IE MDMK09

Borislav Kiprin

Privacy
Virtual Companies & Legal Environment
Course Leader: Ignacio J. Fernandez

Plovdiv, Bulgaria
Phone: +359 879997300
E-Mail: bkiprin.mdmk2010@alumno.ie.edu
Web: www.borislavkiprin.com
2 Privacy

Notion
What is privacy?

Privacy is the ability of an individual, group or business entity to reserve the right to disclose information about
himself/herself/themselves and share that information upon their own choice. Sometimes it is difficult to
determine what are the boundaries and this is very subjective notion coming down to personal, cultural,
ethnical etc. In that sense there are common understandings among the majority of people and there are
issues that are considered private only in a particular ethnic or geographical area. In general, when something
is considered private, it comes down to a sensitive issue or a special one that the person/group/entity is not
ready to share with the community or the world. It also depends on how the public opinion will perceive this
private information and there is often a timeframe for relevance and actually interest from the public. In the
case of business entities it might sometimes come down to securing secrets directly related to the normal
performance of the organization and often part of the business itself.

Individual or group privacy is usually part of the legal base in most of the countries in the world – whether under
the form of a privacy laws or even in the constitution. Although we all have a right to some sort of personal
privacy, there are limitations when it comes to national security, taxation, income sources etc. This differs on
country-to-country basis and it has different limitations. For example in the USA the freedom of speech is
described in the First Amendment1 of the constitution, whereas in China or other communist states there are
limitations when people talk about politics, reforms and others. Another example is the fact that there are still
countries in this world that do not reveal bank account information of individuals and this is considered as a
privacy issue.

Privacy types:

 Physical is the immediate proximity of the world we all consider private – such as our house, diary, sexual
acts and visual materials concerning private moments. For example, in the USA the Fourth Amendment
guarantees exactly the right of "the right of the people to be secure in their persons, houses, papers, and
effects, against unreasonable searches and seizures". 2 This however differs to the extreme from the
legislation in other parts of the world, especially in totalitarian and dictatorship states, where no warrant is
needed for the arrest of a suspect.

 Informational concerns data that is considered private when it comes, for example, to medical files,
financial ones, sexual preferences etc. A very interesting issue here is that when one is applying for a job in
the United States he/she has to be careful enough not to include any private information such as a picture,
race, religion, sexual preference etc. Whereas in Europe it is considered obligatory to provide most of the
previously stated personal information. Nonetheless disclosure of this information is considered in the USA as
a base for voluntary or involuntary discrimination, but in Europe as normal.

 Organizational deals mainly with security issues. Shortly after September 11, 2001’s attacks, the US
government introduced a much stricter legislation that allowed governmental security agencies to dig into
the private life of individuals should there be a suspicion of threat for national security. This has raised many
questions when it comes to an ethnic and religious profiling of the usual suspects – Arabs, Muslims and South
East Asians.3

1 Source: http://en.wikipedia.org/wiki/First_Amendment_to_the_United_States_Constitution
2 Source: http://en.wikipedia.org/wiki/Fourth_Amendment_to_the_United_States_Constitution
3 Source: http://www.law.umaryland.edu/Marshall/usccr/documents/cr122004024309.pdf

Borislav Kiprin – IE MDMK09

3 Privacy

Protection of Privacy:

There are many laws around the world that insure the right of protection of privacy. There are even established
courts that deal especially with this issue. In the case of the European Union this will be the European Court of
Human Rights that takes as its prerogative Directive 95/46/EC on the protection of personal data and others
concerning the privacy of European individuals and groups. There are also countries that had established
specific guidelines or governmental bodies that are authorizing any new law that might have privacy
infringement issues - in the United Kingdom by the Data Protection Act 1998 and n France data protection is
also monitored by the CNIL (Commission Nationale de l'Informatique et des Libertés).

On the other hand there are many NGOs that are involved with the follow up of human rights and in particular
with the protection of privacy – such as Internet Privacy Coalition. In fact, these organizations play the role of
creating awareness among the public and put some pressure on the relative legislative power to act properly
upon certain privacy issues and respect them while creating laws that may seem invasive and obstructive.

