You are here:
WorldLII >>
Databases >>
EPIC Alert >>
2001 >>
[2001] EPICAlert 6
Database Search
| Name Search
| Recent Articles
| Noteup
| LawCite
| Help
EPIC Alert 8.06 [2001] EPICAlert 6
EPIC ALERT
Volume 8.06 March 29, 2001
Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.
http://www.epic.org/alert/EPIC_Alert_8.06.html
Table of Contents
[1] EU Privacy Leaders: Cybercrime Treaty May Violate Rights
[2] Future of Medical Privacy Regulations Uncertain
[3] Annenberg Releases Report on Kids Privacy Compliance
[4] Bush Administration Criticizes EU Privacy Rules
[5] Public Voice Submits Dot Force Report
[6] EPIC Bill-Track: New Bills in Congress
[7] EPIC Bookstore - The Internet, Law and Society
[8] Upcoming Conferences and Events
[1] EU Privacy Leaders: Cybercrime Treaty May Violate Rights
The controversial Council of Europe (CoE) draft Cybercrime Conventionhas encountered new opposition from an important quarter. In
a formalopinion released on March 22, the European Union's independentAdvisory Body on Data Protection and Privacy criticized the
proposedinternational treaty as providing inadequate protections for personalprivacy. The advisory group, also known as the Article
29 WorkingParty, includes the national privacy commissioners of the EU memberstates. The group said it wanted to send "a strong
message that afair balance must be struck between anti-cyber-crime efforts and thefundamental rights to privacy and personal data
protection ofindividuals."
Noting that the CoE proposal makes reference to several internationalhuman rights documents, the Working Party found that "the draftConvention
does not harmonise the safeguards and conditions"
envisioned in those treaties, nor does it "require such safeguards andconditions effectively being in place." The Working Party concludedthat
the provisions contained in the draft treaty "are not sufficientto fully safeguard the fundamental rights to privacy and personal
dataprotection."
On one issue, the advisory group noted an improvement over earlierdrafts of the cybercrime treaty. The Working Party "welcomes" thefact
that the current version of the Convention (Version 25) no longerincludes a "general surveillance obligation consisting in the routineretention
of all traffic data." But despite that one change, thegroup found that the draft's "wording is often too vague andconfusing," a
shortcoming that is particularly problemmatic in adocument containing "mandatory measures that are intended to lawfullylimit fundamental
rights and freedoms."
The Working Party also criticizes "the very late release of relevantdocuments," referring to the fact that no public version of the
drafttreaty was released until Version 19 last year. While the CoEdrafters are seeking to conclude deliberations on the Convention
thisspring, the EU advisory group recommends that "the public debate beprolonged" and that it include "all parties concerned (human
rightsorganisations, industry, etc.)," and not just the police and lawenforcement officials (including the U.S. Department of Justice)
whohave dominated the drafting process.
The Article 29 Working Party opinion is available at:
http://www.epic.org/security/cybercrime/data_wp_3_01.pdf
The current draft of the CoE Convention on Cybercrime is available at:
http://conventions.coe.int/treaty/EN/projets/cybercrime25.htm
[2] Future of Medical Privacy Regulations Uncertain
Implementation of the first federal health privacy regulations havebeen delayed by the Bush administration and are almost certain
to beweakened by Health and Human Services (HHS) Secretary Tommy Thompson.
Although health care industry lobbyists have pressured lawmakers tooppose the regulations, there is still significant support in Congressto
implement the rules immediately. Last week, sixty-one lawmakerssigned a letter urging Thompson to implement the regulations. Thelack
of support for medical privacy protections represents an abruptchange in the Bush Administration's stance on privacy (see item
[4]
below).
In statements reported in the Wall Street Journal and the Bureau ofNational Affairs Health Care Daily Report, Thompson promised to"simplify"
the regulations and lessen the financial burden to healthcare providers. It remains unclear how the rules will be"simplified."
The rules as formulated by the Clinton administration would have givenpatients the right to clear notice of privacy practices, the
right tolimit disclosures of medical records, the right to access records andamend inaccurate information, and the right to file
complaints withHHS. However, the rules did contain significant exemptions that couldhave compromised patients' privacy rights.
