E-commerce stores should consider data protection and privacy

Are you processing personal data through your website in order to faciliate commerce?  In simpler terms, are you asking customers to provide information about themselves through your website, app, or email addess, followed by using that information in order to carry out your business?

One of the questions of the self-assessment written by the Information Commissioner’s Office (ICO) states: “Do you only process personal data for staff administration, advertising, marketing or public relations, or accounts or records?”  Another states: “Do you process individuals’ information for advertising, marketing or public relations?” And: “Do you process individuals’ information for accounts or financial records?”  If the answer to any of these is ‘no,’ then you need to register with the ICOIf you are meant to register but have not, the ICO might come knocking on your door with more than just a slap on the wrist.

Of key interest to online retail store owners would be the last question about accounts and financial records, and the ICO provides guidance on this in the self-assessment:

You should answer ‘Yes’ if you:

  • only process information necessary for undertaking and managing transactions with your suppliers and customers; and 
  • only share the information with people and organisations necessary to do this. Important – if individuals give you permission to share their information, this is also allowed; and
  • keep the information while you have a relationship with the supplier or customer it refers to or as long as necessary for your accounts and financial records.

So as long as you are doing just the above, this should be sufficient, but in case of any doubt, seek legal assistance.  Just as well, the other aspects of the assessment must be met properly regarding communications (advertising, marketing, and public relations).  It may be prudent to register with the ICO voluntarily, which can indeed be considered to be a mark of integrity and credibility with customers who can have confidence their personal data is used in accordance with the law.  Don’t forget to secure your data, too.

The tipping point for data protection to become the norm

With consumer security becoming highlighted constantly in the wave of online account phishing attacks, consumers becoming further concerned their communications could be compromised, and the PR message that consumers need to “watch what they are doing online” failing to modify consumer behavior on a wide scale, the tide in secure communications is turning.

In January 2010, Google began offering secure authentication access for its search engine.  For the first time in the competitive search market, security in searches became a reality.  Google had already offered HTTPS (Hypertext Transfer Protocol Secure) support through Gmail, which major email player Hotmail added only in November.  Google has also led the way in online collaborative office work through Google Docs, which uses HTTPS to protect confidential materials.  Yahoo! Email in the United States has yet to join the bandwagon, which it ought to as allowing consumer data to flow freely around public wireless hotspots is not preferable, and consumers have been continually gaining awareness about privacy and security.

Facebook, arguably now the world’s most popular website with over 500 million users, has also been using Yahoo!’s strategy in the United States only to allow HTTPS for logging in, to protect the password.  However, and with respect to Privacy Day that passed only yesterday, Facebook has set the stage for HTTPS to become the norm by beginning its roll out of full HTTPS support throughout the Facebook website.  This is data protection compliance at its fullest, as it ensures the consumer is obtaining the highest amount of security based on current consumer and professional standards.

Most e-commerce businesses, including financial services, have an obligation to implement HTTPS onto their websites, as consumer and client information must be kept fully confidential.  With Facebook’s induction into the secure world, commerce has stepped past the tipping point in security, and any company looking to enterprise today cannot only consider security in project management, it must implement that security as well.  This has always been the case for e-commerce, financial services, health services, and generally any service intended to be confidential, but it is clear the the intention today is moving towards guaranteed confidentiality throughout the Internet.

“Net neutrality” and potential legislative impact

A work in progress, incomplete.

“Net neutrality” legislation has taken on different forms, and it has recently impacted the United States legal framework in telecommunications as of December 2010, with the approval of new rules that govern the Internet.

What is “net neutrality”?

In general terms, net neutrality as a principle means preserving equal access to legal Internet content without bandwidth discrimination, so businesses cannot pay for their content to be delivered faster than other businesses’ content, discriminating market advantage.  Therefore, if customers of an Internet Service Provider have subscribed to a package that offers downloading and uploading of content at a certain speed, all customers using that package plan should be able to access  any content online without any certain content owner’s content having priority to be accessed based on the Internet Service Provider’s preference which could be altered through businesses paying the provider to prioritize them.