Evolution of Privacy:

The evolution of privacy has been mainly regarded as a process related to the development of technology.
Such instruments as tapping into phones, looking at personal computer’s content or following other
communication ways (mobile, internet etc.) are well known among the public. But, in fact, it has all started with
the printed media (such as newspapers, magazines and posters). With the spread of such materials, the
misusage of particular content and the breach of privacy was a alarming and the first known publication
concerning privacy was in the USA and represented and article written by Samuel Warren and Louis Brandels –
The right to Privacy, 4 Harvard L.R. 193 (1890).4

Later with the further development of technology, especially the communication channels through mobile
networks and the Internet, more and more concerns were raised with the issue of invasion of privacy. And to
add to this the fact that the world is facing now social threats as drug production and dealing, terrorism, money
laundering from illegal activities, hacking into personal account information in financial, governmental and
medical records, the public is becoming more and more sensitive on how the governments are trying to battle
the issues through legal and more over practical ways. A particular example can be given with the creation of
antiterrorist laws all over the world and in particular in the EU, USA and Russia. These legislations have created
quite a buzz around the world among citizens and personal privacy protectionists. Whether it is because of
miss-communicating the right message when it comes to national and public security and what the law is trying
to achieve, or simply because the government is not really too interested in how the public will accept it, but
the fact is that we all are followed in a certain way and experiencing here and there invasion of our own
privacy.

The reason for this issue to be raised, alarming much and growing at the moment even more is the fact that it
become easier and easier with every leap forward of the technology to gather and analyze information.

4 Source: http://en.wikipedia.org/wiki/Privacy
Borislav Kiprin – IE MDMK09
4 Privacy

Privacy at the Work Place

With the development of technology and the increasing dependence on Internet as a channel of
communication, more and more employer are introducing instrument to monitor employees performance. In
some cases this has a direct impact on the personal privacy of the latter. As explained earlier the line between
personal privacy and the availability of information to the public is very thin. Some of the introduced
instruments and ways to obtain information have resulted into lawsuits, voluntary leave of the companies and
termination of employment contracts. The thing here is, that in most of the cases the employees are even not
aware that their activities are monitors or calls and emails screened.

 Eavesdropping is the act of covertly listening to a private conversation. 5 And this is indeed practiced in the
nowadays-corporate world to monitor employees’ performance during work time. However, there is a
morality question involved here. Many people believe that one shall not be expected to have his/her mind
engaged with work related stuff for the whole duration of the eight hours he/she is paid for.

 Live Video Monitoring is the act of monitoring in live feed the performance of employees at the work place
or for example traffic control on the street. The question here comes with the fact that people are not
accustomed to be watched. But I do remember a particular case in Germany in 2007, where a German
supermarket chain was filming in its shops and recorded many inappropriate acts that were not related to
the business duties of its employees (i.e. sexual intercourse, stealing articles etc.)

 Whistle blowing - There is also the case of “triggered surveillance” which happens in the event of a lead
posted by a colleague or a peer to an employer regarding questionable behavior of an employee in
concern. However, this can be rather volatile and destructive to the organization and the teamwork, should
that lead be found misleading, inappropriate or irrelevant. The ways that organizations deal with this kind of
situation differ based on management point of view or established guidelines and standard operating
procedures. Nonetheless, the chances of having a false lead are always to be considered and evaluated
properly.

 Communication scanning is covering the security and privacy of mail, telephones, e-mail and other forms
of communication 6 . In sensitive businesses such as pharmaceuticals, nanotechnologies and arms
production this is a very common practice, especially concerning key figure employees.

The American Management Association (AMA) conducted a study, named the "2005 Electronic Monitoring &
Surveillance Survey". Of the 526 employers that the AMA surveyed,
most conduct some type of electronic surveillance on employees. 7
76% monitor Website visits
There are also findings that some 92 % of employers deny employee
workplace privacy rights through electronic surveillance of different 55% monitor eMail messages
sort.
50% monitor computer files
Form moral point of view and to the very extend of being legal;
employers are obliged to let employees be aware of the above-
mentioned issues online. These policies can be communicated through the employee’s handbook, memos or
even in the employment contract. It also could be that an employer will inform certain employees working on a
information sensitive project that their private life will be monitored to some extend. However, he must have the
agreement of the later and specifically list the activities that will be performed.

5 Source: http://en.wikipedia.org/wiki/Eavesdropping
6 Source: http://www.privacyinternational.org/article.shtml?cmd[347]=x-347-559474
7 Source: http://jobsearchtech.about.com/od/laborlaws/a/work_privacy.htm

Borislav Kiprin – IE MDMK09

5 Privacy

Privacy Online
In the age of Internet and especially in Web 2.0 and the coming Web 3.0, the public is more and more
concerned with personal privacy. The optimization of the viewed content and especially the input of personal
content and display for sharing has raised more questions. This issue will be reviewed bellow, divided by issues I
have found interesting to discuss and ponder upon:

 Hackers – This is probably the biggest concern to invasion of privacy when it comes to the Internet. Hacking
is illegally finding ways to penetrate closed networks or databases and stealing, moderating or erasing
data. We have been witnessing massive attacked on customer databases especially in Credit Card
companies, Social Security Databases etc. These are rather sensitive events that are hitting hard the soft
spot in the public’s heart. A particular case that I can recall is the steal of 180,000 people’s personal data
from Mastercard database in 2005.8

 Spam – is the abuse of electronic messaging systems (including most broadcast media, digital delivery
systems) to send unsolicited bulk messages indiscriminately.9 Spamming is not usually considered exactly an
invasion of privacy issue, however we have to think of the lesser and lesser usage of emails these days.
There studies that point spam as the main reason for people to set particular timings during the day to
check their emails. They even go so far as to set auto responses stating that if the email sent to them is
important they should contacted through the phone (but then, phone number is not stated in the
message). Some would say that spam feeding is exactly invasion of privacy, since it is obtrusive, bothering
and basically unwanted.

