chapter 12 Flashcards
International Covenant on Civil and Political Rights
recognises the right to privacy on the global level.
tort law
protects US citizens against direct and obvious violations of privacy.
Fourth Amendment (US Constitution)
protects citizens against unreasonable searches and seizures by the government.
reasonable expectation of privacy
the government may not in principle interfere with privacy when a citizen has reasonable expectation to be private, unless it is authorised by special means. the Supreme Court first applies a subjective test, and then the objective test. private areas are eg. someone’s home or office. public areas are not protected under the Fourth Amendment.
subjective test
test to establish whether the individual involved feels that his privacy is violated.
objective test
test that reviews what society in general would think about whether an individual’s privacy is violated.
Fourteenth Amendment
recognises the right to liberty, which encompasses privacy aspects in the sphere of family life and self determination. eg. the court has declared state laws unconstitutional that violated the right to choose the type of school you prefer, the free choice to use contraception or not, etc.
state constitutions
a general right to privacy is recognised in the Constitution of some US States.
Federal laws
regulate some aspects of privacy further. it also regulated topic by topic, instead of a general approach. it regulates both public and private law aspects but always in separate acts.
Privacy Act (1974)
basically requires government employees to collect only the private data of citizens when it is proportionate to its legitimate goal. this includes that the government should obtain the data preferably from citizens and only use it when absolutely necessary.
privacy of communication
includes that the content of email correspondence is private, but not always with public affairs or in employment.
Patriot Act (2001)
includes that in case of suspected terrorism, the posibilities to gather digital communication are much broader.
Electronic Communications Privacy Act
includes a prohibition to install pen registers or tap and trace devices without a courts permit. Internet Service Providers are excepted when it is necessary to protect the provider or users from unlawful or abusive use.
intrusion on seclusion
applies when someone intentionally intrudes the privacy of someone else.
appropriation/right of publicity
applies when someone uses someone else’s name or likeliness without permission for commercial purposes.
public disclosure
applies when someone publicly discloses private fact of someone else.
defamation/tort of false light
the inflicting of harm on someone’s reputation by spreading false statements.
Regulation 2016/679
regulates the privacy protection of individuals in private legal relations. it only protects personal data.
Directive 2016/680
regulates the privacy protection in public legal relations.
personal data
any information relating to an identified or identifiable natural person.
direct identification
usually the name of an individual is involved.
indirect identification
when data ultimately leads to the identification of a person, eg. when a combination of data can only lead to one individual.
‘processing’
Regulation 2016/679 only applies if one uses the data in some way. this is defined as an operation that is performed on personal data.
controller
the one (natural or legal person) who determines the purposes and means of the processing of personal data. this is the one who the Regulation for the majort part holds accountable.
processor
the one (natural or legal person) who actually processes the personal data on behalf of the controller.
recipient
the one (natural or legal person) to whom the personal data is disclosed.
principle of lawfulness, fairness, and transparency
means that data procession should at all times by in compliance with European and domestic legislation. it also means that a data subject should be made aware of the data processing, and understand what will happen with the personal data.
principle of purpose limitation
means that data is collected for specified, explicit, and legitimate purposes. data should be processed for vague purposes. also, data should not be further processedin a manner that is incompatible with this legitimate purpose.
principle of data minimisation/principle of proportionality
implies that the processed data should be adequate, relevant, and limited to what is necessary. processing should also be proportionate to the legitimate goal.
principle of accuracy
means that personal data which is processed should be accurate, and when necessary, kept up to date.
principle of storage limitation
means that the data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purpose.
principle of integrity and confidentiality
means that the personal data must be processed in a manner that ensures appropriate security of the personal data.
principle of accountability
basically means that at any time, the controller is responsible for the data processing, and liable for any violations of privacy laws.
click-wrap agreement
when a data subject gives consent actively by eg. ticking the box on a website.
browse-wrap agreement
when consent is assumed when a consumer visits a website or makes use of a service.
safe harbour principles
enable US companies to process personal data of EU citizens in line with EU privacy laws.