Who was that woman you were with in that photo I saw on Facebook? I’ll google her name and see what comes up.
The internet has stripped away a tremendous level of our privacy. Audio recordings, images and texts can be posted and distributed by anyone without much legal recourse, especially if it is posted anonymously. The recent Wikileak’s debacle has shown that no one, no matter how high profile, is protected from the all seeing internet.
Some may say this is a curse while others claim it to be a blessing.
Information privacy law
Information privacy laws cover the protection of information on private individuals from intentional or unintentional disclosure or misuse. The European Directive on Protection of Personal Data, released on July 25, 1995 was an attempt to unify the laws on data protection within the European Community. As a result, customers of international organizations such as Amazon and eBay in the EU have the ability to review and delete information, while Americans do not. In the United States the equivalent guiding philosophy is the Code of Fair Information Practice (FIP). This was developed by the Office of Technology Assessment in response to concerns about the potential for electronic surveillance.The difference in language here is important: in the United States the debate is about privacy where in the European Community the debate is on data protection. Moving the debate from privacy to data protection is seen by some philosophers as a mechanism for moving forward in the practical realm while not requiring agreement on fundamental questions about the nature of privacy.
The basic principles of data protection in the EU are:
- For all data collected there should be a stated purpose
- Information collected by an individual cannot be disclosed to other organizations of individuals unless authorized by law or by consent of the individual.
- Records kept on an individual should be accurate and up to date.
- There should be mechanisms for individuals to review data about them, to ensure accuracy. This may include periodic reporting.
- Data should be deleted when it is no longer needed for the stated purpose.
- Transmission of personal information to locations where "equivalent" personal data protection cannot be assured is prohibited.
- Some data is too sensitive to be collected, unless there are extreme circumstances (e.g., sexual orientation, religion)
Because of this, in theory the transfer of personal information from the EU to the US is prohibited when equivalent privacy protection is not in place in the US. In practice, data is transmitted from the EU to the US, India and other data havens. What is required is that the non-EU organization have a data protection or privacy policy. American companies that would work with EU data must comply with the Safe Harbour framework. The core principles of data protected are limited collection, consent of the subject, accuracy, integrity, security, subject right of review and deletion.