For instance, health careinformation could have been used for marketing purposes, and patientswould have been required to opt-out
of such marketing. In addition,
law enforcement officials could have accessed health informationwithout judicial review under the rules.
HHS will continue to accept comments on the privacy regulationsthrough its website until Friday, March 30 at 5 p.m. (ET).
A template letter supporting the medical privacy rules is availablefrom the Health Privacy Project:
http://www.healthprivacy.org/
The Department of Health and Human Services (HHS) Electronic CommentSubmission Form is available at:
http://aspe.hhs.gov/admnsimp/
[3] Annenberg Releases Report on Kids Privacy Compliance
On March 28, the Annenberg Public Policy Center at the University ofPennsylvania released a report, "Privacy Policies on Children'sWebsites:
Do They Play By the Rules?," analyzing current levels ofcompliance with the Children's Online Privacy Protection Act (COPPA).
COPPA was enacted by Congress in 1998 and its rules became effective ayear ago in April 2000. The Act is enforced by the Federal
TradeCommission (FTC).
The study reviewed 162 websites that are among the most popular forInternet users under the age of thirteen. Of those 162 websites,
114displayed a privacy policy on the homepage and 90 of those sitescollected personal information from minors. Fourteen other sitescollecting
personal information did not display any privacy policy,
clearly violating COPPA. In addition, the content of those privacypolicies were often found not to alert parents to all of COPPA'sprivacy
protections. Only 55 percent of privacy policies told parentsthat websites could not collect more information than what is"reasonably
necessary" and only 62 percent of those statements toldparents that they could review personal information already collectedfrom
their children. The study did not examine the extent to whichthese websites complied with COPPA in practice, apart from privacypolicies.
Unlike most websites, sites targeted at minors must providethe privacy provisions as outlined in COPPA regardless of the contentof
their privacy policies.
In the conclusion of the report, the researchers suggest requiringwebsites to display a prominent icon that indicates COPPA complianceand
greater efforts to standardize privacy policies. The study alsonotes that the easiest way to comply with COPPA is not to collect
anypersonal information from minors.
"Privacy Policies on Children's Websites: Do They Play By the Rules?":
http://www.asc.upenn.edu/usr/jturow/PrivacyReport.pdf
More information about the Children's Online Privacy Protection Act(COPPA) is available at:
http://www.kidzprivacy.org/
[4] Bush Administration Criticizes EU Privacy Rules
On March 23, representatives of the Bush administration sent a letterto the European Commission Internal Market Directorate criticizingproposed
European standards for protecting the privacy of transborderdata flows.
The letter concerns the model contractual clauses that have beenproposed by the European Commission to govern the exchange of consumerinformation
between EU and U.S. companies, such as financialinstitutions, that are not covered by the previously negotiated "SafeHarbor" agreement.
As Article 25 of the 1995 EU Data ProtectionDirective prohibits European data processors from "exporting" thepersonal information
of European citizens to countries that do nothave adequate privacy protection laws in place, these contracts arenecessary to ensure
the continued flow of information between Europeand the United States. The EU Data Protection Directive's protectionsonly apply
to information collected from EU citizens.
According to the letter sent from the Departments of Commerce andTreasury, the contracts would require U.S. companies to follow higherstandards
of privacy protection than are currently required by U.S.
law. As a result, the officials warn that "there is a serious dangerthe adoption of the standard clauses as drafted will create a
de factostandard that would raise the bar for U.S firms." They continue thatthe requirements are "unduly burdensome" and "incompatible
with realworld operations" and urge the European Commission to defer furtherconsideration of them. Consumer organizations, such
as the TransAtlantic Consumer Dialogue (TACD), have previously raised questionsabout the adequacy of privacy protection in the United
States.
The Bush Administration's resistance to strengthening consumer privacyprotection is seemingly inconsistent with many pro-privacy statementsmade
by, or on behalf, of candidate Bush during the recentpresidential election campaign. For example, in a May 19 interviewwith BusinessWeek,
then-Governor Bush stated that "I'm aprivacy-rights person. The marketplace can function withoutsacrificing the privacy of individuals.
Customers should be allowedto opt in . . . the company has got to ask permission." Later, in anOctober 17 debate sponsored by George
Washington University,
then-domestic policy advisor Stephen Goldsmith stated on behalf ofBush that "There is a role for Congress ... in requiring that there
beprovisions for an opt-in on medical and financial information."
