BLOGGER TEMPLATES AND TWITTER BACKGROUNDS »

October 9, 2009

DATA PRIVACY

1. INTRODUCTION

2. THE IMPORTANCE OF DATA PROTECTION

3. POSITIONS OF DATA PRIVACY
-Officials Secrets Act (Amendment) 1986
-Bill of Data Protection 2000
-Bill of Freedom of Information 2008
-Bill of DNA Identification 2008
-United Kingdom
-European Union
-Canada
-Hong Kong
-Japan
-The Netherlands
-Brazil
-United States
-Europe

4. RELATED CASES ON DATA PRIVACY


5
. CONVENTIONS AND TREATIES REGARDING DATA PRIVACY
6. DATA PRIVACY DAY

7. CONCLUSION

October 8, 2009

NEWSFLASH

  1. MALAYSIA DNA IDENTIFICATION ACT 2009 HAS BEEN PASSED ON 19TH AUGUST 2009

October 7, 2009

Here we provide readers with the overall winner of the '21st century Privacy' competition from the Data Protection Commissioner. Created by David Chandler, Enda MacNally and Michael Lathrop. Special thanks to YouTube.com

October 3, 2009

INTRODUCTION

In our modern world, privacy is one of the most important rights of an individual. It is an absolute right of a person towards his/her life'. There are many types of privacy and one of it is data privacy. For the purpose of our discussion, we would like to stress that we actually focusing on the law of data privacy in Malaysia but still referring on the law in other countries.

What is data? And, what is privacy? And, what is data privacy?

Data

Generally, data means a collection of information and facts. In the world of computer, data refers to users and variety of files such as email, music and video files and etc. Data can exist on a piece of paper, in electronics memory (such as phone memory, computer hard disk and etc). In Malaysia, the meaning of data is illustrated by Section 2 of the Computer Crimes Act 1997. According to this section, data means representation of information or concept prepare or being prepared in an appropriate form for the use of computer.

Privacy

We quote the words from Bill Gates in the book of Privacy and Data Protection which stated that 'loss of privacy is a major worry where the network is concern'. In 1995, According to Allan Westin, in the same book, express that there is no definition of privacy is possible because privacy is matters of values, interests, and powers. Basically, it can be defined as a person can freely choose under any circumstances and how do they express themselves and their attitudes towards others. In addition, it is a natural right of a person which allow us to do something without others intervention. For example, A is a celebrity, so, she should has a privacy in her personal life. In Malaysia, there is no specific definition of privacy even in Cyber Crimes Act 1997.

Now, we already know the meaning of data and the meaning of privacy. So, what is data privacy? To what extend data privacy covers and protects person privacy? According to wordiQ.com, data privacy is a relationship between data, technology, legal right and public expectation of privacy. The examples of data privacy are such as in health, financial and etc.

October 1, 2009

DEFINITIONS OF DATA, PRIVACY AND DATA PRIVACY

Its better for us to provide you with several definitions of data, privacy and data privacy for reader's convenient.


Definitions of data

According to Whatis.com, data is information that has been translated into a form that is more convenient to move or process. Relative to today's computers and transmission media, data is information converted to binary digital form.

Besides, according to Webopedia Computer Dictionary, data is a Distinct pieces of information usually formatted in a special way. All software is divided into two general categories: data and programs. Programs are collections of instructions for manipulating data. Therefore we can say that data can exist in a variety of forms such as numbers or text on pieces of paper, as bits and biter stores in electronic memory or as facts stored in a person's mind. Strictly speaking, data is the plural of datum, a single piece of information. In practice, however, people use data as both the singular and plural form of the word.

On the other hand, Wikipedia.com defines data as pieces of information that represent the qualitative or quantitative attributes of a variable or set of variables. Data (plural of "datum", which is seldom used) are typically the results of measurements and can be the basis of graph, images or observations of a set of variables. Data are often viewed as the lowest level of abstraction from which information and knowledge are derived.

Other definitions of data can be acquired from Web Definitions of Data provided by Google.com

Therefore, we can conclude that data is actually the information that we may read and process located in the computer which actually converted to binary digital form. The keyword of data is information where all data represent information for the users.

