Co
mm
u
ni
cat
i
o
n
a
n
d
Communication and
I
n
fo
rm
at
i
o
n
Sector
Information Sector
U
n
i
te
d

N
at
i

ons
United Nations
Educational, Scientific and
Educational, Scientific and
C
ultural
O
rganization
Cultural Organization
UNESCO
Publishing
United Nations
Educational, Scientific and
Cultural Organization
UNESCO
Publishing
United Nations
Educational, Scientific and
Cultural Organization
UNESCO
Publishing
United Nations
Educational, Scientific and
Cultural Organization
The Changing Legal and Regulatory
Ecology Shaping the Internet
FREEDOM OF CONNECTION
FREEDOM OF EXPRESSION
William H. Dutton • Anna Dopatka • Michael Hills • Ginette Law • Victoria Nash
Global survey on internet privacy and freedom of expression

Toby Mendel • Andrew Puddephatt • Ben Wagner • Dixie Hawtin • Natalia Torres
internet privacy and
freedom of expression
UNESCO SERIES ON INTERNET FREEDOM
UNESCO SERIES ON INTERNET FREEDOM
Communication and Information Sector
United Nations Educational,
Scientific and Cultural Organization
U
NESCO, as enshrined in its Constitution, promotes the “free ow
of ideas by word and image”, and has committed itself to enabling
a free, open and accessible Internet space as part of promoting
comprehensive freedom of expression online and ofine. We hope that this
publication will provide UNESCO Member States and other stakeholders,
national and international, with a useful reference tool. It is our wish that this
publication will contribute to bringing stakeholders together for informed
debate on approaches that are conducive to privacy protection without
compromising freedom of expression. In the coming years, UNESCO will
specically seek to disseminate information about good practices and
international collaboration concerning the points of intersection between
freedom of expression and privacy. Research on safeguarding the principle
of freedom of expression in Internet policy across a range of issues will
continue to be part of UNESCO’s normative mandate and technical advice
to stakeholders.
Jānis Kārkliņš
Assistant Director-General for Communication and Information, UNESCO
Toby Mendel • Andrew Puddephatt • Ben Wagner • Dixie Hawtin • Natalia Torres
Toby Mendel • Andrew Puddephatt • Ben Wagner • Dixie Hawtin • Natalia Torres
INTERNET PRIVACY AND
FREEDOM OF EXPRESSION

UNESCO SEriES ON iNtErNEt FrEEdOm
Authors
•
AndrewPuddephatt,Director,GlobalPartners&Associates
• TobyMendel,ExecutiveDirector,CentreforLawandDemocracy
• BenWagner,Researcher,EuropeanUniversityInstitute
• DixieHawtin,ProjectManager,GlobalPartners&Associates
• NataliaTorres,Researcher,CenterforStudiesonFreedomofExpressionandAccess
toInformation(CELE)oftheUniversityofPalermo,Argentina
Advisory Board
•
EduardoBertoni,Director,CenterforStudiesonFreedomofExpressionandAccess
toInformation(CELE),UniversityofPalermo,Argentina
• GamalEid,Director,ArabicNetworkforHumanRightsInformation,Egypt
• SinfahTunsarawuth,Independentmedialawyer,Thailand
• SunilAbraham,DirectorofCentrefortheInternetandSociety,India
• GraceGithaiga,IndependentresearcherandKictanet,Kenya
• JoeMcNamee,AdvocacyCoordinator,EuropeanDigitalRights
• Katitza Rodriguez, International Rights Director, Electronic Frontier Foundation,
UnitedStatesofAmerica
• Cynthia Wong, Attorney, Center for Democracy and Technology, United States of
America
With special thanks to the following who kindly agreed to be interviewed for this publication:
GuoLiang,YangWang,CerenUnal,AngPengHwa,ErickIriarteAhon,KatitzaRodriguez,
KarenReilly,AliG.Ravi,MoezChackchouk,PrimaveradeFilippi,PeterParycek,Robert
Bodle, SameerPadania, Peter Bradwell,UlrikeHöppner,EduardoBertoni,Hong Xue,
Monique Fanjoy, Abu Bakar Munir, Joe McNamee, Amr Gharbeia, Jamie Horsley,
NepomucenoMalaluan,CynthiaM.Wong,SinfahTunsarawuth,PrimOtvanDaalen,Sunil
Abraham,andanumberofanonymousformeremployeesoflargetechnologycompanies.
Publishedin2012by

theUnitedNationsEducational,
ScienticandCulturalOrganization
7,placedeFontenoy,75352Paris07SP,France
©UNESCO2012
Allrightsreserved
ISBN978-92-3-104241-6
Thedesignationsemployedandthepresentationofmaterialthroughoutthispublicationdonotimplythe
expressionofanyopinionwhatsoeveronthepartofUNESCOconcerningthelegalstatusofanycountry,
territory,cityorareaorofitsauthorities,orconcerningthedelimitationofitsfrontiersorboundaries.
Theideasandopinionsexpressedinthispublicationarethoseoftheauthors;theyarenotnecessarily
thoseofUNESCOanddonotcommittheOrganization.
TypesetandprintedbyUNESCO
ThispublicationwasrstprintedthankstothecontributionoftheSwedishInternationalDevelopment
CooperationAgency(Sida)
Printed in France
CONTENTS
FOREWORD 5
EXECUTIVE SUMMARY 7
1. INTRODUCTION 9
1.1 How has the Internet changed the nature of threats to privacy?
What are the main threats in the digital age? 12
1.1.1 New types of personal information 14
1.1.2 Collection and location of personal information 14
1.1.3 New capacities for private actors to analyse personal information 15
1.1.4 New capacities for governments to analyse personal information 17
1.1.5 New opportunities for commercial use of personal data 19
2. GLOBAL OVERVIEW OF CHALLENGES AND OPPORTUNITIES
FOR PRIVACY PROTECTION ON THE INTERNET 22
2.1 Key issues 22
2.1.1 Challenges and opportunities for maintaining control over personal data online 22

2.1.2 Initiatives to protect privacy and anonymity online 24
2.1.3 The roles and responsibilities of service providers and intermediaries 26
  
2.2.1 Cloud computing 29
2.2.2 Search engines 31
2.2.3 Social networks 33
  
  
2.3 Threats posed by different mechanisms of surveillance and data collection 39
  
  
2.3.3 Deep packet inspection (DPI) 42
2.3.4 Pervasive geo-location technology: an emerging threat to Internet privacy 44
2.3.5 Data processing and facial recognition 45
2.3.6 Internet surveillance technology 47
3. THE GLOBAL LEGAL AND REGULATORY ENVIRONMENT
 
3.1 International protection for privacy and personal data 52
3.1.1 Privacy 52
3.1.2 Data protection 63
3.2 National protection for privacy 74
3.2.1 China 74
3.2.2 India 78
  
3.2.4 France 81
3.2.5 Argentina 84
3.2.6 Mexico 85
3.2.7 United States of America 87
  
3.2.9 South Africa 91

3.3 Corporate initiatives 92
 
AND FREEDOM OF EXPRESSION 95
4.1 The impact of poor protection for privacy on freedom of expression 95
4.2 Tensions between freedom of expression and privacy 97
4.2.1 The public interest 98
  
  
  
  
  
  
  
  
  