The draft version of the European Commission's Model ContractProvisions and comments of the U.S. Department of Commerce:
http://www.export.gov/safeharbor/Model_Contract.htm
March 23 Letter sent from the Departments of Commerce and Treasury tothe European Commission:
http://www.epic.org/privacy/intl/mogg_letter_0301.html
[5] Public Voice Submits Digital Divide Report
The Public Voice is a project of EPIC that seeks to promote theparticipation of NGOs in international decision-making bodies thataddress
Internet policy. As part of that project, EPIC solicitedcomments from the public, in cooperation with the Association forProgressive
Communications (APC), on the Digital Divide (see EPICAlert 8.02). "The Public Voice and the Digital Divide: A Report tothe DOT Force"
is a compilation of the public's ideas and views on theDigital Divide and will be submitted to the Digital Opportunities TaskForce
(DOT Force), a Digital Divide initiative of the G-8. The DOTForce was created by the G-8 in July 2000.
The Public Voice report addresses four different topics: what are thebest approaches to address the digital divide?; what are the
currentbarriers to greater Internet access?; what organizations are currentlyworking on the Digital Divide?; how should groups narrow
the DigitalDivide? A wide variety of approaches were recommended such as the useof free or open-source software, greater emphasis
on education andtraining and the creation of more local content. Unlike most policypapers, the Public Voice report is largely made
up of directquotations from public comments.
The DOT Force will release its final action plan at the next G-8meeting to take place in Genoa, Italy this July. A draft version
ofits report is currently available through the DOT Force website.
"The Public Voice and the Digital Divide: A Report to the DOT Force"
is available at:
http://www.thepublicvoice.org/dotforce/report_0301.html
For more information about the Digital Opportunities Task Force:
http://www.dotforce.org/
[6] EPIC Bill-Track: New Bills in Congress
*House*
H.R.972 Parent Act of 2001. To amend the Elementary and SecondaryEducation Act of 1965 to strengthen the involvement of parents in
theeducation of their children, and for other purposes. Sponsor: RepWoolsey, Lynn C (D-CA). Latest Major Action: 3/8/2001 Referred
toHouse committee: House Education and the Workforce.
H.R.1152 Human Rights Information Act. To promote human rights,
democracy, and the rule of law by providing a process for executiveagencies for declassifying on an expedited basis and disclosingcertain
documents relating to human rights abuses in countries otherthan the United States. Sponsor: Rep Lantos, Tom (D-CA). Latest MajorAction:
3/21/2001 Referred to House Committee on Government Reform.
H.R.1158 National Homeland Security Agency Act. To establish theNational Homeland Security Agency. Sponsor: Rep Thornberry, William(Mac)
(R-TX). Latest Major Action: 3/21/2001 Referred to Housecommittee Committees: House Government Reform.
H.R.1176 Fair Credit Reporting Act Amendments of 2001. To amend theFair Credit Reporting Act to protect consumers from the adverseconsequences
of incomplete and inaccurate consumer credit reports, andfor other purposes. Sponsor: Rep Ford, Harold, Jr. (D-TN). LatestMajor Action:
3/22/2001 Referred to House committee: House FinancialServices.
H. J. RES. 38. Disapproving the rule submitted by the Department ofHealth and Human Services on December 28, 2000, relating to standardsfor
privacy of individually identifiable health information. Sponsor:
Rep Paul, Ron (R-TX). Referred to House Committees on Education andthe Workforce, Energy and Commerce and Ways and Means.
EPIC Bill Track: Tracking Privacy, Speech, and Cyber-Liberties Billsin the 107th Congress, is available at:
http://www.epic.org/privacy/bill_track.html
[7] EPIC Bookstore - The Internet, Law and Society
The Internet, Law and Society. Edited by Yaman Akdeniz, Clive Walker,
and David Wall.
The advent of a global information society demands a new understandingof the complexities of the architecture of that society and
itsimplications for existing social institutions such as law andgovernment. This authoritative and innovative book takes as its
themethe Internet within the settings of law, politics and society. Itrelates and analyses their interactions and draw out the implicationsof
"cyberspace" for law and society. It therefore has a wider andmore critical agenda that existing, more technical expositions ofcomputer
or Internet law. It is about the "law in action" and notjust the "law in books." It examines Internet activity that takesplace
in the shadow of law where there is a fascinating range ofregulatory responses and governance strategies. The book covers, infour
Parts: the Internet, law and society; governance and theInternet; legal institutions and professions and the Internet; and,
legal controversies in cyberspace.