Definitions of privacy

Besides data, readers should be provided with the definition of privacy in order to give clear understanding regarding data privacy.

According to Whatis.com, privacy concerning on the internet can be divided into three main issues which are:
  • What personal information can be shared with whom
  • Whether messages can be exchanged without anyone else seeing them
  • Whether and how one can send messages anonymously

Kindly click here for further reading and understanding regarding privacy on the net.

YourDictionary.com define privacy as the quality or condition of being private, withdrawal from company or public view or seclusion

Besides, further definitions of privacy can be known in Word Definition on the Web provided by Google.com

Definitions of data privacy

Clear of the definitions of data and privacy, lets look at the definitions of data privacy itself in order to for the purpose of the creation of this blog.

According to Wikipedia.com, data privacy is the relationship between collection and dissemination of data, technology, the public expectation of privacy, and the legal and political issues surrounding them.

Answers. com defines data privacy as security measures and devices employed by the accountant to assure that confidential information (e.g., client files) are not improperly accessed.

Besides, KnowledgeRush.com defines data privacy as to the evolving relationship between technology and the legal right to, or public expectation of privacy in the collection and sharing of data.

For the conclusion, It can be said that data privacy is the right of users towards the data. Any interventions towards the data should be charged under civil proceeding in order to ensure the just application of law itself.

September 26, 2009

THE IMPORTANCE OF DATA PROTECTION

Imagine this situation. Normally, when you book the flight’s ticket, you always will give your personal data such as National Registration Identity Card (NRIC) numbers, full name, address, and passport number to the flight’s company. All these information are your data privacy. Let’s say, the flight’s company uses this personal data for other purpose without asks your permission. It is has any legal action that you can takes against that company? Actually, it is very hard for you to take any legal action because in Malaysia there is no clear provision that govern on this issue. Can you imagine what will happen to you if the personal data that you give for other purpose had been use for something else without asks your permission but you do not have any right to take any legal action because no reference has been made to the existing law, neither any examination made to see if any relevant legal protection may be afforded to protect the personal data of individuals.

Based on the article “Poor privacy protection in Malaysia, says Privacy International” (http://beritaberita.livejournal.com/100490.html), Malaysia scored miserably in the international ranking on privacy for 2007. In the International Privacy Ranking released on 28 December 2007, Malaysia shared the last spot with China and Russia and categorised as “endemic surveillance societies”. Malaysia’s poor record in privacy protection was said to be because of the absence of right to privacy in the constitution and other laws. The Centre for Independent Journalism executive director Gayathry Venkiteswaran said there is generally very little appreciation for privacy and data protection in Malaysia, and individual information is easily available to the authorities and other parties. She also said that individual information is not protected and can be use virtually by anyone for any purpose, but the authorities protect public interest information such as development deals, concessionaire agreements and consultancy agreements secret under the Official Secrets Act.

To protect personal data, Malaysia prepared the draft legislation in 1998, but it has yet to be tabled in Parliament. There are several reasons that make it necessary to have legislation to regulate this aspect. Among the reasons are (“Protection of Online Privacy & Its Impact on E-Commerce” by Hurriyah El Islamy):

1. The ability of technology to gather, retrieve, disseminate and manipulate personal data has given rise to concerns that the privacy of the individuals can be easily compromised and abused.

2. Security and privacy are often cited as some of the main reasons for the slow growth of electronic transactions.

3. The legislation may promote e-commerce in the country, as the availability of legal protection of personal data will encourage the consumers to transact online.

4. Having legislation is necessary for some countries to counter the effect of regulation that gives room for activities that may amount to privacy intrusion, such as unwarranted police wiretapping or corporate abuse of information.

5. There is a need to respond to legislative developments in other parts of the world in order to lift the data-sharing restriction imposed by several states’ legislation.

6. The last reason is one of main concerns to many countries in disregard of the countries’ preference of the method to regulate the flow of information over the Internet.