 Gmail Adver-feeding – If you have a Gmail account, you have probably noticed those Google Adwords
commercials displayed on the very right side of your window. When this service was introduced initially, the
public and the authorities have raised the question firstly on the searchability and findability of personal
messages in Google’s search engine. This technological issue was solved pretty fast, but now the issue
comes with the adfeeding. In order to get relevant adfeeding the personal messages in the mailbox must
be scanned and analyzed. But the real question here is are these messages stored somewhere and kept by
Google or even more disturbing are all the users being profiled based on send and received
communications. This issue is not yet address by any legislative power around the world, for all I know, but I
believe it will be becoming one as soon as enough awareness among the public’s opinion is raised.

 Social Networks Profiles – This relatively new communication channel gives the ability to share personal
content and keep in touch with friends and peers. And since this is still regarded as an innovative channel,
a part of the user base is not really leveraging the opportunities to find themselves in situation of sharing
more than they are ready to give. We can even talk of social exhibitionism that comes either intentionally or
unintentionally and inconsiderately, but nonetheless it presents a growing problem. Adjustments of the
Privacy base on these websites are common and in fact difficult to notice. For example, Facebook has tried
to change its Privacy statement on few occasions and received a lot of angry statement from users that
found the changes a threat to their privacy (Beacon10 – for example). It is also interesting to learn that data
mining is possible in Facebook and in 2005 two MIT students were able to download the profiles of 70,000
colleagues (MIT, NYU, the University of Oklahoma, and Harvard) through an automated algorithm. 11
Another threat is the fact that deactivating one’s account with Facebook does not necessarily mean that
all the published content will disappear with the deletion.

8 Source: http://news.cnet.com/Some-MasterCard-holders-exposed-to-data-theft/2100-7348_3-5670509.html
9 Source: http://en.wikipedia.org/wiki/Spam_(electronic)
10 Source: http://en.wikipedia.org/wiki/Criticism_of_Facebook
11 Source: http://en.wikipedia.org/wiki/Criticism_of_Facebook

Borislav Kiprin – IE MDMK09

6 Privacy

There are many other issues that are addressed, being addressed at the moment or will be addressed soon or
later by the legislative powers and/or Social Networks themselves. However, the Internet and the content
published in this medium will be playing a bigger and bigger role when it comes protection of privacy and
concerns related to this.

Reflections
Giving the constant progress of technology and the establishment of more and more complicated channel of
communications, privacy becomes a major issue when it comes to finding an employment, establishing
employee guidelines and standard operating procedures, labor codex etc. The players in this game are rather
clear – employees, private citizens, governments, corporations & private businesses etc. And all of these have
different points of view and regard their privacy and that of others in a very subjective way. In order for them to
come to the same page, I regard the following factors as very important:

 Consensus on privacy limits – a well established and agreed upon set of rules – what is allowed and what
not to be monitored and picked in. The important thing here is for all the parties to be involved and actively
participate in the privacy policy setting.

 Arbitrage ruling – in case of disagreement there should be an established and unbiased way to solve issues
between two parties where one is accused of invading illegally the privacy of the other. And naturally that
should a third party that has nothing to do with the conflict discussed.

 Consent – employees and private citizens shall be asked for consent in order to be monitored. However,
there is always the doubt in the head of an employee that comes to the fact whether he/she has other
choice than consenting or not. Normally, the upper hand in this situation seems to be with the organization,
rather than with the individual.

 Communicating the policy – often a misunderstanding or un-acceptance of policies can be triggered

through wrongful or badly communicated guidelines. Usually, this problem can be solved by pointing out
the benefits and explaining entirely the situational analysis, causes & effects for all parties involved.

 Strict management based on the policy already set – there is no place for practicing double standards
here. From an employee point of view it is going to be extremely hard to stay motivated if he/she sees that
for the same situation different approaches and solutions are reprimanded.

As described above, privacy differs on regional and cultural basis. For that reason it will be very hard to come
up with a common law that serves the world on a global perspective. Nonetheless, with the globalization and
the world turning into a very small place, there seem to be signs that borders and wall are falling apart and
people and cultures grow closer together. How this is going to affect the treatment of invasion of privacy and
actually the privacy in the online medium is yet to be seen.

Borislav Kiprin – IE MDMK09