Human Rights shed light to the legitimacy of such a ‘panoptic’ surveillance of public assemblies.

Privacy and Identity in a Networked World

Digital information technologies have opened up fantastic new opportunities for ordinary people to both stand atop a virtual soapbox and reach millions and to participate in new forums for social interaction. However, as users conduct more and more of their personal and professional lives online, the distinction between public and private that has underlain the development of privacy law to date has begun to blur. While some traditional regulatory tools have proven adaptable, the ever increasing ability to collect and analyze that electronic information suggests that the assumptions and policy considerations underlying privacy laws must be reexamined. Old dividing lines between public and private forums cannot be readily transported into the digital realm. Instead, privacy regulations in the information age should protect the ability for users of online services to control the dissemination of their personal information and compartmentalize different aspects of their online conduct.

Data Protection in EU Law

This chapter aims to discuss the possibilities and limitations of the EU to provide for an effective and comprehensive data protection regime. In this respect, it presents an analysis of the data protection rules in EU law by examining the relevant constitutional and secondary law framework. It analyzes the jurisprudence of the European Court of Justice and the Court of First Instance on data protection issues, and argues that the European Court of Justice has interpreted an internal market measure (the Data Protection Directive) in such a way so as to foster the protection of fundamental rights. However, when it comes to the balancing between fundamental rights the Court leaves the question to be resolved by national courts. Finally, the contribution assesses the transborder data flows regime established by the Data Protection Directive and attempts to draw some conclusions on whether the ‘adequate protection’ test ensures a high protection in such flows.

Privacy Policy Improvements to Protect Children Privacy

The achievement of an adequate level of privacy protection is a demanding objective, especially for new technologies. One relatively new but increasing class of users of Internet related services consists of children and young people. However, if Internet services can improve social skills and widen the knowledge minors have, it could open the doors to privacy abuse and misuse. As it would not be feasible to address all the legal and technical tools available within the privacy protection process, this chapter will focus on a specific element required by regulation and applicable both in Europe and in the US: the inclusion of a privacy policy in any website that collects personal data from users. The paper will provide an analysis of some of the privacy policies available online provided by companies that focus specifically on children and by social networking sites. The analysis will couple the descriptive part with suggestions to improve the level of compliance and, consequentially, the level of protection for minors’ privacy.

Hasta La Vista Privacy, or How Technology Terminated Privacy

Lawyers find great joy in pointing out the destructive effects of digital technology on privacy and naturally expect the law to avert overexposure of people’s personal information. This essay takes a different view by arguing that the trajectory of technological developments renders the expansive collection of personal data inevitable, and hence the law’s primary interest should lie in regulating the use—not the collection—of information. This does not foreshadow the end of privacy, but rather suggests a necessary reconceptualization of privacy in the digital era. Along those lines we first need to acknowledge that people increasingly sacrifice voluntarily some of their privacy to enjoy the benefits of technology. Second, the ready availability of a huge volume of personal information creates attention scarcity, such that the chances a person’s privacy will be intruded are diminished. Most importantly, though, once the law accepts the inevitability of the collection of personal information, it will be best in the position to focus attention on ensuring that the collected information is appropriately used, instead of wasting resources on trying to hinder in vain its collection. This more realistic approach calls for alternative means of regulation, like self-regulation or emphasis on informed consent, and facilitates the flow of information by reducing the transactional cost of its sharing and dissemination.

Radio Frequency Identification in Hospitals

Radio Frequency Identification (RFID) technology has been applied increasingly within the hospital setting. This chapter argues that, while such applications may drastically improve hospital efficiency, they also may produce privacy risks that harm patients more than they help them. Further, the privacy risks associated with RFID technologies are difficult to comprehend. When patients’ personal data is implicated, hospitals should adhere to privacy principles that promote the flow of full information and enable patients to make rational choices when they opt-in to hospital RFID applications. Otherwise, RFID hospital technologies may be implemented in ways that do not serve patients’ long term privacy interests.

Balancing the Protection of Genetic Data and National Security in the Era of New Technology

The aim of this work is to examine the European Court of Human Rights’ (ECtHR) balancing exercise between genetic data protection and national security, under Article 8 of the European Convention of Human Rights (ECHR). It analyzes, more specifically, the core principles of the Strasbourg Court that the Council of Europe’s Contracting States are required to apply when they collect and store genetic data in order to reach specific purposes in terms of public security, such as the fight against crimes. It will emerge that the Court, in consideration of the risks new technologies pose to an individual’s data safeguards, pays special attention to the strict periods of storage of such data and requires that their collection be justified by the existing of a pressing social need and a “careful scrutiny” of the principle of proportionally between the intrusive measure and the aim pursued. This work is divided into three main parts. The first part provides a general overview on personal data protection under Article 8, while the second and third part concentrate, respectively, on the collection of genetic data and on their storage for police purposes.

Genetic Privacy

Privacy is a right with many aspects. Although, a uniform approach on privacy is quite often sought, a consensus is growing that there are not only one but many privacy rights. This chapter explores whether there is in fact a right to protect our genetic privacy, since this is a right quite unique in its characteristics and is certainly not identified with our general presumptions about privacy. Its uniqueness lies in the fact, that apart form the dominant definition of privacy as a right to be let alone, as an individualistic right, genetic privacy protects not only the individual but also the members of his/her family. The present paper is examining the ‘hereditary’ and ‘shared’ character of our genetic information in an attempt to shape a right to genetic privacy that is based on the equilibrium of individual autonomy, family and public interest. In order to support such an argument, the premises of our genetic self are examined in connection with autonomy and its boundaries, mainly paternalism and genetic exceptionalism. Along this line, basic notions of the liberal privacy theory are critically examined, mainly the notions of control, confidentiality and consent, so as to maintain the existence of a right to genetic privacy that can enhance the individual’s autonomy without founding it on its selfish, individual interests.