Data Protection and Data Security: The NSA Scandal from a Legal Point of View
It all began with the revelations of former US-intellicence services Edward Snowden in June 2013 on surveillance activities of the United States and the United Kingdom, who have carried this out at least since 2007. It came to light that the telecommunication and the Internet were monitored globally without a given suspicion. Main argument of both countries is the prevention of terrorist attacks. Besides individual citizens of different countries – including leading politicians – even buildings and offices of the European Union and the United Nations were spied on by hidden microphones and the e-mail traffic was monitored. The data obtained are retained for an undisclosed period (Cf. the contribution of Erich Schweighofer / Stephan Varga / Walter Hötzendorfer / Janos Böszörmenyi, Ist Open Source Intelligence durch Botschaften rechtmäßig? (Is Open Source Intelligence of Ambassies Lawful?), in: Jusletter IT 20 February 2014. At present, a comprehensive study on the lawfulness of secrect service activities is prepared; it could not be finished due to non-accessibility to important documents.).
Privacy experts, scholars and practitioners look at the legal situation in the individual countries and make comparisons.
Rolf H. Weber and Dominic N. Staiger contrast the surveillance capabilities of Swiss authorities with those of their US-American counterparts and focus in particular on data protection issues. Moreover technical solutions in minimizing monitoring as well as organizational changes are addressed with the aim of reducing exposure to foreign surveillance.
Daniel Vischer gives us an update on the Swiss Intelligence Service Act. Thomas Hansjakob presents the proposed changes and effects of the revision of the Swiss Federal Law on Surveillance of the Post and Telecommunications (BÜPF). This law regulates, inter alia, the permissibility of the use of so-called GovWare («Trojan horse of the Government»).
Ann Cavoukian from Canada proposes a new methodology – the «Privacy-Protective Surveillance» (PPS) – which offers an alternative to the current counter-terrorism surveillance systems.
Gertjan Boulet and Elonnai Hickok consider the reactions to the Snowden affair in India and Belgium. From the Czech perspective Filip Křepelka reports on mass surveillance of telecommunication and its legal remedies.
Not least the judgement of the European Court of Justice of 8 April 2014 (C-293/12, Digital Rights Ireland), clears basic rights questions. A surveillance and data retention without sufficient reasons is not allowed – and therefore the Data Retention Directive 2006/24/EC – is invalid. Both the Snowden affair as well as the decision of the ECJ demonstrate significant and avoidable failures of government policy development and implementation. Malcolm Crompton und Chong Shaodescribe the «4As Framework», which was developed years ago by the Privacy Commissioner of Australia for managing and avoiding such risks.
What is the «tense relationship» of society-related transparency and government surveillance? How can the various fundamental rights be balanced against each other? Elisabeth Hödland Sebastian Lukic analyse the concept of transparency in the digital world.
Agnes Balthasar, Matthias Wach and Alexander Balthasar ask whether security riscs are really unavoidable. These bugs provide far-reaching options for intelligence services as well as criminals for intercepting data for their own purposes or for manipulation. The authors present technical, legal doctrine and legal policy considerations and want to be inspiration for further developments.
Orlan Lee and James She caution about insufficient control of private data collections which are commercially very successful but neglect data protection.
The monitoring of a player in online games, i.e. of his avatar, can be a threat to the privacy of individuals and can be misinterpreted completely. Burkhard Schafer and Wiebke Abel try a first comparative analysis of the monitoring of gambling habits.
Robert Briner raises the question of whether the NSA scandal is actually something for lawyers. Though as observed from nearby a legal detailed analysis is necessary, a view of the bigger picture clearly shows even more important legal contexts.
Espionage is however by no means a new phenomenon and has been practiced for millennia. Fritjof Haft compares the espionage in past and present.
Kai Erenli and Maximilian Schubert finally demand a constitution for the Internet and draft the individual articles of a global Bill of Rights 2.0.
In the case of Google Spain (C-131/12) the ECJ has also extended the principal of targeting to the sales offices of internet companies. Thus, the European data protection law is applicable to all companies which intend to sell advertising space in search engines (and social web). The right to deletion (or right to be forgotten) is nothing new, and it must be considered in the context of media and archiving law. On request, harmful links shall be deleted by Google, if there is no appropriate reason (i.e. interest in prosecution by the Police, open court policy etc.).
We would be delighted if you participate in our survey on data protection and data security. The results will be published in the next issue of Jusletter IT.
New to this issue is the category «TechLawNews», where you'll find News from the field of IT and Law by the lawyers Daniel Ronzani and Simon Schlauri.
Having said this, we hope you enjoy reading this issue