LEFIS ROVANIEMI MEETING 19TH 20TH JANUARY 2007

Privacy In The Web

TATYANA STEFANOVALEX.BGBULGARIA

Main Topics

What kind of personal information do internet activities reveal

Legal environment of privacy protection in Bulgaria

Problems Good practices Technological aspects

What kind of internet activities do personal information reveal

Registration forms / On-line application forms / On-line surveys / Interest lists / E-mail subscription forms

Signing up for internet service E-mail Browsing the internet / Search engines Interactive use (Instant Messengers; Internet social

networking sites) Cookies / Web beacons Personal websites and Blogs Managing financial accounts and on-line bill payments

Personal data protection as a part of the right to privacy

• Physical Inviolability• Confidentiality of correspondence• Privacy of the private property• Inviolability of personal information

Legal Environment Of Privacy Protection

The personal data shall be….

• Processes lawfully and in good faith• Collected for concrete, precisely defined and lawful purposes• Proportional, related to and non-exceeding the purposes,

which they are processed for• Precise and in case of necessity to be updated• Deleted or corrected where is found that they are incorrect or

not proportional• Maintained in a status, which allows identification of the

respective natural persons for a period not longer for the purposes, for which these data is processed

Legal Environment Of Privacy Protection

The Rights, Guaranteed By The Law

• Right to access to personal data related to natural person

• Right at any time to require from the administrator of personal data confirmation

• The right at any time to require from the administrator to delete, correct or block his/her personal data

• The right to object before the administrator against the processing of his/her personal data

Problems

Legal and technical protection of internet users’ privacy is at present insufficient

Lack of overall responsibility on the Internet assigned to a certain entity

Industry self-regulation is not working

Good practices to follow

General Terms “Privacy Policy” Section Taking part in exchange programs Requirements for log-in Password protection sections Opt-in/opt-out sections

Good Practices

Netiquette - goals: • Protection of customer rights and establishment of

prerequisites for strengthening the trust of users• Establishment of rules that apply to all,

safeguarding the use of personal data• Establishment of working rules that meet the

particular needs of the data controllers• Filling the gaps in existing legislation thus reducing

the costs of its application• Elaboration of Codes of conduct

Good Practices

Elaboration of Codes of conduct: • Might be part of the general rules of conduct

adopted by a representative organizations applicable in the respective branch of industry or profession, or

• Could be adopted as a separate document• Functional analysis of the work of the respective

business entities• Identification of typical cases of collection and

processing of personal data

Technological Aspects

To develop technical means to improve the users privacy on the Net

To develop design principles for information and communications technology and multimedia hard- and software

Implementing of the Directive for electronic sign Measures against unauthorized access to information,

undertaken by the web service providers For corporate security Domain Controller, DNS, Proxy Server

(URL Filters, Content protection, Anti Virus, Anti Spam, Data Security), encryption technologies ("SSL" encryption certificate)