Most of the countries have been enacted the statues related to data protection in order to protect personal data against misuse by irresponsible parties. Therefore, with statues that governs personal data (i.e. Data Protection Act) we have the right to take any legal action, if anything happen to our personal data. Besides that, the protection to personal data is also important to provide safeguards against abuse of some provisions that permit the commission of some acts that would otherwise amount to invasion of data privacy. In example, section 79 of the Digital Signatures Act 1997 provides that a police officer conducting a search with or without warrant (in accordance with sections 77 and 79 respectively) shall be given access to computerised data whether stored in a computer or otherwise (s. 79(1)). Without the availability of legal provision that provides protection to personal data, these provisions and any other provision of similar nature can easily be abused. To protect from all these happen, we need legal provision on this issue.

In conclusion, in Malaysia our personal data is not protected because there is no clear provision that govern our personal data. Therefore, the Parliament should pass the Bill of Personal Data Protection to ensure our personal data will be protected.

September 13, 2009

POSITION OF DATA PRIVACY IN MALAYSIA

Position of Data Privacy in Malaysia

Introduction


Most of the country around the world such as US, Europe countries and etc has their own law that governs their data privacy. The third world countries or in other words developing countries such as Malaysia eventually realize the importance to protect personal data. The advancement of technology and also the increasing number of cases on cyber crimes in Malaysia shows that there is a need to enact law on data privacy. Expert in Cyber Law and also former dean in University Malaya, Prof Abu Bakar Munir in his comment stated that, ‘the recommendation to enact law relating to data privacy in Malaysia had been voice out since 10 years ago and comparing with other countries in Europe or even Asian countries, Malaysia had been left far away backward regarding this issue’- Bernama. Despite of that, bill regarding protection of data privacy will be table in the parliament in October by the Minister of Communication and Culture, Datuk Seri Dr Rais Yatim.




Generally protect the data of the government whether it is state or federal government. The government servant must not reveal information or data to anyone unauthorized by the government to have the information or data. The specific scope of this Act which only covers and apply to government servant and protect the official information and data only. How about our personal data? It seems that the Act is not relevant to be relied if there is an exposure of our personal information to irresponsibility bodies, organizations or individuals.




Purposely, the bill being introduced to protect the personal data in Malaysia, but if there are exceptions in the Act for certain organizations or bodies or even government to uses the data for some reasons the act will be ineffective measurement to it purpose. However, Datuk Seri Dr Rais Yatim stated that the Act only will be applied in the private sector and not the government. In contrast, Prof Abu Bakar Munir suggested that the Act should be imposed strictly without any exceptions also intervention and interest of others (political or personal interest). Because of the disparity of opinion, critical discussion should be held and majority opinions of expertise should be took into consideration to make the Act more effective and relevant to be implemented. The question that needs to be answered is to what extent the Act is sufficient to preserve and protect personal data?




For your information, despite of the bill on protection of data privacy, the other bill that will be table is the Bill of Freedom of Information 2008. The purpose of the Act has become constitutional issue and highly debated by politicians and academicians in Malaysia. The bill has been introduced by the opposition party and the Chief Minister of Selangor stated that the bill will be table in the State Assemblies (as enactment) in November. Because of that , the opposition party suggested that the bill will be table in the Parliament (as an Act). Moreover, the establishment of the bill is to uphold the freedom of speech under the Article 10 of the Federal Constitution. The bill provided that anyone (private or public sector) can file an application to obtain personal information of others with sufficient and reasonable reason. If the responsible body or organization refused, there are subjected to civil and criminal proceeding under Schedule 8 of the bill. Schedule 4 of the bill provided the exceptions for those who refuse to give the information needed. The Bill of Freedom of Information 2008 which gives freedom to obtain information of a person maybe conflicting with the Bill of Protection of Data Privacy which does not allow the exposure of anyone information. Thus, Parliament should noted the problems and further discuss on this issue for the benefit of the public at large.




This bill is known as DNA data bank. This bill had been critically comment by a lot of people. However, there are need to implement this Act;

1. Improving the police’s solving rate further.
2. To mitigate the CSI mistake which sometimes help criminals to escape.

In contrast;

1. As an evidence in court, so, the impact on the judicial process. Police have a batter title to decide a case.
2. Infringe personal right to privacy
3. The head of DNA data bank has sole discretion to destroy the sample which may leads to misuse, abuse and injustice of the data as conclusive evidence in court.