For other books recommended by EPIC, browse the EPIC Bookshelf at:
http://www.powells.com/features/epic/epic.html
EPIC Publications:
"The Consumer Law Sourcebook 2000: Electronic Commerce and the GlobalEconomy," Sarah Andrews, editor (EPIC 2000). Price: $40.
http://www.epic.org/cls/
The Consumer Law Sourcebook provides a basic set of materials forconsumers, policy makers, practitioners and researchers who areinterested
in the emerging field of electronic commerce. The focus ison framework legislation that articulates basic rights for consumersand
the basic responsibilities for businesses in the online economy.
"Privacy & Human Rights 2000: An International Survey of Privacy Lawsand Developments," David Banisar, author (EPIC 2000).
Price: $20. http://www.epic.org/phr/
This survey, by EPIC and Privacy International, reviews the state ofprivacy in over fifty countries around the world. The survey
examinesa wide range of privacy issues including, data protection, telephonetapping, genetic databases, ID systems and freedom of
informationlaws.
"The Privacy Law Sourcebook 2000: United States Law, InternationalLaw, and Recent Developments," Marc Rotenberg, editor (EPIC 2000).
Price: $40. http://www.epic.org/pls/
The "Physicians Desk Reference of the privacy world." An invaluableresource for students, attorneys, researchers and journalists who
needan up-to-date collection of U.S. and International privacy law, aswell as a comprehensive listing of privacy resources.
"Cryptography and Liberty 2000: An International Survey of EncryptionPolicy," Wayne Madsen and David Banisar, authors (EPIC 2000).
Price: $20. http://www.epic.org/crypto&/
EPIC's third survey of encryption policies around the world. Theresults indicate that the efforts to reduce export controls on strongencryption
products have largely succeeded, although severalgovernments are gaining new powers to combat the perceived threats ofencryption
to law enforcement.
"Filters and Freedom: Free Speech Perspectives on Internet ContentControls," David Sobel, editor (EPIC 1999). Price: $20.
http://www.epic.org/filters&freedom/
A collection of essays, studies, and critiques of Internet contentfiltering. These papers are instrumental in explaining why filteringthreatens
free expression.
Additional titles on privacy, open government, free expression,
computer security, and crypto, as well as films and DVDs can beordered through the EPIC Bookstore: http://www.epic.org/bookstore/
[8] Upcoming Conferences and Events
Online, Offshore and Cross-Border: Regulating Global E-Commerce.
Washington College of Law, American University. March 30, 2001.
Washington, DC. For more information: http://www.wcl.american.edu
Call For Papers - March 31, 2001 (prizes available for graduatestudent papers). The 29th Research Conference on Communication,
Information and Internet Policy. October 27-29, 2001. Alexandria, VA.
For more information: http://www.tprc.org
BNA Public Policy Forum: Cybersecurity and Privacy. Pike and Fischer,
Inc. April 4, 2001. Washington, DC. For more information:
http://www.pf.com/
First International Conference on Human Aspects of the InformationSociety. Information Management Research Institute, University ofNorthumbria
at Newcastle. April 9-11, 2001. Newcastle upon Tyne,
England. For more information: http://is.northumbria.ac.uk/imri
Corporate Privacy Officers Program 2001: Washington Briefing and PeerWorkshop. Privacy and American Business. April 11-12, 2001.
Washington, DC. For more information: http://www.pandab.org/
National Summit on Electronic Privacy. The National Institute forGovernment Innovation. April 23-24, 2001. Washington, DC. For moreinformation:
http://www.nigi.org/
The First Annual Privacy and Data Protection Summit. Privacy OfficersAssociation. May 2-4, 2001. Arlington, VA. For more information:
http://www.privacyassociation.org
The 26th Annual AAAS Colloquium on Science and Technology Policy.
American Association for the Advancement of Science. May 3-4, 2001.
