The Fourth Annual Internet Governance Forum (IGF)

November 15-18, 2009

Sharm El Sheikh

Privacy in Focus

I. The Privacy & Security Implications of Cloud Computing: Super Workshop 257

November 17, 2009

14:30 to 17:00

International Congress Center (Room 2 Red Sea)

Panel Description

Cloud Computing and its privacy and security implications are at the forefront of news media debate around the world. However, only regulators from developed countries are discussing its privacy and security policy implications. In 2008-2009, the US Federal Trade Commission and The Ontario Privacy Commissioner have discussed the matter. The Council of Europe raised the question of cloud computing, jurisdiction and international law enforcement at its Octopus conference in March 2009. The OECD discussed the subject during a workshop organized by the Committee for Information, Computer and Communications Policy (ICCP) in October 2009. Civil Society has advocated for strong data protection laws and heightened enforcement, business interests dispute that regulation is necessary while law enforcement agencies highlight the challenges for investigating cybercrime and securing electronic evidence when the data is stored in the cloud. Those services are being used all over the world. However, there is a lack of understanding of the issue and a lack of participation by stakeholders from developing countries in this debate.

This workshop will explain the definition and various types of cloud computing services, and focus the policy debate on privacy and security risks of those services at user level. The objective is to understand how personal data is managed and processed, and to develop effective policy frameworks so that users can exercise control over their own personal data when that data is stored and processed in the cloud. It will also be discussed how the current system of mutual legal assistance and jurisdiction may work for law enforcement agencies when the data is stored in the cloud, and attempt to identify the policy implications of cloud computing on security, privacy and law enforcement. This workshop will wrap up the various discussions held in different venues during 2009.


  • Alexander SEGER, Council of Europe (CoE) [bio]
  • Bertrand DE LA CHAPELLE, French Ministry of Foreign and European Affairs
  • Katitza RODRÍGUEZ, Electronic Privacy Information Center (EPIC) [bio]
  • Graciela SELAIMEN, Estudos e Formação da Rits (NUPEF/RITS) [bio].
  • Pamela JONES HARBOUR, Federal Trade Commission (FTC) [bio]


Cristos VELASCO, North American Consumer Project on Electronic Commerce (NACPEC) and Ciberdelincuencia.Org (Mexico) [bio]


  • Pamela JONES HARBOUR, Commissioner. Federal Trade Commission. [bio]
  • Joseph H. ALHADEFF, Vice President for Global Public Policy and Chief Privacy Officer, Oracle Corporation, Chair of BIAC's Information, Computer and Communication (ICCP) Committee, Vice Chair of ICC's Commission on E-Business, IT and Telecoms; [bio]
  • Alhadeff.ppt
  • Michael THATCHER, Regional Technology Officer, MEA, Microsoft Corporation [bio];
  • Laurent BERNAT, Principal Assistant within the Science, Technology and Industry Branch of the Organization for Economic Cooperation and Development (OECD) [bio]
  • Bernat.ppt
  • Simon DAVIES, Director, Privacy International[bio];
  • Bruce SCHNEIER, Chief Security Technology Officer of British Telecommm (BT)[bio]
  • Jean-Marc DINANT, Expert Council of Europe, Researcher, Research Centre on IT and Law (CRID) of the University of Namur, Belgium
  • Alexander SEGER, Head of the Economic Crime Division, Council of Europe [bio];
  • seger.ppt
  • Hong XUE, Professor of Law and Director of the Institute for the Internet Policy & Law at Beijing Normal University [bio];


Graciela SELAIMEN, Núcleo de Pesquisas, Estudos e Formção da Rits [NUPEF/RITS], Brazil. Katitza RODRIGUEZ, Director, EPIC International Privacy Project[bio];

Media Coverage

Imaging the Internet, A Project of the Imagining the Internet Center at Elon University / Pew Internet Project

ENDitorial: IGF 2009: the Forum is the Message (and the Massage as well)

Useful Sources on Cloud Computing

EPIC's webpage on Cloud Computing

Blog "Above the Clouds. A Berkeley View of Cloud Computing"

Papers and Publications

Cristos Velasco, "Jurisdictional Aspects of Cloud Computing" (February 28, 2009)

Gareth Sansom, "Website Location: Cyberspace vs. Geographic Space" (April 3, 2008)

