EPIC --- Privacy and Human Rights Report
|Title Page Previous Next Contents | Executive Summary|
This annual report by the Electronic Privacy Information Center and Privacy International reviews the state of privacy in more than 75 countries around the world. It outlines legal protections for privacy, and summarizes important issues and events relating to privacy and surveillance. Each country report covers the constitutional, legal and regulatory framework protecting privacy and the surveillance of communications by law enforcement, new landmark court cases, most noteworthy advocacy work of non-governmental organizations and human rights groups, various new developments, and major news stories related to privacy.
This year marked the proliferation of new technologies and surveillance applications in both the public and private sectors. However, increased use of technology was balanced by more regulatory activity and greater international norm-setting. Many countries have established data protection laws and oversight bodies. Courts, particularly the European Court of Human Rights, have issued several significant privacy rights decisions, and issued unprecedented penalties for privacy violations. As the use of surveillance technologies continues to expand, so too does the public debate and the development of new forms of oversight and accountability.
This summary sets out the broad themes uncovered in the 2006 edition of the Privacy and Human Rights report.
Advanced identification schemes are being used for an unprecedented number of purposes, both in the public and private spheres. Real-time biometric identification using wireless handheld scanners is now being deployed. The amount of biometric and other information stored on identification cards is increasing to include iris scans, fingerprints, health information, and information of dependents. Several government identification card systems are now offering a “junior” version of the cards for children. Although many identification cards are currently voluntary, limited access to government services makes the cards de facto mandatory in many cases.
RFID-enabled license plates are now being used to track the movement of vehicles. Face recognition is being employed to monitor crowds at sporting events. New workplace surveillance systems include GPS tracking of company vehicles, voice verification technologies, and biometric building access. The private sector is also implementing biometric identification for entry into leisure facilities and clubs, while governments are expanding smart cards uses to library access, banking, and e-health. In the criminal justice sector, DNA databases continue to expand, providing both new forms of forensic analysis and new privacy challenges.
During the past year, the increased flow of personal information across national borders brought divergence in international approaches to data protection and privacy to the forefront of political debate, particularly between the United States and Europe. The transfer of passenger name record information from the European Union to the United States Department of Homeland Security highlighted critical aspects of data protection, including purpose specification, independent oversight, length of retention periods, and the effectiveness of redress procedures.
Differences between national data protection regimes was again fiercely debated in the context of transfers of financial information from the SWIFT banking consortium in Europe to US law enforcement agencies. Several countries’ data protection offices launched investigations into the transfer. Another transborder data transfer agreement has been negotiated, but questions about the adequacy of the privacy safeguards remain.
The transition from analog media to digital media has created new opportunities to record and store personal information in both the public and private sectors. Law enforcement agencies believe that retaining data on the users of the Internet and telecommunications services may help uncover patterns of criminal activity. Many of the obligations to store this data fall on Internet Service Providers and telephone companies. At the same time, Internet search companies and advertising firms are keeping personal information on users to create profiles and develop highly targeted advertising. Opposition to both forms of data retention appears to be growing. Organized protests in Europe against the implementation of the Directive on Data Retention continue. Meanwhile, consumer organizations in the United States, Europe, and Canada have initiated investigations of Google, the Internet search giant, concerning the retention and profiling of data on Internet users’ private activities.
Civil liberties groups and NGOs have continued to mount successful campaigns against privacy-invading schemes. Protests against the national identification system “Juki Net” continued in Japan. In Germany, thousands of protesters have voiced opposition to the EU Data Retention Directive. NGO groups successfully narrowed the scope of surveillance and identifications schemes by incorporating purpose limitations, data destruction requirements, limiting the use of personal identification numbers, and meaningful oversight and penalty provisions into draft legislation. In the United States, public protest appears to have derailed the plan for a national ID card.
NGOs brought public attention to many privacy risks inherent in emerging technologies and surveillance programs that has resulted in changes to government and corporate approaches to privacy protection. The Big Brother Awards continue to capture public attention. Since 1998, over forty ceremonies have been held in sixteen countries and have given out hundreds of awards to some of the most powerful government agencies, individuals and corporations in those countries. Privacy International also played a leading role in the effort to uncover the SWIFT record transfer program.
International bodies such as APEC have also had significant impact on the development of data protection regimes, as is the case with recent proposed amendments to Australia’s privacy legislation. International initiatives to combat spam, such as the StopSpam Alliance, have resulted in several new national anti-spam laws.
The European Court of Human Rights has played an increasingly important role in the interpretation of privacy rights protected by Article 8 of the European Convention on Human Rights. The Court established a right to privacy in several cases during the past year, in such matters as identity documents, communications surveillance, and workplace privacy.
Around the world, new laws have been enacted and many bills are pending to protect individuals' right to privacy and data protection. Notably, the Dubai International Financial Centre adopted its Data Protection Law 2007, which follows the EU data protection model. Dubai, Israel and Estonia all established new data protection offices, and an amendment to Armenia's Constitution further strengthened the right to privacy in that country. Many countries that are contemplating regulation in the field of privacy are located in Africa, the Middle East, and Latin America.
This year, most of the developments in open government concerned new laws or regulations. Switzerland, Bulgaria, India, Taiwan and Germany all adopted new federal open government laws. All but three European Union countries now have data protection laws. New Zealand adopted a new public records law, and Jordan and Russia have pending open government legislation that has passed at least the first reading required for adoption.
Summary Table of Contents
Expanded Table of Contents