Suchen und Finden
Preface
5
Contents
8
Contributors
10
About the Authors
13
Part I Building and Rebuilding Legal Concepts for Privacy and Data Protection
23
1 The German Constitutional Court Judgment on Data Retention: Proportionality Overrides Unlimited Surveillance (Doesnt It?)
24
1.1 Introduction
24
1.2 The 2 March 2010 Judgment
25
1.2.1 Background
25
1.2.2 The Main Findings: A Proportionality Check
26
1.2.3 The German Court on Access and Use and the Role of Private Companies
29
1.2.4 Other Important Findings
31
1.3 The German Constitutional Court Judgment and Europe
32
1.3.1 Fundamental Rights and Data Retention
32
1.3.2 Affinities and Differences Among Judgments
34
1.4 The Politics Around the Judgment of 2 March 2010
37
1.4.1 The Reactions to the German Judgment
37
1.4.2 From the EU Perspective
39
1.5 Provisional Conclusions
40
2 The Noise in the Archive: Oblivion in the Age of Total Recall
45
2.1 Introduction
45
2.2 Total Recall
46
2.3 Delete
48
2.4 Noisy Bits
50
2.4.1 Digital Decay
50
2.4.2 Can You Handle the Truth?
53
2.5 Conclusion
55
References
57
3 Property in Personal Data: Second Life of an Old Idea in the Age of Cloud Computing, Chain Informatisation, and Ambient Intelligence
59
3.1 Introduction
59
3.2 New Challenges for the Information Society
61
3.2.1 New Structure of Relationships
61
3.2.1.1 Chain Informatisation
62
3.2.1.2 Cloud Computing
63
3.2.1.3 Ambient Intelligence
64
3.2.1.4 The Challenges
65
3.2.2 Shortcomings of the Current Approach
67
3.3 Introduction into the Propertisation Debate
69
3.3.1 Agreeing on Terms
69
3.3.2 Possibility of Propertisation of Personal Data
70
3.3.2.1 Fluid Nature of the Concept of Property in Law
70
3.3.2.2 Possibility of the Common-Law Debate in Continental Europe
73
3.4 Property Rights As a Regulatory Framework for the Modern Data Flow
76
3.4.1 What Property Rights Have to Offer
76
3.4.2 Market vs Non-Market Meaning of Property: Rebuttal to One Objection Against Property in Personal Data
78
3.4.3 Limitations of Property: Necessity of Regulation
80
3.5 Conclusions
81
References
82
4 Right to Personal Identity: The Challenges of Ambient Intelligence and the Need for a New Legal Conceptualization
85
4.1 Introduction
85
4.2 The Right to Personal Identity
86
4.3 Personality Rights and the Right to Identity
90
4.4 Right to Personal Identity and Constitutional Law: Jurisprudential Creation and Doctrinal Innovation
92
4.5 Human Rights and the Right to Personal Identity
94
4.6 Ambient Intelligence and the Challenges to the Right to Personal Identity
99
4.7 Broadening the Scope of the Right to Personal Identity: Critical Analysis of the Italian Jurisprudence in Light of the AmI Scenario
105
4.8 The Right to Multiple Identities
108
4.9 The Right to Be Forgotten
110
4.10 Conclusion
114
References
115
Part II The Dark Side: Suspicions, Distrust and Surveillance
118
5 Frames from the Life and Death of Jean Charles de Menezes
119
5.1 Premise
119
5.2 Apparatus
119
5.3 Desubjectivation
120
5.4 Space
120
5.5 Body
121
5.6 Imago
121
5.7 Media
122
5.8 False Positives (Addendum)
124
References
127
6 Regulating Privacy: Vocabularies of Motive in Legislating Right of Access to Criminal Records in Sweden
128
6.1 Introduction
128
6.1.1 Regulating Privacy Through Opacity Tools and Transparency Tools
131
6.1.2 A Brief History of Swedish Crime Policy
133
6.2 Criminal Records Legislation and Subject Access, 19012009
135
6.2.1 1901: The Creation of a National Criminal Records Registry
136
6.2.1.1 A Protective Vocabulary
136
6.2.1.2 Creating Opacity
137
6.2.1.3 Subject Access
138
6.2.2 1963: Rehabilitation and Access Restrictions
139
6.2.2.1 The Rehabilitative Vocabulary
140
6.2.2.2 Subject Access
142
6.2.3 1987: Data Protection and Transparency
143
6.2.3.1 Subject Access
145
6.2.4 2009: A Mixture of Vocabularies
148
6.3 Concluding Remarks
150
References
152
7 Ubiquitous Computing, Privacy and Data Protection: Options and Limitations to Reconcile the Unprecedented Contradictions
155
7.1 Introduction
155
7.2 Challenges
157
7.2.1 Ubiquitous Surveillance
158
7.2.2 Increases in Data Quality
159
7.2.3 Persistent Data Storage
160
7.2.4 Re-personalization of Data
161
7.2.5 Increasing Information Asymmetry
162
7.2.6 Panoptic Society
163
7.3 Contradictions to the Current Fundaments of Privacy
164
7.3.1 Collection Limitation Principle
166
7.3.2 Data Quality Principle
168
7.3.3 Purpose Specification Principle
169
7.3.4 Use Limitation Principle
170
7.3.5 Procedural Principles
170
7.3.6 Automated Individual Decisions
171
7.4 Proposals to Overcome the Contradictions
172
7.4.1 Privacy Enhancing RFID Technologies
172
7.4.2 Identity Management
174
7.4.3 Privacy Respecting Ubiquitous Recording
175
7.4.4 Digital Rights Management
177
7.4.5 Legal Proposals
178
7.5 Concluding Reflections
182
References
184
8 EU PNR: European Flight Passengers Under General Suspicion The Envisaged European Model of Analyzing Flight Passenger Data
