Privacy in Focus
I. The Privacy & Security Implications of Cloud Computing: Super Workshop 257
November 17, 2009
14:30 to 17:00
International Congress Center (Room 2 Red Sea)
Panel Description
Cloud Computing and its privacy and security implications are at the forefront of news media debate around the world. However, only regulators from developed countries are discussing its privacy and security policy implications. In 2008-2009, the US Federal Trade Commission and The Ontario Privacy Commissioner have discussed the matter. The Council of Europe raised the question of cloud computing, jurisdiction and international law enforcement at its Octopus conference in March 2009. The OECD discussed the subject during a workshop organized by the Committee for Information, Computer and Communications Policy (ICCP) in October 2009. Civil Society has advocated for strong data protection laws and heightened enforcement, business interests dispute that regulation is necessary while law enforcement agencies highlight the challenges for investigating cybercrime and securing electronic evidence when the data is stored in the cloud. Those services are being used all over the world. However, there is a lack of understanding of the issue and a lack of participation by stakeholders from developing countries in this debate.
This workshop will explain the definition and various types of cloud computing services, and focus the policy debate on privacy and security risks of those services at user level. The objective is to understand how personal data is managed and processed, and to develop effective policy frameworks so that users can exercise control over their own personal data when that data is stored and processed in the cloud. It will also be discussed how the current system of mutual legal assistance and jurisdiction may work for law enforcement agencies when the data is stored in the cloud, and attempt to identify the policy implications of cloud computing on security, privacy and law enforcement. This workshop will wrap up the various discussions held in different venues during 2009.
Co-organizers:
- Alexander SEGER, Council of Europe (CoE) [bio]
- Bertrand DE LA CHAPELLE, French Ministry of Foreign and European Affairs
- Katitza RODRÍGUEZ, Electronic Privacy Information Center (EPIC) [bio]
- Graciela SELAIMEN, Estudos e Formação da Rits (NUPEF/RITS) [bio].
- Pamela JONES HARBOUR, Federal Trade Commission (FTC) [bio]
Chair:
Cristos VELASCO, North American Consumer Project on Electronic Commerce (NACPEC) and Ciberdelincuencia.Org (Mexico) [bio]Discussants:
- Pamela JONES HARBOUR, Commissioner. Federal Trade Commission. [bio]
- Joseph H. ALHADEFF, Vice President for Global Public Policy and Chief Privacy Officer, Oracle Corporation, Chair of BIAC's Information, Computer and Communication (ICCP) Committee, Vice Chair of ICC's Commission on E-Business, IT and Telecoms; [bio]
Rapporteurs
Graciela SELAIMEN, Núcleo de Pesquisas, Estudos e Formção da Rits [NUPEF/RITS], Brazil. Katitza RODRIGUEZ, Director, EPIC International Privacy Project[bio];Media Coverage
Imaging the Internet, A Project of the Imagining the Internet Center at Elon University / Pew Internet Project http://www.elon.edu/e-web/predictions/igf_egypt/cloud_computing.xhtml ENDitorial: IGF 2009: the Forum is the Message (and the Massage as well) http://www.edri.org/edrigram/number7.23/igf-2009-forum-is-the-messageUseful Sources on Cloud Computing
EPIC's webpage on Cloud Computing http://epic.org/privacy/cloudcomputing/
Blog "Above the Clouds. A Berkeley View of Cloud Computing" http://berkeleyclouds.blogspot.com/2009/05/surge-computing.html
Papers and Publications