Electrical Engineering and Computer Sciences University of California at Berkeley, "Above the Clouds: A Berkeley View of Cloud Computing" (February 10, 2009)

Anne Cavoukian, "Privacy in the Clouds. A White Paper on Privacy and Digital Identity: Implications for the Internet"

Pew Internet & American Life Project,"Use of Cloud Computing Applications and Services", (September 2008)

International Oganizations

OECD, ICCP Technology Foresight Forum- "Cloud Computing: The Next Computing Paradigm?",3343,en_2649_34223_43912543_1_1_1_1,00.html

Briefing Paper for the ICCP Technology Foresight Forum, "Cloud Computing and Foreign Policy" (September 29, 2009)


Cloud Security Alliance (CSA), "Security Guidance for Critical Areas of Focus in Cloud Computing", (April 2009)

Sun White Paper, "Introduction to Cloud Computing Arquitecture", First Edition (June 2009)

Civil Society

CSISAC's Comments on Cloud Computing: Portability, Competition, Innovation (October 14, 2009)

II. Online Advertising and The Future of Privacy: Balancing Business Imperatives and Consumer Rights – Workshop 263

Day 2, November 16, 2009

9:30 am - 10:30 am

International Congress Center: Room 7: Luxor

The conference report is
available here

Concise Description:

A powerful global system of online data collection for targeted interactive marketing has become one of the principal features of the Internet. Throughout much of the world, individual user information is now routinely collected for profiling, tracking and targeting purposes, which has raised growing concern over personal privacy and consumer welfare. Sophisticated digital marketing technologies, including the use of neuroscience for the creation of online advertising, has also generated public debate, especially related to public health. While advertising plays a critically important role in the Internet and Web 2.0, the majority of users are not well informed about the potential impact personal data collection will have on their daily lives. There are, however, other online advertising models beyond behavioral targeting that may allow companies to reach Internet users without the same risks to privacy. And a regulatory structure that protects user privacy will actually instill consumer confidence in the online economy, benefitting businesses and buyers alike. Online advertising is a global industry, and its impact on Internet users and privacy is profound, affecting developing and more economically advantaged countries.

This workshop is a follow-up to the event held during the IGF 2008. It will start by summarizing the major developments on this topic around the world during 2009. It will discuss some of the online advertising and behavioral targeting models applied in search engines, online video, online games, and Web 2.0, and will discuss how personal data is being collected and how it is used. Balancing freedom of speech, privacy, online marketing and consumer protection, various alternatives will be explored, including a discussion of international policy frameworks that have been proposed to regulate privacy and online advertising.


Katitza Rodriguez, Electronic Privacy Information Center, Graciela SELAIMEN, Núcleo de Pesquisas, [NUPEF] (Brazil); Kristina Irion, Assistant Professor, Department of Public Policy, Center for Media and Communications Studies (CMCS) at Central European University, and Hong Xue, Institute for the Internet Policy & Law at Beijing Normal University (China)


Katitza RODRIGUEZ, Director, EPIC International Privacy Project[bio];


· Marc ROTENBERG, EPIC Executive Director (EPIC)

· Pamela HARBOUR, US Federal Trade Commission [bio]

· Katitza RODRIGUEZ, EPIC International Privacy Program (EPIC) [bio]

· Graciela SELAIMEN, Núcleo de Pesquisas, Estudos e Formção da Rits [NUPEF/RITS] (Brazil); [bio]


· Cristos VELASCO, North American Consumer Project on Electronic Commerce (Mexico) [bio]

Data Protection and Consumer Protection Reports

Meglena Kuneva, European Consumer Commission, Keynote Address at European Consumer Summit 2009 and Roundtable on Online Data Collection (March 31, 2009)

European Consumer Summit 2009 and Roundtable on Online Data Collection: What's Next?, Health and Consumer Voice, European Commission

European Consumer Summit 2009, European Commission

Fair Online Data Collection, Consumer Policy Issues, European Commission Directorate-General for Health and Consumers

FTC Staff Report on Self-Regulatory Principles for Online Behavioral Advertising (12.02.2009)

Fed. Trade Comm’n, Self-Regulatory Principles for Online Behavioral Advertising, Behavioral Advertising: Tracking, Targeting & Technology (Feb. 2009)


