Accession to Convention 108: Benefits and Commitments. Marc Rotenberg, President Electronic Privacy Information Center Washington, DC



Similar documents
Thank you for the opportunity to join you here today.

Jan Philipp Albrecht Rapporteur, Committee on Civil Liberties, Justice and Home Affairs European Parliament

Honourable members of the National Parliaments of the EU member states and candidate countries,

When Can We Expect a Federal Data Breach Notification Law?

EU- US NGO Letter on 1 To Secretary Pritzker

John O. Brennan Central Intelligence Agency Office of Public Affairs Washington, D.C November 4, Mr. Brennan:

COMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER

EDRi s. January European Digital Rights Rue Belliard 20, 1040 Brussels tel. +32 (0)

The USA Freedom Act: A Partial Response to European Concerns about NSA Surveillance Peter Swire

DATE: 1 APRIL Introduction

FACEBOOK STATEMENT RICHARD ALLAN NOVEMBER 11, My name is Richard Allan, and I am the Director of Public Policy

29 October 2015 Conference of the Independent Data Protection Authorities of the Federation and the Federal States

Mr President, Ladies and Gentlemen Members of the Court, Mr Advocate. Thank you for inviting the European Data Protection Supervisor today.

Government in America People, Politics, and Policy 16th Edition, AP Edition 2014

CEEP OPINION ON THE TRANSATLANTIC TRADE

Setting the Record Straight: U.S. Department of Homeland Security Policies on Protecting Privacy. Lauren Saadat and Shannon Ballard 1

A/HRC/19/NGO/148. General Assembly. United Nations

Civil Rights, Security and Consumer Protection in the EU

PROTECTING HUMAN RIGHTS IN THE UK THE CONSERVATIVES PROPOSALS FOR CHANGING BRITAIN S HUMAN RIGHTS LAWS

Trade Debates - Liberal Voices Needed

We have concluded that the International Criminal Court does not advance these principles. Here is why:

Safety, Privacy, and the Internet Paradox: 2015 and the Need for New Trans-Atlantic Rules

How To Study Political Science At Pcj.Edu

Opinion of the European Data Protection Supervisor

Asset and Income Disclosure for Judges: A Summary Overview and Checklist By Keith E. Henderson*

COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL. Rebuilding Trust in EU-US Data Flows

ACTA - State of Play. Karel De Gucht. European Commissioner for Trade

Presentation by Mr. Richard Bruton, Minister of Jobs, Enterprise and Innovation to the IMCO Committee of the European Parliament, Brussels

JOINT MOTION FOR A RESOLUTION

Position Paper: Berlin, 31 March Legislative intentions to increase IT Security

S. ll IN THE SENATE OF THE UNITED STATES

Just Net Coalition statement on Internet governance

Bringing European values to the Internet of Things

Economic Impact of PRISM on Cloud Services & Safe Harbor

The official nomination of national focal points for issues relating to statelessness in seven (7) States (commitment 22)

Council of the European Union Brussels, 14 November 2014 (OR. en) Ensuring respect for the rule of law in the European Union

Strategic Priorities for the Cooperation against Cybercrime in the Eastern Partnership Region

Draft Resolution for the United Nations Human Rights Council 30 th Session, September 14-25, Situation of Human Rights in Venezuela

UN Human Rights Council UNITED KINGDOM candidate

Annex 1 Primary sources for international standards

Statement National Strategy for Trusted Identities in Cybersecurity Creating Options for Enhanced Online Security and Privacy

Legal protection of children from sexual exploitation: The Lanzarote Convention and the ONE in FIVE campaign

Working with an Obsolete Directive: Direct Marketing and International Data Transfers

The EU Democratic Governance Pact

Committee on Civil Liberties, Justice and Home Affairs - The Secretariat - Background Note on

Committee of Ministers - The promotion of Internet and online media services a...

