How To Create An Inclusive Global Information Society

Transcription

1 Legal frameworks for information societies Preconditions for information exchange (2) Steven Segaert Main topics 1. What law is relevant to the existing of information societies? What can you expect to find? 2. How to take into account, and use, law? October 7-8, 2008 Tirana 2 Legal framework of information societies What is this information society? What kind of law applies to information societies? Is it special? Why? What do we need to regulate? October 7-8, 2008 Tirana 3 1

2 Information society... Our starting point is the commonplace observation that we are in a period of intense social change. Numerous writers have argued that the West is currently experiencing a profound shift from an industrial society to a post-industrial, Information Society. Some argue that the shift has affected people's ability to make sense of the rapid changes in which society is immersed. These changes contrast with commonly understood ways of seeing the world and with our taken-for-granted ways of understanding such familiar terms as "information", "location", and "knowledge". An inclusive global information society is one where all persons, without distinction, are empowered freely to create, receive, share and utilize information and knowledge for their economic, social, cultural and political development. (WSIS) A society where communication and information technologies influence the everyday lives of most of its members. Helped by the advance of the Internet and a 'wired' culture, technology is used for a wide range of personal, social, educational and business activities, and to transmit receive and exchange digital data rapidly between places despite great distances. In an information society, information is as powerful a resource as the manufacturing and agricultural industries were in previous eras. Also known as the knowledge economy, digital era or information superhighway. October 7-8, 2008 Tirana 4 Information society... An information society is a society in which the creation, distribution, diffusion, use, integration and manipulation of information is a significant economic, political, and cultural activity. The knowledge economy is its economic counterpart whereby wealth is created through the economic exploitation of understanding. Specific to this kind of society is the central position information technology has for production, economy, and society at large. Information society is seen as the successor to industrial society. (Wikipedia) October 7-8, 2008 Tirana 5 Information society... October 7-8, 2008 Tirana 6 2

3 Why do we need law? Law is instrumental: it needs to facilitate societal developments while protecting us from the state and from ourselves Law can not create, nor should it dictate, reality. The information society is a reality. Law should enable it to develop; not impede it... October 7-8, 2008 Tirana 7 What needs to be regulated? 1 Common resources and infrastructure 2 The flow of information 3 Protect the new environment October 7-8, 2008 Tirana 8 Common resources and infrastructure Spectrum, airwaves, networks,... are all limited; allowing it to be monopolized is unfair and hampers development Telecommunications Act, Cable Distribution Act, etc. To create favourable conditions for development To regulate the use of limited resources through purposeful planning To establish the requirements for telecommunications networks and provision of services To install a level of state supervision to market players October 7-8, 2008 Tirana 9 3

4 The flow of information October 7-8, 2008 Tirana 10 Historical trend... The flow of information 1. State secrets acts 2. Freedom of information laws In the OECD: 20% in % in % in 2000 (24/30 countries) 3. Protection of the individual 4. Copyright and patent laws as protection of property rights October 7-8, 2008 Tirana 11 Freedom of information You can expect to find... A constitutional provision on right to information A Public Information Act Goal: to provide everyone and anyone with access to public information... and to create possibilities for the public to monitor the performance of public duties October 7-8, 2008 Tirana 12 4

5 Freedom of information What is public information? Information which is recorded and documented in execution of public power as directed by laws and other legal acts (irrespective of the way it is recorded and documented, the medium or the location) October 7-8, 2008 Tirana 13 Freedom of information Who is the owner of public information? State and local government Public legal persons Private legal persons, if... they execute public tasks receive public funds or have a natural monopoly October 7-8, 2008 Tirana 14 Freedom of information Obligations as an owner of public information? The owner of public information is obliged to grant access... in the quickest and easiests manner... while protecting private data. Access should not cost anything extra (the law can contain charges for the carrier, not for the information) Everybody has the right to contest a restriction on access to information October 7-8, 2008 Tirana 15 5

6 Freedom of information Exceptions (when is access not to be granted) When openness ruins the possibility of work, Puts something into danger, Puts someone groundlessly into danger, Or there are obligations to the contrary from a higher level (international agreements, constitution) Even then: time limit to restrictions October 7-8, 2008 Tirana 16 Freedom of information Active measures and good practices? Not always found in Freedom of Information laws. e.g. Law can have a list of obligatory online content Law can provide that you have to have a website, or join a portal site Law can tell you to publish a document register, what is kept and why, and the rules to get access October 7-8, 2008 Tirana 17 Freedom of information Active measures and good practices? Still a good idea to organise a humane process yourself... Register a request only if you cannot satisfy it immediately Move requests from official to official (one entry point for requests) Answer immediately or within a very short timeframe Tell people clearly where they can complain October 7-8, 2008 Tirana 18 6

