here

Download Report

Transcript here 

“I have a gun so I have the right to
shoot!”
Nataša Pirc Musar
Information Commissioner, Republic of Slovenia
Rome, 15-16 April, 2008
Modern Digital Technologies
•
Legislative Framework (always lags
ages behind the IT)
•
Law of the Net (Global Agreement)
•
“We might not be able to stop you from
doing bad things, but if we catch you,
there will be consequences”
•
If we…, regarding data protection,
strong inspection tools are needed
•
A lot of media support, quality
prevention, awareness campaigns
DPA
How to fight
•
Law Enforcement
•
To be effective it also has to be preventive
•
Shout loud when we (DPAs) find breaches
of the law, especially when the violations
are hard
Employer v. Employee
How to strike the right
balance?
• Internet
• E mail
• Telephones
• GPS
• RFID
• CCTV
• Microsoft Software (heart beat)
• It is scary all this is actually possible…
• BUT… Are we allowed to use modern
technology just because we have it at hand???
• Privacy at work – YES (ownership of the medium
for communication is not relevant)
• Rights of the employers – YES
• Proportionality – definitely YES
Telephone Traffic Data
Facts:
1. Diplomatic mail was secretly given
to the media
2. Ministry wants to catch a bad guy
3. Let’s check all the telephone calls data base with 110.000 calls (in
house telephone system)
- No need to contact the operator
4. Who out of 700 employees was
calling the media
•
•
•
Supervision
Confiscation of the CD with the data
Misdemeanor procedure (penalty possible)
Why was this action of the ministry unlawful:
•
•
•
Traffic telephone data has double constitutional
protection – Information and Communication Privacy
Control of billing of the services – allowed – not the
case here
The document was not classified as secret
•
All employees are potential offenders
•
Even if legally admissible the action must be limited to a
narrow circle of persons and the “prosecutor” must not
include as suspects the entire population of all the
employees (Slovenian Supreme Court).
How to preserve the evidence of potential crime?
The law in no way transfers the powers and tasks of law
enforcement to the state bodies and organisations holding
public powers (or private employers)
•
•
Danger Ground
When illegal intervention in the communication privacy
happens this causes violation of constitutional right on
both sides, namely on the side of the person who calls
and who is being called. In that context the existence of
unavoidable damage (so called collateral damage) might
only be acceptable when it is caused to the accidental
participant of legitimate intervention into the
constitutional right to privacy of correspondence and
other means of communication.
…AND CONCLUSIONS
Call police
Do not collect evidence on your own
when a criminal offence is in question!
Protect the documents which
are not meant to be public
Tracebility rule can than be used, less
suspects
Going back to internet…
German Constitutional Court
has set strict limits to the law enforcement
authorities (especially to the secret services)
with regard to secret supervision of the
computers. They are only in extreme cases
when concrete threat to life or state exists,
allowed to supervise the computers in
possession of individuals with special
programmes (types of Trojan horses).
Collection of data in advance ‘to have in
stock’ and from randomly chosen individuals
should thus not happen.
“I have a gun so I have the right to
shoot!”
Thank you for the attention
The article…