Crete-Monee Middle School U.S. Constitution Test Study Guide Answers

Academic Standards for Civics and Government

Smart Borders and Law Enforcement Access: Legitimacy, Effectiveness, and Proportionality

LIMITE EN COUNCIL OF THE EUROPEAN UNION. Brussels, 3 February /12 LIMITE JAI 53 USA 2 DATAPROTECT 13 RELEX 76

Patents in Europe 2013/2014

Online Ads: A new challenge for privacy? Jörg Polakiewicz*

Minister Shatter presents Presidency priorities in the JHA area to European Parliament

Cybercrime Bedrohung, Intervention, Abwehr. Cybersecurity strategic-political aspects of this global challenge

Testimony of PETER J. BESHAR. Executive Vice President and General Counsel. Marsh & McLennan Companies

DEFEND THE RIGHT OF INDEPENDENT LIVING. Action toolkit for an EU Parliament Resolution

Another Hungarian Constitutional Amendment: Smoke and Mirrors for the World. Tamás Boros. - Arbeitspapier - Friedrich Ebert Stiftung Budapest

CEAS ANALYSIS. of the Law on Amendments of the Law on the Security Intelligence Agency

How To Get A Law Passed In The United States

EU COOPERATION. The Madrid bombings have provided additional impetus for action. In an 18-page declaration on counter terrorism on

The European Response to the rising Cyber Threat

BCS, The Chartered Institute for IT Consultation Response to:

Keynote Presentation to. Simon Fraser University Vancouver, BC November 8, Elizabeth Denham Information and Privacy Commissioner for B.C.

CRS Report for Congress Received through the CRS Web

On April 15, 2002, Washington DC Mayor Anthony Williams spoke at an event led by

Value of the EU Data Protection Reform against the Big Data challenges. Keynote address 5th European Data Protection Days Berlin, 4.5.

AP Government Free Response Questions

PROTOCOL TO THE AFRICAN CHARTER ON HUMAN AND PEOPLES` RIGHTS ON THE ESTABLISHMENT OF AN AFRICAN COURT ON HUMAN AND PEOPLES` RIGHTS

TESTIMONY ALLAN E. O BRYANT EXECUTIVE VICE PRESIDENT HEAD OF INTERNATIONAL MARKETS AND OPERATIONS REINSURANCE GROUP OF AMERICA, INCORPORATED

Statement on the general concept of the European Union towards Data Protection by Aktion Freiheit statt Angst e.v.; EU Register ID

Draft Resolution. Submitted for revision by the delegations to the Model United Nation, College of Charleston, Spring 2011

Three Branches of Government. Lesson 2

Suspend the negotiations for a free trade agreement with the USA no agreement at the expense of workers, consumers or the environment

Lobbying: Sweet Smell of Success?

Research Note The Fight to Define U.S. Cybersecurity and Information Sharing Policy

NEGOTIATING FRAMEWORK FOR TURKEY. Principles governing the negotiations

Speech by the Taoiseach, Mr. Enda Kenny T.D. Ireland: Economic Recovery and the EU Presidency Stability, Jobs & Growth

1 Data Protection Principles

ELSA & Council of Europe

PARIS AGENDA OR 12 RECOMMENDATIONS FOR MEDIA EDUCATION

(COSAC) CONTRIBUTION OF THE XLI COSAC

Dear Ms Neubauer and other distinguished guests, MP s and their assistents, representatives of Ministries, representatives of NGOs.

- CHECK AGAINST DELIVERY -

Office of the Attorney General Washington, D.C

Academic Standards for Civics and Government

CSA Survey Results Government Access to Information July 2013

THE WESTERN BALKANS LEGAL BASIS OBJECTIVES BACKGROUND INSTRUMENTS

THE WHITE HOUSE Office of the Press Secretary

Final (RUSSIA-EU VISA DIALOGUE) GENERAL FRAMEWORK

Response of the Northern Ireland Human Rights Commission on the Health and Social Care (Control of Data Processing) NIA Bill 52/11-16

Surviving the Era of Hack Attacks Cyber Security on a Global Scale

INTERVIEW WITH ANDERS FOGH RASMUSSEN *

Comments and proposals on the Chapter IV of the General Data Protection Regulation

Forming a More Perfect Union

List of issues in relation to the initial report of the European Union

EU-U.S. DECLARATION ON COMBATING TERRORISM DROMOLAND CASTLE, 26 JUNE 2004

4. There are three qualifications from becoming a member of the House of Representatives

American Government/Civics

1965 Alabama Literacy Test

Transcription:

Accession to Convention 108: Benefits and Commitments Marc Rotenberg, President Electronic Privacy Information Center Washington, DC Convention 108: From a European Reality to Global Treaty Strasbourg, France 17 June 2016 Ladies and Gentlemen, distinguished guests, and friends, thank you for the opportunity to speak with you today. I am grateful for the invitation to participate in this historic conference. For those who may not know, EPIC is an independent, non-profit research organization, based in Washington, DC, established to focus public attention on emerging privacy and civil liberties issues. Over the course of many years, we have worked together to strengthen data protection, to promote international legal frameworks, and to defend the fundamental freedoms that are the bedrock of Constitutional democracies. But I do not believe there has been a moment where the particular urgency of establishing a comprehensive legal framework for privacy protection was more apparent. Even as we are meeting today, negotiators are rushing to make changes to a political agreement that will likely collapse upon judicial review. The obvious question is what will follow the so-called Privacy Shield. That is the starting point for my remarks. Let us quickly review the events of the last few years to understand how we reached this point. Recent Developments It was a little more than three years ago that we learned the scope of NSA surveillance of Internet users around the world. This was not simply the old-fashioned tracking of diplomats and suspected spies but rather the widespread surveillance of whole populations, of individuals who were monitored simply because they could be monitored. Private communications, web site visits, cell phone locations all were gathered up by secret means and poured into the enormous data centers maintained by the US National Security Agency for future analysis. The reaction was immediate and widespread. Rejecting the view that citizens must give up fundamental rights to ensure public safety, civil society organizations, legal Convention 108 1 Remarks of Marc ROTENBERG,

experts, and political leaders banded together to seek an end to the programs of mass surveillance. In the United States, legislators of both parties worked to enact the USA Freedom Act, which ended the bulk collection of domestic telephone record information and established public representation before the Foreign Intelligence Surveillance Court. The Freedom Act was an important step forward, but it was only a partial step. The Section 702 program, which permits the bulk collection of non-us persons and often times includes the records of U.S. persons, continued as did many of the identification, tracking, and monitoring programs of transportation, finance, and employment under the authority of the Departments of Homeland Security. Citizens outside of the US also rightly called for greater accountability of their own domestic intelligence agencies. While the surveillance capabilities of the National Security Agency pose unique challenges to constitutional democracies, it would be a fatal blindness for those who cherish fundamental freedoms to ignore the surveillance activities of other intelligence agencies, many of which operate with even less oversight than the NSA. Hearings took place before European Parliament, the German Parliament, and other national legislatures. In some countries, reforms were adopted. In others, ministers resigned. Cases were brought to the Court here in Strasbourg by NGOs objecting to the surveillance by the GCHQ. These are important reform measures and represent a broader effort to maintain accountability and transparency across all countries. Democratic governments owe Mr. Snowden their gratitude. Then came the historic decision of the Court of Justice of the European Union in the Schrems case. To find a case of equal significance in the long history of data protection we would need to go back to the German Constitutional Court decision that announced in 1983 a fundamental right to informational self-determination. That decision sent shock waves throughout privacy law, its most recent echo in Article 8 of the Charter of Fundamental Rights. The recent decision in Schrems, like the early census decision, has established a new foundation for the modern right to privacy. It will be a new starting point for how we understand privacy as a fundamental right. Status of Privacy Shield, the EU-US Data Transfer Arrangement We understand that in two weeks the Article 31 Committee will decide whether to approve the Privacy Shield. Much has been said for and against the Privacy Shield and it is not my intent to replay that debate for you today. But one point remains clear: it is unlikely that this arrangement for transborder data flows will survive another trip to Luxembourg. Indeed, under the very clear direction of the Court of Justice in the original Convention 108 2 Remarks of Marc ROTENBERG,