Conclusion

The implementation of the Act and table of the Bills should be specified and should not related with any political interest or personal interest. The Act or Bills should be enacted for the purpose of the public solely. Thus, whether the Act or Bills are relevant or not it depends on the current situations and the interest of the legislative body to legislate the law.

September 5, 2009

POSITION OF DATA PRIVACY IN OTHER COUNTRIES

Each country has their own law on data privacy. The following list contains of data privacy law by some county or region in this world.There are as follow:

United Kingdom: UK Data Protection Act 1998
The existence of UK Data Protection Act 1998 provides comprehensive data protection in United Kingdom.
European Union: European Union Data Protection Directive 1998
It deals on the protection of individual with regards to the processing of personal data and on the free movement on such data. It is also the world's most comprehensive data protection legislation.
Canada: The Privacy Act-July 1983
Hong Kong: Personal Data Ordinance(The Ordinance)
Japan: Personal Information Protection Law ( Act )
Basically, the purpose of the Act is to protects the rights and interest of individuals.
Netherlands: Personal Data Protection Act 2000
Brazil: currently the privacy protection governed by Article 5 of the 1988 Constitution where it generally stated that all persons are equal before the law, Brazilians and foreigners residing in the country being ensured of inviolability of the right to life, to liberty, to equality, to security and property.

Data protection in United State.

The right to privacy was recognized in several international agreement such as Article 12 of the Universal Declaration of Human Rights where it stated that no one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks his honour or reputation. It also suggested that everyone has right to the protection of law. In United States, there is no comprehensive data protection legislation.The term privacy does not stated in US Constitution. However, US Supreme Court has ruled the right to privacy from various amendment to the constitution. The US Supreme Court first recognized the right to information privacy in the case of Whalen v. Roe. Since there was no comprehensive data protection legislation, there has been number of law that been enacted based on the court and also international agreement.The most important act that can be refer is the Privacy Act of 1974 and also The Computer Security Act of 1987.These two laws specifically deals with personal information held by federal government and do not have any authority over the collection of personal information held by the private sectors. The Privacy Act is to protect personal information in federal data bases and it also give individual some rights over information contained in those databases.The basic principles in both act is to provide individual with the right of access to information about themselves and it requires that personal information only can be disclosed with the individual consent. Besides that, another law that provide for data privacy protection is The Computer Security Act of 1987. It deals with personal information in the federal record systems and it also give protection towards the security of sensitive personal information in federal record system.

Data protection in Europe.

In Europe country, there are two national policies that deals with data privacy protection. The related law are Council of Europe's Convention on Data Protection and also Europe Data Directive. In Europe privacy law, it covers the privacy protection both for public and also private sectors. The Convention recognized the right to privacy as one of the fundamental human rights.The council concern with the processing of personal data and in the late of 1960's , one survey had been conducted with regards to human rights. Based on the surveys, it concluded that the existing law did not provide adequate protection of individuals . Due to that concerns, there are lots of efforts to solve the problems in order to give better protection of individuals.

Meanwhile, the EU Data Directive was adopted in October 1995 . It is specifically acknowledged the individual rights to privacy.
The EU Data Privacy sets standards for the treatment of the of personal data collected from individuals, the right for individuals to access, notification and correction.

In conclusion, Malaysia does not have a comprehensive data protection as in other countries. If we compared the law of data protection in US, when the US citizens deals with the government bodies, their data privacy will be protected. However, if someone dealing with individuals or business, there is no clear provisions regarding the data protection.This situation is different in United Kingdom where they have sufficient data protection because they have UK Data Protection Act 1998(Article: Information Privacy in Malaysia: A Legal Prospective [2005)]1 MLJ xxv.)

RELATED CASES WITH DATA PRIVACY

Case 1

Durant v Financial Services Authority [2003] EWCA Civ 1746

This case is about the claimant or the appellant, Mr Michael John Durant who seeks disclosure of information that he claims to be his personal data under section 7 of Data Protection Act 1998. When Mr Michael claims his personal data, Financial Services Authority response to it but refuse to give further information to the when the claimant seek for further disclosure.