5.2 Corporate policy and practice 112
5.3 Awareness raising 115
6. USEFUL RESOURCES 117
6.1 General 117
  
6.3 Arab states 121
  
6.5 Latin America and the Caribbean 124
6.6 Europe and North America 125
6.7 Gender 127
BIBLIOGRAPHY 129
INTERVIEWS 138
 
APPENDIX 2: LIST OF FIGURES AND BOXES 142
5

FOREWORD
UNESCO,asenshrinedinitsConstitution,promotesthe“freeowofideasbywordand
image”,andhascommitteditselftoenablingafree,openandaccessibleInternetspace
aspartofpromotingcomprehensivefreedomofexpressiononlineandofine.
Asdemonstratedby UNESCO’s2011publicationFreedom of Expression: Freedom of
Connection, the Changing Legal and Regulatory Ecology Shaping the Internet,freedom
is not the inevitable by-product of technical change, and it must be safeguarded by
appropriatelegalandregulatorymeasures.Atatimeofrapidchange,wearefullyaware
thatfreedomofexpressiononInternetiscomplex,andthatthismeansworkingtond
a balancebetween this rightand other, sometimes conicting,imperatives – suchas
nationalsecurity,protectionofauthors’rights,andrespectforprivacy.
UNESCO approaches these issues within the framework of the follow-up process to
the World Summit of Information Society and our activities in relation to the Internet
GovernanceForum.
WeknowwellthatwenowliveinaworldwithtwobillionInternetusersandvebillion
mobilephoneusers,whoarepostingmillionsofpublicblogs,tweets,images,podcasts,
aswellastheirpersonalinformationondailybasis.
Inthiscontext,UNESCOhasrecognisedthatprivacy,asafundamentalright,impactson
otherrightsandfreedoms,includingfreedomofexpression,associationandbelief.The
challengeisthatmechanismstoprotectonlineprivacycansometimesbeusedtoinfringe
legitimatefreedomofexpressionin generalandthe democraticrolesofjournalismin
particular. Anadditionalchallenge inbalancing these rightson theInternetlies in the
discrepancyofthelegalframeworksbetweenonlineandoff-lineterritories,aswellas
nationalandinternationaljurisdictions.
Withallthisinmind,thispublicationseekstoidentifytherelationshipbetweenfreedom
ofexpressionandInternetprivacy,assessingwheretheysupportorcompetewitheach
other in different circumstances. The publication maps out the issues in the current
regulatorylandscapeofInternetprivacyfromtheviewpointoffreedomofexpression.It
providesanoverviewoflegalprotection,self-regulatoryguidelines,normativechallenges,
andcasestudiesrelatingtothetopic.

Providing up-to-date and sharp information on emerging issues relevant to both
developedanddevelopingcountries,wehopethatthispublicationwillprovideUNESCO
MemberStatesandotherstakeholders,nationalandinternational,withausefulreference
tool.Multiplestakeholders,preferablyindialogue,canusethispublicationintheirown
spheres of operation, adapting where appropriate from the range of experiences as
recordedinthesepages.Thepublicationalsosuppliesadditionalsourcesofreferencefor
interestedreaderstousetofurtherinvestigateeachofthesubjectshighlighted.
Itisourwishthatthispublication willcontributetobringingstakeholderstogetherfor
informed debate on approaches that are conducive to privacy protection without
compromising freedom of expression. In the coming years, UNESCO will specically
6
seek to disseminate information about good practices and international collaboration
concerning the points of intersection between freedom of expression and privacy.
ResearchonsafeguardingtheprincipleoffreedomofexpressioninInternetpolicyacross
arangeofissueswillcontinuetobepartofUNESCO’snormativemandateandtechnical
advicetostakeholders.
Jānis Kārkliņš
Assistant Director-General
for Communication and Information
UNESCO
7
EXECUTIVE SUMMARY
Privacyisafundamentalright,eventhoughitisdifculttodeneexactlywhatthatright
entails.Privacycanberegardedas havinga dualaspect –it isconcernedwithwhat
informationorsideofourliveswecankeepprivate;andalsowiththewaysinwhichthird
partiesdealwiththeinformationthattheyhold–whetheritissafeguarded,shared,who
hasaccessandunderwhatconditions.
Understandingsofprivacyhavelongbeenshapedbythetechnologies available,with
earlyconcernsaboutprivacysurfacingwithnewspapersinthenineteenthcentury.So
theInternet,inturn,inevitablyreshapeswhatweunderstandprivacytobeinthemodern

world.
Therighttoprivacyunderpinsotherrightsandfreedoms,includingfreedomofexpression,
associationand belief.Theabilitytocommunicateanonymouslywithoutgovernments
knowingouridentity,forinstance,hashistoricallyplayedanimportantroleinsafeguarding
free expression and strengthening political accountability, with people more likely to
speakoutonissuesofpublicinterestiftheycandosowithoutfearofreprisal.Atthe
sametime,therighttoprivacycanalsocompetewiththerighttofreedomofexpression,
andinpracticea balancebetweentheserights iscalledfor.Strikingthis balanceisa
delicatetask,andnotonethatcaneasilybeanticipatedinadvance.Forthisreasonithas
longbeenaconcernofthecourtstomanagethisrelationship.
TheInternetpresents signicantnew challengesfor protectingtheright toprivacy.In
broadterms,theInternet:
• Enablesthecollectionofnewtypesofpersonalinformation–technologicaladvances
haveresultedintoolsforcollectingandunderstandingtypesofinformationwhichin
thepastwouldhavebeenimpossibleorunfeasible.
• Facilitates the collection and location of personal information – each computer,
mobilephoneorotherdeviceattachedtotheInternethasauniqueIPaddress,which
providesuniqueidentierforeverydeviceandwhichmeansinturnthattheycanbe
traced.Theabilitytolocateanydevicecreatessignicantnewprivacychallenges.
• Creates new capacities for government and private actors to analyse personal
information.Increasedcomputingpowermeansthatvastquantitiesofinformation,
once collected,can be cheaplyandefciently stored,consolidated and analysed.
Technological advances allow databases of information to be connected together
allowingevengreaterquantitiesofdatatobeprocessed.
• Createsnewopportunitiesforcommercialuseofpersonaldata.Manyoftheservices
providedbythesecompaniesarefreeandtheirbusinessmodelsrelyoncollecting
userinformationandusingitformarketingpurposes.
• CreatesnewchallengesforregulationgiventhetransnationalnatureoftheInternet.
Despitetheemergenceofinternationalbestpracticestandardsfordataprotection,
thereisstillmuchprogresstobemadetowardstheharmonisationofnationallaws.

Online companies still nd it hard to navigate the complex patchworkofnational
8
privacy laws when operating international Internet services that span national
boundaries,withlegalambiguityunderminingprivacyprotection.
ArangeofthreatstoprivacywhichhavedevelopedthroughtheInternetareconsideredin
moredetailinSection2ofthepaper.Thefollowingissuesareexplored:
(1) Theopportunitiesandchallengesformaintainingcontroloverpersonaldataonline.
(2) Arangeofinitiativestoprotectprivacyandanonymityonline.
(3) Therolesandresponsibilitiesofserviceprovidersandintermediaries.
(4) Thespecicchallengesposedbydifferentapplications,communicationsplatforms
and businessmodelsincluding cloud computing,searchengines,social networks
andotherdifferentdevices.
(5) Theproblemsposedbye-governmentandothergovernmentapproaches.
(6) Thethreatsposedbydifferentmechanismsofsurveillanceanddatacollectionincluding:
Unique Identiers; Cookies (and other associated forms of user identication);
Adware;SpywareandMalwareconductcovertdataloggingandsurveillance;Deep
packetinspection(DPI);anddataprocessingandfacialrecognitionandsurveillance
technology.
International legalstandardsonprivacy,andresponsestotheseemergingissues,are
exploredinSection3.Thesectionsetsouttheexplicitunderstandingsandprotections
fortherighttoprivacyunderinternationalhumanrightslaw.Thesectionthenanalyses
keylegislationandregulatoryframeworksthatimpactontheprotectionofprivacyrights
onlineattheregionalandnationallevelincountriesacrosstheworld;andfurthermore
analysesthestrengthsandweaknessesofself-regulationasaprivacyprotectiontool–
whetheritbeusedasacentralmechanism,orsupplementarytolegalprotections.
Therightstoprivacyandfreedomofexpressionrelatetoeachotherincomplexways
– Section 4 explores these intersections in greater detail. In some ways privacy is a
necessarypreconditionforfreedomofexpression–thisisespeciallytrueincountries
whereitmaybedangeroustodiscusscertainissues(suchaspolitics,religionorsexuality)
openly.Howevertherearealsosignicanttensionsbetweenthetworights,forexample

