Domain: datatilsynet.no
Stories and comments across the archive that link to datatilsynet.no.
Comments · 12
-
Re:"Datatilsynet"
In Norway we have something called "Datatilsynet". It's not private. It can't be private.
Are you giving away your freedom and privacy to private entities?
Presumably by "it's not private" you mean "it's not a private entity, it's a public entity" (in an article discussing privacy, the term "private" in the sense of the private sector of the economy should be used with care, to avoid confusion; perhaps Norwegian has separate words for "not part of the public sector" and "not to be made available to the public", but "private", in English, can mean both).
For those curious about Datatilsynet, here's their English-language Website.
-
Re:Bore them to death
What the US need is an equivalent to the Norwegian Data Inspectorate, see English webpage at http://www.datatilsynet.no/templates/Page____194.aspx
-
Re:This does come as a surprise to me though...In Norway, a company's IT-policy can stipulate that use of the company e-mail address is for business/company-related matters only and that correspondence may be read by third parties within the company. A reason for reading an employee's e-mail may be that the employee is ill or on holiday and certain information contained in the mails must be obtained.
Private mail marked as "private," or with a subject that indicates that the mail is obviously private ('Grandma's cookie recipe'), is generally treated as such; these mails may be read under circumstances described in company policy or upon obtaining a warrant.
The key to making sure the company stays "safe" and the employees keep their policy is the company having a good IT policy that is enforced consistsently and the employees agreeing to it and following it.
For more information see here (in Norwegian)
-
in Norway...The Norwegian Data Inspectorate is the entity that actually enforces the do-not-call lists; the registry at Brønnøysund has nothing to do with this.
Unfortunately, there are a lot of telemarketing companies here that don't respect the do-not-call list. They don't care to follow them. They even complain because they have to buy updated lists (boo hooey hoo), though they can afford to give the executives multi-million NOK salaries. However, the telemarketers generally get away with unlawful telemarketing because too few people complain about violations to the Inspectorate. Without the formal complaints, the Inspectorate cannot do very much to resolve the problem.
-
Re:right, very importantAt least in Norway, part of the law involves securing the perosonal data once it comes into the hands of the data controller. So while it may not prevent hackers from trying, it says that the data controller has to establish and maintain the measures required to keep data safe from such attacks.
Take a look at sections 13 and 14. There are also special rules to the law that specifically touch on information security, but I don't have a link in English.
-
Re:European data protection
I am Norwegian, and I am quite happy about the current regulations. There's even a nice government agency that you can report violators to. In addition, they are 'active', in the way that they actually go out and look for violations, instead of just relying on reports. Very nice. I can actually avoid getting my mailbox full of ads every day, even advertisement addressed to me. Not like when I was in the US...
:/ -
Re:Need to change the focusSome of the requirements you suggest already exist in EU law and the laws of individual EU/EEA states.
and the responsiblility for accuracy should rest on the provider, not on the poor slob being tracked
For example, this is already the case according to Norwegian Personal Data Act, which is based on the EU Personal Data Directive. The data controller has the burden of responsibility for the quality and integrity of the personal data being collected. Furthermore, if personal data finds its way to a third party, it is the responsibility of the data controller of this third party to inform each and every data subject about this transfer. Data subjects have the right to access to information on themselves, as well as to be removed from databases (except for certain government databases) and they have the right to have wrong information corrected, at the expense of the data controller.
And there should be severe restrictions on the uses that can be made of the information.
This is the principle of use limitation (tied in with purpose specification): personal data should not be disclosed, made available or otherwise used for purposes other than those specified in accordance with except with the consent of the data subject or by authority of law.
I disagree with the requirement of government sponsored databases. This violates the principle of use limitation where the data would be used for purposes other than what they were collected for. You would also create a very unpleasant situation if the database were to be hacked, inside or out.
-
surprise, surprise...Privacy policies in the US aren't worth the bandwidth they waste. And they will continue to be worthless unless they're backed by strong national (not just state) privacy legislation similar to the Norwegian Personal Data Act or the EU Personal Data Directive.
That way, people don't have to be worried about "loopholes" in privacy policies such as the one indicated in a NYT article on the same subject:
The company said in a statement: "Our privacy policy commits Northwest not to sell passenger information to third parties for marketing purposes. This situation was entirely different, as we were providing the data to a government agency to conduct specific scientific research related to aviation security and we were confident that the privacy of passenger information would be maintained."
