[Air-L] Data privacy via the WTO?

Livingstone,S S.Livingstone at lse.ac.uk
Sun Aug 26 10:27:51 PDT 2018 

Hi and yes, I realise that. If I know who has my data I now have the right to ask them about it.  My query was more how a user is to know which service provider to ask? Who, in short, will help me establish the existence of files in the first place? Given the global trade in data and a host of intermediaries, data brokers, etc.

It seems to me that the user now needs to understand not just the apps on their phone but the entire data economy, if they are to exercise their rights....




From: Ansgar Koene [mailto:Ansgar.Koene at nottingham.ac.uk]
Sent: 26 August 2018 16:31
To: Livingstone,S <S.Livingstone at lse.ac.uk>; Aram Sinnreich <aram at american.edu>; air-l at listserv.aoir.org <air-l at listserv.aoir.org>
Subject: Re: [Air-L] Data privacy via the WTO?


Hi Sonia,

   in order for a country to be compliant with Convention 108 it must pass national laws that, as a minimum, enact the rights and obligations stated in the convention. In the case of the EU, Article 8 of Convention 108 is included in GDPR via the right to ask service providers what data they hold about you.



Cheers,

Ansgar


Dr. Ansgar Koene
Senior Research Fellow: UnBias, CaSMa & Horizon Policy Impact
Horizon Digital Economy Research Institute
University of Nottingham
Working group chair for IEEE Standard on Algorithm Bias Considerations
http://unbias.wp.horizon.ac.uk/
http://casma.wp.horizon.ac.uk/
http://www.horizon.ac.uk/
https://standards.ieee.org/develop/project/7003.html
https://sites.google.com/site/arkoene/
________________________________
From: Livingstone,S <S.Livingstone at lse.ac.uk<mailto:S.Livingstone at lse.ac.uk>>
Sent: Saturday, August 25, 2018 8:02:07 PM
To: Ansgar Koene; Aram Sinnreich; air-l at listserv.aoir.org<mailto:air-l at listserv.aoir.org>
Subject: Re: [Air-L] Data privacy via the WTO?

Thanks for this discussion

This is interesting:


Article 8 - Additional safeguards for the data subject

Any person shall be enabled:

ato establish the existence of an automated personal data file, its main purposes, as well as the identity and habitual residence or principal place of business of the controller of the file;

How do we imagine users can figure out which data brokers and harvesters have their personal data and will the data protection authority really help them if they don't know where to start looking?

Best, Sonia


From: "air-l-bounces at listserv.aoir.org<mailto:air-l-bounces at listserv.aoir.org>" <air-l-bounces at listserv.aoir.org<mailto:air-l-bounces at listserv.aoir.org>> on behalf of Ansgar Koene <Ansgar.Koene at nottingham.ac.uk<mailto:Ansgar.Koene at nottingham.ac.uk>>
Date: Saturday, 25 August 2018 at 13:43
To: Aram Sinnreich <aram at american.edu<mailto:aram at american.edu>>, "air-l at listserv.aoir.org<mailto:air-l at listserv.aoir.org>" <air-l at listserv.aoir.org<mailto:air-l at listserv.aoir.org>>
Subject: Re: [Air-L] Data privacy via the WTO?

Dear Aram,

  I read your policy brief with interest and I think most people will be able to agree with your analysis that an international approach to data privacy is necessary. I do however have my concerns regarding the WTO as appropriate body for administering this.

As its name suggests, the WTO is tasked with dealing with questions regarding trade. Assigning data privacy as being mandated by WTO pre-supposes a trade based interpretation of data privacy akin to discussions around ownership of personal data or "data as the new oil" etc. When contrasting the US and EU approaches to data privacy, personal data as a trade good is considered as a US perspective. The EU approach at the basis of the GDPR is to consider data privacy from a human rights perspective. This distinction has a lot of consequences, one of which would be a discomfort with having the WTO as administrating organization for international privacy regulation.