whereanewspaperwishestopublishprivatedetailsaboutaleadingpolitician,perhaps
becausethenewspaperbelievesthisisinthepublicinterest.Thesetensionshavecome
intofargreaterprominencewiththemassivechangesinfreedomofexpressionbrought
aboutbytheInternetandotherdigitalcommunicationssystems.
The paper explores international law and the practice of other States, in terms of
respecting privacy on the Internet, taking into account potential conicts with other
rights,inparticularfreedomofexpression.Section5containsourrecommendationsto
statesandcorporationsforbetterpracticebasedonourresearchandconsultations.The
recommendationscover: legal andregulatorymeasures(constitutionalmeasures,civil
lawprotection,criminallawprotection,dataprotectionsystems),corporatepolicyand
practiceandawarenessraising.
Finally,Section6providesanoverviewofliterature,backgroundmaterialandtoolson
internationalandnationalpolicyandpracticeonprivacyandfreedomofexpressionon
theInternet.Thissectionisintendedasaresourceforreaderswhowishtoaccessfurther
instruments,toolsandinformation.
9
1. INTRODUCTION
Theneed forprivacyis deep-rootedin humanbeings.In itsessentialform, privacyis
basedonthenotionofpersonalintegrityanddignity.However,thisisalsohardtodene
with any agreedprecision – indifferent contexts it embraces the right to freedom of
thoughtandconscience,therighttobealone,therighttocontrolone’sownbody,the
righttoprotectyourreputation,therighttoafamilylife,therighttoasexualityofyourown
denition.Inadditionthesemeaningsvaryfromcontexttocontext.Despiteitsubiquity
thereisnoonedenitionofprivacythatisuniversallyunderstoodinthesameway.Privacy
inthemodernworldhastwodimensions–rstly,issuestodowiththeidentityofaperson
andsecondly,thewaytheirpersonalinformationishandled.
Understandingsofprivacyhavelongbeenshapedbyavailabletechnologies.Atthemost
obviouslevelprivacyinvolvesrestrictinginvasionsofphysicalspace,andtheprotection
of home and personal possessions, which is why early privacy protections focused
upon the inviolability of the home and family life. Concerns about controlling what

informationisknownaboutapersoncamewithcommunicationtechnologies.Concerns
abouttheerosionofprivacyarenotnew–infact,itmightbearguedtheyarefeatureof
thetwentiethcentury.WarrenandBrandeis’ seminalpaper on“TheRight toPrivacy”
in 1890, draftedata time when newspapers were printing pictures of peopleforthe
rsttime,denedtherightasthe“righttobeleftalone”.Theirdenition–drivenbyan
emergingtechnologyasisoftenthecasewithprivacy–wasconcernedwithprotecting
the“inviolatepersonality”andencompassingsuchvaluesasindividualdignity,personal
autonomyandindependence.
1
Thegrowthofmodernmassmediaandtheadvertising
industry’sfocusonunderstandingconsumers’wantsledMyronBrentontoarguethatwe
arelivinginthe“ageofthegoldshbowl”,whereprivatelivesaremadepublicproperty
bythemanipulationandexchangeofpersonaldata.
2
Thereisatensionbetweentherighttofreedomofexpression–inparticularthemedia’s
exerciseoftheright–andtherighttoprivacy.Freedomofexpression,whetherexercised
byindividualsorbythemedia,andtheabilitytoexerciseit,isanessentialfeatureofany
open,liberalanddemocraticsociety.Itisonlythroughexercisingfreeexpressionthat
societies cansustainreal democraticaccountability.Howeverthe right tofreedom of
expressionisnotunlimitedanditcanbequaliedtoprotecttherightsandfreedomsof
others.Itisadelicatebalancetodecidewheretheboundarybetweenfreeexpression
andprivacyliesbutonethecourtsareusedtonegotiating.
Latterly,privacywasalsodenedastherightofpeopletodeterminewhen,howandto
whatextentinformationabout themiscommunicatedto others
3
asaresponseto the
growingprocessingpowerofcomputers.Privacy,accordingtoWestin“istheclaimof
individuals,groups,orinstitutionstodetermineforthemselveswhen,how,andtowhat
extentinformationaboutthemiscommunicatedtoothers [Itis]thedesireofpeopleto
1 Bloustein, E. (1964) Privacy as an aspect of human dignity: an answer to Dean Prosser 39 NYU L

Rev 962
2 Brenton, M (1964) The Privacy Invaders
3 Westin AF (1967) Privacy and Freedom New York: Atheneum, page 7
10
choosefreelyunderwhatcircumstancesandtowhatextenttheywillexposethemselves,
theirattitudesandtheirbehaviourstoothers”.
4
Thespecicdimensionaffectingprivacy
asbroughtbytheInternetisconsideredinmoredetailinSection2Globaloverviewof
challengesandopportunitiesforprivacyprotectionontheInternet.
Debatesaboutprivacyand informationtechnologies sincethe 1990shave takenlittle
account of gender. Concerns have been expressed about the potential of invasive
informational technologies to violate women’s privacy for sexual purposes and the
“enforcedprivacy”imposedbypatriarchalculturesuponwomenandgirls.Neitherofthese
arecentraltotheprivacyissuesdiscussedinthispaperortotheexerciseofprivacyrights
asdevelopedinthelatersections.Forthisreasonourpaperreferstopeoplethroughout
ratherthandistinguishingbetweenwomenandmen,aswebelievethatprivacyrightsare
universalandapplicabletobothwomenandmenonanequalbasis.
Just asthe notionsofprivacy haveshiftedwith changingcircumstances,early forms
oflegal protectionwerenot overarchingsystems toprotectprivacy butrathersought
toaddressspecicproblemsinspeciccontextsandsituations(whichtodaymightbe
viewedasaspectsofthegeneralrighttoprivacy).Oneearlyexampleofsuch“privacy”
legislationwasEngland’sJusticesofthePeaceActof1361.Itprovidedforthearrest
of “peeping toms” and eavesdroppers.
5
 The pioneering Entick v Carrington [1765]
casewhichshapedthe fourthamendmentoftheUSconstitutioncame fromadesire
toprotectpapersheldinaprivatehome.Otherexamplesfocuseduponthepurposes
forwhichgovernmentscouldusetheinformationtheyheldaboutindividuals(Sweden)
orprohibitionsonthepublicationofcertaintypesofpersonalinformation(Franceand

Norway).
6
Inthetwentiethcenturyinternationallegalstandardsdenedprivacyasahumanright.
TheUniversalDeclarationofHumanRights(UDHR),1948,containedtherstattemptto
protectprivacyasadistincthumanright.Article12oftheUDHRprovidesthat:
“Nooneshallbesubjectedtoarbitraryinterferencewithhisprivacy,family,
homeorcorrespondence,nortoattacksuponhishonourandreputation.
Everyonehastherighttotheprotectionofthelawagainstsuchinterference
orattacks.”
While not legally binding, the UDHR proved immensely authoritative and the right to
privacycanbefoundinmanyotherhumanrightsdocumentsincludingthelegallybinding
InternationalCovenantonCivilandPoliticalRights(ICCPR)andtheEuropeanConvention
onHumanRights(ECHR).ThesearedealtwithinmoredetailinSection3dealingwith
legalstandards,TheGlobalLegalandRegulatoryEnvironmentforProtectionofPrivacy.
In addition to these broad international provisions, many countries include a right
toprivacyin theirconstitutions, provide forit inspecic lawsor havehadthecourts
recogniseimplicitconstitutionalrightstoprivacy,astheydoinCanada,France,Germany,
4 Ibid
5 Beresford A. and Stajano F. (2003) Location Privacy in Pervasive Computing, IEEE Communications
Society
6 Privacy International, (2006) Privacy and Human Rights 2006: An International Survey of Privacy
Laws and Developments
11
Japan,andIndia.
7
Somecensusagencieshaveprivacypoliciestoensuretheprotection
ofpersonalinformationbeingcollected.
8
Despitetheextensiveprotectionsinbothbasicconstitutionsandlaw,therighttoprivacy
remainsasomewhat nebulous concept andsecuringthe right willdependlargely on

thecircumstancesof individualcases.The EuropeanCourthasstateditself that“the
Courtdoesnotconsideritpossibleornecessarytoattemptanexhaustivedenitionof
thenotionof‘privatelife’”.
9
Thelackofclarityhas ledonecommentatortostatethat
the fact that something “feels wrong  is often the most helpful delineation between
whenanincursionintotheprivatelifeofanindividualisreasonableandwhenitisnot”.
10