186
8.1 Introduction
186
8.2 Legal Background and Similarity Between the EU-PNR Proposal and the US-PNR System
187
8.3 Compliance of the EU-PNR Proposal with European Data Protection Rules
190
8.3.1 Reference Instruments and European Data Protection and Privacy Rules
191
8.3.2 General Principles of the ECtHR with Regard to Security-Related Data Processing
193
8.3.3 In Accordance with the Law and Foreseeability
195
8.3.4 Necessary in a Democratic Society
197
8.3.4.1 Purpose Limitation
198
8.3.4.2 Clear Definition of the Circumstances and the Limits of Processing
199
8.3.4.3 Limitation of the Individuals Subject to Surveillance
200
8.3.4.4 Time Limit
201
8.3.4.5 Risk of Stigmatization and Discrimination
202
8.3.4.6 Independent Control and Notification
204
8.3.4.7 Interim Findings
205
8.4 Applicable Law: From Private to Public Law
205
8.4.1 No Coherent Solution by the European Court of Justice
205
8.4.1.1 The Annulment of the Legal Basis of the First EU-US PNR Agreement
206
8.4.1.2 The Legal Basis of Data Retention
206
8.4.1.3 Two Cases, Two Different Solutions
208
8.4.2 Consequences for the EU-PNR Proposal
208
8.5 Conclusion and Improvement Suggestions
210
References
212
9 Options for Securing PCs Against Phishing and Espionage: A Report from the EU-Project Open Trusted Computing
215
9.1 Problems
215
9.2 Approaches
216
9.3 Progress
217
9.4 Conclusions
219
References
220
Part III Privacy Practices as Vectors of Reflection
222
10 Keeping Up Appearances: Audience Segregation in Social Network Sites
223
10.1 Introduction
223
10.2 Privacy Issues in Social Network Sites: Overview and Discussion
224
10.3 Privacy-Preserving Social Networking: Audience Segregation
229
10.3.1 Audience Segregation
229
10.3.2 Audience Segregation in Social Network Sites: Why?
231
10.4 A Note on Terminology
233
10.5 Transforming the Conceptual Framework into Practical Tools
235
10.5.1 Contact-Management: Collections
235
10.5.2 Setting Visibility Rights
237
10.5.3 Managing Multiple Faces in One Social Network Site: Tabs
239
10.6 Conclusion
242
References
242
11 Avatars Out of Control: Gazira Babeli, Pose Balls and Rape in Second Life
244
11.1 How to Relate to the Novel
244
11.2 Affordances and Constraints
246
11.3 An Imitation of Real Life Without Constraints or Simply with Different Constraints
248
11.4 Lost in Translation Between RL and SL
250
11.5 A Rough Wake-Up Call from the Illusion That the Metaverse Is a Place of Pure Freedom
253
11.6 The Art of Scripted Objects: Pose Balls and Virtual Role-Play Rape
255
11.7 Gazira Babeli: An SL Artist Who Is Truly Native
256
11.8 Naming the Offenses of the New World: Will We Make a Law for Enlightened Adults or for Minors
258
References
260
12 Privacy as a Practice: Exploring the Relational and Spatial Dynamics of HIV-Related Information Seeking
262
12.1 Introduction
262
12.2 Background and Context
263
12.3 On Method
267
12.4 Exploring the Relational and Spatial Dynamics of Privacy
269
12.4.1 Practices of Demarcating HIV and Non-HIV Places
269
12.4.2 The Difficulty of Moving Between HIV Places and Non-HIV Places
270
12.5 Privacy Practices and HIV-Related Internet Use