Connected to this are concerns that trade negotiations, including those at the WTO, are considered to be lacking in transparency.


When considering international efforts to establish common minimum requirements around data privacy it would be important to also consider the efforts of the Council of Europe, which recently updated Convention 108 (Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data https://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/108).


Karolina Mojzesowicz from the European Commission stated that "Convention [108] was the source, the mother of the European EU data protection rules" and that it "was and will remain the key compass in the European and global privacy legal landscape"

Out of the 110 countries in the world with data protection laws (in June 2016) nearly half are already members of Convention 108.


Note that the Council of Europe [https://www.coe.int/en/web/portal/home/] has 47 member states, including the 28 EU states bus also Russian Federation, Turkey and others.

As of October 1st 2018 Convention 108 will be in force not only in the 47 countries of the Council of Europe but also in Cabo Verde, Mauritius, Mexico, Senegal, Tunisia and Uruguay.


Best wishes,

Ansgar


Dr. Ansgar Koene
Senior Research Fellow: UnBias, CaSMa & Horizon Policy Impact
Horizon Digital Economy Research Institute
University of Nottingham
Working group chair for IEEE Standard on Algorithm Bias Considerations
http://unbias.wp.horizon.ac.uk/
http://casma.wp.horizon.ac.uk/
http://www.horizon.ac.uk/
https://standards.ieee.org/develop/project/7003.html
https://sites.google.com/site/arkoene/
________________________________
From: Air-L <air-l-bounces at listserv.aoir.org<mailto:air-l-bounces at listserv.aoir.org>> on behalf of Aram Sinnreich <aram at american.edu<mailto:aram at american.edu>>
Sent: Friday, August 24, 2018 8:39:15 PM
To: air-l at listserv.aoir.org<mailto:air-l at listserv.aoir.org>
Subject: [Air-L] Data privacy via the WTO?

Fellow AoIRers,

Last week, I published this short policy brief arguing that post-GDPR, data privacy should be administered via an international treaty organization, specifically the WTO.

This is a very preliminary sketch, but I'd be curious to hear feedback from other people interested in data privacy regulation before I build on it. Let me know your thoughts!

http://cmsimpact.org/data-security/policy-briefing-note-an-international-approach-to-data-privacy/

Thanks!

-
Aram Sinnreich (http://aram.sinnreich.com)

Associate Professor
Chair, Communication Studies
American University (http://www.american.edu/soc/)
School of Communication (http://www.american.edu/soc/)

Author (http://j.mp/sinnreich) | Musician (https://dubistry.bandcamp.com/)

_______________________________________________
The Air-L at listserv.aoir.org<mailto:Air-L at listserv.aoir.org> mailing list
is provided by the Association of Internet Researchers http://aoir.org
Subscribe, change options or unsubscribe at: http://listserv.aoir.org/listinfo.cgi/air-l-aoir.org

Join the Association of Internet Researchers:
http://www.aoir.org/



This message and any attachment are intended solely for the addressee
and may contain confidential information. If you have received this
message in error, please contact the sender and delete the email and
attachment.

Any views or opinions expressed by the author of this email do not
necessarily reflect the views of the University of Nottingham. Email
communications with the University of Nottingham may be monitored
where permitted by law.




_______________________________________________
The Air-L at listserv.aoir.org<mailto:Air-L at listserv.aoir.org> mailing list
is provided by the Association of Internet Researchers http://aoir.org
Subscribe, change options or unsubscribe at: http://listserv.aoir.org/listinfo.cgi/air-l-aoir.org

Join the Association of Internet Researchers:
http://www.aoir.org/






This message and any attachment are intended solely for the addressee

and may contain confidential information. If you have received this

message in error, please contact the sender and delete the email and

attachment.



Any views or opinions expressed by the author of this email do not

necessarily reflect the views of the University of Nottingham. Email

communications with the University of Nottingham may be monitored

where permitted by law.

More information about the Air-L mailing list