PrivacyInternationalhasattemptedtobringsomeclaritytotheissuebydeningfour
differenttypesofprivacy: informationprivacy (e.g.personaldata),bodilyprivacy(e.g.
invasiveprocedures),privacyofcommunication(e.g.surveillance)andterritorialprivacy
(e.g.home).
11
InrelationtotheInternet,informationprivacyandprivacyofcommunication
arethemostpertinent.
Theimportancegiventoprivacybymanylegislatorsandthinkersinhistoryindicatesits
signicance, however,asPaul Chadwick(information commissioner forthe Australian
State ofVictoria) putsit:“Privacy is the quietestofour freedoms Privacyis easily
drownedoutinpublicpolicydebates Privacyismostappreciatedbyitsabsence,notits
presence”.
12
Thevalueofprivacyhasbeenarticulatedintermsofvaluetotheindividual,it
isessentialtohumandignityandindeedtoindividuality,itissaidthatifallouractionsare
watchedandcatalogued,wearelessabletobeourselves.Thevalueofprivacyhasalso
beenarticulatedintermsofitsinstrumentality.Democracyandlibertyrelyonindividuals
havingacertaindegreeofprivacy.Therighttoprivacyunderpinsmanyhumanrights,
therighttofreedomofassociation,freedomofbeliefandfreedomofexpressionbeing
particularlysignicantexamples.Asonewriterputsit“inonesense,allhumanrightsare
aspectsoftherighttoprivacy”,

13
inthatifprivacyisprotectedthentheintegrityofthe
individualisassuredandthisisthefoundationofotherrightsandfreedomsdesignedto
protectthedignityoftheperson.
Howeveritshouldalsobenotedthatwhilepeopleareoftenconcernedaboutprivacy
intheabstract,theyseemlessconcernedaboutprivacyinpractice.Itisclearfroma
cursory use of the Internet that people give out personal information to a frequently
surprising degree.Manywriters havenoticedthe gapbetweenwhat peoplesaythey
valueandwhattheyactuallydoonline.ItmaybethenatureoftheInternet,whichisoften
accessedprivatelyandcombinesbothacommunicationmediumintheshapeofe-mail
(whichmaysuggesttotheusertheprivacyofthetelephonecallorprivateconversation)
andapublishingmediumaswithanapplicationlikeFacebook.Thereissomeanecdotal
evidencethatpeopledonotrealisetheimplicationsofpublishingonline,ofhowitwillbe
7 Solove, D.J. (2008) Understanding Privacy Harvard University Press
8 United States Census Bureau, Data Protection and Privacy Policy

9 Niemietz v Germany (1992), 16 EHRR 97. Para 29
10 Hosein, G. (2006) ”Privacy as freedom” in R. Jorgensen (ed.) “Human Rights in the Global
Information Society” MIT Press, Cambridge.
11 Privacy International, 2006.
12 Ibid. Page 2
13 Volio, F. “Legal Personality, Privacy and the Family” in Henkin (ed), The International Bill of Rights
(Columbia University Press 1981).
12
globallyavailableandundeletable.Forexample,57%ofUSadultswhousetheInternet
athomebelieveincorrectlythatwhenawebsitehasaprivacypolicy,itwillnotsharetheir
personalinformationwithotherwebsitesorcompanies.
14
1.1 How has the Internet changed the nature of threats to
privacy? What are the main threats in the digital age?

Internet access is expanding rapidly across most of the world. Statistics from the
ITU,Figure1,showthatbetween2005and2010alone, thenumberofInternetusers
doubled. In1995only 0.4% oftheworld’spopulationhad access totheInternet,by
March2011 that percentagehaderupted to30.2%.
15
 Thiscorresponds tomore than
two billion Internet users, 1.2billionof whom areindeveloped countries. The rise in
usageofmobilephoneshasbeenevenmoreextraordinary.Figure2showsthenumberof
mobilesubscriptionsbetween1998and2009.Todaythereare5.3billionmobilecellular
subscriptionsworldwide.Accesstomobilenetworksisavailableto90%oftheworld’s
population,andsomecommentatorsbelievethatuniversalavailabilitymaybeachieved
withinthenextveyears.
16
Indevelopedcountriestherearemoremobilesubscriptions
thantherearepeople(113.6subscriptionsper100inhabitants),andwhilethenumberis
muchlowerindevelopingcountries,itisstillveryhigh,with56.8subscriptionsper100
inhabitants.
17
Figure 1
18
Internet users in different regions
0
0,5
1
1,5
2
2,5
2005 2006 2007 2008 2009 2010
BillionsofInternet
users

Africa10.8
ArabStates24.1
CIS34.0
Europe67.2
TheAmericas50.7
Asia&Pacific22.5
14 Turow, J. Americans and Online Privacy: The System is Broken

15 Internet World Statistics
16 See e.g. Sarrazin, T. (2011) Texting, Tweeting, Mobile Internet

17 ITU World Telecommunication, 2010a. The World in 2010. Pg4. [online]
/>18 ITU World Telecommunication, 2010. Pg16.
13
Figure 2
19

0
20
40
60
80
100
120
2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010
Developed
Developing
World
ThecombinationofInternetandmobilephonehascreatedafastmovingglobaldigital
communicationsenvironment.ThoughonlyaproportionofphonesareInternet-enabled

andanevensmallerproportionare“smart”,thisischangingrapidlyandinthenextveto
tenyearsmostobserversthinkthataccesstosuchphoneswillbeverywide.Whilethere
werethreatstoprivacylongbeforethedigitalage,thecurrentchallengeshavechanged
signicantlyastheInternethasincreasedthecapabilitiesofgovernments,businesses
andindividualstointrudeontheprivacyofothers.Manycommentatorsnotethatmuch
oftheprivacywepossessedinthepastarosefromdefault–thedifcultiesinvolvedin
monitoringpeopleweretoocomplexorexpensive,technologycouldnotcopeandthere
wasinsufcientortooexpensivemanpower.WiththedevelopmentoftheInternetand
theavailabilityofcheapinteractivedigitalcommunicationstheabilitytomonitorothers
hasbecomeeasier,cheaperandmoreefcient.TheInternethasenormouslyincreased
thepotentialimpactupontheprivacyrightsapersonhasinboththeiridentityandthe
treatmentoftheirpersonaldata.Internetuseandtransactionsgeneratealargeamount
ofpersonalinformationwhichiscentraltothebusinessmodelofcompaniesoperatingon
thenet–howtheseareunderstood,letaloneregulated,inafastchangingtransnational
environmentisamajorchallengeforpolicymakers.
Inbroadterms,theInternet:
• Enablesthecollectionofnewtypesofpersonalinformation
• Facilitates (and economically demands) the collection and location of personal
information
• Creates new capacities for government and private actors to analyse personal
information
• Createsnewopportunitiesforcommercialuseofpersonaldata
• CreatesnewchallengesforregulationgiventhetransnationalnatureoftheInternet.
Weexaminethemoredetailedimplicationsforeachoftheseissuesbelow.
19 ITU World Telecommunication, 2010. Pg16.
14
1.1.1 New types of personal information
Technological advances have developed the tools for collecting and understanding
typesofinformationwhichinthepastwouldhavebeenimpossibleorelseunfeasible.
For example, DNA’s role inheredity was only conrmed in the 1950s, but nowadays

progressingeneticsciencesallowsscientiststoextractaperson’sDNAfromevermore
minutesamples,andtodetermineevermoreaboutan individualfromtheirDNA.The
digitalstorageofDNAisanenormousadvantageinattemptstodealwithcrimeasithas
enabledanumberofcoldcasemurderstoberevisitedandatthesametimehasledtothe
freeingofanumberofinnocentpeoplewronglyconvictedofcrimes.Buttheretentionof
DNAhassignicantprivacyimplications(amongotherissues)asitcancontainavariety
ofsensitivepersonalinformation,suchasapredispositiontocertaindiseases.
Therearesignicantnewdevelopmentsinbiometrics,suchasfacialrecognition,nger
scanning andiris-scanning, whicharebecoming increasinglypopular asamethod to
secureidentication.Suchbiometricdeviceshaveawidevarietyofuses–theyareused
to prevent fraud by retailers andrestaurant owners,toidentify voters in elections, to
provideimmigrationaccess(ratherthanuseapassport),tomaintainattendancerecords
inworkplacesortogainaccesstohigh-securityareas.Whilethereisagreatdealofsocial
utility intheseapplications thereare concerns aboutthecontrol ofsuch digital data,
particularlyquestions ofstorageandaccess.Therehas beenaparticularcontroversy
aboutwholebodyimagingusedatairportsfollowingattemptsbyterroriststosmuggle
bombson planesinsidetheirclothing.Many travellersdisliketheuseof technologies
whichpenetrateclothingandproducewhatisessentiallyanudeimageofanindividual
which is viewed by others. Many nd this to be an invasion of their privacy. These
imagescanrevealdeeplypersonalinformationsuchasthefactthatanindividualhas
hadcosmeticsurgeryorusescolostomybagsbutinanycasemanypeopleregardtheir
clothingasanessentialpartoftheirbodilyprivacy.Againsttheseprivacyconcernsmust
bebalancedthesafetyofpassengersofcoursebutinthesefastmovingcircumstances
strikingtherightbalanceisfraughtwithdifculties.
1.1.2 Collection and location of personal information
Each computer, mobile phone or other device attached to the Internet has a unique
IPaddress,whichprovidesuniqueidentierforeverydeviceandwhichmeansinturn
thattheycanbetraced.Theabilitytolocateanydevicecreatessignicantnewprivacy
challenges. Of the many tools that have been created to track Internet users, two
commonexamplesarecookiesandwebbugs.Cookiesaresmallpiecesoftextwhich