Cristos Velasco, "Jurisdictional Aspects of Cloud Computing" (February 28, 2009)
Gareth Sansom, "Website Location: Cyberspace vs. Geographic Space" (April 3, 2008)
Electrical Engineering and Computer Sciences University of California at Berkeley, "Above the Clouds: A Berkeley View of Cloud Computing" (February 10, 2009) http://www.eecs.berkeley.edu/Pubs/TechRpts/2009/EECS-2009-28.pdf
Anne Cavoukian, "Privacy in the Clouds. A White Paper on Privacy and Digital Identity: Implications for the Internet"
http://www.ipc.on.ca/images/Resources/privacyintheclouds.pdf
Pew Internet & American Life Project,"Use of Cloud Computing Applications and Services", (September 2008)
http://www.pewinternet.org/Reports/2008/Use-of-Cloud-Computing-Applications-and-Services.aspx
International Oganizations
OECD, ICCP Technology Foresight Forum- "Cloud Computing: The Next Computing Paradigm?" http://www.oecd.org/document/31/0,3343,en_2649_34223_43912543_1_1_1_1,00.html
Briefing Paper for the ICCP Technology Foresight Forum, "Cloud Computing and Foreign Policy" (September 29, 2009) http://www.oecd.org/dataoecd/39/47/43933771.pdf
Industry
Cloud Security Alliance (CSA), "Security Guidance for Critical Areas of Focus in Cloud Computing", (April 2009) http://www.cloudsecurityalliance.org/csaguide.pdf
Sun White Paper, "Introduction to Cloud Computing Arquitecture", First Edition (June 2009)
http://www.scribd.com/doc/17274860/Introduction-to-Cloud-Computing-Architecture
Civil Society
CSISAC's Comments on Cloud Computing: Portability, Competition, Innovation (October 14, 2009) http://csisac.org/CloudComputing.pdf
II. Online Advertising and The Future of Privacy: Balancing Business Imperatives and Consumer Rights – Workshop 263
Day 2, November 16, 2009
9:30 am - 10:30 am
International Congress Center: Room 7: Luxor
The conference report isConcise Description:
A powerful global system of online data collection for targeted interactive marketing has become one of the principal features of the Internet. Throughout much of the world, individual user information is now routinely collected for profiling, tracking and targeting purposes, which has raised growing concern over personal privacy and consumer welfare. Sophisticated digital marketing technologies, including the use of neuroscience for the creation of online advertising, has also generated public debate, especially related to public health. While advertising plays a critically important role in the Internet and Web 2.0, the majority of users are not well informed about the potential impact personal data collection will have on their daily lives. There are, however, other online advertising models beyond behavioral targeting that may allow companies to reach Internet users without the same risks to privacy. And a regulatory structure that protects user privacy will actually instill consumer confidence in the online economy, benefitting businesses and buyers alike. Online advertising is a global industry, and its impact on Internet users and privacy is profound, affecting developing and more economically advantaged countries.
This workshop is a follow-up to the event held during the IGF 2008. It will start by summarizing the major developments on this topic around the world during 2009. It will discuss some of the online advertising and behavioral targeting models applied in search engines, online video, online games, and Web 2.0, and will discuss how personal data is being collected and how it is used. Balancing freedom of speech, privacy, online marketing and consumer protection, various alternatives will be explored, including a discussion of international policy frameworks that have been proposed to regulate privacy and online advertising.
