High Technology Cooperation Group: Data Privacy - PowerPoint PPT Presentation

Loading...

PPT – High Technology Cooperation Group: Data Privacy PowerPoint presentation | free to download - id: d4146-ZDc1Z



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

High Technology Cooperation Group: Data Privacy

Description:

High Technology Cooperation Group: Data Privacy. The Indo-U.S. High ... review recognized need for greater harmonization across EU application and need ... – PowerPoint PPT presentation

Number of Views:18
Avg rating:3.0/5.0
Slides: 21
Provided by: inst436
Learn more at: https://www.bis.doc.gov
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: High Technology Cooperation Group: Data Privacy


1
High Technology Cooperation Group Data Privacy
Privacy and Cyber Security legal and policy
issues
Joseph Alhadeff Chair, USIBC Information
Technology Committee
The Indo-U.S. High Technology Cooperation Group
November 18, 2004
www.usibc.com
2
High Technology Cooperation Group Data Privacy
The Legal Landscape
  • Governmental Sources
  • EU Guidelines
  • FTC Fair Information Practices
  • Regional Law
  • National Law
  • Local Law
  • Quasi Governmental
  • OECD Guidelines
  • APEC Guidelines
  • APT Guidelines
  • Self Regulatory Bodies
  • Business/Sectoral Associations

The Indo-U.S. High Technology Cooperation Group
November 18, 2004
www.usibc.com
3
High Technology Cooperation Group Data Privacy
OECD Guideline Principles
  • The collection and use of data should be
    disclosed and users be given an opportunity to
    decline collection
  • Data should be collected, stored, processed, and
    communicated only for legitimate purposes
  • Data should be current, accurate, and relevant to
    the intended use and
  • Data subjects should be entitled to examine,
    where appropriate, data relating to them, and to
    obtain correction or deletion of such data, if
    justified.

The Indo-U.S. High Technology Cooperation Group
November 18, 2004
www.usibc.com
4
High Technology Cooperation Group Data Privacy
APEC Guidelines
  • Like OECD Guidelines recognize the benefits of
    the information flows as well as responsibilities
  • Based on OECD, but more flexible and adaptable to
    Global Information Flows
  • Focus is more on use of personal information and
    preventing harm through appropriate protection
    obligations that flow with the information
  • This includes work on using corporate rules with
    regional recognition
  • Principles should be ratified this year, work on
    implementation continues.

The Indo-U.S. High Technology Cooperation Group
November 18, 2004
www.usibc.com
5
High Technology Cooperation Group Data Privacy
Common Privacy Elements
  • Disclosure/Notice of what, how, why and with who
  • Choice opt in / opt-out
  • Access for review correction
  • Security
  • Fair, relevant, timely, for business need
  • Compliance/enforcement (company)
  • Redress/oversight (government/third party)

The Indo-U.S. High Technology Cooperation Group
November 18, 2004
www.usibc.com
6
High Technology Cooperation Group Data Privacy
Setting the Stage EU/US Basics
The Indo-U.S. High Technology Cooperation Group
November 18, 2004
www.usibc.com
7
High Technology Cooperation Group Data Privacy
EU/US Privacy Paradigms
  • EU
  • Privacy rights mainly applied to protect
    individuals from corporate/commercial use of
    information
  • The role of government in protecting privacy
  • The human right of privacy and moral rights of
    authors
  • Regulation in advance of issue
  • Wrongful collection of information
  • US
  • The Constitutional right to privacy secures
    citizens from unreasonable governmental intrusion
  • The role of the government in assuring fairness
    and preventing deception
  • Free speech, individual choice and the fair use
    doctrine
  • Legislation in response to issue
  • Harmful use of information

The Indo-U.S. High Technology Cooperation Group
November 18, 2004
www.usibc.com
8
High Technology Cooperation Group Data Privacy
The Nature of a Directive
  • EU wide application
  • National country implementation
  • May vary in implementation as long as not
    contrary
  • Any Country / Citizen may bring action to claim
    that national is not in compliance
  • Heard by EU court

The Indo-U.S. High Technology Cooperation Group
November 18, 2004
www.usibc.com
9
High Technology Cooperation Group Data Privacy
EU Directive
  • October 24, 1998 implementation
  • EU Personally identifiable information must have
    adequate protection
  • Intranet/Web collection
  • Extraterritorial effect - adequacy of other laws
  • National implementation spectrum floor not
    ceiling
  • Directive review