What impact can the rules have on business?

Proponents suggest regulation for it will sustain consumer rights over the network so that access to any content will be granted equally and not determined by the content’s priority.  Opponents suggest that regulation will have the negative effect of decreasing service provider competition, thus leaving consumers with the high prices based on the few choices they have to access the Internet.  There are several other points of contention, but these are basics from which we can gain an understanding of the whole debate.

In 2008, a major ISP suffered through expensive litigation over the way it discriminated Internet traffic and bandwidth.  There is no certainty in future legislation, but the ruling made in December 2010 by the FCC on protecting net neutrality sets a precedent.  The European Union has its own legislative framework concerning competition, and Council of Europe member states must protect expression under Article 10 EConvHR, but businesses should consider U.S. markets as it represents about a third of telecommunications market revenue.*

One issue that may be overlooked is the extent to which regulations protect net neutrality.  The rules passed in the U.S. do not cover the mobile network market, legally silent on discriminating market advantage.  Commercial lawyers must consider the global market in telecommunications, as clients are often multinational in nature, and therefore conduct business in multiple jurisdictions where the rules may differ.

What impact can the rules have on general Internet freedom?

Without the rules and with network providers discriminating bandwidth depending on services or websites accessed, the most popular and most commercially successful content providers will be able to fully satisfy their consumers, leaving consumers no need for concern, however, for the other services or websites that may not be as popular, consumers may struggle to have the same kind of quality of service in terms of speed.

With the rules in place, there is a hope that all content, no matter where it comes from, will be afforded the same opportunity for access, of course so long as the hosting providers of these services or websites are reliable, which is separate from the network providers discriminating against how quickly the content is transmitted.

* Source: Telecommunications Industry Association

Privacy and confusion over what deserves privacy

Work in progress, incomplete.

Certain events or trends have proven to be catalysts for major discussion or reform of the laws in place.

The most widely known catalyst to date, is the September 11, 2001 terrorist attacks in New York, Pennsylvania, and Washington, D.C.  The reaction to this catalyst continues in a very direct way with the ongoing military operations of coalition forces in Afghanistan.  In the United States at the very least, this caused a great debate as to when our civil liberties are necessary when it comes to combating international terrorism, with legislation quickly following suit, such as the USA Patriot Act.  With an active, leadership-oriented foreign policy, many other countries have followed suit with regards to counter-terrorism measures.

Issues have arisen in the United States such as the legitimacy of the Foreign Intelligence Surveillance Act to allow warrantless wiretapping, which directly affects the privacy of Internet Service Provider consumers.

However, there is a new catalyst that is emerging as a trend that has major implications for the law with regard to privacy versus expression: the proliferation of confidential materials not authorized and therefore proliferated following a breach of confidence.  Without sounding too complicated, this means there is an emerging trend in using information intended to remain private in a public sphere due to a perceived “public interest” of the private information.  Still too complicated?  Maybe this has to do with the way individuals and organizations all together are flexing their PR muscle.

There is a lack of analysis provided in the rhetoric approving or disapproving of “public interest” breaches of confidence and the proliferation of the confidential material following the initial breach by an original actor before such rhetoric is published, and this is why there are major implications for the law.  What does not help clear up the confusion on how future legislation may proceed is the silence assumed by the owner on the matter of the owner’s confidential material and whether or not the information contained is legitimate, though the silence can be there for a legitimate reason, to protect security.  It is not just because this is an emerging trend that confidentiality is breached, it is because the rhetoric floating around the airwaves may not be focusing on the exact legal and social issues at play here.  Tabloid-style rhetoric is not only unnecessary, but it is irresponsible when a serious matter is the focus of the media, such as confidential material.

What is certain is that with this emerging trend of breaches of confidence that cannot be contained by the traditional injunction, an increasing focus will be set on the consequences for breachers in the criminal justice system as well as the security applied to protect private information.