272
12.5.1 Putting the Internet in Its Place
272
12.5.2 Practices for Making Internet Use Private
274
12.5.3 Places and Spaces of Privacy Online
275
12.6 Conclusion
277
References
277
13 Rise and Phall: Lessons from the Phorm Saga
280
13.1 Behavioural Targeting
281
13.2 Webwise
281
13.3 Practical and Legal Implications
282
13.4 Data Protection and Sensitive Personal Data
283
13.5 The Rise and Fall of Phorm
284
13.5.1 BT''s ''Secret'' Trials
285
13.5.2 Phorm's Defence
285
13.5.3 European Involvement
286
13.5.4 Privacy Friendly?
287
13.5.5 Rise and Phall?
288
13.6 The Fall Out from Phorm
289
13.7 Phorm: Symbiotic Regulation in Practice
290
13.7.1 Facebook's Beacon and Google StreetView
291
13.7.2 Ramifications for Government and Business
292
13.8 Maintaining the Beneficial Symbiosis
293
References
293
14 Disclosing or Protecting Teenagers Online Self-Disclosure
295
14.1 Introduction
295
14.2 Policy Framework
296
14.2.1 Regulatory Policy Initiatives
296
14.2.2 Self- and Co-regulatory Initiatives
298
14.3 Teenagers Online Disclosure in Websites: A Literature Review
299
14.3.1 Types of Personal Data
299
14.3.2 Privacy Concern and Perceived Benefits
300
14.3.3 Parental Mediation
302
14.3.4 Other Variables: Gender, Age and ICT-Use
304
14.4 Survey Among Teenagers
306
14.4.1 Method
306
14.4.2 Results
308
14.4.2.1 Descriptive Findings
308
14.4.2.2 Regression Results
309
14.5 Conclusion
311
References
314
15 Why Adopting Privacy Enhancing Technologies (PETs) Takes so Much Time
318
15.1 About PETs and the Research Questions
318
15.2 Technological Innovations
321
15.3 Diffusion and Adoption of Technological Innovations
322
15.4 Factors of Organizational Adoption of Technological Innovations
323
15.5 Specific Characteristics
324
15.5.1 Innovation Characteristics
324
15.5.2 Organizational Characteristics
325
15.6 Encompassing Model
325
15.7 Interviews with Experts
325
15.8 Explanations of the Terms
326
15.8.1 Relative Benefit
327
15.8.2 Compatibility
327
15.8.3 Complexity
327
15.8.4 Costs
327
15.8.5 Testability
327
15.8.6 Role of Advisory Institutions
327
15.8.7 Social Recognition
328
15.8.8 PETs Woven into Business Processes
328
15.8.9 Top Management's Attitude Towards Change Caused by PETs
328
15.8.10 Structure and Size of the Organization
328
15.8.11 Complexity of Organizational Processes
328
15.8.12 Presence of Key Persons
328
15.8.13 Ties with Advisory Institutions
329
15.8.14 Perception and Level of Awareness of Privacy Regulations
329
15.8.15 Diversity of Information Systems
329
15.8.16 Type of Processed Data
329
15.8.17 Pressure by Privacy Laws
329
15.8.18 Complexity of Privacy Laws
330
15.8.19 Existing Offer of PETs Measures
330
15.8.20 Visibility
330
15.9 Summary of the Results
330
15.10 Identity and Access Management (Iam) Maturity Model
331
15.11 Changing the Negative Adoption Factor of Costs into a Positive One
336
15.12 Business Case for Pets Investments
337
15.13 Annual Loss Expectancy
337
15.14 Return on Investment (ROI)
338
15.15 Return on Security Investment (ROSI)
339
15.16 ROI for Privacy Protection
340
15.17 Ixquick
341
