Category Archives: General

Human Rights Council creates Special Rapporteur on Privacy

Today the UN Human Rights Council adopted by consensus a resolution that establishes a UN Special Rapporteur on the right to privacy. We couldn’t write to you earlier as negotiations have been ongoing till now and we did not know the timing or outcome.

This is a great achievement and I would like to thank all of you for your support. I know that the proponents of the text (Brazil and Germany in particular) were very grateful by the widespread support to this initiative from civil society around the world.

The Special Rapporteur will provide much-needed leadership and guidance on developing an understanding of the scope and content on the right to privacy, as well as strengthening the monitoring of states and companies’ compliance with their responsibility to respect and protect the right to privacy in their laws, policies and practices.

Link to PI’s press release welcoming this development:https://www.privacyinternational.org/?q=node/549

The following were the original co-sponsors of the resolution: Angola, Argentina, Austria, Belgium,Bosnia and Herzegovina, Brazil, Bulgaria, Croatia, Cyprus, Chile, Denmark, Djibouti, El Salvador, Georgia, Germany, Greece, Haiti, Honduras, Hungary, Iceland, Indonesia, Ireland, Italy, Liechtenstein, Luxembourg, Mexico, Montenegro, Netherlands, Nicaragua, Norway, Panama, Paraguay, Peru, Poland, Portugal, Serbia, Slovakia, Slovenia, Spain, State of Palestine, Switzerland, Tajikistan, Timor-Leste, Uganda, Uruguay, Zambia.

Hacking and Spy of activists

Privacy International has filed a criminal complaint to the National Cyber Crime Unit of the National Crime Agency, urging the immediate investigation of the unlawful surveillance of three Bahraini activists living in the UK by Bahraini authorities using the intrusive malware FinFisher supplied by British company Gamma. To find out more read the press release published today.

This follows a criminal complaint filed earlier this year in the UK by Privacy International in relation to the targeting of Tadesse Kersmo, an Ethiopian refugee who was infected with FinFisher.

 

Lecture on the conflict between freedom of information and privacy law

La Universidad de San Andrés a través de su Maestría y Especialización en Derecho Empresario y conjuntamente con el proyecto de investigación PRIVACY LATAM da comienzo a su ciclo de encuentros mensuales sobre temas de actualidad sobre privacidad de datos.

La temática a tratarse en el primer encuentro es: “Conflicto entre la Protección de Datos Personales y el Acceso a la Información Pública”

En esta oportunidad Ramiro Alvarez Ugarte, director del área de acceso a la información pública de la Asociación por los Derechos Civiles (ADC) se referirá al recieten fallo de la Corte Suprema en el caso CIPPEC vs. Estado Nacional.

La entrada es libre y gratuita y se requiere inscripción previa. Durante la charla se servirá un refrigerio.

Seminar in Colombia about data protection and education issues

La Universidad de los Andes, la Superintendencia de Industria y Comercio, Microsoft, el Observatorio sobre la Protección de Datos en Colombia y el GECTI lo invitan a que asistan a este evento: Diálogo sobre privacidad y tratamiento de datos personales en el SECTOR EDUCACIÓN. El mismo tiene como  propósito debatir sobre los principales retos y obligaciones a cargo del Estado, las instituciones educativas, los (as) docentes, la industria y la familia respecto del debido tratamiento de los datos personales en el sector educación.

El profesor Joel R. Reidenberg de la Universidad de Fordham (New York) será nuestro invitado internacional.

Lugar, fecha y hora: Auditorio Lleras de la Universidad de los Andes, martes 27 de mayo de 8:30 am a 1:00 pm.

La inscripción es gratuita pero es necesario registrarse previamente aquí

El evento está anunciado en la página web del GECTI  y en el Observatorio Ciro Angarita Barón sobre la protección de datos en Colombia.

Ciclos de debate sobre temas de actualidad sobre privacidad de datos

La Universidad de San Andrés (Maestría en Derecho Empresario) y el proyecto de investigación PRIVACY LATAM organiza las siguientes charlas sobre temas de actualidad en materia de protección de datos personales y libertad de expresión en Internet.

La entrada es libre y gratuita, previa inscripción con la Universidad de San Andrés vía correo electrónico (enviar email a mfmartinez@udesa.edu.ar con nombre de la persona que asistirá). Las exposiciones tendrán lugar de 13.30 a 14.30 hs.

Lugar: Sede centro del la Universidad de San Andrés localizada en 25 de mayo 586, Ciudad de Buenos Aires.

Conferencias

17 de Junio

El caso CIPPEC v. Estado Nacional: conflicto entre protección de datos personales y acceso a la información pública.

Ramiro Alvarez Ugarte, Asociación por los Derechos Civiles.

 

15 de julio

Casos recientes de Estados Unidos sobre Derecho de Autor y privacidad: ABC Inc. v. Aereo Inc. , Garcia v. Google  y Joffe v. Google. Las nuevas tecnologías y como impactan en la empresa de tecnología.

Paula Vargas, abogada, LLM Berkeley Law School, investigadora UDESA.

 

19 de Agosto

El caso Digital Rights Ireland Ltd (caso C-293/12) del Tribunal de Justicia de la Unión Europea sobre la invalidez de la Directiva Europea en materia de retención de datos de tráfico. Privacidad vs. seguridad y terrorismo.

El caso Google Spain v. Agencia Española de Protección de Datos (caso C-131/12) sobre el derecho al olvido en Internet.

Dra. María Verónica Perez Asinari, Head of Complaints and Litigation, European Data Protection Supervisor.

 

16 de Septiembre

El caso Claps v. Mercadolibre. La responsabilidad civil de los intermediarios de Internet.

Santiago Gini, Legal Counsel OLX, Master en Propiedad Intelectual por la Univ. Austral y Profesor de Derecho en la MDE de la Universidad de San Andrés.

