UPC, Den Haag, 12 december 2013

Alles van waarde is weerloos Nico van Eijk ECP/UPC, Den Haag, 12 december 2013

Instituut voor Informatierecht (IViR)

2

SIGINT-programma      

Grootschalig digitaal informatie vergaren Aftappen van servers internetbedrijven Medewerking internetbedrijven Aftappen telefoonverkeer Verzamelen verkeers- en locatiegegevens Enz.

Instituut voor Informatierecht - IViR

3

Instituut voor Informatierecht - IViR

4

Instituut voor Informatierecht - IViR

5

Nederland

Instituut voor Informatierecht - IViR

6

Kritisch Parlement

    

Rol AIVD/MIVD Gebruik van besmette informatie Afluisteren Nederlandse bedrijfsleven Wat weet de minister nu wel of niet Parlementaire enquête?

Instituut voor Informatierecht - IViR

7

https://bespied-ons-niet.nl/

Instituut voor Informatierecht - IViR

8

Instituut voor Informatierecht - IViR

9

Global Government Surveillance Reform

Instituut voor Informatierecht - IViR

10

Principles 

   

Limiting Governments’ Authority to Collect Users’ Information Oversight and Accountability Transparency About Government Demands Respecting the Free Flow of Information Avoiding Conflicts Among Governments

Instituut voor Informatierecht - IViR

11

http://googlemonitor.com/

Instituut voor Informatierecht - IViR

12











“If you have something you don’t want anyone to know, then maybe you shouldn’t be doing it in the first place” said Google Chairman Eric Schmidt on CNBC. "We know where you are. We know where you've been. We can more or less know what you're thinking about;" said Google Chairman Eric Schmidt per the Atlantic. “We want Google to become the third part of your brain;” said Google co-founder Sergey Brin per Business Insider. "I don't believe society understands what happens when everything is available, knowable and recorded by everyone all the time," Google Chairman Eric Schmidt told the WSJ. “There’s been spying for years and there’s been surveillance for years and so forth, I’m not going to pass judgment on that, it’s the nature of our society” said Google Chairman Eric Schmidt last month per RT. Scott Cleland, http://www.precursorblog.com/

Instituut voor Informatierecht - IViR

13

Instituut voor Informatierecht - IViR

14

Limiting Companies’ Authority to Collect Users’ Information Companies should codify sensible limitations on their ability to compel service providers to disclose user data that balance their need for the data in limited circumstances, users’ reasonable privacy interests, and the impact on trust in the Internet. In addition, companies should limit surveillance to specific, known users for lawful purposes, and should not undertake bulk data collection of Internet communications. Instituut voor Informatierecht - IViR

15

Oversight and Accountability Companies seeking to collect or compel the production of information should do so under a clear legal framework in which executive powers are subject to strong checks and balances. Reviewing courts should be independent and include an adversarial process, and companies should allow important rulings of law to be made public in a timely manner so that the courts are accountable to an informed citizenry. Instituut voor Informatierecht - IViR

16

Transparency About Compagnies Demands 

Transparency is essential to a debate over companies’ surveillance powers and the scope of programs that are administered under those powers. Companies should publish the number and nature of their demands for user information. In addition, companies should also promptly disclose this data publicly.

Instituut voor Informatierecht - IViR

17

Respecting the Free Flow of Information The ability of data to flow or be accessed across borders is essential to a robust 21st century global economy. Companies should permit the transfer of data and should not inhibit access by individuals to lawfully available information that is stored outside of the country.

Instituut voor Informatierecht - IViR

18

Avoiding Conflicts Among Governments In order to avoid conflicting laws, there should be a robust, principled, and transparent framework to govern lawful requests for data across jurisdictions, such as improved mutual legal assistance treaty — or “MLAT” — processes. Where the laws of one jurisdiction conflict with the laws of another, it is incumbent upon governments to work together to resolve the conflict. Instituut voor Informatierecht - IViR

19

Instituut voor Informatierecht - IViR

20

Kernelementen o.a. 

 



Expliciete toestemming, doelbeperking behouden; right to erasure/data portabiliteit Verzwaard toezicht: hogere sancties Meer transparantie, functionaris voor gegevensbescherming Versterking jurisdictie, one stop shopping

Instituut voor Informatierecht - IViR

21

Instituut voor Informatierecht - IViR

22

im beschränkung zeigt sich der meister

Instituut voor Informatierecht - IViR

23

Waardevol – volle waarde   

Geen grenzen verkennen Eigen grenzen stellen Kritische instelling 

Focus op (middel)lange termijn



Win-win

Instituut voor Informatierecht - IViR

24

Instituut voor Informatierecht - IViR

25

Post-Graduate Legal Education

Privacy Law and Policy IViR-Summer Course (July 7-11, 2014) http://www.ivir.nl/courses/plp/plp.html

Instituut voor Informatierecht - IViR

26

Prof. dr. N.A.N.M. van Eijk Instituut voor Informatierecht (IViR) Universiteit van Amsterdam email: [email protected] www.ivir.nl

Instituut voor Informatierecht (IViR)

27