webbrowsersstoreonauser’scomputer.Thecookie‘registers’withthewebbrowser
eachtimetheuseraccessesthatbrowserandcanbeusedforsessiontracking,storing
sitepreferences,authenticationetc.Userscandecidewhetherornottoacceptcookies
bychangingsettingsontheirbrowsersoftware,butsomesitesbecomeunusablewithout
them.Webbugsareusuallyinvisibletotheuser(theyaretypicallyonly1x1pixelinsize)
andareembeddedinwebpagesandemails.Whenthepage/emailcontainingtheweb
bugisviewed,itsendsinformationbacktotheserver(includingtheIPaddressofthe
user,thetimeanddatethatthepage/emailwasviewedandthebrowseritwasviewed
on).
AnIPaddresscanbetiedtoaperson’sphysicalidentityinmanyways.Manywebsites
and ISPs have developed authentication systems which involve identity disclosure
15
(particularly during electronic commercial transactions); many applications require
personale-mailorotherformsofidentication,governmentsmayrequireInternetusers
to register theirIP addresses,or identity canevensometimes bededucedthrougha
person’sonlineactions(seebelow).
AkeyfeatureoftheInternetisitsinteractivitywhencomparedwith“old”technologies
such as the television, radio and telephones. Users are often required to provide
informationaboutthemselveseverystepoftheway–forexample,whatsearchesthey
make, what links they click on, what pages they look at and for how long. A series
of technologicaltoolsand devices are designedtocollect this information(e.g.TiVo,
Xbox360,GoogleBooks).
20
ThisisacentralpartoftheeconomicmodeloftheInternet.
Thedigitalisationofinformationandexpectationoffreeaccessmakestraditionalforms
of income generationmore complexonthe Internet.Successful companies therefore
consciously“mine”personaldatainordertotargetadvertisingatusers.Thereistherefore
adirectandpowerfuleconomicincentivetosecure,retainandsharepersonaldata.This
alsoappliestonon-Internetelectronicactivity.Computerisedbarcodescanbeusedto
trackindividualpurchaseswhichinturnarethenusedtocontrolstocklevelsandtarget

incentives or marketing at those consumers.Computerisedtravelcards, such as the
LondonOystercard,createadigitalpictureofeveryjourneythatcanbeusedtomonitor
citywidepassengermovements–usefulfortransportplanning,butalsofortrackingan
individual’sjourneys.Asthe Internetis used in moreandmore everyday interactions
includingbanking,shoppingandsocialisingpeoplearegivingawaymoreandmoreof
theirpersonaldata,oftenunwittinglyincludingsensitiveinformationabouttheirnances,
heath and eventheirsexuality. These developments allowanever greater amount of
informationtobegatheredand,asLawrenceLessigpointedout,“yourlifebecomesan
ever-increasingrecord”.
21
Watching and locating people ofine has also become much easier using electronic
surveillance.CCTVcamerasandsatellitesareusedtomonitorpublicandprivatespaces,
andareavailabletomoreandmorepeople.Locationalinformationisnowextraordinarily
cheapthroughprivateinitiativessuchasGoogleEarth.GlobalPositioningSystems(GPS)
areincorporatedintomoreandmoreconsumerdevices.Radio-FrequencyIdentication
(RFID)tagsareanotherexample.SuchRFIDtagshavebeenexpensive,butpricesare
fallingandultimatelytheycouldidentify,forexample,notonlytheproductthataconsumer
buysbuthowoftenitisusedandwhere.
22
1.1.3 New capacities for private actors to analyse personal information
Increasedcomputingpowermeansthatvastquantitiesofinformation,oncecollected,
canbecheaplyandefcientlystored,consolidatedandanalysed.Technologicaladvances
allowdatabasesofinformationtobeconnectedtogetherallowingevengreaterquantities
ofdatatobeprocessed.Thepotentialforprivacyviolationsincreasesexponentiallyas
technologiesarecombinedtogether,forexample,linkingfacialrecognitiondatabases(as
usedonFacebookforexample)withCCTVcameraswouldallowtrackingofindividuals
onanunprecedentedscale.
20 Privacy International, 2006
21 Lessig, L. (1999) “Code and the Laws of Cyberspace” Basic Books, New York. Page 152.
22 Martínez-Cabrera, A. (2010) Privacy concerns grow with the use of RFID tags ate.

com/cgi-bin/article.cgi?f=/c/a/2010/09/05/BUCE1F8C1G.DTL
16
Thepracticeofmergingandconsolidatingdifferentinformationaldatabasesispervasive.
Privacyissuesclearlyarisefrommatchingdatafromdifferentsources,forexampletax
dataagainsthealthdataornancedataagainstsocialsecuritydata.Inadditionpersonal
data can be extracted from the various techniques and then matched with publicly
availabledatatobuildadetailedpersonalprole.
TheUS-basedprivacyorganisationEPICstatesthat“collectorsofconsumerinformation
arewillingtocategorise,compile,andsellvirtuallyanyitemofinformation”.Forinstance,
the Medical Marketing Service sells lists of persons suffering from various ailments.
Theselistsarecross-referencedwithinformationregardingage,educationallevel,family
dwellingsize,gender,income,lifestyle,maritalstatus,andpresenceofchildren.Thelist
ofailmentsincludes:diabetes,breastcancer,andheartdisease.Othercompaniessell
databasesofinformationrelatingtoindividuals’lifestylehabits,readingpreferences,and
evenreligion”.
23
Combineddatabaseshavenumeroususes. Theycan beusedfordatamining,which
is“theprocessofndingpatternsininformationcontainedinlargedatabases”
24
.Data
miningitselfhasmanyuses,manyofthembenecialsuchastoidentifypatternsindicating
fraudulentcreditcarduse.Whilesomecommentatorsclaimthatdataminingisneutral,
itcanhaveprivacyimplications.Theminingofdataormergingdataofteninvolvesusing
people’sinformationinawaythattheydidnotconsenttoandarenotevenawareof.
Furthermore,thewidearrayofdatadrawnuponoftenincludespersonaldetailsandcan
easilybelinkedtoindividualswithouttheirknowledge.
Anothercommonuseisdataprolingwhichistheuseofaggregateddatato“identify,
segregate, categorise and generally make decisions about individuals known to the
decisionmakeronlythroughtheircomputerisedprole”
25

.Companiesandgovernments
can use data proling to build comprehensive proles on individuals. EPIC give the
exampleof awoman whosuedtheUS-basedMetromailafteroneof theirdataentry
clerksstalked herbasedon informationshesubmitted inasurvey.Duringthecaseit
emerged that Metromail maintained a 25 page dossier on the woman including “her
income,andinformationonwhenshehadusedhaemorrhoidmedicine”.
26
Inordertoprotectprivacy(andcircumventprivacylaws),companiesoftende-identify
oranonymisethedata.Thisisaprocessofstrippingdataofpersonalidentiers(such
asname,socialsecuritynumber,andIPnumber).However,studiesrevealthatitisoften
possibletorelate‘anonymised’informationbacktoanindividual.Forexample,a1990
studyintheUnitedStatesofAmericafoundthatdatacollectedduringacensus(post
code,birthdateandgender)canbecross-referencedtouniquelyidentify87%oftheir
nationalpopulation.
27
Amorerecentexampleoccurredin2006,whenAOLreleaseduser
searchdatawhichwassupposedlynon-identiable;researcherswereconsequentlyable
23 Rotenburg M. And Hoofnagle C. “Submission to the House Government Reform Committee on
Data Mining” March 25, 2003.
24 Fayyad, U., Grinstein, G. and Wierse, A. (2001) “Information Visualization in Data Mining and
Knowledge Discovery”. Morgan Kaufman Publishers.
25 Netter, W. “The Death of Privacy” Privacy Module I: Data Proling Introduction, University of
Harvard, 2002
26 EPIC, “Privacy and Consumer Proling”
27 Sweeney, L. “Strategies for De-Identifying Patient Data for Research” Carnegie Mellon University,
Data Privacy Lab, 1998 Page 26.
17
toidentifymanyusersthroughthenotunusualphenomenaofvanitysearches,wherean
individualsearchestheirownname.
28