 

14 de Octubre

La ley de Marco Civil da Internet en Brasil. (texto final aprobado de la ley). ¿Qué deben saber las empresas de Internet para actuar en Brasil?

Prof. Danilo Doneda. Especialista en protección de datos personales.

 

18 de Noviembre

El caso Arte Gráfico Editorial Argentino v. Castaneda: el conflicto entre marcas y libertad de expresión en Internet. La propiedad intelectual de las empresas y el derecho de critica. Conflicto con consumidores, periodistas y usuarios de internet.

Pablo A. Palazzi, Profesor de Derecho Universidad de San Andrés, LLM Fordham Law, socio estudio Allende & Brea.

Brazilian Bill allows police to access data location held by telcos without warrant

Investigation authorities can request access to location data via phone or e-mail directly to the telecommunications operators.

The Commission on Science and Technology of the Brazilian Lower House discussed on April 1st Bill nº 6726/2010, which grants authorities access to mobile location data without court order.

The proposal originally introduced by Rep. Arnaldo Faria de Sá ( PTB- SP ) and now under a substitute text elaborated by prior rapporteur Rep. Efraim Filho provides that police authorities may request the location data directly to mobile telecommunications operators , “orally or by electronic message”. The time for collect and access the information is also subject to the police authority discretion. The operator must submit the information within two hours, under fine from up to R$50,000.

Article 2 Police authority may request, orally or by electronic message, directly to the telecommunications operator of mobile services, the location of the cellular phone in any of following cases:

I – restriction of an individual liberty or imminent risk to life

II – missing person;

III – criminal investigation where the evidence of materiality or authorship of a criminal offense in progress depends on the immediate knowledge of the location of the offender or similar information.

§ 1º The access request shall inform the nature of the matter under investigation and the police investigation protocol’s number, or in cases of urgency, the record number of the police report. 

§ 2º The operator of mobile telecommunications services shall provide the police authority the information requested in within two hours.

§ 3º The police authority shall appoint a responsible for the verbal request and for receiving the location data to the operator of mobile telecommunications services with their means of contact as well as establish the rules of procedure for request control. 

§ 4º The operator of mobile telecommunications services shall maintain technical channels for receiving oral requests and providing information to the police authority.

§ 5º The telecommunication operator shall forward to the Public Prosecutor and to the police control departments, every 15 days, extract of received requests, indicating the number of the cellular line object of data location request, the name of the respective user, if known, the name of the requesting police authority, the number of the police investigation’s protocol or the police report and if is the case, the reason for noncompliance.

 (…)

Article 6 The requested information shall be provided by the telecommunication operator until the authority inform the request is no longer needed:

I – in the case established by art. 2, in order to obtain real-time location;

II – when it comes to history of data location at intervals of not less than twenty-four hours, when longer interval is not requested by the police authority.

 The Government, police authorities, Public Prosecutor and the National Telecommunications Agency (Anatel) agreed unanimously with the passing of the Bill, alleging its importance for criminal investigations. The Bill is seen as a qualified extension of the provision established today by the National Telecommunications Agency in its Act nº 627/2013, which states the forwarding of the location data of any terminal dialing the emergency numbers. This provision was discussed as an emergency control strategy for big events, such as the 2014 Fifa World Cup.

Unconstitutionality

Brazilian Supreme Court has declared the unconstitutionality of two very similar state laws, from Rondônia and Minas Gerais States.

Both direct act of unconstitutionality were presented before Brazilian Supreme Court by the Brazilian Association of Telecommunications Operators (Telcomp) – ADI 4.739/DF and ADI 4.401/MG.

The State Laws were both formal [1] and materially unconstitutional; nevertheless, the Supreme Court only declared the formal unconstitutionality, declaring it sufficient to invalidate both laws.  Accordingly to Judge Marco Aurélio Mello on the ADI 4.739/DF:

The practice certainly affects the privacy of customers and, according to the text, without a warrant. If you want to prevent access, the user will have to formalize express declaration, which will lead to the reduction of privacy of thousands of users due to a possible inertia. I let this subject out of my further analysis, in view of the formal manifest of unconstitutionality of the act in question.

Brazilian Supreme Court avoided the analysis of the privacy violations of access to location data without a warrant, but this unconstitutionality and unbalance between protection of fundamental rights and criminal prosecution can not be set aside in the proposed bill.

[1] The Brazilian Constitution states only Federal Law can address provisions of telecommunications services.

[2] Brazilian Constitution on Privacy:

Article 5. All persons are equal before the law, without any distinction whatsoever, Brazilians and foreigners residing in the country being ensured of inviolability of the right to life, to liberty, to equality, to security and to property, on the following terms:(…)

X – the privacy, private life, honour and image of persons are inviolable, and the right to compensation for property or moral damages resulting from their violation is ensured;

XII – the secrecy of correspondence and of telegraphic, data and telephone communications is inviolable, except, in the latter case, by court order, in the cases and in the manner prescribed by law for the purposes of criminal investigation or criminal procedural finding of facts.

[3] Full text of the Bill can be found here in portuguese.

Brazilian Internet Bill passed with broad data retention provisions

Brazilian’s lower house has finally approved the Internet Civil Rights Framework Bill (Marco Civil da Internet).

The major change from its last version was the dismissal of the rule about the localisation of datacenters in Brazil. Instead, the Bill includes a jurisdiction clause that will forcing  disputes regarding personal data collected in Brazil to be submitted to Brazilian Law.

The approved text maintains very broad rules regarding data retention, both to ISP’s as to “internet applications” (any for-profit site or internet service), which we mentioned before.

The Bill will now be sent to the Senate. More coverture here and here. The full text (in Portuguese) is also available.