Privacy and Human Rights Report: Behavioral Targeting

Online Behavioral Tracking and Targeting Concerns and Solutions, September 2009

Recommendations and Contributions to the OECD Ministerial Meeting of 17-18 June 2008 from Civil Society Participants in the Public Voice Coalition


JR Raphael, Google’s Behavioral Ad Targeting: How to Reclaim Control, PC World (Mar. 11, 2009)

Key Trade Groups Release Comprehensive Privacy Principles for Use and Collection of Behavioral Data in Online Advertising, Press Release, American Association of Advertising Agencies (July 2, 2009)

Caroline McCarthy, Ad Industry Groups Agree to Privacy Guidelines, CNET News (July 2, 2009)

Report with a proposal for a European Parliament recommendation to the Council on strengthening security and fundamental freedoms on the Internet

EuroPriSe, “Predictive Targeting Networking (PTN)”, September 11, 2009

Additional Resources:

EURODIG, Workshop 2: Personal and Professional Privacy

Internet Governance Forum (IGF), Workshop 83: The Future of Online Privacy: Online advertising and behavioral targeting

Monitoring Privacy, Data Protection and Emerging International Privacy issues at the Internet Governance Forum

1.1 Main Session: Security, Openness and Privacy:

16 November, 15:00 - 18:00

Chair: TBD

Moderator: Marc Rotenberg, 
Executive Director, Electronic Privacy Information Center (EPIC)


  • Joseph H. Alhadeff
, Vice President for Global Public Policy and Chief Privacy Officer, Oracle Corporation [bio]
  • Nazila Ghanea, 
Lecturer, International Human Rights Law, University of Oxford, Editor-in-Chief, International Journal of Religion and Human Rights
  • Cristine Hoepers
, Senior Security Analyst and General Manager,
  • Namita Malhotra, 
Researcher, Alternative Law Forum, Bangalore, India
  • Bruce Schneier, 
Chief Security Technology Officer, British Telecom [bio]
  • Alexander Seger, (TBC)
Head of Economic Crime Division, Directorate General of Human Rights and Legal Affairs, Council of Europe [bio]

The discussion of this cluster of issues will be introduced by a panel of practitioners to set the stage and bring out options for how to deal with the policy and practical choices related to the different facets of these themes. The discussion will cover practical aspects of the coordination needed to secure the network (e.g. to fight spam) and their relationship to issues pertaining to openness (e.g. ensuring the open architecture of the Internet).

Issues to be discussed will include:

  • The respect for privacy as a business advantage;
  • Identity theft, identity fraud, and information leakage;
  • Web 2.0;
  • Social networks;
  • Cloud computing and privacy, e.g. control of one's own data and data retention;
  • Cultural and technical perspectives on the regulation of illegal Web contents;
  • Regulatory models for privacy;
  • Ensuring the open architecture of the Internet;
  • Net Neutrality;
  • Enabling frameworks for freedom;
  • Ethical dimensions of the Internet.

1.2 Main Session: Emerging Issues: Impact of Social Networks

18 November, 15:00 - 16:30

Chair: TBD

Moderator: Simon Davies, Founder and Director of Privacy International


  • Sunil Abraham
, Director of Policy, Centre for Internet and Society, Bangalore
  • Dorothy Atwood, Chief Privacy Officer, AT&T
  • Grace Bomu, 

Manager, Actor and Policy advocate, Kenya-Heartstrings Kenya and Fanartics Theatre Company, Kenya
  • Rebecca MacKinnon
, Open Society Institute fellow, Global Network Initiative co-founder, Hong Kong
  • Sergio Suiama, 
Prosecutor for the State of São Paulo, Brazil

This session will focus on the development on the development of social media (social networks, user-generated content sites, micro-blogging, collaboration tools, etc. and explore whether this development requires to modify traditional policy approaches, in particular regarding privacy and data protection, rules applicable to user-generated content and copyrighted material, as well as freedom of expression and illegal content. The session will also address the importance of the "terms of service" of large platforms, how they are developed and their relationship with emerging business models based on behavioral analysis.

1.3. Workshop 245: Balancing between online freedom of expression and privacy

Room 7: Luxor

November 16, 2009

1.4 Workshop 323: Roundtable: Balancing the need for Security and the concerns for Privacy Concerns

Room 5: Sphinx

Day 3 - 17 Nov 09