nach oben

Erschienen in:

2020 | OriginalPaper | Buchkapitel

7. The Law and Data Protection

verfasst von : Ian Berle

Erschienen in: Face Recognition Technology

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

This chapter provides an overview of the range of legislation associated with the regulation of data management. Of special interest here is the status of personal images as ‘data’. The issue of whether photographic or digital images are in fact data creates tensions that until recently did not exist. In other words, the technology has overtaken the legal discourse and has required either that the image data should be assimilated into existing law on a case-by-case basis, or for new laws to be drafted. Therefore, since face recognition is an imaging modality previous statutory instruments are inadequate, and this chapter provides the back-drop to the on-going legal discourse.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Compulsory Visibility?

Nächstes Kapitel The Law and Surveillance

Manson and O’Neill (2007), pp. 97–121.

Westin (1967) and Parent (1983).

Wacks (1989, revised 1993), p. 26.

To be considered below.

The European Community Act 1972.

The state can equally be a business corporation.

See Chap. 3, footnote 26.

Council of the European Union Regulation (EU) 2016/680.

Amos (2006), p. 346.

The antecedent to the General Data Protection Regulation.

Regulation (EU) 2016/680 para 1 op cit.

Wicks (2007), p. 122.

ibid p. 123.

See Eglot (2015).

Mosley v News Group Newspapers Ltd.

ibid Mosley: Eady J at [133] and [134].

European Commission Memo, 27th January2014.

Regulation (EU) 2016/680, op cit. See footnote 45 below.

Nissenbaum (2010).

ibid p. 231.

ibid p. 237.

Schwartz and Solove (2014).

Nissenbaum (2010), pp. 237–238 op cit.

US Constitution: Fourth Amendment.

See Mallon (2003). See fn 24 above.

Katz v. United States, 389 U.S. 347 (1967). Cited by Mallon B op cit.

United States v Dionisio 410 U.S. 1 (1973). Cited by Mallon B ibid.

See Sect. 6.7.

Solove (2011), pp. 100–101.

See Sect. 4.4.

See Whitehead (2013), p. 21.

See Chap. 11.

See Jolly (n.d.), p. 2.

Reuters (2012).

FTC (2012). The FTC performs a similar role to that of EU Information Commissioners though unlike the US, the European data protection laws apply universally to all data in every sector.

Shear (2013).

Jolly I op cit p.5. The Federal Trade Commission Act (15 U.S.C. s.41-58) (FTC Act) is a federal consumer protection law that prohibits unfair or deceptive practices and applies to offline and online privacy and data security policies. The Financial Services Modernisation Act (Gramm-Leach-Bliley Act (GLB)) (15 U.S.C. s.6801-6827) regulates the collection, use and disclosure of financial information. GLB limits the disclosure of non-public personal information and can require financial institutions to provide notice of their privacy practices and an opportunity for data subjects to opt out of having their information shared. The Health Insurance Portability and Accountability Act (HIPAA) (42 U.S.C. s.1301 et seq) regulates medical information.

The Electronic Communications Privacy Act (18 U.S.C. s.2510) and the Computer Fraud and Abuse Act (18 U.S.C. s.1030) regulates the interception of electronic communications and computer tampering respectively.

HIPPA (2003). For instance the United States Department of Health and Human Services ‘Summary of the HIPAA Privacy Rule [The HIPAA] “Privacy Rule provides exceptions to the general rule of federal pre-emption for contrary State laws that relate to the privacy of individually identifiable health information, [which] provide greater privacy protections or privacy rights with respect to such information”.

Schwartz and Solove (2014) op cit. See Sect. 4.6.

ibid.

Regulation (EU) 2016/680 §2, op cit.

DPA 2018; GDPR Article 9.

Solove (2011) op cit.

FTC (2014).

Viviane Reding V (2014).

ibid.

See Drozdiak and Sam Schechner (2015).

EU—US Privacy Shield Framework (European Commission 2016).