The Indo-U.S. High Technology Cooperation Group
November 18, 2004
www.usibc.com
10
High Technology Cooperation Group Data Privacy
EU Directive - Continued
  • Extraterritorial effect precludes transfer to
    countries not providing for adequate protection
    of privacy
  • Adequacy findings for Switzerland, Hungary,
    Canada, Argentina and the US Safe Harbor
    companies
  • Derogations
  • Contractual solutions
  • EC Data Controller and Processor Model Contracts
  • ICC Model Contract
  • Binding Corporate Rules Work in progress

The Indo-U.S. High Technology Cooperation Group
November 18, 2004
www.usibc.com
11
High Technology Cooperation Group Data Privacy
Directive Historical Context
  • Directive was drafted in a time of point-to-point
    EDI and overnight batch processing.
  • Contractual solutions/adequacy were more
    appropriate for country-to-country transfers
  • Directive review recognized need for greater
    harmonization across EU application and need for
    greater flexibility of application to global
    information flows.

The Indo-U.S. High Technology Cooperation Group
November 18, 2004
www.usibc.com
12
High Technology Cooperation Group Data Privacy
US/EU Agree on Safe Harbor
  • Effective date 11/00 - Compliance By 7/01
  • Self-certification
  • Principles/FAQs
  • Enforcement Mechanisms
  • Third Party backed by FTC/DOT
  • Panel of three registrars
  • Benefit - Finding of adequacy is equivalent to
    transfer w/in EU for prior consent purposes, BUT
    still requires notice rationale

The Indo-U.S. High Technology Cooperation Group
November 18, 2004
www.usibc.com
13
High Technology Cooperation Group Data Privacy
Safe Harbor Principles
  • 1.Notice
  • 2.Choice
  • 3.Onward Transfer
  • 4.Security
  • 5.Access
  • 6. Enforcement
  • Documents may be found at
  • http//www.export.gov/safeharbor

The Indo-U.S. High Technology Cooperation Group
November 18, 2004
www.usibc.com
14
High Technology Cooperation Group Data Privacy
Safe Harbor Review
  • Report was critical of certain practices but did
    not undermine the Safe Harbor
  • Focused on need for clarification, education and
    review of oversight practices
  • Financial Services still NOT covered
  • Treasury negotiations
  • Fractured alliance prospects…
  • Safe harbor predicated on Agency backstop FTC,
    DOT

The Indo-U.S. High Technology Cooperation Group
November 18, 2004
www.usibc.com
15
High Technology Cooperation Group Data Privacy
Outside EU and US Some Highlights…
  • All enlargement countries, Switzerland and EFTA
  • Other active countries w/some legislation…
  • Hong Kong New Zealand Chile Argentina Canada,
    AustraliaTaiwanKoreaSouth Africa, Japan…
  • Proposed/Thinking Thailand India Brazil
    Mexico China…

The Indo-U.S. High Technology Cooperation Group
November 18, 2004
www.usibc.com
16
High Technology Cooperation Group Data Privacy
Privacy and India
  • Focus on rationale and objective
  • Review existing laws and processes (including
    Contract Law and other related laws and
    processes)
  • Review current state of the data processing and
    global sourcing industry re privacy and security
  • Gap analysis to relevant international
    instruments and norms
  • Selective amendment or revision of existing laws
    and processes as needed to achieve objectives
  • The need for more, better and targeted
    information to address gaps in perception

The Indo-U.S. High Technology Cooperation Group
November 18, 2004
www.usibc.com
17
High Technology Cooperation Group Data Privacy
Innovative Privacy Architecture Elements
The Indo-U.S. High Technology Cooperation Group
November 18, 2004
www.usibc.com
18
High Technology Cooperation Group Data Privacy
Concepts for Privacy Approaches
  • Consistent with need for and benefits of global
    information flows
  • Protection as appropriate to type and use of
    information business directory, for instance
  • Limitation of bureaucratic overhead
  • Innovative policy instruments and mechanisms
  • Recognition of registration/ certification/
    accreditation
  • Mediation/dispute resolution
  • Cooperation in cross-border transfer and
    responsibility

The Indo-U.S. High Technology Cooperation Group
November 18, 2004
www.usibc.com
19
High Technology Cooperation Group Data Privacy
Concepts contd
  • Transparency for Business and Consumer
  • Appropriate relationship to security
  • Relevance to developed and developing countries
    as well as those with and without existing
    frameworks
  • Considering appropriate incentives, motivating
    factors and redress frameworks

The Indo-U.S. High Technology Cooperation Group
November 18, 2004
www.usibc.com
20
High Technology Cooperation Group Data Privacy
To what end?
  • Exploring the thought-leadership role that India
    could play as a result of long-established legal
    frameworks, cutting edge technology players,
    entrepreneurial expertise and increasingly
    important role in global data transfers

The Indo-U.S. High Technology Cooperation Group
November 18, 2004
www.usibc.com
About PowerShow.com