Therefore the appeal give the public opportunity to know the proper interpretation of certain provisions of the Act in order to know the individual right to disclosure his personal data held by others. Mr Durant claim for the disclosure because he has lost the litigation against Barclay Bank PLS thus sought disclosure of various records in connection with the dispute.

The judge held that the information, seek by Mr Durant is not 'personal data' within the meaning of the Act thus dismiss the appeal. For further reading, click here.

Case 2

Criminal Proceedings v Lindqvist (Case C101/01) [2004] All ER (EC) 561

This case is about the defendant who set up a homepage on the internet. She set up internet pages at home on his personal computer to allow parishioners to obtain information they might need. The pages containes information about the applicant and her 18 colleagues in the parish including their:
  • full names
  • some of first names
  • jobs
  • hobbies
  • family circumstances
  • telephone numbers
She also stated that one colleague had injured on foot and was on half time on medical ground, She do not get consent to disclose all this information.

The public prosecutor brought a prosecution against the defendant, charging her under Swedish Law on Personal Data on the ground that she had possessed personal data without giving notification.

It was held that all her actions fall within the definition of Article 3(1) of European Parliament and Council Directive 95/96. Besides, such processing personal data is not covered by any exceptions in Article 3(2) of the Directive. There is no transfer of data to the third country nor in conflict with the general principle of freedom of expression of other freedoms. Order accordingly.

For further reading, click here.

Case 3

Murray v Big Picture [2008] 2 FLR 599

This case is about invasion of personal privacy. The child's mother was world famous popular author namely the author of Harry Potter books which she wrote under the name of JK Rowling. The parent had taken necessary steps to secure and maintain the privacy and their child was never exposed to the public. When the child at age one year old, a photographer had took a picture of the child and his parent at public place. The photo was sold to national organization and due to that it was published in a magazine. The child issue proceedings against the photography agency and seeking injunction to prevent the photo from being publicize without his consent. The child also asks for damages on the ground of infringement of his right to privacy under Art 8 of the European Convention for the Protection Of Human Rights and Fundamental Freedoms 1950 and also for the misuse of private information.
The Court of Appeal in allowing the appeal held that the child has his own rights to privacy and the respondent was held to be liable for the infringement of right to privacy. For further reading,please click here.

Case 4

Douglas and others v Hello limited and others [2003] EMLR 585

This case involved a Hollywood celebrity, Catherine Zeta Jones and her husband Michael Douglas.On their wedding day on 18 November 2000, they had sold an exclusive right to published all the wedding photos to OK! magazines only. The dispute kicked off when one photographer,not from OK! magazine had enter the Douglases's wedding and sold of his unauthorised photograph of the wedding to Hello! magazine. The claimant commenced these proceeding by applying for an injunction to prevent publication of unauthorized photographs in Hello! magazine. The Douglases also sought damages from Hello! for breach of privacy and meanwhile OK! magazine sought compensation for the loss of its exclusive rights to publish.
The court of appeal held that in this case the the protected information was the photograph of the Douglases's wedding. By applying the test propounded by House of Lords in Campbell v MGN, the court found that photographs of the wedding is fell within the protection of the law of confidentiality as extended to cover private or personal information.

For further reading,click here.

September 3, 2009

CONVENTIONS AND TREATIES REGARDING DATA PRIVACY

1. The Council of Europe (CE) Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data;

2. The Organization for Economic Cooperation and Development (OECD) Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data;

3. European Union’s Directive 95/46/EC on the Protection of Individuals with Regard to the Processing of Personal Data (Data Protection Directive);

Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data

Date of release:28th January 1981.
Place:Strasbourg.
Organizer:Council of Europe.
Objective:Article 1

“Object and Purpose”

The purpose of this convention is to secure in the territory of each Party for every individual, whatever his nationality or residence, respect for his rights and fundamental freedoms, and in particular his right to privacy, with regard to automatic processing of personal data relating to him ("data protection").”

This convention also provided that those who wanted to be a member of this convention must abide with the requirments needed that is ensuring that their national legislation contains these basic principles in respect of the personal data of every individual on their territory. However, having that as the requirment for being a member state to the convention resulted few problems, which are:

a. if the party of origin offers a higher level of protection of the personal data than the receiving party;

b. if the transfer of data is to a third state not party to the convention.