Edgar (2017), pp. 164–167.

Privacy Shield Framework (European Commission 2016).

Reding V 2(014) op cit.

Agamben (2005).

Campbell (Appellant) v. MGN Limited (Respondents).

ibid as per para 155.

Chapter 5 above.

See Sect. 6.7.

EU Directive 95/46/EC.

GDPR para (9).

See Kindt (2013), p. 93 §189.

von Hannover v. Germany.

See Bedat (2013) and Callender Smith (2012).

This was widely reported in the press with headlines declaring the Daily Mirror’s lawyer had called her a liar. And was also contentiously considered as legislating privacy by the backdoor of medical confidentiality by Piers Morgan, editor of the Daily Mirror Newspaper at the time.

Kindt (2013) op cit, p. 418 §241.

Murray v Express Newspapers Plc & Anor [2007].

ibid para 65.

ibid para 66.

ibid paras 18, 19,72 and 73.

Murray v Big Pictures (UK) Ltd [2008].

ibid paras 63 and 63.

Kindt (2013) op cit p 149 §275.

Directive 95/46/EC Article 30(c).

Cited by Kindt (2013) op cit.

GDPR Article 4(1). Cited by Kindt (2013) op cit.

Kindt (2013) op cit.

Directive 95/46/EC Article 29.

ibid.

Kindt (2013) op cit.

i.e. scanned photographs.

Regulation (EU) 2016/680 op cit.

Privacy by Design: 7 Foundational Principles.

Kindt (2013) op cit.

ibid.

Directive 95/46/EC op cit. My italics.

Kindt (2013) op cit.

European Commission Regulation 2016/679 (proposed GDPR vis-à-vis Regulation 2016/680).

ibid (Article 30) and implemented in GDPR Articles 25 and 30.

ibid and implemented in GDPR Article 26.

ibid page 18(7).

ibid page 18(6).

Regulation (EU) 2016/679 and 2016/680.

FTC Report (2012).

ibid.

See Cohn et al. (2013) Electronic Frontier Foundation.

Electronic Frontier Foundation.

ibid.

Cited by Welinder (2012).

Acquisti et al. (2014).

ibid.

100

Fretty (2011), p. 444.

101

Fourth Amendment op cit.

102

United States v. Maynard.

103

ibid Maynard, 615F.3d at 559. Cited by Fretty (2011), p. 444.

104

Fretty (2011) op cit.

105

Nader v. General Motors Corp.

106

See Solove (2008), p. 111.

107

United States v. Knotts.

108

Fretty (2011) op cit p. 450.

109

ibid p 451; United States v. Garcia.

110

United States v. Mendenhall.

111

INS v. Delgado.

112

Fretty D op cit p. 446.

113

United States v. Mendenhall op cit.

114

Human Rights Act (HRA) 1998.

115

Regulation of Investigatory Powers Act 2000.

116

Police and Criminal Evidence Act 1984 c. 60.

117

HRA1998 op cit.

118

Perry v. The United Kingdom. My italics.

119

R v. Loveridge.

120

Campbell v. MGN Limited.

121

The Law Society Gazette (2013).

122

Kinloch [2012] UKSC 62.

Acquisti A, Gross R, Stutzman F (2014) Face recognition and privacy in the age of augmented reality. J Privacy Confidentiality 6(2):1. https://doi.org/10.29012/jpc.v6i2.638. Accessed 24 Aug 2019CrossRef

Agamben G (2005) State of exception (trans: Attell K). The University of Chicago Press, Chicago

Amos M (2006) Human rights law. Hart Publishing, Oxford, p 346, an imprint of Bloomsbury Publishing Plc

Bedat A (2013) Case law, Strasbourg: Von Hannover v Germany (No.3), Glossing over Privacy. http://inforrm.wordpress.com/2013/10/13/case-law-strasbourg-von-hannover-v-germany-no-3-glossing-over-privacy-alexia-bedat/. Accessed 24 Aug 2019