Justifying justiciability of economic and social rights

When David Beetham claims that economic and social rights, even the seemingly fundamental ones, “cannot in principle be definable in justiciable form,” what he is explaining is not the theoretical possibility of making it justiciable, rather, he is stating the historical, legislative, and the cultural context for why it is not realistic for them to be justiciable.  With regard to the variables, Professor Beetham’s declaration is that of a realist.  What he states is directly relevant to the context that has emerged through time, and given that economic and social rights are struggling to exist in impoverished regions even more than a decade since he made such a declaration, the realism has not faded.  This has to do with the distinction between negative and positive obligations of institutions, and that the idealism sought in human rights within an attempted democratic society always puts human wellbeing second to other stated aims – maintaining a democracy seems to be the aim.

In analyzing the International Covenant on Civil and Political Rights (ICCPR) and the International Covenant on Economic, Social and Cultural Rights (ICESCR), which take their spirit from the Universal Declaration of Human Rights (UDHR), it begins to make much more logical and indeed economic sense that the ICCPR is given more respect than the ICESCR – at least for a democracy.  Guaranteeing economic freedom is not part of the democratic equation.  This has to do with the standard of politics pronounced in a so-called democracy where monetarism is pronounced, and inevitably the individuals working in institutions of power exist due to social and economic influence in the first place.  However, it is not the individuals that are to be judged, it is the social and economic environment itself, and it is from that understanding that change should emerge.  Indeed, whether power, wealth, or property, the acquisition of such things in a democratic society is considered normal given the civil and political standards constantly adhered to – having these civil and political standards are at odds with having the economic, social, and cultural standards that may be desired, yet may not be justiciable.  Civil and political rights are justiciable and easily so because they are negative obligations.  It is simple to refrain from doing certain acts in comparison to setting up institutional strength in enforcing economic and social rights – this requires a great deal of bureaucracy.  Critics may contend that it requires a great deal of idealism in the likes of socialism which faces constant opposition across the world, making it inherently unsustainable in international affairs so long as it has opponents which inevitably it will since it creates an inordinate amount of competition for multinational corporations to handle.  This is the difficulty in removing the distinction between the two sets of rights, for having the economic and social rights justiciable is directly at odds with the right to freedom, which is, unfortunately, another stretched term just as is democracy.

Having the economic and social rights would require heavy taxing and big government, currently a major issue being discussed in the United States as has been for over a century as the government can never find a way to decrease in size whether either major party in the two-party system is in power, where one of them has as one of its core principles to reduce the size of government so that it is limited.  The issue at hand currently is with a universal healthcare system, something impoverished countries could only dream of having so long as the economic and social rights are not justiciable – they simply do not have the resources to make this happen.  Indeed, even with the ICCPR, some countries more notorious for defying international law, such as the United States, have made reservations as to what applies to them and what does not – with the United States also not ratifying the ICESCR due to political pressure.  Indeed, this is the major reason for all human rights seeming inability to ascend into the forefront of the law.  There are organizations that attempt to regulate and pronounce the implementation of the ICESCR goals such as the World Health Organization for health purposes, UNICEF for children’s rights, FAO for food profiling, UNESCO for educational purposes, UNDP for aiding undeveloped and developing countries, and the ILO for labor rights.  However, the lack of political will and indeed the political ignorance of international law not just from the United States but also the United Kingdom and their economic competitors such as China is what forces ICESCR to be not globally relevant in comparison to the ICCPR.

Even the rhetoric of the ICESCR makes it clear that it was never intended to be justiciable.  It makes references to “taking steps,” and any state may take this to mean anything they wish so long as it can make the excuse of taking steps.  Clearly, for economic and social rights to be realized, it would require a direct effect on existing laws, conventions, and monetary policy, but this would 1) affect the sovereignty of that state, and 2) it would require a redistribution of wealth, power, and property not just within a state, but also across states, given the suggestion of international cooperation.  However, the international economy behaves differently than international government – in fact, there is a constant redistribution of wealth from the poor to the rich both in advanced and in basic economies.  Since the end of the Cold War, re-establishing United States as the world leader, politics has branded anything not capitalist in nature as a failure, and therefore, with the United States also most opposed to any economic or social obligation, making any greater ascension of these rights worldwide fairly difficult if not infeasible.  This causes other states to rely more heavily on the fact that their resources are constrained, justifying their lack of “taking steps,” while millions face a vast range of vulnerability.