Databasescanbeveryhardtoprotect,especiallywheretheycanbeaccessedremotely
and wheremanypeopleare granted access. This leaves personaldataindatabases
vulnerabletoallsortsofcybercriminals.Additionally,informationisoftenreleasedinto
thepublicdomain.Thisisoftenforlegitimatereasons,butcanraiseprivacyconcerns.
Forexample,theWHOISdatabasecontainsthepersonalcontactdetailsoftheindividual
or organisation that registered each domain name. It is released publicly to allow
network administratorsto easily remedy problems onthe Internet.
29
 Anotherexample
isthemovement,inmanycountries,toreleasepublicrecordsindigitisedformat.Such
information would have been available previously (such as birth, wedding and death
certicates)butnewformatsmaketheinformationincreasinglymoreaccessibleandeasy
tocross-reference.
30
1.1.4 New capacities for governments to analyse personal information
GovernmentsareattemptingtoharnessthepoweroftheInternetacrosstheirfunctions.
Therehasbeenadramaticmovetowardse-governmentasawayofprovidingmorecost-
effectiveandpersonalisedservices.Asaconsequencemanycountriesareattempting
to streamline and coordinate service provision through developing large databases
containingpersonalinformationaboutcitizens.Identitycards,forexample,areinusein
oneformoranotherinvirtuallyallcountriesoftheworld,andcompulsorynationalidentity
cardsareusedinabout100countries.
31
Increasingly,governmentsaremovingtowards
capturingbiometricdataonthecardsandstoringthisinformationonhugedatabases
whichcanbeusedtocertifyaccessto,andmonitoruseof,forexample,socialsecurity,
healthandtravel.
Thereisaparticularlyimportantroleforthesetechnologiesintheeldofcrimeprevention
and prosecution. Even before the so-called “war on terror” many governments were
makinggreatuseofmonitoringtechnologiessuchasCCTVcamerasforthesereasons.

Since9/11thethreatofterrorismhasactedasadriverinmanycountriesforincreased
useofmonitoringmechanisms,ofteninwayswhichareintrusiveandeveninviolationof
existingprivacylaws.Aparticularlypertinentexampleisthatofairtravel.Asmentioned
above,wholebodyimagingscannersarebeingusedortrialledintheUnitedStatesof
America, the United Kingdom of Great Britain and Northern Ireland, India, Australia,
Japan,theRussianFederation,andtheNetherlandsamongothers.
32
Anotherpractice
hasbeentheuseofsecretwatchlists,forexampleinCanadaandtheUnitedStatesof
28 Soghoian, C. (2007) “The Problem of Anonymous Vanity Searches” Indiana University Bloomington
– School of Informatics. Published online />id=953673 Page 1.
29 EPIC “WHOIS” accessed 15/03/10, published online />30 Privacy International, 2006.
31 Privacy International, 1996, ID Card Frequently Asked Questions vacyinternational.
org/article/id-card-frequently-asked-questions
32 Cavoukian, A. “Whole Body Imaging in Airport Scanners: Building in Privacy by Design” Information
& Privacy Commissioner, Ontario, Canada. June 2009 />wholebodyimaging.pdf Page 2.
18
America.
33
Personaldataissubmittedbytravellersasaconditionoftravellingandthis
informationischeckedagainstdatabasesofuncertainprovenance.Dataprolingisused
tocreatealistofpeoplewhoarejudgedtobeasecuritythreat,thelistiscirculatedto
othercountries,andpeopleonthelistareeitherpreventedfromyingoraresubjected
toenhancedsecuritymeasures.Watchlistssometimesbecomepublic;thishasexposed
errors, but stigmatised individuals; other times they have been kept secret which
has meantthat individuals havebeenrefusedavisa without necessarilyhaving been
convictedofanythingorgiventheopportunitytodefendthemselves.
34
Inonefamous
caseintheUnitedKingdomofGreatBritainandNorthernIreland,aprominentMuslim,

YusufIslam(formerlythesingerknown asCatStevens)waspreventedfromtravelling
totheUnitedStatesofAmerica(hisUnitedAirlinesightfromLondontoWashington’s
DullesInternationalAirportwasdivertedtoBangor,Maine,whenUSofcialsreviewing
thepassengerlistdiscoveredhewasaboard).Therewereallegedlyterroristconnections
reasonsbutthesewerenevermadeexplicit,despitehisrecordasaMuslimwhopromoted
peaceandreconciliationamongcommunities.Subsequentlythebanwaslifted.
Somegovernmentshavebeenabletousethesetechnologiestomonitortheactionsof
theircitizens,particularlydissidents,muchmoreintensively.Forexample,theOpenNet
InitiativereportsthatinChinathemostpopularonlineinstantmessenger(QQ)records
users’onlinecommunicationsandreportsonthesetothepolice.In2006,theChinese
MinistryofPublicSecurityannouncedthelaunchofthe“GoldenShield”project,designed
tobecomeanational systemofadigital surveillance.In2008a Chinesestate-owned
mobilephonecompanyrevealedthatithadunlimitedaccesstoitscustomers’dataand
thatitsuppliesthistotheChinesegovernmentonrequest.Themostglaringexample
ofthiswastheChinesegovernment’sattemptin2009toinsistthatsoftwareknownas
GreenDambebuilt into all personal computers soldinChina.
35
 This software would
havemonitoredindividualcomputerbehaviourbyinstallingcomponentsintheoperating
systemandwouldhavegiventheauthoritiesdirectpowertocontrolaccesstocontent
(aswellasallowingremotecontrolofthecomputerrunningthesoftware).
36
Theproposal
wasnallydefeatedthroughtheWTOontradegrounds.Morerecently,therehavebeen
reportsthatChineseauthoritieshavetriedtomakecafes,hotelsandotherbusinessesin
centralBeijinginstallsurveillancetechnologyforthoseusingWi-Fiwhichhasbeenseen
asanotherinstanceoftighteningcontrolsontheuseoftheInternet.
37
The Special Rapporteur on counter-terrorism and human rights has noted examples
ofsurveillance practicesinGermany,Colombia,BangladeshandtheUnitedStates of

America that caused him concern.
38
 A 2007 Privacy International study revealed an
overallworseningofprivacyprotectionsandsafeguards,togetherwithanincreaseinthe
occurrenceofsurveillanceacross47countries.
33 Human Rights Council, Thirteenth session, Agenda item 3. 28 December 2009, A/HRC/13/37
Page 17.
34 Ibid.
35 Opennet Initiative, China’s Green Dam: The Implications of Government Control Encroaching
on the Home PC />encroaching-home-pc
36 Wolchok, S.; Yao, R. and Halderman, A. (2009) Analysis of the Green Dam Censorware System

37 Branagan, T. (2011) China boosts internet surveillance />jul/26/china-boosts-internet-surveillance
38 Human Rights Council, 2009, 19, 20
19
CybercrimeisagrowingproblemontheInternetwithestimatesputtingthecostofonline
theftat$1trillion.
39
Laxsecuritymeasuresandsecuritybreachescanresultincriminals
stealingotherpeople’sdatawhichcanthenbeusedtocommitmanycrimessuchas
fraud,theftorstalking.
Finally, surveillance technologies are being used much more locally, to monitor
behaviouroffamilymembersandofemployees.Insteadofmonitoringemployeeswho
exhibitsuspiciousbehaviour,therewasevidencethatmanyemployerswereinstituting
continuoussystematicsurveillanceintheworkplace.
40
Indeedamarketisdevelopingfor
newtechnologiesassistingemployersinmonitoringtheiremployees,asexempliedby
therecentdevelopmentofnewtechnologythatcandetectcomplexemployeebehaviour
andreportbacktotheemployer–thedevicecandifferentiatebetweenactionssuchas

