Skip to main content

Über dieses Buch

The book presents timely and needed contributions on privacy and data protection seals as seen from general, legal, policy, economic, technological, and societal perspectives. It covers data protection certification in the EU (i.e., the possibilities, actors and building blocks); the Schleswig-Holstein Data Protection Seal; the French Privacy Seal Scheme; privacy seals in the USA, Europe, Japan, Canada, India and Australia; controversies, challenges and lessons for privacy seals; the potential for privacy seals in emerging technologies; and an economic analysis. This book is particularly relevant in the EU context, given the General Data Protection Regulation (GDPR) impetus to data protection certification mechanisms and the dedication of specific provisions to certification. Its coverage of practices in jurisdictions outside the EU also makes it relevant globally.
This book will appeal to European legislators and policy-makers, privacy and data protection practitioners, certification bodies, international organisations, and academics.
Rowena Rodrigues is a Senior Research Analyst with Trilateral Research Ltd. in London and Vagelis Papakonstantinou is a Senior Researcher at the Vrije Universiteit Brussel in Brussels.



Chapter 1. Introduction: Privacy and Data Protection Seals

This chapter sets out some terminological guidance as well as the aims and scope of the book. It guides the reader through the structure and presents them with a flavor of the contents of the book.
Vagelis Papakonstantinou

Chapter 2. Data Protection Certification in the EU: Possibilities, Actors and Building Blocks in a Reformed Landscape

Certification and seals as a form of co-regulation have been on the EU agenda for over a decade. Enhancing consumer trust and promoting transparency and compliance are central arguments in the policy endorsement for certification. In the field of data protection, the General Data Protection Regulation has substantiated considerably these policy objectives of the European Commission. Our contribution discusses the new legal EU regime for data protection certification. Starting from the background of data protection certification and the preparatory works of the General Data Protection Regulation, the chapter analyses the legal provisions in the new EU data protection framework and reflects on the steps after the Regulation starts to apply.
Irene Kamara, Paul De Hert

Chapter 3. The Schleswig-Holstein Data Protection Seal

This chapter describes the Schleswig-Holstein Data Protection Seal. This trust mark for IT products is based on legal provisions introduced in the German State of Schleswig-Holstein in 2000. After explaining the legal provisions and the certification procedure of the Schleswig-Holstein Data Protection Seal, the chapter discusses its evolution. Further, it presents lessons learnt from the experience with the seal.
Marit Hansen

Chapter 4. The French Privacy Seal Scheme: A Successful Test

(Le schéma français des labels de protection des données: un essai réussi)
With nearly one hundred CNIL privacy seals delivered, France has emerged as a trailblazer in this domain. Realising the importance of changing attitudes and behaviours regarding data protection very early on, the French legislature authorised its supervisory authority to create a new indicator of compliance in this area. The French Data Protection Authority readily admits that its privacy seal is still in the early stages. However, the progress made over the past four years has shown that the experiment was worth pursuing, with a view to creating a lasting scheme. CNIL is now equipped with a proven procedure, elevating its privacy seal to the status of a “guarantee of Ethical Data Protection”, in line with CNIL’s latest reference standard, the seal on Governance Procedure.
Johanna Carvais-Palut

Chapter 5. Privacy Seals in the USA, Europe, Japan, Canada, India and Australia

The concept of having a visual identifier has evolved over time from a relatively simple mark, such as a hallmark, essentially informing a consumer of the purity of a substance to certifying products coming from an enormously complex system such as food or pharmaceuticals. There have been several initiatives in different jurisdictions to have this same external validation of privacy and data protection integrity through certification, seals of approval, or trust marks. A wide range of approaches have been initiated in several jurisdictions around the world, each with specific requirements and results. This chapter provides a scan of the USA, Europe, Japan, Canada, India and Australia with a focus on selected certification, seal or trust mark programs for online privacy and data protection. It compiles publicly available information on the current features of the program behind the icon, background on the lead organisation or trust mark provider, any details of historical significance particularly for the schemes that have in place for over ten years, as well as some general observations.
Ann Cavoukian, Michelle Chibba

Chapter 6. Controversies and Challenges of Trustmarks: Lessons for Privacy and Data Protection Seals

While trustmarks have already existed for many years, until now very few have managed to successfully establish themselves on the market in terms of consumer trust and adoption by online businesses. This chapter will deal with the challenges and controversies related to trustmarks and will highlight some significant lessons learned from the experience with trustmarks. Based on this, it will identify key factors that can contribute to the success of privacy and data protection seals in the years to come. The chapter will combine theoretical knowledge with empirical observations to establish a reliable yardstick to measure the effectiveness and impact of trustmarks and, finally, will identify the legal challenges that need to be overcome for trustmarks to gain and maintain relevance in the fast-paced world of e-commerce.
Paolo Balboni, Theodora Dragan

Chapter 7. The Potential for Privacy Seals in Emerging Technologies

This chapter examines the feasibility for privacy seals in emerging technologies focusing upon cyber-physical systems, also known as the Internet of Things (IoT). This focus provides an opportunity to compare technologies where privacy seals have purchase against those that do not, further refining the model of an effective privacy seal. It examines the privacy and data protection issues surrounding smart homes, smart cars, wearables and drones, and evaluates the potential for deploying privacy and data protection seals in these contexts by deploying design fictions. From these thought experiments, it becomes apparent that in addition to the general requirements of a privacy seal, there also needs to be strong alignment between the technology, (including its physical design, logical design, and level of generativity) and its social context of use. By its interconnected nature, IoT fundamentally disrupts our expectations around objects (things) and information flows. Seals might act as part of the mechanisms of re-transcribing such expectations. Designing a workable seal therefore means understanding information norms, and expectations, but also desired states of information flow in particular contexts.
David Barnard-Wills

Chapter 8. An Economic Analysis of Privacy Seals

This chapter proposes an economic analysis of privacy seals and trustmarks and their role in solving problems of information asymmetries that can reduce market participation. The chapter focuses on three aspects. First, the chapter analyses the demand for privacy protection and the supply of data protection and security. Second, the chapter provides an economic analysis of privacy seals. Finally, it discusses the economic impacts of privacy seals and trustmarks.
Patrick Waelbroeck

Chapter 9. Conclusion: What Next for Privacy Seals?

Based on the chapters in this book, this chapter looks afresh at the position, role and future of privacy seals. It presents a brief SWOT (strengths, weaknesses, opportunities, threats) analysis, and presents some hallmarks of a quality privacy and/or data protection seal.
Rowena Rodrigues
Weitere Informationen