Birnhack & Elkin-Koren, Feb. 20041 Privacy Practices of Israeli Public Web Sites February 2004 Dr. Michael Birnhack & Dr. Niva Elkin-Koren Haifa Center.

Slides:



Advertisements
Similar presentations
EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure.
Advertisements

IMPS Information Management and Policy Services Information Services Directorate A briefing for all University staff November 2004 New Information Legislation.
BT2103 Developing Small Systems for Business Lecture 2 Databases, Data Management, And The Legal Framework.
Data Protection Information Management / Jody McKenzie.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
The Problem Solvers TM Privacy Rights: Minors and Parents Michael J. Hewitt Marcel Daigle Singleton Urquhart LLP.
1 Allan Chiang, S.B.S. Privacy Commissioner for Personal Data 8 July 2013 Asian Privacy Scholars Network Conference Balance between Access to Public Domain.
Christian Vargas. Also known as Data Privacy or Data Protection Is the relationship between collection and spreading or exposing data and information.
Freedom of Information What does it mean for us? Introductory Training Session.
6/1/2015MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA 1 PRESENTATION OF PERSONAL DATA PROTECTION BILL PRESENTATION OF PERSONAL DATA PROTECTION BILL.
Hong Kong Privacy Code on Human Resource Management
Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.
Data Protection Data Protection Acts 1988 & 2003 Directive 95/46/EC Privacy.
Duncan Woodhouse – Assistant Registrar for Information Security, Risk Management and Business Continuity Helen Wollerton – Administrative Officer (Legal.
FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.
Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.
Per Anders Eriksson
Information Privacy Policy in Canada Presented By: Sue Wu.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Attorney at the Bars of Paris and Brussels Database exploitation & Data protection Thibault Verbiest Amsterdam 1 April 2005
Data Protection Overview
Protecting information rights –­ advancing information policy Privacy law reform for APP entities (organisations)
Lawyer at the Brussels Bar Lecturer at the University of Strasbourg Assistant at the University of Brussels Data Protection & Electronic Communications.
Regulation of Personal Information Daniel Pettitt, Leon Sewell and Matthew Pallot.
© 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker.
1. What is the DMCA? Digital Millennium Copyright Act. Signed into law in Provides the legal framework for copyright holders to claim copyright.
Workshop on Health Examination Surveys (HES) Legal and ethical issues Susanna Conti, M. Kanieff, G. Rago Istituto Superiore di Sanità (ISS) (National Public.
© 2007 The MITRE Corporation. MITRE Privacy Practice W3C Government Linked Data Working Group Michael Aisenberg, Esq. 29 June 2011 Predicate for Privacy.
Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.
E-Commerce Directive 2002 Overview. This Map It was derived from Complying with the E-Commerce Regulations 2002 by the DTI.
CcTLD/ICANN Contract for Services (Draft Agreements) A Comparison.
7-Oct-15 Threat on personal data Let the user be aware Privacy and protection.
Federal Trade Commission required to issue and enforce regulations concerning children’s online privacy. Initial COPPA Rule effective April 21, 2000;
Assurance Report on Controls at Service Organizations SAE 3402
The Eighth Asian Bioethics Conference Biotechnology, Culture, and Human Values in Asia and Beyond Confidentiality and Genetic data: Ethical and Legal Rights.
Data Protection Compliance Professor Ian Walden Institute of Computer and Communications Law, Centre for Commercial Law Studies, Queen Mary, University.
EU Data Protection IT Governance view Ger O’Mahony 12 th October 2011.
Privacy in computing Material/text on the slides from Chapter 10 Textbook: Pfleeger.
Data Protection Act AS Module Heathcote Ch. 12.
IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.
FatMax Licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 LicenseCreative Commons Attribution-NonCommercial-ShareAlike 2.5.
The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;
Privacy & How IT Will Help JEFF NORTHROP, CTO
FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.
THE DATA PROTECTION ACT Data Protection Act 1998 DPA 1. Reasons2. People3. Principles 4. Exemptions 4 key points you need to learn/understand/revise.
An Introduction to the Privacy Act Privacy Act 1993 Promotes and protects individual privacy Is concerned with the privacy of information about people.
Information Technology & Ethics. Impact The impact of IT on information and communication can be categorized into 4 groups: privacy, accuracy, property,
Ecommerce Applications 2007/8 E-Commerce Applications UK e-Commerce Regulations.
Session 12 Information management and security. 1 Contents Part 1: Introduction Part 2: Legal and regulatory responsibilities Part 3: Our Procedures Part.
GCSE ICT Data and you: The Data Protection Act. Loyalty cards Many companies use loyalty cards to encourage consumers to use their shops and services.
Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.
Data protection—training materials [Name and details of speaker]
Privacy and Personal Information. WHAT YOU WILL LEARN: What personal information is. General guidelines for the collection of personal information. Your.
Presented by Ms. Teki Akuetteh LLM (IT and Telecom Law) 16/07/2013Data Protection Act, 2012: A call for Action1.
Protection of Personal Information Act An Analysis on the impact.
Understanding Privacy An Overview of our Responsibilities.
Surveillance around the world
HIPAA Administrative Simplification
Global Data Protection and Privacy
Data protection issues in regulatory investigations
TB2 Lesson 5 Data Protection
APP entities (organisations)
Data Protection Legislation
GENERAL DATA PROTECTION REGULATION (GDPR)
GDPR (General Data Protection Regulation)
Data Protection.
General Data Protection Regulation (GDPR)
EU Data Protection Legislation
Presentation transcript:

Birnhack & Elkin-Koren, Feb Privacy Practices of Israeli Public Web Sites February 2004 Dr. Michael Birnhack & Dr. Niva Elkin-Koren Haifa Center of Law & Technology Supported by the Burda Center for Innovative Communications at Ben-Gurion University

Birnhack & Elkin-Koren, Feb Regulation of Online Privacy Law Market forces Technology Is the law effective? Law in the books vs. Law in action

Birnhack & Elkin-Koren, Feb Research Goals Examining the application of the Privacy Act of 1981 among Israeli Public Web Sites Comparing the law with statements addressed to users (phase II: comparing the above with the actual practices) Assessing the relevance of the law Regulation of digital privacy Regulation of digital environment

Birnhack & Elkin-Koren, Feb Method of Research Defining the scope of the research Classification of sites according to practices: Information Collectors Non-Collectors Privacy Policies: Finding them…, and Analysing them in light of legal requirements

Birnhack & Elkin-Koren, Feb Scope: Israeli Public Web Sites Home pages no internal pages ( no sub-sites (excludes geocities-like sites) Israeli sites ( ) Top third level domain not Active sites only (only about 50% active) Sites operated by Public bodies and licensed ISPs

Birnhack & Elkin-Koren, Feb Examined Populations

Birnhack & Elkin-Koren, Feb Legal Requirements: Privacy Protection Act of 1981 Database: Collection of electronic information, with the exception of: Personal collection Communications data only Obligation of Registration, if: 10,000+ people, or “sensitive information”, or Information obtained by third parties, or Public database, or Direct marketing.

Birnhack & Elkin-Koren, Feb Notice S. 11 of the Privacy Act: A request aimed at a person, for the provision of information to be held in a database, should be accompanied with a notice: Is there a legal duty to provide the info.? The purpose for which the info. is sought Will the info. be disclosed to third parties? To whom? For what purpose?

Birnhack & Elkin-Koren, Feb Results 50% Collect Information 30% (15% of total population) Have Privacy Policy 60%(9% of total population) Privacy Policy 90% Links to policy active 10% links to policy inactive 40% different title for the policy 70% No Privacy Policy

Birnhack & Elkin-Koren, Feb Results

Birnhack & Elkin-Koren, Feb Results

Birnhack & Elkin-Koren, Feb Notice S. 11 of the Privacy Act: A request aimed at a person, for the provision of information to be held in a database, should be accompanied with a notice: Is there a legal duty to provide the info.? The purpose for which the info. is sought Will the info. be disclosed to third parties? To whom? For what purpose?

Birnhack & Elkin-Koren, Feb The Content of Privacy Policies 30% of Information Collecting Sites have a privacy policy of some sort 75% do not indicate whether info. is collected 60% did not indicate the purpose of the collection of info. 90% did not indicate whether there is an obligation to provide info.

Birnhack & Elkin-Koren, Feb Privacy Act of 1981 S. 13: Right of Access Data subject is entitled to access information about her held in database S. 14: Right of Amendment If information is inaccurate, subject has the right to require amendment

Birnhack & Elkin-Koren, Feb Results Number of sites which indicate the right of access and/or the right of amendment: ? 0

Birnhack & Elkin-Koren, Feb Data Security S. 17 of the Privacy Act of 1981: The owner of a database… is responsible for the security of the information stored in the database.

Birnhack & Elkin-Koren, Feb Privacy Practices in Excess of the Act ’ s requirements 21% of the sites which do not seem to collect information have a privacy policy 70% of all sites, including sites which do not collect information, specifically announce that they secure the data.

Birnhack & Elkin-Koren, Feb Summary of results Low level of compliance Low awareness Vagueness of the concept of privacy Enforcement failure Privacy practices in excess of the Act: Market forces “law in action” Future plans

Birnhack & Elkin-Koren, Feb Other Countries South Africa: Survey of top 100 sites: 2/3 fail to comply fully with the law -- Information Systems students, Cape Town University, AllAfrica.com, Sep. 7, 2003 UK: Survey of 90 most popular websites: only 2% were “totally compliant” with the Privacy and Electronic Communications Regulation -- WebAbacus research, BBC News, Dec. 14, 2003

Birnhack & Elkin-Koren, Feb Ramifications Assumptions: Non-deterministic view of technology Privacy is an important value, and should subsist in the digital environment Within the law: Correct enforcement-failures, e.g., class actions; effective governmental supervision Require disclosure of rights (access, amendment) Indirect regulation: carrot & stick approach: Incentives to provide privacy (e.g., US-EU safe harbor) Disincentives to non-compliance Private Ordering Regulation by code

Birnhack & Elkin-Koren, Feb Privacy Practices of Israeli Public Web Sites Thanks!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.