Callender Smith R (2012) From Von Hannover to Von Hannover and Axel Springer AG: do competing ECHR proportionality factors ever add up to certainty? (October 25, 2012). Queen Mary J Intellect Property 2(4):388–392. https://ssrn.com/abstract=2037811. Accessed 24 Aug 2019

Campbell (Appellant) v. MGN Limited (Respondents) [2004] UKHL 22 on appeal from: [2002] EWCA Civ 1373. http://www.publications.parliament.uk/pa/ld200304/ldjudgmt/jd040506/campbe-1.htm. Accessed 24 Aug 2019

Campbell v MGN Limited [2002] EWHC 499. http://www.bailii.org/ew/cases/EWHC/QB/2002/499.htm. Accessed 24 Aug 2019

Cohn C, Rodriguez K, Higgins P (2013) Increasing anti-surveillance momentum and the necessary and proportionate principles. Electronic Frontier Foundation, San Francisco. https://www.eff.org/deeplinks/2013/12/increasing-anti-surveillance-momentum-and-necessary-and-proportionate-principles. Accessed 24 Aug 2019

Council of the European Union Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:en:HTML. Accessed 24 Aug 2019

Council of the European Union Regulation (EU) 2016/680 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation). (1). http://data.consilium.europa.eu/doc/document/ST-5419-2016-INIT/en/pdf. Accessed 23 Aug 2019

Council of the European Union Regulation 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation). https://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1532348683434&uri=CELEX:02016R0679-20160504. Accessed 20 Sept 2019

Data Protection Act 2018, para 33. http://www.legislation.gov.uk/ukpga/2018/12/contents/enacted. Accessed 18 Sept 2019

Drozdiak N, Sam Schechner S (2015) EU court says data-transfer pact with U.S. violates privacy. The Wall Street Journal, October 6th 2015. http://www.wsj.com/articles/eu-court-strikes-down-trans-atlantic-safe-harbor-data-transfer-pact-1444121361. Accessed 24 Aug 2019

Edgar TH (2017) Beyond snowden: privacy, mass surveillance and the struggle to reform the NSA. The Brookings Institution, Washington, D.C., pp 164–167

Eglot J (2015) “British judges not bound by European court of human rights, says Leveson”. The Guardian 24th May 2015. http://www.theguardian.com/law/2015/may/24/british-courts-echr-leveson. Accessed 23 Aug 2019

Electronic Frontier Foundation (Necessary and Proportionate.org) 13 International Principles on the Application of Human Rights to Communication Surveillance. https://necessaryandproportionate.org/principles. Accessed 24 Aug 2019. https://www.eff.org/document/13-international-principles-application-human-rights- communication-surveillance. Accessed 24 Aug 2019

EU – US Privacy Shield Framework. https://www.privacyshield.gov/Program-Overview. Accessed 24 Aug 2019

European Commission (2016) EU-US privacy shield. http://europa.eu/rapid/press-release_IP-16-216_en.htm. Accessed 24 Aug 2019

European Commission Memo, 27th January 2014. Data Protection Day 2014: Full speed on EU data protection reform. http://europa.eu/rapid/press-release_MEMO-14-60_en.htm. Accessed 24 Aug 2019

Federal Trade Commission (2014) FTC settles with twelve companies falsely claiming to comply with international safe harbor privacy framework. http://www.ftc.gov/news-events/press-releases/2014/01/ftc-settles-twelve-companies-falsely-claiming-comply. Accessed 24 Aug 2019

Fretty D (2011) Face-recognition surveillance: a moment of truth for fourth amendment rights in public places. Virginia J Law Technol 16(03):444. https://heinonline.org/HOL/LandingPage?handle=hein.journals/vjolt16&div=16&id=&page=. Accessed 24 Aug 2019

FTC (2012) Protecting consumer privacy in an era of rapid change: Recommendations for businesses and policymakers. http://www.ftc.gov/reports/protecting-consumer-privacy-era-rapid-change-recommendations-businesses-policymakers. Accessed 23 Aug 2019