7 October 7-8, 2008 Tirana 19 Your organisation... Way too much work! We can t let all that information go public, surely?! How much will all that cost? Don t tell people what we do; they won t understand it anyway... Ok, I got it. Give us three years, we will make it then! Journalists would have a field day... October 7-8, 2008 Tirana 20 Freedom of information Radical? No it is necessary! Controversial? Only until implemented... Success comes from working together Training and awareness-building is necessary for all: civil servants, politicians, citizens and even journalists October 7-8, 2008 Tirana 21 7

8 Protection of personal data Personal data? personal data shall mean any information relating to an identified or identifiable natural person ( Data Subject ); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity. (Directive 95/46/EC, 24/10/1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data) broad definition; technology neutral October 7-8, 2008 Tirana 22 Protection of personal data Sensitive personal data? A subset of personal data; separately defined; more conditions are set for processing to be legal (usually the consent of the person involved is required). EC Directive: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of data concerning health or sex life... but the definition can be larger in your own law. Rule: no processing, with exceptions October 7-8, 2008 Tirana 23 For who? Protection of personal data All legal entities (public or private) that control personal data The individual or the legal person who controls and is responsible for the keeping and use of personal information on computer or in structured manual files. October 7-8, 2008 Tirana 24 8

9 Protection of personal data Personal data should not be processed at all, except when certain conditions are met... Transparency The data subject must be informed; the controller must provide its contact data, the prupose of processing, the recipients of the data and all other relevant information required to ensure the processing is fair. The data subject can access, demand rectification, deletion or blocking if the conditions are not met. October 7-8, 2008 Tirana 25 Protection of personal data Personal data should not be processed at all, except when certain conditions are met... Legitimate purpose Personal data can only be processed for specified explicit and legitimate purposes, and for nothing else. There are certain conditions to be fulfilled before personal data can be processed. When it involves sensitive personal data, extra restrictions apply. October 7-8, 2008 Tirana 26 Protection of personal data Personal data should not be processed at all, except when certain conditions are met... Proportionality Process only insofar as it is adequate, relevant and not excessive in relation to the purposes. Data must be kept accurate and up to date. Don t keep it longer than needed. Decisions with legal or otherwise significant effects may not be taken only on the automated processing of data. A form of appeal is to be provided. October 7-8, 2008 Tirana 27 9

10 Protection of personal data Supervisory authority Must be an independent body that monitors, advises and starts legal procedures when the rules are broken. A controller of data must notify the supervisory authority before he starts to process data who controls what data is kept in a public register. October 7-8, 2008 Tirana 28 Protection of personal data Still... Personal data may only be transferred to third countries IF that country provides an adequate level of protection. Rules also apply whenever the controller uses equipment situated in the EU, or processes data in the EU. October 7-8, 2008 Tirana 29 What can you do? Protection of personal data Adhere to the principles, even if you don t have to - they are valid and make sense Check your own situation (incl. your own laws) Plus: add the information used to come to a decision to all decisions you communicate... October 7-8, 2008 Tirana 30 10

11 Database act What should be done in order to build and maintain government databases? 2-level management Chief processors: the politically responsable Authorised processors: technically responsable Classification of data or classification of databases? October 7-8, 2008 Tirana 31 3 Protect the new environment Development needs to be facilitated Certain interests need to be protected October 7-8, 2008 Tirana 32 Digital signature law Issues and needs: You can hardly put a handwritten signature on an electronic document... What is an original document when you only have elctronic copies? Solution: look at what a signature does Identifies the signer The signer takes ownership / responsability of the document October 7-8, 2008 Tirana 33 11

12 Digital signature law Issues and needs: You can hardly put a handwritten signature on an electronic document... What is an original document when you only have elctronic copies? False issues emerge... October 7-8, 2008 Tirana 34 Digital signature law Identifies the signer The signer takes ownership / responsability of the document October 7-8, 2008 Tirana 35 Digital signature law Digital signatures are equivalent to handwritten ones, if... Uniquely identifies the signer Authenticates the signed document Allows to set a sequence of events October 7-8, 2008 Tirana 36 12

13 Digital signature law Equivalent = you must accept it (might mean you have to adapt your law) Technology-neutral When a certification authority adheres to the rules, you must trust him! Signing is not encrypting! Also machines and entities can use digital signatures October 7-8, 2008 Tirana 37 Other useful acts Identity documents act (EID?) Information society services act ISP liability, spam legislation, conditions for providing services online Re-use of public information by businesses Cyber-crime provisions Charter of electronic rights Provide standards for public e-service delivery (possibility to access services online, right to be involved in decision making processes,...) October 7-8, 2008 Tirana 38 Some conclusions Law does not create an information society... but impeding laws can hamper it Society without law is not realistic No need to re-invent, but also no use to copy using the principles is usually the best idea Eu integration can inspire Inaction is worse than not getting it perfect straight away The order of enacting is of little importance October 7-8, 2008 Tirana 39 13

14 More information (lots of it) October 7-8, 2008 Tirana 40 Thank you! Time for a break... Steven Segaert E-Governance Academy steven@ega.ee October 7-8, 2008 Tirana 41 14