decision, it is unlikely that the Shield will survive judicial review with any of the Data Protection Authorities or national courts to which it is now subject. The legal objections will be found in the recent opinions of the Article 29 Working Party, the European Data Protection Supervisor, and the statements of the EU NGOs who represent those whose personal data risk will be put at risk under an arrangement without legal force. And while the case is made by some that the United States offers essentially equivalent protection, a fundamental problem cannot be ignored: even Americans do not believe that the United States has adequate protection for the privacy of their personal information. A leading industry analyst reported just last week that 45% of consumers are more worried about their online privacy than one year ago and 74% have limited their online activity in the last year due to privacy concerns. Meanwhile section 702 authority remains in place and the NSA seeks to promote greater surveillance and profiling of individuals using the essential services of the modern age. So, we can anticipate that the legal arguments and empirical evidence for a new robust framework for a legal protection will accumulate rapidly if the Article 31 Committee accepts the text of the Shield. Even the proponents quietly concede that there are too many weaknesses as measured against the Schrems decision. But the issue of data protection resonates also in the United States as a fundamental rights concern for Americans. Data Protection and the 2016 US Election It is probably fair to say that data protection is the most important least well understand issue in the 2016 United States elections. Every voter in the United States with a mobile phone, or a credit card, or a medical history, or an Internet account is affected by the policies and practices of organizations that collect and use their personal information. Yet there is a hardly a word spoken by any of the candidates about the issue. This is remarkable because American voters are routinely reminded of the vulnerability of their personal information. o Universities tell former students that their educational records, including payment information and bank details, have been breached, and they must obtain identity theft prevention services to guard against future acts of identity theft and financial fraud. o Banks inform account holders that credit card numbers have been compromised, accounts must be closed, and new accounts opened o All of the major Internet firms, including most recently Twitter and Linkedin, report massive breaches of password files Convention 108 3 Remarks of Marc ROTENBERG,

There is hardly a major financial firm, health provider, or Internet providers that has not suffered a massive data breach in the last few years. The consequences are born only in part by the firm because, of course, it is the individual s personal information, their credit records, their health information, that has been breached. Perhaps most remarkable, the US Office of Personnel Management, the central government agency tasked with the storage and management of personal information across the federal government, lost control of 21 million records of federal employees, their families, and friends. Included in the data breach were records containing more than 5 million unique biometric identifiers, and the contents of the sensitive SF 86, which is the form that must be completed to obtain sensitive jobs in the U.S. government. We were particularly upset that data breach because just a few years earlier, in an amicus brief for the US Supreme Court, EPIC had urged a right of information privacy to specifically prevent government agencies from collecting sensitive personal information, such as the data in the SF-86 form, they could not protect. In that case, NASA v. Nelson, the agency defended its poor data protection practices and the Supreme Court chose not to extend the right of information privacy, assuming that the data would be protected under existing law. Now all federal employees, including the members of the Supreme Court, their families and their staffs, live with the consequences of that decision. Still, organizations make ever greater demands for personal details, storing ever more sensitive information -- the digital images of a passports, identity documents, and credit cards in databases that are not adequately protected, thereby accelerating the risks they have created. And yet governments are reluctant to view this as a fundamental rights issue or even a consumer protection issue. Consumers are told that notice and choice is an effective privacy approach, and when there is a breach they will be notified of the problem. Some US companies are before the US Supreme Court, actively seeking to overturn good privacy laws enacted by the US Congress over many years that would help reduce the risk of data breach and identity. This is a course that will not end well for consumers or businesses. In the United States, EPIC has launched a new nonpartisan campaign to promote Data Protection in the 2016 election. We have already spoken with leaders of the Republican party and they agree that data protection is a key concern for American votes. They point to their own recent efforts in Congress to update the Electronic Communications Privacy Act, as well as Privacy Enhancing Techniques, adopted in law, to protect personal identifiers when web log are transferred from private companies to government agencies under the recently adopted Cybersecurity Information Sharing Act. Convention 108 4 Remarks of Marc ROTENBERG,

We will next make recommendations to Democratic leaders next and then we will continue to promote data protection throughout the political season. You can read more about the Data Protection campaign online. We have set out a brief privacy platform and included questions for the candidates. Through this campaign we hope not only to remind Americans that there are significant privacy problems but also that there are meaningful solutions to pursue. We have highlighted several key goals for privacy reforms in the United States, including: Strong encryption Comprehensive privacy legislation based on Fair Information Practices New privacy laws to limits activities such as surveillance by drones Creation of a new federal privacy agency We have specifically identified ratification of the Council of Europe Privacy Convention as one of the issues we believe candidates running for office in the United States should endorse. Support for US Accession Against this backdrop the case for US accession to Council of European Privacy Convention is clear, well established, and made repeatedly by civil society, technical experts, and legal scholars in the United States and around the world. In 2009, more than 100 civil society organizations and privacy experts endorsed the Madrid Declaration. The Madrid Privacy Declaration reaffirms support for international instruments for privacy protection, such as Convention 108, identifies new challenges and calls for concrete action. The Madrid Declaration specifically urges those countries that have not yet ratified Convention 108 together with the Protocol of 2001 to do so as expeditiously as possible. The Madrid Declaration also calls for a moratorium on the development of new systems of mass surveillance, such as airport body scanners, biometric identifiers, and RFID tags, subject to a full and transparent evaluation by independent authorities and democratic debate. Even as discussion about new legal instruments moves forward, it is critical that not lose sight of the daily challenges that new technologies, new business practices, and new government initiatives pose. Convention 108 5 Remarks of Marc ROTENBERG,