FTC Report (October 2012) Facing facts: best practices for common uses of facial recognition technologies: executive summary. http://www.ftc.gov/reports/facing-facts-best-practices-common-uses-facial-recognition-technologies. Accessed 24 Aug 2019

Human Rights Act (HRA) 1998. http://www.opsi.gov.uk/acts/acts1998/ukpga_19980042_en_1. Accessed 24 Aug 2019

INS v. Delgado, 466 U.S. 210 (1084). https://supreme.justia.com/cases/federal/us/466/210/. Accessed 24 Aug 2019

Jolly I (n.d.) Data protection in the United States: overview, p 2 http://uk.practicallaw.com/6-502-0467#null. Accessed 23 Aug 2019

Katz v. United States, 389 U.S. 347 (1967) The warrantless wiretapping of a public pay phone violates the unreasonable search and seizure protections of the Fourth Amendment. https://supreme.justia.com/cases/federal/us/389/347/case.html. Accessed 23 Aug 2019

Kindt EJ (2013) Privacy and data protection issues of biometric applications. Springer, Dordrecht, p 93 §189CrossRef

Kinloch [2012] UKSC 62. https://www.supremecourt.uk/decided-cases/#addsearch=kinloch%20[2012]%20uksc%2062,f=1. Accessed 24 Aug 2019

Law Society Gazette (2013) Admissibility- criminal proceedings – evidence obtained through covert surveillance. Re: Kinloch (AP) v Her Majesty’s Advocate (Scotland) and Gilchrist v HM Advocate [2004] SSCR 595. https://www.lawgazette.co.uk/law/evidence/68897.article. Accessed 24 Aug 2019

Mallon B (2003) Every breath you take, every move you make, i’ll be watching you: the use of face recognition technology. Villanova Law Rev 48:955. https://digitalcommons.law.villanova.edu/vlr/vol48/iss3/6/. Accessed 24 Aug 2019

Manson NC, O’Neill O (2007) Rethinking informed consent in bioethics. Cambridge University Press, CambridgeCrossRef

Mosley v News Group Newspapers Ltd [2008] EWHC 1777 (QB), [2008] EMLR 20. http://www.bailii.org/ew/cases/EWHC/QB/2008/1777.html. Accessed 23 Aug 2019

Murray v Big Pictures (UK) Ltd [2008] 2008] UKHRR 736, [2008] 3 FCR 661, [2009] Ch 481, [2008] ECDR 12, [2008] Fam Law 732, [2008] 2 FLR 599, [2008] EMLR 12, [2008] HRLR 33, [2008] EWCA Civ 446, [2008] 3 WLR 1360. http://www.bailii.org/ew/cases/EWCA/Civ/2008/446.html. Accessed 24 Aug 2019

Murray v Express Newspapers Plc & Anor [2007] [2007] UKHRR 1322, [2007] HRLR 44, [2008] 1 FLR 704, [2007] ECDR 20, [2007] 3 FCR 331, [2007] EWHC 1908 (Ch), [2007] EMLR 22, [2007] Fam Law 1073. http://www.bailii.org/ew/cases/EWHC/Ch/2007/1908.html. Accessed 24 Aug 2019

Nader v. General Motors Corp., 25 N.Y.2d 560 (N.Y. 1970). https://casetext.com/case/nader-v-general-motors-corp-2. Accessed 24 Aug 2019

Nissenbaum H (2010) Privacy in context: technology, policy and the integrity of social life. Stanford University Press, Stanford

Parent WA (1983) Privacy, morality and the law. Philos Public Aff 12(4):269–288

Perry v. The United Kingdom. http://hudoc.echr.coe.int/sites/eng/pages/search.aspx?i=001-61228. Accessed 24 Aug 2019

Privacy by Design: 7 Foundational Principles. https://www.ryerson.ca/pbdce/certification/seven-foundational-principles-of-privacy-by-design/. Accessed 20 Sept 2019

