7th Internet, Law and Politics Congress (X). Right to be forgotten, data protection and privacy

Notes from the 7th Internet, Law and Politics Congress: Net Neutrality and other challenges for the future of the Internet, organized by the Open University of Catalonia, School of Law and Political Science, and held in Barcelona, Spain, on 11-12 July 2011. More notes on this event: idp2011.

Track on the Right to be forgotten, data protection and privacy
Chairs: Mònica Vilasau Solana, Lecturer, School of Law and Political Science (UOC)

Pere Simon Castellano
The constitutional regime of the right to oblivion in the Internet

It is the principle of consent the one that gives us the legitimacy to claim for a right to privacy or data protection.

Especially related to search engines (though not only) is the legality of a given content another important factor when claiming for our privacy rights or the right to be forgotten.

Jelena Burnik
Behavioural advertising in electronic communications. A benefit to electronic communication development and an intrusion of individual’s right to privacy and data protection

Behavioural advertising tracks Internet users’ activities online and delivers only relevant advertisements, based on the data collected and analysed over a given period of time. It is normally enabled by cookies, that are placed by websites or advertisements on websites.

Behavioural advertising is defended in the name of relevance of advertisements, enhanced user experience, precise segmentation and less money spent on non-relevant audiences, support to free Internet content and a driver of innovation.

But it is a controversial practice that requires a fair balance between the interests of the industry and the rights of individuals. As cookies assign a unique ID with an IP address, there can be concerns on data protection. On the other hand, cookies are normally placed in the computer by default, while maybe a debate on opt-in vs. opt-out of cookie placing and cookie-based tracking should be considered.

A new “cookie” European directive should aim at shifting from an opt-out principle to an opt-in one, and cookies being placed only under explicit user’s concern. But how is the technological solution for an opt-in cookie principle?

In the US, though, what seems to be more acknowledged is an enhanced opt-out model.

But only true opt-in provides for transparency, and self-regulation of the industry will not suffice.

María Concepción Torres Diaz
Privacy and tracking cookies. A constitutional approach.

It is worth noting the difference between privacy, intimacy and personal data. And cookies can harm privacy. So, users should get all necessary information on cookies and tracking so they can decide whether a specific behaviour puts at stake their privacy. In case the user decides to go on, explicit consent should be provided to the service to perform its tracking activity.

We have to acknowledge that new technologies will bring with them new rights and new threats to old rights. Thus, we should be aware of the new technologies so that the law does not fall behind.

Philipp E. Fischer; Rafael Ferraz Vazquez
Data transfer from Germany or Spain to third countries – Questions of civil liability for privacy rights infringement

There are data transfers at the international level continuously. If those data got “lost”, the operator might have incurred in privacy rights infringement.

The European Directive on data transmission, it has been established that there can be data transmission within the European Union (nationally or internationally) or with 3rd countries with adequate level of data protection. There still are some issues with the US and there are other countries which are simply banned from data transmission between them and member states.

Faye Fangfei Wang
Legal Feasibility for Statistical Methods on Internet as a Source of Data Gathering in the EU

Privacy protection steps: suitable safeguards, duty to inform prior to obtaining consent (transparency), consent, and enforcement. Request for concern should be looked at as a very important step towards privacy protection. Consent must be freely given and informed.

There is an exemption clause in the UK legislation, to be used when gathering some data is strictly necessary for a service to run, or for scientific purposes, etc. But the exception clause must be used legally.

Ricardo Morte Ferrer
The ADAMS database of the Anti Doping World Agency. Data protection problems

The ADAMS database stores whereabouts, reporting where a sportsman is during 3 months, for a daily time span from 6:00 to 23:00 and including a full daily 1h detailed report of their whereabouts. Instead of presuming innocence, this database kind of presumes guiltiness.

That is a lot of information and, being the holder an international agency based in Canada, a threat on data protection as it implies a continuous traffic of personal data internationally.

Inmaculada López-Barajas Perea
Privacy in the Internet and penal research: challenges in justice in a globalized society

The possibility that personal information of citizens can be retrieved, remotely, by law enforcement institutions, is it just the digital version of the usual (and completely legal) surveillance methodologies, or is it something new and something that threatens citizens’ privacy?

More information


7th Internet, Law and Politics Conference (2011)