In 1992 the Consultative Committee of the Convention for the Protection of individuals with regard to Automatic processing of Personal Data elaborated a Model Contract which is used extensively by private operators in order to facilitate transborder flows of data between states which do not ensure equivalent protection of data,.

In order to adapt the general principles set out in the convention to the specific requirements of various sectors of activity in society, a number of recommendations dealing with the following subjects have been adopted by the Council of Europe:

(a) medical databanks (1981);
(b) scientific and other statistical research (1983);
(c) direct marketing (1985); social security (1986);
(d) police records (1987);
(e) employment data (1989);
(f) financial payments and related transactions (1990);
(g) communication of data to third persons by public institutions (1991);
(h) protection of personal data in the field of telecommunications, in particular telephone services (1995);
(i) the protection of medical and genetic data (1997);
(j) the protection of personal data collected and processed for statistical purposes (1997) and for the protection of privacy on the Internet (1999).



September 2, 2009

EU LEGAL FRAMEWORK IN THE FIELD OF PERSONAL DATA PROTECTION

Article 8 of European Convention on Human Rights stated that there is a protection for personal data from it being exploited by others.


EU LEGAL FRAMEWORK IN THE FIELD OF PERSONAL DATA PROTECTION


Convention for Protection of Human Rights and Fundamental Freedoms of the Council of Europe, Rome, 04 November 1950 (also called the "European Convention on Human Rights" and "ECHR")


Convention implementing the Schengen Agreement of 14 June 1985 between the Governments of the States of the Benelux Economic Union, the Federal Republic of Germany and the French Republic on the gradual abolition of checks at their common borders, Chapter 3, art. 102-118;


Convention No. 108 of the Council of Europe of January 28, 1981 for the Protection of Individuals with regard to Automatic Processing of Personal Data;


Recommendation No. R (87) 15 of the Council of Europe Committee of Ministers, dated September 17th 1987, regulating the use of personal data in the police sector;


Directive 95/46/ЕC of the European Parliament and of the Council, of 24 October 1995, on the protection of individuals with regard to the processing of personal data and on the free movement of such data;


Regulation 1987/2006 of 20 December 2006 on the establishment, operation and use of the second generation Schengen information system; and


Council Decision 2007/533 of 12 June 2007 on the establishment, operation and use of the second generation Schengen Information System.


Quoted from: http://www.mvr.bg/en/Shengen/data_protection.htm

September 1, 2009

CONCLUSION

Up till October 15, 2009, the position in Malaysia regarding data privacy issues are still not absolutely govern by any specific law as compared to other countries. There have been many attempts by the legislator to pass a law that shall govern data protection. However, the only one that have been passed so far is only the DNA Identification Act 2009. Malaysia is still waiting for the Bill of Data Protection to be passed so that the citizens shall be protected from their data being misused and disclosed freely by others.

DATA PRIVACY DAY

January 28 each year has been declared to be an international holiday since it was made as the ‘Data Privacy Day’. That date was chosen in celebration of the date which the Council of Europe (CE) Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data was opened for signatured for the first time in 1981. House Resolution HR 31 by vote of 402-0 was passed by United States House of Representatives on January 26, 2009 was the one that declared the National Data Privacy Day’ shall be held on January 28 each year. It was later followed by Senate who passed the Senate Resolution 25 also recognizing January 28, 2009 as National Data Privacy Day.

The Data Privacy Day will be celebrated by United States, Canada and 27 other European countries. The main purpose of declaring January 28 as Data Privacy Day is to promote awareness and education among teens across the United States. That day also serves the importance of futhering international collebration and cooperation privacy issues.

The celebration of Data Privacy Day in the United States have invoved all privacy professionals, corporations, government officials, and representatives, academics, and students across the country. In the 2009 celebration of Data Privacy Day, it took place across the Unites States, Canada and Europe. That day has offered many opportunities to the world to learn more about data privacy and to take action to protect personal information. It holds many events like academic conferences on topics including national security and data transfers, social networking and information security