R v Loveridge, EWCA Crim 1034, [2001] 2 Cr App R 29 (2002)

Regulation of Investigatory Powers Act 2000. http://www.legislation.gov.uk/ukpga/2000/23/pdfs/ukpga_20000023_en.pdf. Accessed 24 Aug 2019

Reuters (2012) January 27th ‘Lawmakers press Google on privacy policy changes’. http://www.reuters.com/article/2012/01/27/us-google-privacy- idUSTRE80P1YC20120127. Accessed 23 Aug 2019

Schwartz PM, Solove DJ (2014) Reconciling personal information in the United States and European Union. Calif Law Rev 102:877. https://scholarship.law.gwu.edu/faculty_publications/956. Accessed 23 Aug 2019

Shear B (2013) When will the FTC follow the EU’s lead in protecting digital privacy? https://www.shearlaw.com/when-will-the-ftc-follow-the-eus-lead-in-protecting-digital-privacy/. Accessed 23 Aug 2019

Solove DJ (2008) Understanding privacy. Harvard University Press, Cambridge, p 111

Solove DJ (2011) Nothing to hide: the false trade off between privacy and security. Yale University Press, New Haven, pp 100–101

The European Community Act 1972. https://www.instituteforgovernment.org.uk/explainers/1972-european-communities-act. Accessed 23 Aug 2019

United States Department of Health and Human Services. OCR privacy rule summary 2003:17. https://www.hhs.gov/sites/default/files/privacysummary.pdf. Accessed 23 Aug

United States v. Garcia, 474 F 3d 994, 998 (7th Cir. 2007). https://openjurist.org/474/f3d/994/united-states-v-garcia. Accessed 24 Aug 2019

United States v. Knotts, 460 U.S. 276 (1983). https://supreme.justia.com/cases/federal/us/460/276/case.html. Accessed 24 Aug 2019

United States v. Maynard, 651 F.3d 544, 555-56 (D.C.Cir.2010). https://casetext.com/case/united-states-v-maynard-5. Accessed 24 Aug 2019

United States v. Mendenhall, 446 U.S. 544 (1980). https://supreme.justia.com/cases/federal/us/446/544/case.html. Accessed 24 Aug

US Constitution: Fourth Amendment. http://www.law.cornell.edu/constitution/fourth_amendment. Accessed 23 Aug 2019

Viviane Reding, Vice-President of the European Commission, EU Justice Commissioner ‘Data protection compact for Europe’. http://europa.eu/rapid/press-release_SPEECH-14-62_en.htm. Accessed 24 Aug 2019

von Hannover v. Germany (2005) 40 EHRR 1, [2005] 40 EHRR 1, 40 EHRR 1, [2004] EMLR 21, 16 BHRC 545, [2004] ECHR 294. http://www.worldlii.org/eu/cases/ECHR/2005/555.html. Accessed 24 Aug 2019

Wacks R (1989) (revised 1993) Personal information: privacy and the law. Clarendon Press, Oxford

Welinder Y (2012) A face tells more than a thousand posts: developing face recognition privacy in social networks. http://jolt.law.harvard.edu/articles/pdf/v26/26HarvJLTech165.pdf. Accessed 24 Aug 2019

Westin A (1967) Privacy and freedom. Atheneum, New York

Whitehead JW (2013) A Government of wolves: the emerging American Police State. Select Books Inc, New York, p 21

Wicks E (2007) Human rights in healthcare. Hart Publishing, Oxford, an imprint of Bloomsbury Publishing Plc, p 122

Titel: The Law and Data Protection
verfasst von: Ian Berle
Verlag: Springer International Publishing
Buch: Face Recognition Technology
Print ISBN: 978-3-030-36886-9

Electronic ISBN: 978-3-030-36887-6

Copyright-Jahr: 2020
DOI: https://doi.org/10.1007/978-3-030-36887-6_7

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"