Presentation is loading. Please wait.

Presentation is loading. Please wait.

Birnhack & Elkin-Koren, Feb. 20041 Privacy Practices of Israeli Public Web Sites February 2004 Dr. Michael Birnhack & Dr. Niva Elkin-Koren Haifa Center.

Published byOlivia Wells Modified over 9 years ago

Similar presentations

Presentation on theme: "Birnhack & Elkin-Koren, Feb. 20041 Privacy Practices of Israeli Public Web Sites February 2004 Dr. Michael Birnhack & Dr. Niva Elkin-Koren Haifa Center."— Presentation transcript:

1 Birnhack & Elkin-Koren, Feb. 20041 Privacy Practices of Israeli Public Web Sites February 2004 Dr. Michael Birnhack & Dr. Niva Elkin-Koren Haifa Center of Law & Technology Supported by the Burda Center for Innovative Communications at Ben-Gurion University

2 Birnhack & Elkin-Koren, Feb. 20042 Regulation of Online Privacy Law Market forces Technology Is the law effective? Law in the books vs. Law in action

3 Birnhack & Elkin-Koren, Feb. 20043 Research Goals Examining the application of the Privacy Act of 1981 among Israeli Public Web Sites Comparing the law with statements addressed to users (phase II: comparing the above with the actual practices) Assessing the relevance of the law Regulation of digital privacy Regulation of digital environment

4 Birnhack & Elkin-Koren, Feb. 20044 Method of Research Defining the scope of the research Classification of sites according to practices: Information Collectors Non-Collectors Privacy Policies: Finding them…, and Analysing them in light of legal requirements

5 Birnhack & Elkin-Koren, Feb. 20045 Scope: Israeli Public Web Sites Home pages no internal pages (http://haifa.ac.il/law)http://haifa.ac.il/law no sub-sites (excludes geocities-like sites) Israeli sites ( ) Top third level domain http://haifa.ac.il, not http://infosoc.haifa.ac.il/ http://haifa.ac.ilhttp://infosoc.haifa.ac.il/ Active sites only (only about 50% active) Sites operated by Public bodies and licensed ISPs

6 Birnhack & Elkin-Koren, Feb. 20046 Examined Populations

7 Birnhack & Elkin-Koren, Feb. 20047 Legal Requirements: Privacy Protection Act of 1981 Database: Collection of electronic information, with the exception of: Personal collection Communications data only Obligation of Registration, if: 10,000+ people, or “sensitive information”, or Information obtained by third parties, or Public database, or Direct marketing.

8 Birnhack & Elkin-Koren, Feb. 20048 Notice S. 11 of the Privacy Act: A request aimed at a person, for the provision of information to be held in a database, should be accompanied with a notice: Is there a legal duty to provide the info.? The purpose for which the info. is sought Will the info. be disclosed to third parties? To whom? For what purpose?

9 Birnhack & Elkin-Koren, Feb. 20049 Results 50% Collect Information 30% (15% of total population) Have Privacy Policy 60%(9% of total population) Privacy Policy 90% Links to policy active 10% links to policy inactive 40% different title for the policy 70% No Privacy Policy

10 Birnhack & Elkin-Koren, Feb. 200410 Results

11 Birnhack & Elkin-Koren, Feb. 200411 Results

12 Birnhack & Elkin-Koren, Feb. 200412 Notice S. 11 of the Privacy Act: A request aimed at a person, for the provision of information to be held in a database, should be accompanied with a notice: Is there a legal duty to provide the info.? The purpose for which the info. is sought Will the info. be disclosed to third parties? To whom? For what purpose?

13 Birnhack & Elkin-Koren, Feb. 200413 The Content of Privacy Policies 30% of Information Collecting Sites have a privacy policy of some sort 75% do not indicate whether info. is collected 60% did not indicate the purpose of the collection of info. 90% did not indicate whether there is an obligation to provide info.

14 Birnhack & Elkin-Koren, Feb. 200414 Privacy Act of 1981 S. 13: Right of Access Data subject is entitled to access information about her held in database S. 14: Right of Amendment If information is inaccurate, subject has the right to require amendment

15 Birnhack & Elkin-Koren, Feb. 200415 Results Number of sites which indicate the right of access and/or the right of amendment: ? 0

16 Birnhack & Elkin-Koren, Feb. 200416 Data Security S. 17 of the Privacy Act of 1981: The owner of a database… is responsible for the security of the information stored in the database.

17 Birnhack & Elkin-Koren, Feb. 200417 Privacy Practices in Excess of the Act ’ s requirements 21% of the sites which do not seem to collect information have a privacy policy 70% of all sites, including sites which do not collect information, specifically announce that they secure the data.

