Alexandru Glontaru, Alexandru Maiereanu, Tudor Maiereanu, Alin Popa
National security and Public Safety
The National Security Agency’s (commonly referred to as NSA) mass surveillance has greatly expanded in the years since September 11, 2001. Recent disclosures have shown that the government is regularly tracking the calls of hundreds of millions of Americans and spying on a vast but unknown number of American citizens’ international calls, text messages and emails.
This secret surveillance program of the goverment are being ble to operate due to two standing laws in America: the Patriot Act and the FISA Amendments Act. Also, the primary allows the agency to monitor and surveill outside of the United States territory.
The Patriot Act grants the government the right to intercept, track and store each ongoing call made by every phone in America. This violation of privacy comes against the Fourth Amendment, and has been addressed in in June 2013 after the program’s exposion in „The Guardian”.
The FISA Amedments Act was issued in 2008 and empowered NSA to also monitor all the international calls, emails and text messages made by every single American. In such a way, as more recent dislosures confirm, Americans’ privacy is weakly protected, as even purely domestic communications are being evaluated and every email that reaches American servers is scanned for keywords that could allert NSA.
The ACLU (American Civil Liberties Union ) has been at the forefront of the struggle to rein in the surveillance superstructure, which strikes at the core of our rights to privacy, free speech, and association. Following their statement, this institution addressed both of the Acts, with little succes unfortunately. Although the Foreign Intelligence Surveillance Court oversees the government’s surveillance activities, it operates in near-total secrecy through one-sided procedures that heavily favor the government.
PRISM Project is a clandestine surveillance program under which the United States National Security Agency collects internet communications from at least nine major US internet companies. Since 2001 the United States government has increased its scope for such surveillance, and so this program was launched in 2007. The active collection process is based on the user demand provided to the an internet company (transfer of the data) and the obligation of the company to provide any data that matches court-approved search terms (collector of data). Based on this, NSA can now decrypt every message that it was already tracked but not solved, thus getting deeper into the private sphere.
Applicable laws that grant the legal operation of such a program come from the Foreign Intelligence Surveilllance Act (FISA), since June 2008. The National Intelligence of the United States has stated then that “PRISM is not an undisclosed collection or data mining program, but rather an internal government computer system”. Even more power can be taken by the agency since inside the act it is mentioned that: “the Attorney General and the Director of National Intelligence may authorize jointly, for a period of up to 1 year from the effective date of the authorization, the targeting of persons reasonably believed to be located outside the United States to acquire foreign intelligence information”. This action may come without a proper justification since the act states that “intelligence important to the national security of the United States may be lost or not timely acquired and time does not permit the issuance of an order” .
Under EU law, personal data can only be gathered legally under strict conditions, for a legitimate purpose. Furthermore, persons or organisations which collect and manage your personal information must protect it from misuse and must respect certain rights of the data owners which are guaranteed by EU law.
Every day within the EU, businesses, public authorities and individuals transfer vast amounts of personal data across borders. Conflicting data protection rules in different countries would disrupt international exchanges. Individuals might also be unwilling to transfer personal data abroad if they were uncertain about the level of protection in other countries.
Therefore, common EU rules have been established to ensure that your personal data enjoys a high standard of protection everywhere in the EU. You have the right to complain and obtain redress if your data is misused anywhere within the EU.
The EU’s Data Protection Directive also foresees specific rules for the transfer of personal data outside the EU to ensure the best possible protection of your data when it is exported abroad.
Right to be forgotten
The right to be forgotten “reflects the claim of an individual to have certain data deleted so that third persons can no longer trace them.” It has been defined as “the right to silence on past events in life that are no longer occurring. The right to be forgotten leads to allowing individuals to have information, videos or photographs about themselves deleted from certain internet records so that they cannot be found by search engines.The right to be forgotten is distinct from the right to privacy, due to the distinction that the right to privacy constitutes information that is not publicly known, whereas the right to be forgotten involves removing information that was publicly known at a certain time and not allowing third parties to access the information.
In 1995 the European Union adopted the European Data Protection Directive about the regulation of the processing the personal data. Article 12 of the Directive stated that a person can ask for personal data to be deleted once that data is no longer necessary:
Article 12: Right of access
Member States shall guarantee every data subject the right to obtain from the controller:
(b) as appropriate the rectification, erasure or blocking of data the processing of which does not comply with the provisions of this Directive, in particular because of the incomplete or inaccurate nature of the data
(c) notification to third parties to whom the data have been disclosed of any rectification, erasure or blocking carried out in compliance with (b), unless this proves impossible or involves a disproportionate effort
The proposed Data Protection Regulation is about much more than the right to be forgotten. It is a fundamental modernisation of Europe’s data protection rules, establishing a number of new rights for citizens of which the right to be forgotten is only one (data portability, data breach notifications for instance), creating a single market for data in the European Union and streamlining cooperation between the Member States’ regulators.
Actual Case: Spanish court ruling against Google
In 2010 a Spanish citizen lodged a complaint against a Spanish newspaper with the national Data Protection Agency and against Google Spain and Google Inc. The citizen complained that an auction notice of his repossessed home on Google’s search results infringed his privacy rights because the proceedings concerning him had been fully resolved for a number of years and hence the reference to these was entirely irrelevant. He requested, first, that the newspaper be required either to remove or alter the pages in question so that the personal data relating to him no longer appeared; and second, that Google Spain or Google Inc. be required to remove the personal data relating to him, so that it no longer appeared in the search results.
The Spanish court referred the case to the Court of Justice of the European Union asking:
- whether the EU’s 1995 Data Protection Directive applied to search engines such as Google;
- whether EU law (the Directive) applied to Google Spain, given that the company’s data processing server was in the United States;
- whether an individual has the right to request that his or her personal data be removed from accessibility via a search engine (the ‘right to be forgotten’)
Google Spain and Google Inc. subsequently brought separate actions against the decision before the Audiencia Nacional (National High Court of Spain). Their appeal was based on:
- Google Inc. was not within the scope of the EU Directive 95/46/EC(Data Protection Directive) and its subsidiary Google Spain was not responsible for the search engine
- there was no processing of personal data within the search function
- even were there processing, neither Google Inc. nor Google Spain could be regarded as a data controller
- in any event, the data subject did not have the right to erasure of lawfully published material
Refferences www.aclu.org www.publicsphereproject.org www.wikipedia.com www.academia.edu www.gov.uk Google Images