Following the Madrid Declaration, in 2010 members of the EPIC Advisory Board, legal scholars and technical experts, urged then Secretary of State Hilary Clinton to seek US ratification of the COE Privacy Convention. We expressed our support for Secretary Clinton s remark on Internet Freedom and we commended her for stressing the importance of freedom of expression and privacy protection as fundamental rights in our digital age We noted that many of the same concerns she expressed animated the framers of the Council of Europe Convention who saw the promise of new technology but also recognized the risk to fundamental rights. The United States should move to ratify the Council of Europe Convention on Privacy, the most widely known international framework for privacy protection. Some may object to the US supporting a Council of Europe convention, but it was only a few years ago that that the US rallied its European allies behind the COE Cyber Crime Convention, an international treaty that the US strongly supported. Past as Prologue Five years ago I had the honor speak with you on the occasion of 28 January, the day that marks the date that Convention 108 was open for signature EPIC will continue our efforts to promote the Council of Europe Convention. The Convention is not a theoretical construct or a relic from an earlier era. It is a reminder of the centrality of privacy in our modern age, and the need to support and maintain international legal frameworks that enable growth and innovation, while safeguarding fundamental freedoms. Thank you for your attention. References Anita Allen and Marc Rotenberg, PRIVACY LAW AND SOCIETY (West 2016), related resources available at www.privacylawandsociety.org Article 29 Working Party, Opinion on Privacy Shield (April 13, 2016), available at http://ec.europa.eu/justice/data-protection/article-29/documentation/opinionrecommendation/files/2016/wp238_en.pdf Council of Europe, Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data CETS No.: 108, available at http://conventions.coe.int/treaty/commun/quevoulezvous.asp?nt=108&cm=12 &DF=25/01/2010&CL=ENG Convention 108 6 Remarks of Marc ROTENBERG,

Secretary of State Hillary Rodham Clinton, Remarks on Internet Freedom, (January 21, 2010), available at http://www.state.gov/secretary/rm/2010/01/135519.htm EDPS, Opinion on the EU-U.S. Privacy Shield draft adequacy decision (May 30, 2016), https://secure.edps.europa.eu/edpsweb/webdav/site/mysite/shared/documents/consult ation/opinions/2016/16-05-30_privacy_shield_en.pdf EPIC, Data Protection 2016, available at www.dataprotection2016.org EPIC, Council of Europe Privacy Convention, available at https://epic.org/privacy/intl/coeconvention/ EPIC, Letter of Legal Scholars and Technology Experts to Secretary of State Hilary Clinton (January 28, 2010)(regarding US Ratification of COE Convention 108), available at https://epic.org/privacy/intl/epic_clinton_ltr_1-10.pdf The Madrid Privacy Declaration, adopted November 3, 2009, available at http://www.thepublicvoice.org/madrid-declaration/ NGO letter to Commissioner Jourova and Secretary Pritzker to oppose a Safe Harbor 2.0 (November 13, 2015), available at http://thepublicvoice.org/eu-us-ngo-letter-safe- Harbor-11-15.pdf Marc Rotenberg, On International Privacy: A Path Forward for the US and Europe, 35 Harvard Internation Review (Spring 2014), available at http://hir.harvard.edu/oninternational-privacy-a-path-forward-for-the-us-and-europe/ Transatlantic Consumer Dialogue, Resolution on Privacy Shield (April 7, 2016), available at http://tacd.org/wp-content/uploads/2016/04/tacd-resolution_privacy- Shield_April161.pdf Convention 108 7 Remarks of Marc ROTENBERG,

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information