18 Birnhack & Elkin-Koren, Feb. 200418 Summary of results Low level of compliance Low awareness Vagueness of the concept of privacy Enforcement failure Privacy practices in excess of the Act: Market forces “law in action” Future plans

19 Birnhack & Elkin-Koren, Feb. 200419 Other Countries South Africa: Survey of top 100 sites: 2/3 fail to comply fully with the law -- Information Systems students, Cape Town University, AllAfrica.com, Sep. 7, 2003 UK: Survey of 90 most popular websites: only 2% were “totally compliant” with the Privacy and Electronic Communications Regulation -- WebAbacus research, BBC News, Dec. 14, 2003

20 Birnhack & Elkin-Koren, Feb. 200420 Ramifications Assumptions: Non-deterministic view of technology Privacy is an important value, and should subsist in the digital environment Within the law: Correct enforcement-failures, e.g., class actions; effective governmental supervision Require disclosure of rights (access, amendment) Indirect regulation: carrot & stick approach: Incentives to provide privacy (e.g., US-EU safe harbor) Disincentives to non-compliance Private Ordering Regulation by code

21 Birnhack & Elkin-Koren, Feb. 200421 Privacy Practices of Israeli Public Web Sites Thanks! michaelb@research.haifa.ac.il elkiniva@research.haifa.ac.il

Download ppt "Birnhack & Elkin-Koren, Feb. 20041 Privacy Practices of Israeli Public Web Sites February 2004 Dr. Michael Birnhack & Dr. Niva Elkin-Koren Haifa Center."

Similar presentations

EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure.

EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure.
IMPS Information Management and Policy Services Information Services Directorate A briefing for all University staff November 2004 New Information Legislation.

IMPS Information Management and Policy Services Information Services Directorate A briefing for all University staff November 2004 New Information Legislation.
BT2103 Developing Small Systems for Business Lecture 2 Databases, Data Management, And The Legal Framework.

BT2103 Developing Small Systems for Business Lecture 2 Databases, Data Management, And The Legal Framework.
Data Protection Information Management / Jody McKenzie.

Data Protection Information Management / Jody McKenzie.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
The Problem Solvers TM www.singleton.com Privacy Rights: Minors and Parents Michael J. Hewitt Marcel Daigle Singleton Urquhart LLP.

The Problem Solvers TM Privacy Rights: Minors and Parents Michael J. Hewitt Marcel Daigle Singleton Urquhart LLP.
1 Allan Chiang, S.B.S. Privacy Commissioner for Personal Data 8 July 2013 Asian Privacy Scholars Network Conference Balance between Access to Public Domain.

1 Allan Chiang, S.B.S. Privacy Commissioner for Personal Data 8 July 2013 Asian Privacy Scholars Network Conference Balance between Access to Public Domain.
Christian Vargas. Also known as Data Privacy or Data Protection Is the relationship between collection and spreading or exposing data and information.

Christian Vargas. Also known as Data Privacy or Data Protection Is the relationship between collection and spreading or exposing data and information.
Freedom of Information What does it mean for us? Introductory Training Session.

Freedom of Information What does it mean for us? Introductory Training Session.
6/1/2015MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA 1 PRESENTATION OF PERSONAL DATA PROTECTION BILL PRESENTATION OF PERSONAL DATA PROTECTION BILL.

6/1/2015MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA 1 PRESENTATION OF PERSONAL DATA PROTECTION BILL PRESENTATION OF PERSONAL DATA PROTECTION BILL.
Hong Kong Privacy Code on Human Resource Management

Hong Kong Privacy Code on Human Resource Management
Www.oaic.gov.au Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.

The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.
Data Protection Data Protection Acts 1988 & 2003 Directive 95/46/EC Privacy.

Data Protection Data Protection Acts 1988 & 2003 Directive 95/46/EC Privacy.
Duncan Woodhouse – Assistant Registrar for Information Security, Risk Management and Business Continuity Helen Wollerton – Administrative Officer (Legal.

Duncan Woodhouse – Assistant Registrar for Information Security, Risk Management and Business Continuity Helen Wollerton – Administrative Officer (Legal.
FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.

FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.
Property of Common Sense Privacy - all rights reserved 01875340890 THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.
Per Anders Eriksson

Per Anders Eriksson
Information Privacy Policy in Canada Presented By: Sue Wu.

Information Privacy Policy in Canada Presented By: Sue Wu.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Similar presentations

Ads by Google