While the European Union has grown to be a legitimate force in the respect of human rights given its focus on some positive obligations, it too is still limited by what is “necessary in a democratic society.”  There will be the opponents of economic and social rights who claim a dictatorial power is attempting to reduce individual liberties, but this a sheer cry of help unfounded in comparison to the millions and indeed over a billion undergoing starvation (“It is unacceptable in the 21st century that almost one in six of the world’s population is now going hungry,” Josette Sheeran, UN World Food Programme executive director).  Europe has managed to guarantee some positive obligations regarding labor rights for children (Siliadin v France [2005] regarding Article 4 ECHR).  A right to education in Protocol 1 Article 2 has been supported in the Belgian Linguistics case (1474/62, 1677/62, 1691/62, 1769/63, 1994/63, 2126/64), but it did not go as far as creating a positive obligation on the language used for education. Indeed, case law has shown positive obligations with regard to civil and political rights, but Europe has still been resistant with regard to certain aspects of economic and social rights.  The European Social Charter of 1961 serves as the foundation for these rights, but like with the ICESCR, simply makes recommendations when states fail to take action on a decision – political speak.  Additionally, not all member states have been consistent with incorporating all of the charter’s protocols.  It does have a minimum obligation based on human dignity, but the argument against these economic and social rights is that they are indeed political in nature, and courts do not have the competency to determine resource allocation (though one may argue that the very concept of such protocols existing is that they ought to or be able to refer to a competent agency).  However, with the EConvHR incorporating different qualified rights such as freedom of expression in Article 10 and freedom of assembly in Article 11, it is possible to see economic and social rights existing in the same manner.  Europe has done quite a progressive job in achieving both negative and positive obligations of the state in guaranteeing human rights, but Europe is not the world, and while the European Union may serve as a model to be taken seriously, this does not answer the whole question let alone even address it.  The real question is what constitutes human rights, and what will it take for economic and social rights to be taken seriously on the world stage of politics?

The current rhetoric established for economic and social rights do not define in a specific manner the minimum and the maximum rights (dictated by the states with the best internal economic and social rights) states should be afforded with the force of law.  Currently, there is the notion that human rights as a concept is only an aspiration, something which needs to be viewed upon as a bar that needs to be reached.  In order to be justiciable, however, there needs to be international agreement on what a minimum standard is – the recent UN Climate Change Conference in Copenhagen has shown a test on the world stage as to what a minimum is, but even for what it is tackling as a third generation set of rights (where civil and political rights are first generation and economic and social rights are second generation), minimum is not explicitly defined, but goals do exist.  Rather than setting goals, there needs to be an international agreement to set a minimum standard of decent living, unequivocally.  With the amount of resources and wealth hoarded by corporations which have GDPs in the top 50 of the world’s highest GDPs more so than states themselves, there is no question as to the amount of resources that do exist, but they are not managed in a sustainable manner.

Regarding justiciability, international governmental organizations like the United Nations are simply not given enough respect, but this is due to states refusing to take on the leadership of having the world agree on common causes, as to fight for a common cause worldwide would simply reduce profits.  To make these rights justiciable, there needs to be a starting point, a minimum.  It is obvious that all humans require food and shelter at a minimum, but with the continuous spread of globalization there is no reason that this minimum should not also include clothing, basic education, basic healthcare, and even basic telecommunications services.  For example, with the cost of computers becoming ever more affordable as products become obsolete every three months, along with high speed satellite Internet, it is not impractical to allow people to be able to participate on that platform in a meaningful economic manner – it can be argued that it is in fact cheaper and more sustainable to use the Internet in impoverished countries than it would be to use telephone landline or mobile services because the cost of other infrastructure.  The International Telecommunication Union (ITU), the longest lasting organization of the UN in existence since 1865, would be the most reasonable organization to oversee that development.