Washington, DC. For more information:
http://www.aaas.org/spp/dspp/rd/colloqu.htm
Future of the Internet: Preserving the Internet's Openness, Freedom,
and Diversity. Center for Media Education and Center for DigitalDemocracy. May 9, 2001. Washington, DC. For more information:
agoldmancme.org
The Internet and State Security Forum (ISSF). Cambridge Review ofInternational Affairs. May 19, 2001. Cambridge, England. For moreinformation:
http://www.cria.org.uk/
Communication Research and Policy Workshop. Ford Foundation andComputer Professionals for Social Responsibility (CPSR). May 24, 2001.
Washington, DC. For more information: http://www.cpsr.org/ICA_workshop
The Internet Security Conference (TISC) 2001. Core Competence, Inc.
June 4-8, 2001. Los Angeles, CA. For more information:
http://www.tisc2001.com/
INET 2001: A Net Odyssey, Mobility and the Internet. The 11th AnnualInternet Society Conference. June 5-8, 2001. Stockholm, Sweden.
Formore information: http://www.isoc.org/inet2001/
ETHICOMP 2001: Systems of the Information Society. Telecommunicationsand Informatics Technical University of Gdansk, Poland. June
18-20,
2001. Gdansk, Poland. For more information:
http://www.ccsr.cse.dmu.ac.uk/conferences/ccsrconf/ethicomp2001/
Democracy Forum 2001: Democracy and the Information Revolution.
International Institute for Democracy and Electoral Assistance. June27-29, 2001. Stockholm, Sweden. For more information:
http://www.idea.int/frontpage_forum2001.htm
Call for Papers - June 30, 20001. CEPE2001: Computer Ethics,
Philosophical Enquiries. Lancaster University (UK). Centre for Studyof Technology in Organizations, Institute for Environment, Philosophyand
Public Policy. December 14-16, 2001. For more information:
http://www.lancs.ac.uk/depts/philosophy/conferences/
Call For Submissions - August 3, 2001. Workshop on Security andPrivacy in Digital Rights Management 2001. Eighth Association forComputing
Machinery (ACM) Conference on Computer and CommunicationsSecurity. November 5, 2001. For more information:
http://www.star-lab.com/sander/spdrm/
ICSC 2001: International Conference on Social Computing. University ofBremen. October 1-3, 2001. Bremen, Germany. For more information:
http://icsc2001.informatik.uni-bremen.de/
Privacy2001: Information, Security & Ethics for the New Century.
Technology Policy Group. October 3-4, 2001. Cleveland, Ohio. For moreinformation: http://www.privacy2000.org/
Learning for the Future. Business for Social Responsibility's NinthAnnual Conference. November 7-9, 2001. Seattle, WA. For moreinformation:
http://www.bsr.org/events/2001.asp
Subscription Information
The EPIC Alert is a free biweekly publication of the ElectronicPrivacy Information Center. A Web-based form is available forsubscribing
or unsubscribing at:
http://www.epic.org/alert/subscribe.html
To subscribe or unsubscribe using email, send email toepic-newsepic.org with the subject: "subscribe" (no quotes) or"unsubscribe".
Back issues are available at:
http://www.epic.org/alert/
Privacy Policy
The EPIC Alert mailing list is used only to mail the EPIC Alert and tosend notices about EPIC activities. We do not sell, rent or
share ourmailing list. We also intend to challenge any subpoena or other legalprocess seeking access to our mailing list. We do
not enhance (linkto other databases) our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe your email addressfrom this list, please follow the above instructions under"subscription
information". Please contact infoepic.org if you haveany other questions.
About EPIC
The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus
public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord
privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Actlitigation, and conducts policy research. For more information,
e-mail infoepic.org, http://www.epic.org or write EPIC, 1718Connecticut Ave., NW, Suite 200, Washington, DC 20009.
+1 202 483 1140 (tel), +1 202 483 1248 (fax).
If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible.
Checks should be made out to "EPIC" and sent to1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009.
Or you can contribute online athttp://www.guidestar.org/aol/search/report/report.adp?ein=52-2225921
Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation
ofencryption and expanding wiretapping powers.
Thank you for your support.
END EPIC Alert 8.06
.
WorldLII:
Copyright Policy
|
Disclaimers
|
Privacy Policy
|
Feedback
URL: http://www.worldlii.org/int/journals/EPICAlert/2001/6.html
