CitationDownload as .RIS
Emerald Group Publishing Limited
Copyright © 2001, MCB UP Limited
Two of the articles in this month's issue (by Walczuch and Steeghs and by Clarke) address questions related to privacy, which will be the focus of this column. Information and communications technologies (ICT) make it easy for individuals and organizations to transmit and process larger quantities of data. These capabilities can improve the efficiency and quality of day-to-day tasks or enable new kinds of work, but when applied to personal data, the same capabilities pose new kinds of privacy risks. Even when the data is of a sort that is necessarily public or which has always been available in some form, the ability to quickly and efficiently process large volumes of such information creates qualitatively different hazards.
In response to such concerns, some governments, notably within the European Union, have imposed strict limits on how companies can handle personal data. An earlier version of the EU position, "On the protection of individuals with regard to the processing of personal data and on the free movement of such data", can be found at http://www.privacy.org/pi/intl_orgs/ec/final_EU_Data_Protection.html. The directive is implemented by national legislation in each of the EU countries. Privacy International is one organization monitoring the enactment of legislation implementing the European Union's Directive (http://www.privacyinternational.org/issues/compliance/).
The main topic of Walczuch and Steeghs's article is the provision in the directive limiting transfer of data from the EU to countries without equivalent protection laws. An example of an EU evaluation of a third country's data-protection laws (in this case, Canada's) can be found at http://europa.eu.int/comm/internal_market/en/media/dataprot/wpdocs/wp39en.pdf. Because the USA lacks comprehensive privacy legislation, US (and other multinational) companies would be restricted from moving data from the EU to the USA. Walczuch and Steeghs note that individual US companies can overcome this restriction by voluntarily agreeing to abide by the EU standards, a process known as "Safe harbour". Information about the US Safe Harbour program, including requirements, a list of registered companies and other documents, can be found at http://www.export.gov/safeharbor/.
Clarke's article points out that information about an individual's location is increasingly available, creating a new category of privacy threat. The growing use of wireless technologies that follow individuals wherever they go heightens these concerns. For example, the New York Times reported a case of a truck driver who was fired when the location-tracking device in the truck revealed that he had been visiting a strip club (Romero, 2001). Two examples of companies selling such devices can be found at http://www.magnatec.de/ and http://www.esri.com/industries/locationservices/asset_tracking.html. Of course, there are plenty of good reasons for wanting such functionality. For example, US legislation requiring that cell phones be locatable was inspired by the growing number of cellular 911 calls and the difficulty of quickly locating the individuals calling for help, and many companies are busy developing location-dependent services, such as restaurant locators.
The cellular industry, aware of the threat posed by privacy concerns to this nascent location-dependent business, has been actively seeking guidance on how to address them. For example, the Cellular Telecommunications Industry Association (CTIA) submitted a petition (available at http://www.wow-com/lawpol/filing/pdf/ctia112200.pdf) to the US Federal Communication Commission asking for rule making on "location information privacy". In particular, the CTIA suggests that informed consent be required before cellular customers are provided with location-dependent transactions and that data be held securely, though it is less clear what restrictions they envision on use or sharing of location information. Other cellular privacy initiatives are reported from the industry's perspective at http://www.wow-com.com/lawpol/congress/wireless.cfm. The proceedings and some presentations from a recent workshop on this topic can be found at http://www.zeroknowledge.com/conference/privacybydesign/intro.html.
More chilling are the possibilities of implantable location tracking devices over which a user would have little or no control, as discussed by Clarke. A press release from a company called Applied Digital Solutions announcing such a device (Digital Angel1) can be found at http://www.lawandliberty.org/angel.htm. A unique concern about these chips is expressed by some evangelical Christians, who see them as the "Mark of the beast" prophesied in Revelation 13:16-18 (http://www3.bc.sympatico.ca/thegoodnews/report-1.htm).
Of course, privacy is a huge topic, and we have just scratched the surface. On the Internet, there are numerous organizations and Web sites devoted to its discussion. I will mention just two that I found useful in my research:
privacy.org (http://www.privacy.org/), a "site for news, information, and action", is a joint project of The Electronic Privacy Information Center and Privacy International. The site provides brief news articles and links to other privacy resources;
the Electronic Privacy Information Centre (http://www.epic.org/) provides news and other resources.
Finally, and on an unrelated topic, this issue includes a paper on the use of ICT in the real estate industry, by two of my colleagues (Rolf Wigand and Steve Sawyer) and myself. More information about our project can be found at http://crowston.syr.edu/real-estate/.
ReferenceRomero, S. (2001), "Locating devices gain in popularity but raise privacy concerns", New York Times, 4 March.