It is the set of services like telecommunications that support both public and private institutions of education, healthcare, and truly all aspects of business in the most economically efficient manner.  Indeed, following the terrorist attacks of September 11, 2001, an increased caution has been placed on telecommunications networks with regard to security.  Clearly, the services like any can be used for destructive means, but the economic efficiency behind the technology proliferating worldwide is inevitable, and it is therefore clear that the level of available technology will indeed dictate what a worldwide minimum is.  Again, what is lacking is political will to make these rights justiciable, but there needs to be a minimum, and if a minimum is not established, then it is just as well true that human rights is merely rhetoric.  The aspiration of human rights is not just a negative obligation upon member states to respect certain rights, but states exist because they are different, and that they are to provide positive rights for their citizens.  The level and extent to which these are provided require more than just a utopian goal, these require a solid minimum.   A reasonable expectation would be that the “taking steps” rights would become guaranteed minimum rights worldwide within the ICCPR and ICESCR for a select number of rights every five years (e.g. 2010, 2015, 2020 and so on).  An agreed upon minimum that may exist within economic sustainability is justiciable. The scientific reality is that a lack of resources will inevitably prevent economic and social rights from existing in a region, and they certainly degrade civil and political rights just as well.  South Africa is a great example of human rights with the right idea: its state constitution explicitly states rights concerning housing, healthcare, food, water, social security and education (Sections 26, 27, and 29).  Where the rights cannot be met due to lack of resources, it is still imperative upon the state to meet these obligations, as they are constitutional rights, giving the state more than the legitimate right to state “South Africa’s Constitution is one of the most progressive in the world and enjoys high acclaim internationally” on the South African Government Information website. The hope for human rights is that it not require the constant boom-and-huge-bust cycles of the world economy in order to point out basic flaws that have basic solutions.

Telecommunications law from around the world

A work in progress, works cited under development.

As telecommunications networks have become more sophisticated, so has the law of telecommunications evolved, with the Internet becoming a greater focus in an ever-increasing digital focus in the economy.  This report will briefly document early legislation and will progress to the present.  A report on data protection goes into more depth on a telecommunications law sub-topic.


International Telecommunications Convention of 1982 – this treaty established the International Telecommunications Union, a standards agency part of the United Nations that deals with communications technology and their development in member states.  In the first section of Article 4, the convention states as its first purpose:

a) to maintain and extend international cooperation between all Members of the Union for the improvement and rational use of telecommunications of all kinds, as well as to promote and to offer technical assistance to developing countries in the field of telecommunications

The treaty also covers the powers member state governments have over private use of communications technology, particularly if the use endangers national security or public order interests.  Article 20 details the powers member states have in suspending international telecommunications service.


Data Protection Directive, Directive 97/66/EC


United Kingdom – Telecommunications Act 1984, Communications Act 2003

United States – Telecommunications Act of 1996, Communications Decency Act

China – Telecommunications Regulations of the People’s Republic of China

With the greater focus in telecommunications in our lives, a potential concern for businesses is the effect of net neutrality legislation on the operation of the Internet.

A look at data protection from around the world

A work in progress, works cited under development.

This paper will focus on legislation in the European Union, the United Kingdom, China, and the United States.  In summary, we will be able to see some of the key differences in the various legislation, but more importantly we will be up to date on these increasingly important laws that affect the way our personal information is used around the world.

Data Protection Directive, Directive 95/46/EC and Data Protection Directive, Directive 97/66/EC

Enacted in 1995 and in 1997, these European Union directives act to harmonize member state legislation in the data protection arena.

Data Protection Act 1988, United Kingdom

Although enacted before the EU directive above, this is the main piece of legislation guiding data protection in the UK.

Data protection in China

Only relatively recently has a framework for data protection laws developed in China.

Data protection in the United States

Rather than using a central framework approach to data protection laws, the United States allows business to flourish, taking issues into account as doing so becomes necessary.  Therefore, there is detailed legislation in place, but the sectors for which they are in place vary widely.

There are other statutes and regulations in place that form the framework of data protection law, but the key to note is the approach different regions around the world have taken with regard to developing data protection laws and what implications this will have for a general “right to privacy.”