15.18 Net Present Value (NPV)
343
15.19 The Case of the National Victim Tracking and Tracing System (ViTTS)
345
15.20 Conclusion
347
References
348
Part IV Privacy and Data Protection in the Cloud
351
16 Can a Cloud Be Really Secure A Socratic Dialogue
352
16.1 Prologue
352
16.2 The Dialogue
353
16.3 Epilogue
362
References
365
17 Privacy Regulations for Cloud Computing: Compliance and Implementation in Theory and Practice
368
17.1 Introduction
368
17.2 Cloud Computing
369
17.3 Privacy Regulations
371
17.3.1 EU Directive 95/46/EC
372
17.3.2 The Safe Harbor Agreement
372
17.3.3 The FTC Fair Information Practice
373
17.3.4 Other Privacy Regulations
374
17.3.5 Common Principles in Privacy Regulations
375
17.4 Privacy Issues for Cloud Service Providers
375
17.4.1 The CSP and Privacy Regulations
377
17.5 Privacy Regulations in Theory and Practice
378
17.6 Conclusions
381
References
381
18 Data Protection in the Clouds
384
18.1 Introduction
384
18.1.1 Some Technical Aspects and Specific Risks Linked with Cloud Computing Services
386
18.1.1.1 A Brief History
386
18.1.1.2 Cloud Computing
388
18.1.2 Specific Risks Associated with Cloud Computing
389
18.2 Personal Data Flows Within Any Cloud Computing System
392
18.3 Domestic and Non Domestic Uses
394
18.4 The Protection of Legal Persons
395
18.5 Liability of the Actors
396
18.6 Transparency and Duties of Information Including in Case of Security Breaches
398
18.7 Security
400
18.7.1 Introduction
400
18.7.2 Specific Security Obligations
402
18.8 Transborder Data Flows and Applicable Law to the Processing of Personal Data
403
18.8.1 Applicability of the Existing Legal Framework of Additional Protocol 181
403
18.8.2 International Transfers of Personal Data/Storage of Personal Data and Law Enforcement Objectives
405
18.8.3 Limitations to Transborder Flows and Applicable Law to the Processing of Personal Data
405
18.9 Law Enforcements Agencies and Data Retention
410
18.10 Conclusions
413
References
415
19 Privacy-Preserving Data Mining from Outsourced Databases
417
19.1 Introduction
417
19.2 Related Work
419
19.3 Preliminaries: Pattern Mining
420
19.4 Privacy Model
422
19.5 Encryption/Decryption Scheme
424
19.5.1 Encryption
425
19.5.2 Decryption
428
19.6 Preliminary Experimental Results
428
19.7 Future Work
430
19.8 Summary
430
References
431
20 Access Control in Cloud-on-Grid Systems: The PerfCloud Case Study
433
20.1 Introduction
433
20.2 PerfCloud Architecture
436
20.3 Access Control in Cloud-on-grid Architectures
438
20.4 Access Control and Roles in PerfCloud
442
20.5 The Implementation of Access Control Mechanisms in PerfCloud
444
20.6 Related Work
447
20.7 Conclusions and Future Work
449
References
449
21 Security and Privacy in the Clouds: A Birds Eye View
451
21.1 Introduction
451
21.2 Cloud Computing
452
21.2.1 Foundations
452
21.2.2 Implementations
453
21.2.3 Security
454
21.3 The Ideal of Encrypted Processing
454
21.4 Putting Physical Limitations Back in Place
455
21.5 Outsourced Identity
457
21.6 Informational Precaution
460
21.7 Conclusions
461
References
462
Alle Preise verstehen sich inklusive der gesetzlichen MwSt.