“scrubbing,sweeping,walking,andevenemptyingarubbishbin”.
41
1.1.5 New opportunities for commercial use of personal data
The Internet has generated a vast amount of economic activity. A recent study by
McKinseyestimatesthatthedirectandindirecteconomiceffectsoftheInternetaccount
for3.4%ofGDPinthe13countriesstudiedbut21%oftheeconomicgrowthintheve
matureeconomies,with2.6jobscreatedforeveryjoblost.
42
InternetcompaniessuchasGoogle,YahooandFacebookhaveaccesstoanastronomical
amountofdata.
43
ThebiggestInternetcompanieshavehugeuserbases(forexample,
Facebookhasover800millionusers
44
)andarebranchingouttocovermoreandmore
interactions(forexample,ausermayuseGoogletolocateinformationonline,sendemails,
displayvideos,shopetc.)Manyoftheservicesprovidedbythesecompaniesarefree
andtheirbusinessmodelsrelyoncollectinguserinformationandusingitformarketing
purposes.Userdatathereforehassignicanteconomicvalue.A1999studydiscovered
that92% ofwebsitesweregatheringatleastonetypeofidentifyinginformationfrom
theirusers(forexampletheirname,emailaddressandpostaladdress)
45
anditcanbe
assumedthatsincethengatheringofinformationhasonlyincreased.Companiesalso
haveatendencytobeverysecretiveaboutwhatinformationtheygatherandhow;as
notedinTheEconomist,thisisasmuchtodowithmaintainingacompetitiveedgeasit
iswithprivacyconcerns.
46
39 Weber, T. Cybercrime threat rising sharply, BBC News, 31/01/09 />business/davos/7862549.stm
40 Bonsor, K. Is your workplace tracking your computer activities? stuffworks.

com/workplace-surveillance1.htm
41 Fitzpatrick, M. “Mobile that allows bosses to snoop on staff developed” BBC News 10/03/2010

42 McKinsey Global Institute, (2011) Internet matters: The Net’s sweeping impact on growth, jobs,
and prosperity />internet_matters.pdf
43 Massimino, E. (2012) Privacy, Free Expression And The Facebook Standard bes.
com/sites/realspin/2012/01/31/privacy-free-expression-and-the-facebook-standard/
44 Protalanski, E. (2012) Facebook has over 845 million users />facebook-has-over-845-million-users/8332
45 Federal Trade Commission, (1999) “Self-regulation and Privacy Online: A Report to Congress”
March 1999, Published online at Page 4.
46 Economist, (2010) “Clicking for Gold: How internet companies prot from data on the web”, in “A
special report on managing information” The Economist, Volume 394, Number 8671
20
Much of this economic activity depends upon Internet intermediaries – the range of
actors,servicesandapplicationsthatfacilitatetransactionsbetweenthirdpartiesonthe
Internet,includingforexamplesearchenginesandISPs.Internet-basedcommunications
areincreasinglyreliantontheseintermediariesforaccessing,processingandtransmitting
data.Theincreasingpowerofintermediariesandtheircontroloverpersonaldata,has
given rise to a number of concerns about whether current regulation is sufcient to
protectprivacyrights.Threetypesofintermediariesarouseparticularconcerns–social
networkingsites,cloudcomputingcapacitiesandsearchengines.
Social networking sites
Social networking sites are websites that focus on building and/or reecting social
relationsamongpeople.Somefacilitatevirtual“friendships”withpeoplewhoarealready
knowntothe userofine,allowingthemtosharephotosandconverse online.Others
concentrateonallowingpeopletomakenewfriends,oftenwithaparticularfocussuch
asworkrelations(LinkedIn)ormusictastes(Pandora).Eachserviceisdifferent,butthe
standardformatallowsuserstocreatetheirownwebpagecontainingvariouspiecesof
personalinformation(suchasdateofbirth, location,interests,name).Userscanthen
linktofriendswhowillbeabletoseetheirinformationandviceversa.Socialnetworking

sitesareverypopular,withhundredsofmillionsofusersbetweenthem.Howeverthere
hasbeengrowingconcernoverprivacyviolationscausedbysuchsites.Someconcerns
relate to media and communications literacy, with many users unaware of the risks
involvedinrevealingpersonalinformationtoothers.Manyusersdonotexerciserestraint
aboutwhotheyallowtoseetheirdata,andmanyusersarebelievedtobefriendpeople
thattheydonotknowwell.Thiscanhaveconsiderableimplicationsgiven,forexample,
thatonFacebooktheaverageuserhas130friendsonthesite.
47
Thisisdiscussedinmore
detailinthefollowingsection.
Cloud computing
Cloudcomputingisanemergingnetworkarchitecturewherebydata,processingpower
orsoftwareis storedon remoteservers,asopposedtoanindividual’s computer,and
madeaccessibleviatheInternet.Differentformsofcloudcomputingexistthatprovide
arangeofservices.Individualsororganisationscaneffectivelyrentcomputingcapacity
from remote service providers. For example, Google’s Apps service allows people to
createandsave spreadsheet and word processing documents online.Otherservices
include collaborativeplatformsthat allow usersaccess to documentssimultaneously,
suchaswikiplatformsandGoogledocs.
48
Cloudcomputingcanyieldanumberofpositivebenets.Forexample,itcanreducethe
costsofbuyingandupdatingsoftwareforsmallbusinessesandorganisations,whichcan
beparticularlyempoweringforuserswithlowlevelsofnancialresourcesindeveloping
countries.Itcanalsoimproveconvenienceforusersthroughallowingthemtoaccess
documents anywhereinthe world,and collaborativelyauthordocuments withpeople
workinginothergeographicallocations.
47 Facebook, (2012) “ Statistics” published online
48 EPIC “Cloud Computing” published online
21
However,cloudcomputingalsoraisesanumberofconcernsfromaprivacyperspective.

As data is stored on a third party’s software, the responsibility for protecting that
informationlieswiththethirdpartyandusersloseadegreeofcontrol.Additionally,laws
coveringcloudcomputingarenotwelldenedsousersarenotassuredoftheprivacy
oftheirdata.Thetermsandconditions(T&Cs)ofusesometimesstatethattheservice
provideris abletoterminateaccountsorremove/editcontentattheirowndiscretion.
Forexample,thisisthecaseforMozy.com,aservicethatallowsuserstobackupthe
informationstoredontheirPCsonline
49
.Thispresentsthedangerthatuserscouldlose
theirpersonal information.ManyT&Cs strictlylimittheliabilityoftheserviceprovider,
whichcouldmeanthatshouldtherebeabreachinsecurityanduserslosetheirpersonal
data,theymaynothaveaccesstoanycompensation.Finallyserviceprovidersoftendo
notaddresswhathappenswithauser’sinformationoncetheyhaveclosedordeletedthe
account.Thisdoesnotalwaysmeanthatinformationisremoved,potentiallyleadingto
privacybreaches
50
.Theprivacyimplicationsofcloudcomputingarediscussedingreater
detailinthefollowingsection.
Search engines
SearchenginesfullacrucialroleasintermediariesontheInternet,allowingindividualsto
ndandaccesscontent.ExamplesincludeGoogle,Bing,Ask.com,andYahoo!Search.
SearchenginestypicallycollectalargeamountofpersonaldataincludingIPaddresses,
searchrequests,togetherwiththetime,dateandlocationofthecomputersubmitting
therequest.Asdiscussedabove,thisinformationcanbepersonallyidentiableandcan
reveal particularly sensitive pieces of information such as a person’s political beliefs,
sexualorientation,religiousbeliefsandmedicalissues.Thisinformationisgenerallyused
formarketingpurposes,howevertherearealsorisksofpublicdisclosureofinformation,
such as AOL’s release of information in 2006 (discussed above). The risks regarding
privacy and other human rights are all the more signicant in countries with limited
protectionsforhumanrights.Thisisdiscussedinmoredetailinthefollowingsection.

