8th Internet, Law and Politics Congress (VII). Privacy and electronic commerce

Notes from the 8th Internet, Law and Politics Congress: Challenges and Opportunities of Online Entertainment, organized by the Open University of Catalonia, School of Law and Political Science, and held in Barcelona, Spain, on 9-10 July 2012. More notes on this event: idp2012.

Communications on privacy and electronic commerce.
Chairs: Mª Rosa Llácer Matacás. Professor of Civil Law. University of Barcelona.

Handling cookies within the european union: making the cookies crumble?
Eleni Kosta, Senior Research Fellow, Interdisciplinary Centre for Law and ICT (ICRI)-KU Leuven (Belgium).

Old cookies provision: only in electronic communications, for storing information or gaining access to some information, resident in the user’s computer, and whose usage the user had the right to object. Now, the new requirements require explicit consent after having been provided with clear and comprehensive information. And it includes not only electronic communications, but also other digital devices like CDs, DVDs, USB keys, etc. that sometimes install software or put/retrieve information from the user’s device.

There is also a huge difference between first-party cookies and third-party cookies, the latter the more dangerous/risky in terms of privacy.

After this change, both local regulation and browser technologies may require some update to accomplish the new requirements of the law.

Nuevos retos de la regulación jurídica y deontológica de la publicidad en las redes sociales.
Esther Martínez Pastor, Prof. Contratado Doctor. Universidad Rey Juan Carlos; Mercedes Muñoz Saldaña, Prof. Contratado Doctor. Universidad de Navarra.

What is the balance between the customer/user and the business in social networking sites, when the latter would like to have as much data as possible from the user, while the user increasingly aims towards more privacy. Added to this, the basic user does not know much about technology and does not know what a cookie is, less how to enable/disable them. That the EU law plans that websites ask the users for consent is a contradiction if we take into account how knowledgeable in technology is the basic user.

Maybe we should educate the user, but not on technical terms but plain English.

On the other hand, from the advertising businesses point of view, it is becoming increasingly difficult to know what is the regulatory framework that applies to one’s business at a given time.

El reto de la protección de datos de las personas mayores en la sociedad del ocio digital.
Isidro Gómez-Juárez Sidera, Doctorando, Facultad de Administración y Dirección de Empresas, Universitat Politècnica de València; María de Miguel Molina, Profesora Titular, Departamento de Organización de Empresas, Universitat Politècnica de València.

We are increasingly speaking about two collectives within the broader concept of elderly people: the third age (65-80 y.o.) and the fouth age (+80 y.o.). Minors are a major concern of authorities and are widely protected, but it does not happen the same with our elders. And it is just a fact that elders are usually non-tech savvy / digitally illiterate and suffer from a lot of threats to their privacy, scam, etc.

A research was carried on to perform a SWOT analysis on elders and online entertainment. Besides digital literacy, elderly people require a lot of information. On another train of thought, we should distinguish between legal practices and ethical practices. Sometimes law just won’t catch up with all walks of practices, partly because it enters the field of ethical practices and being informed about such practices.

After information, autonomy of will and control (over one’s data) are a must.

PNR and SWIFT Agreements. External Relations of the EU on Data Protection Matters.
Cristina Blasi Casagran, Researcher, Law Department, European University Institute, Florence (Italy).

The EU and the US have signed several (4 so far) agreements to share personal name records (PNR) since 9/11 attacks. The agreements were aimed at fighting international terrorism and had to accomplish with the current law on data protection. After the Treaty of Lisbon (2007), the European Parliament gained competence to veto some specific agreements, and that is why the newest PNR agreement with the US (2012) was vetoed.

Current treaties (US, Australia, Canada) ask for data retention in source countries and data is transferred under a push system: it is not the country that wants the data that asks for it, but the country that gathers the data the one that transfers it to third countries.

Concerning the sharing of data from financial transactions or SWIFT agreements there have been 3 of them: the TFTP in 2001 and two SWIFT agreements in 2009 and 2020.

After many agreements for sharing data, do we have a US-EU framework agreement on data protection? No, we don’t. We have a clear unbalance between security and privacy, and a clear bias towards or influence of the US legal system.

8th Internet, Law and Politics Conference (2012)