Organizer:
Katitza Rodriguez, Electronic Privacy Information Center, Graciela SELAIMEN, Núcleo de Pesquisas, [NUPEF] (Brazil); Kristina Irion, Assistant Professor, Department of Public Policy, Center for Media and Communications Studies (CMCS) at Central European University, and Hong Xue, Institute for the Internet Policy & Law at Beijing Normal University (China)Chair:
Katitza RODRIGUEZ, Director, EPIC International Privacy Project[bio];Speakers:
· Marc ROTENBERG, EPIC Executive Director (EPIC)
· Pamela HARBOUR, US Federal Trade Commission [bio]
· Katitza RODRIGUEZ, EPIC International Privacy Program (EPIC) [bio]
· Graciela SELAIMEN, Núcleo de Pesquisas, Estudos e Formção da Rits [NUPEF/RITS] (Brazil); [bio]
Rapporteur:
· Cristos VELASCO, North American Consumer Project on Electronic Commerce (Mexico) [bio]
Data Protection and Consumer Protection Reports
European Consumer Summit 2009, European Commission
FTC Staff Report on Self-Regulatory Principles for Online Behavioral Advertising (12.02.2009)
Publications
Privacy and Human Rights Report: Behavioral Targeting
Online Behavioral Tracking and Targeting Concerns and Solutions, September 2009
News
JR Raphael, Google’s Behavioral Ad Targeting: How to Reclaim Control, PC World (Mar. 11, 2009)
Caroline McCarthy, Ad Industry Groups Agree to Privacy Guidelines, CNET News (July 2, 2009)
EuroPriSe, “Predictive Targeting Networking (PTN)”, September 11, 2009
Additional Resources:
EURODIG, Workshop 2: Personal and Professional Privacy
Monitoring Privacy, Data Protection and Emerging International Privacy issues at the Internet Governance Forum
1.1 Main Session: Security, Openness and Privacy:
16 November, 15:00 - 18:00
Chair: TBD
Moderator: Marc Rotenberg, Executive Director, Electronic Privacy Information Center (EPIC)
Panellists
- Joseph H. Alhadeff , Vice President for Global Public Policy and Chief Privacy Officer, Oracle Corporation [bio]
- Nazila Ghanea, Lecturer, International Human Rights Law, University of Oxford, Editor-in-Chief, International Journal of Religion and Human Rights
- Cristine Hoepers , Senior Security Analyst and General Manager, CERT.br
- Namita Malhotra, Researcher, Alternative Law Forum, Bangalore, India
- Bruce Schneier, Chief Security Technology Officer, British Telecom [bio]
- Alexander Seger, (TBC) Head of Economic Crime Division, Directorate General of Human Rights and Legal Affairs, Council of Europe [bio]
The discussion of this cluster of issues will be introduced by a panel of practitioners to set the stage and bring out options for how to deal with the policy and practical choices related to the different facets of these themes. The discussion will cover practical aspects of the coordination needed to secure the network (e.g. to fight spam) and their relationship to issues pertaining to openness (e.g. ensuring the open architecture of the Internet).
Issues to be discussed will include:
- The respect for privacy as a business advantage;
- Identity theft, identity fraud, and information leakage;
- Web 2.0;
- Social networks;
- Cloud computing and privacy, e.g. control of one's own data and data retention;
- Cultural and technical perspectives on the regulation of illegal Web contents;
- Regulatory models for privacy;
- Ensuring the open architecture of the Internet;
- Net Neutrality;
- Enabling frameworks for freedom;
- Ethical dimensions of the Internet.
1.2 Main Session: Emerging Issues: Impact of Social Networks
18 November, 15:00 - 16:30
Chair: TBD
Moderator: Simon Davies, Founder and Director of Privacy International
Panellists:
- Sunil Abraham , Director of Policy, Centre for Internet and Society, Bangalore
- Dorothy Atwood, Chief Privacy Officer, AT&T
- Grace Bomu, Manager, Actor and Policy advocate, Kenya-Heartstrings Kenya and Fanartics Theatre Company, Kenya
- Rebecca MacKinnon , Open Society Institute fellow, Global Network Initiative co-founder, Hong Kong
- Sergio Suiama, Prosecutor for the State of São Paulo, Brazil
This session will focus on the development on the development of social media (social networks, user-generated content sites, micro-blogging, collaboration tools, etc. and explore whether this development requires to modify traditional policy approaches, in particular regarding privacy and data protection, rules applicable to user-generated content and copyrighted material, as well as freedom of expression and illegal content. The session will also address the importance of the "terms of service" of large platforms, how they are developed and their relationship with emerging business models based on behavioral analysis.
1.3. Workshop 245: Balancing between online freedom of expression and privacy
Room 7: Luxor
November 16, 2009

1.4 Workshop 323: Roundtable: Balancing the need for Security and the concerns for Privacy Concerns
Room 5: Sphinx
Day 3 - 17 Nov 09