49 Ibid
50 Ibid.
22
2. GLOBAL OVERVIEW
OF CHALLENGES AND
OPPORTUNITIES FOR
PRIVACY PROTECTION
ON THE INTERNET
2.1 Key issues
2.1.1 Challenges and opportunities for maintaining control over personal data online
“Nooneshallbesubjectedtoarbitraryinterferencewithhisprivacy,family,
homeorcorrespondence,nortoattacksuponhishonourandreputation.
Everyonehastherighttotheprotectionofthelawagainstsuchinterference
orattacks.”–Article12,UniversalDeclarationofHumanRight.
Protectionofprivacyhaslongbeenenshrinedasacorehumanright.Howeverwithnew
technicaldevelopmentsinrecentdecades,particularlyininformationandcommunication
technologies,thisrighthasbeenincreasinglychallenged.Inresponsetothesedifculties
therehasbeenawaveofdataprotectionlawsindifferentpartsoftheworldsincethe
1980s,whichhave attemptedto safeguardthe personaldataof individuals.However
legislationandpublicpolicyhavehadsignicantdifcultyinkeepingupwithincreasingly
shorttechnology developmentcycles.This problemhasbecomemostevidentonthe
Internet, where it is highly questionable whether the European Union statement that
“everyonehastherighttothe protectionofpersonaldataconcerninghimorher”
51
is
respected. Do individual Internet users have control over their own personal data,
includingoverhowitiscollected,retained,processed,usedanddisclosed?
Inpractice,manyattributesoftheInternetprovehighlychallengingforindividualuser
rightstocontroltheirpersonaldata.ThetransnationalityoftheInternetmakesitdifcult
andattimesimpossibletojudgeacrosswhichcountries,legaljurisdictionsandregions

theirdataisbeingtransmitted.ThespeedandreachofInternetcommunicationsisso
highthatdatamayspreadfarbeyondtheactualcontrolofanindividualwithinlessthana
second.MoreoverthereisasubstantialmarketontheInternetforpersonaldata,whichis
drivenbyadvertising-basedbusinessmodelsinwhichuserspaywiththeirdatainsteadof
providingmonetarypayment.Atthesametimethecostofsuchdataisextraordinarilylow
leadingtensofthousandsofrecordsofpersonaluserdatatobeexchangedatlittleorno
cost.Advancesincomputerisedprocessingtechnologyallowforanincreasingamountof
51 Art. 8.1, Charter of Fundamental Rights of the European Union, 2000.
23
personaldatatobeprocessed.ThemanydifferentpartiesinvolvedindisplayinganInternet
pageonauser’sscreencomplicatethisprocessconsiderably.Increasingconvergence
ofdevicesconnectedtotheInternetalsomakesitparticularlydifculttomaintaincontrol
overpersonal data.Finally,many Internetusershavebecomeaccustomedto clicking
‘Accept’andconsentingtoprovidingtheirdatawithoutspendinganymeaningfulamount
oftimereadingthetermsofserviceorprivacypolicyoftherespectivesite.
The tension between rights and actual control capacity of Internet users over their
personaldatahasledtoextensivedebatesaboutprivacyontheInternet.Thesedebates
typicallyfocusonthelackofusercontrolandempowermentininuencinghowtheirdata
is usedandprocessed, whileemphasisingthe role ofcorporations in controllingand
managingprivatedata.Moreoverthecontrolofprivateactorsisfrequentlycontrasted
withthatofpublicauthorities,whichareseenaseitherunableorunwillingtoenforce
substantiveprotectionsofusers’personaldata.
These debates can be understood in the context of several basic questions. First
andforemost,thequestionofinformedconsentofusersandhowitcanbeobtained,
guaranteedorevenrevoked.Second,thequestionofthetransparencyand‘readability’
ofprivacypoliciestousers.Third,theabilityofusers,privateactorsandpublicentities
toeffectivelyenforcetheirindividualchoicesaboutpersonaldatausageontheInternet.
Even if most users, private actors and public entities are in agreement, diffusion of
personaldataissuchthatitmayquicklymovebeyondthecapacityofanyoneactorto
control(seeinsetbelowforfurtherdetails).

Fourth, user rights to control their personal data may conict with otherrights,such
astherightofanotherindividualtofreedomofexpression.Asisdiscussedintheinset
belowaboutVisualPrivacyandEdisonChen,therearefrequentconictsbetweenmedia
reportingaboutpublic guresandtheirrightstocontroltheirpersonal data.Fifth,the
problematicroleofpublicauthorities’surveillanceoftheInternetremainsdifcult.Lastly,
the appropriateness of anonymity and pseudonymity online represent an important
componentintheoveralldebateonprivacyprotectionontheInternet.Whileallofthese
questionsareintimatelylinkedtoinformationprivacy,theyalsoprovideananswertothe
broaderchallenge:whatistheInternetwehopetocreate?Whicheverstakeholdergroup,
nationstateorgroupingofactorsthis‘we’mayrepresent,consideringacommonvision
ofafutureInternetmayassistinunderstandinghowtogetthere.Providingsubstantive
answerstothisquestionwillfundamentallyshapetheglobalInternetasawhole.
(I) Visual privacy and Edison Chen
Edison Koon-Hei Chen was one of the leading actors from Hong Kong. He
acted in numerous different regional and international lms and was considered
one of the leading actors in the area, also acting in Hollywood productions such
as The Dark Night. In January 2008 sexual images of Chen together with other
women from the lm industry in China began to surface on the Internet and were
extensively publicised in mainstream media. Although national and international
police authorities were involved in attempting to stop the pictures spreading
24
further, they were seemingly unable to do so.
52
They continued to spread across
the Internet and as a result the name of the actor was one of the top search
terms in China in 2008.
53
A computer technician who repaired Edison Chen’s
laptop was eventually convicted for having stolen the pictures while repairing it
in 2007.

54
Once the pictures had made their way online they became extremely
difcult if not impossible to remove. In this context the massive public demand for
the images ensured their widespread distribution. The widespread republication of
and associated demand for images was clearly violating personal privacy and the
massive public demand for such images raises questions about how to foster a
culture of information privacy.
2.1.2 Initiatives to protect privacy and anonymity online
Inresponseto manyofthese questionsavariety ofinitiativeshavesprunguponthe
Internettoprotecttheprivacyofindividuals.Inthis,thereisextraordinaryimportancein
civilsocietyinitiatingandorganisinginitiativestoprotectprivacyandanonymityonline.
Thisroleisreectedinthemanyimportantinitiativescivilsocietyhasspearheaded.Inthis
contextoneofthemostimportantinitiativeshasbeentoraiseawarenessandeducation
ofusersabouttheimportanceoftheirprivacyandhowitcanbeprotected.Important
examplesincludethe‘SurveillanceSelfDefence’projectcreatedbytheElectronicFrontier
Foundation(EFF),BigBrotherInc.’aprojectprolingcompaniesexportingsurveillance
technologiesand‘MeandmyownShadow’whichisanawarenessraisingcampaignby
theNGOTacticalTech.
(II) Citizens initiative on data retention
One of the most remarkable user initiatives for the protection of privacy and
anonymity on the Internet is the German citizen initiative on data retention. Over
34,000 citizens initiated a mass constitutional complaint against the newly passed
German data retention law with the German Constitutional Court in 2007.
55
This
massive class action represents the largest joint case ever brought to the German
constitutional court. The lawyers involved took several months to process the
signatures and submit them to the court. The constitutional court initially issued
a preliminary injunction against the new data retention law in 2008 and eventually
declared the data retention law unconstitutional in 2010.

56
As very few constitutional
complaints are even accepted by the German constitutional court and only around
52 Pang, D., Chen, B., & Lee, D. (2008). Eight now held in internet sex probe. The Standard. Retrieved
December 13, 2011, from />id=61125&sid=17431562&con_type=3#.
53 Google. (2008). Google Zeitgeist 2008. Retrieved December 13, 2011, from gle.
com/intl/en/press/zeitgeist2008/world.html#top.
54 Pomfret, J. (2009). Technician guilty in Edison Chen sex pictures trial. Victoria News. Retrieved
December 13, 2011, from />55 Initiative Vorratsdatenspeicherung. (2011). Stoppt die Vorratsdatenspeicherung. Retrieved December
13, 2011, from />56 BVerfG, 1 BvR 256/08 on the 2.3.2010, Paragraph-Nr. (1 - 345), />entscheidungen/rs20100302_1bvr025608.html.