![Sample our Law journals, sign in here to start your FREE access for 14 days]({"type":"image" , "src" : "/sda/5942/TOC-Subject-Sample-2021-Law.jpg"})
Abstract
Software code regulates behaviour and maybe even more so than legal code. For instance, digital rights management systems can prevent users from breaching copyrights more effectively than copyright law itself can. The relationship between ‘code’ and privacy is more complex than is the case with copyright. Where technology in general seems to have a negative impact on privacy, technology could equally be used for enhancing privacy. This article discusses the nature of ‘software code’ in relation to privacy. It argues that, often, privacy threats are not implemented in code on purpose, but that privacy erosion is nevertheless an inexorable side effect of technology. The paradigmatic reflex of data maximization, due to a lack of awareness on the part of developers – and users, is a major factor that leads to the erosion of privacy by technology.
Ronald Leenes and Bert-Jaap Koops are both associate professors in law and technology at Tilburg University.
Notes
Ronald Leenes and Bert-Jaap Koops are both associate professors in law and technology at Tilburg University.
1 Lawrence Lessig, Code and Other Laws of Cyberspace, Basic Books, New York, 1999.
2 The ‘Smoking kills’ notices on cigarette boxes is an example of this kind of attempted social influencing.
3 Lawrence Lessig, Code and Other Laws of Cyberspace, Basic Books, New York, 1999.
4 Ibid.
5 Ibid, p 6.
6 These cases are derived from the ones presented in R E Leenes and B J Koops, ‘Code’ and privacy, in L Asscher (ed.), Coding Regulation. Essays on the Normative Role of Information Technology, Information Technology & Law Series, T.M.C. Asser Press, 2005.
7 Joel Reidenberg, Lex Informatica, The Formulation of Information Policy Rules Through Technology, Tex. L. Rev 76 (1998) 553. He had addressed the issue of the relation between technical standards and legal rules earlier in Reidenberg, Harvard Journal of Law &Technology, p 301, 1993.
8 See Joel Reidenberg 1998, supra, 553 for a more extensive overview of the advantages of lex informatica. See also Asscher 2005, supra, for an extensive account of the notion of ‘code as law’.
9 On the legitimacy of ‘code’, see extensively the chapter by Lodewijk Asscher in Asscher 2005, supra.
10 See, for instance, < http://www.theregister.co.uk/2004/12/15/apple_vs_real/ >
11 DRM systems, for instance, generally do not honour the copyright exemptions granted by copyright law. In The Netherlands, for instance, making a copy of a copyrighted work for personal use is allowed under Dutch law. Preventing people from making unauthorized copies of the works distributed by means of DRM systems contravenes this legal exemption.
12 We limit the notion of privacy for this paper to informational privacy and leave other dimensions, such as relational and physical privacy, outside our scope.
13 thinsp;< http://http://w3.org/PICS/ >
14 < http://www.w3.org/p3p >
15 See, for instance, < http://www.droit.fundp.ac.be/crid/eclip/pics.html >
16 Article 8, ECHR: 1. Everyone has the right to respect for his private and family life, his home and his correspondence. 2. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.
17 For an overview of relevant US case law both offline as well as online see, for instance, Fred Cate, Privacy in the Information Age, Brookings Institution Press, Washington, DC, 1997.
18 The address under which a computer can be reached on the Internet. One of the author's office Mac, for instance, has the IP address 137.56.38.21.
20 For instance, 87% of the repondents in an EC survey were said to be aware that personal data are stored and processed on the Internet. European Commission, Questionnaire on the Implementation of the Data Protection Directive (95/46/EC): Results of Online Consultation, 20 June to 15 September 2002.
21 The fact that DoubleClick acquired Abacus, the holder of the world's largest conventional direct marketing database in 1999 makes it even more troublesome. See Lilian Edwards and Geraint Howells, Anonymity, consumers and the Internet: where everyone knows you're a dog, in C Nicoll, J E J Prins and M J M Van Dellen (eds), Digital Anonymity and the Law: Tensions and Dimensions, T.M.C. Asser Press, pp 207–247, 2003.
22 It's Alive, a Swedish company, had a first with Botfighters, a location-based mobile game where people design a robot on the game's website and then battle against other players out on the streets, < http://www.itsalive.com >
23 Ton Schudelaro, Electronic Payment Systems and Money Laundering Risks and Countermeasures in the Post-Internet Hype Era, Wolf Legal Publishers, Nijmegen, 2003.
24 47 U.S.C. § 1002 (a).
25 Council Resolution of 18 January 1995 on the lawful interception of telecommunications (96/C 329/01), Official Journal, 4 November 1996.
26 In October 2005 two traffic data retention proposals are pending in Europe: one by the Justice and Home Affairs Commission of the Council, and one by the Commission (21 September 2005). See < http://europa.eu.int > for more information.
27 An extensive account of personal information as property rights can, for instance, be found in Corien Prins, Property and privacy: European perspectives and the commodification of our identity, in L Guibault and P B Hugenholtz (eds), The Future of the Public Domain in IP, Kluwer Law International, The Hague, London and Boston, 2005.
28 Registratiekamer, Privacy-enhancing Technologies: The Path to Anonymity, Registratiekamer, Rijswijk, 1995.
29 See A Campbell, Privacy Architecture, Government of Alberta, November 2003, for an example of such a system designed for the Canadian province of Alberta. This system received the HP Privacy Innovation Award in 2003.
30 See for session support in PHP, a popular programming language for websites, < http://www.php.net/manual/en/ref.session.php >
31 Directive 2002/58/EC of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (directive on privacy and electronic communications).
32 One of the author's can speak from experience here.
33 For example, Reginald Whitaker, The End of Privacy: How Total Surveillance is Becoming a Reality, New Press, New York, 1999, A Michael Froomkin, The death of privacy?, Stanford Law Review, Vol 52, pp 1461–1543, 2000 and S Garfinkel, Database Nation. The Death of Privacy in the 21st Century, O'Reilly, Cambridge, 1999.
34 See Leenes and Koops, ‘Code’ and privacy, supra, section 5.6, for an elaboration of this view.
35 Working Party on the Protection of Individuals with Regard to the Processing of Personal Data, Opinion 1/98, Platform for Privacy Preferences (P3P) and the Open Profiling Standard (OPS), 16 June 1998.