The Congress on Internet, Law and Politics has the aim of continuing the task of reflecting on, analyzing and discussing the main changes taking place in law and politics in the information society. This third congress focuses on the questions that currently represent the most important challenges and new developments in the fields of copyright, data protection, Internet security, problems of responsibility, electronic voting, and the new regulation of e-Administration, as well as dedicating a specific area to the current state of the use of new technologies by law professionals.
Presentation of the session
Esther Mitjans i Perelló, Director of ACPD, the Catalan Data Protection Agency.
There is no more innocence assumption: everyone is potentially guilty, so everyone is watched at. And even worse: it is defended as a democratic action, as everyone is watched out equally.
Self determination in an Information Society
Yves Poullet, Director of the Centre de recherche informatique et droit (CRID), University of Namur.
Left to right: Ricard Martínez, Ester Mitjans, Lucas Murillo, Yves Poullet
Technological landscape: ability to store speech, data, images or any combination; with more capacity on transmission, processing and storage; with almost absolute mobility. It is, hence, becoming more and more possible to literally digitally record the whole life of an individual.
Behind the screen, one actually connects to a lot of servers, besides just the website one intended to visit. And this depends on the technology, which is not neutral: while Mozilla Firefox filters (refuses) most of the connections one would be not aware of, Microsoft Internet Explorer just lets each and everyone in.
Besides privacy: the human dignity and the support of other fundamental liberties such as freedom of choice, of information, of expression.
A shift on Data Protection: from Privacy as a right to opacity, towards Data Protection (beyond Privacy) as a way for ensuring a better equilibrium between the informational powers of Data Control and Data Security (a positive approach). Is there a need, now, for a third generation on data protection?
Personal data has been since long centered on personal data, but now there is a need for a specific regulation of anchorage points (permit correlations) and contact points (i.e. cookies, traffic data and RFID), because identity is no more a prerequisite for data processing afecting individuals. We no more need to know who one person is to contact him or her, even not personally, but i.e. offering him something to buy that he might be interested in (and we even don’t know his name).
And indeed, there are also new actors that need being regulated. We should maybe go towards a system of “products liability” in case of implementation of non privacy compliant terminals.
And new objectives: right not to be excessively controlled, continuously exposed to advertising, etc. and over all, the right to remain anonymous, based on a functional non identifiability (which now the Internet mainly does not allow), a privacy compliant communication terminal.
Lucas Murillo, Supreme Court magistrate, Professor of Constitutional Law.
In his opinion the issue is not privacy itself, but data security, with special stress on those who manage important amounts of data: the Administration and some big private actors (ISPs and so on).
And even if Governments have done (more or less) their homework, private corporations (in general) have not. Hence, he believes that a strong State is absolutely necessary to enforce the Law, and private initiative and/or self-regulation either does not work or it is not guaranteed in front of the user/citizen. Of course, punishing is just the other side of information and good practices fostering.
Ricard Martínez Martínez, Professor of Constitutional Law, UOC School of Law
There’s two options that one can deal with data: according to the law or with the owner’s consent. But consent is fragile: as data are priceless, data hunters set up procedures so tough that the user blindly accepts (consents) giving his data away.
On the other hand, the right of data protection can be understood so wide that maybe it could cover almost anything. It is now only related to communications, but some pressures (i.e. need of more data after 11S attacks to prevent terrorism) might make this constraints shift.