According to for example Norwegian law, this transfer would be unlawful unless the data subjects consented to the transfer.
-
Re:Right.... so?And if you were never born no processing could be done either, what's your point?
The point is that personal privacy depends upon personal data being restricted and given out as sparingly as possible. What information you give out today will be used in unanticipated ways in the future. Witholding information is therefore your best defense.
Their best intrest (sic) IS mine. If they can sell me something then we BOTH win
*You* only win if the item being sold was (a) something you wanted/needed and (b) at the best price. As anyone living in a modern society should have figured out by now, the most heavily-advertised products are invariably the most expensive (the prices include the cost of advertising) and price is never a guarantee of quality. Saying that a corporation's interest aligns with yours is high-order naivety - did those buyers of Ford Pintos who ended up horribly disfigured in accidents due to the car's design flaws have their interests served by Ford?
Laws cannot protect privacy. Intrusions of privacy can be too undetectable these days, the only way to protect someone's privacy would be to destroy everyone else's.
Rubbish, rubbish and more rubbish. European countries like Norway have strong and effective legislation. Breaches on an individual scale can be stopped by using encryption and auditing all database accesses. Breaches on a company scale will tend to show up more easily due to the scale involved but can be countered by offering rewards to employees who reveal company lawbreaking, along with having a properly empowered regulator. The last point you made about having to destroy everyone else's privacy is ridiculous - can you provide an example?
1984 is probably the most miscited book ever. Analysis after analysis has shown...
Examples of this analysis please? Links? The point about the 1984 reference was the issue of an all-powerful state determining every aspect of its citizen's lives. With the increasing amount of personal information floating around and the US Government's desire to access and integrate it, this scenario is becoming more likely. And yes, control *can* be maintained with a good enough security apparatus and contempt for human rights (look at Iraq, China, Burma for good examples).
Here are your options for the future. These are the only two.
No they are not. A third option is to have regulation of computer data (as in most European countries), but with extra restrictions on data transfer between companies. Strong one-way encryption of databases can be used to prevent illegal or illicit transfers (as covered here). And those politicians coming up with uber-databases and big-brother style legislation should be voted out of office.
This of course, requires active monitoring of the legal system and lobbying by the people of companies and legislatures. And it will be the sheep like you that rely on the activists to protect your rights.
The technology is out and there's no way to stop it. But... why would you want to stop it anyway? Just because you have a little irrational hangup on privacy....
If you want to live in a house with webcams everywhere making sure that you are not brewing bombs for Al'Qaeda in your bathroom, that's your choice. If you want every little action to be subject to public scrutiny and challenge then that is also your choice. It is however not mine, nor is it likely to be that of most of the people browsing this site. If you want to dismiss privacy as an "irrational hangup" then you deserve all the junk mail, intrusive advertising, conmen selling you penis expanders and "get rich quick" scams and other personal invasions that you are going to get.
-
English translation of this law is available
An English translation of the law is available from The Data Inspectorate. The law in Norwegian is available here.
-
English translation of this law is available
An English translation of the law is available from The Data Inspectorate. The law in Norwegian is available here.
-
Ecocrime is a real problemI have been e-mailing a couple of times with IM Sunde. I voiced my concern that they had a link to Business Software Alliance on their pages clearly without understanding that BSA is a highly political lobbying organization. Further, they demonstrate that they have no concept of "free as in speech" vs. "free as in beer". What's worse, my attempt to educate her on the distinction failed.
The problem with this unit is that they are highly incompetent. They run around after script kiddies, because anything more advanced is clearly beyond their reach. So, if you'd like to do e.g. industrial espionage, Norway is the country, cause legal enforcement is too stupid to figure it out (well, don't take that as legal advice...
:-) ).I'm pretty sure Ecocrime is not getting anywhere. Fortunately, we have The Data Inspectorate and the Consumer Ombudsman that are highly clued in many areas. I have been highly impressed by how these people have handled the spam issue (spam is outlawed in Norway with reference to long existing laws, new laws are in development). (In the medicall area, it is my opinion that the Data Inspectorate is too strict, their insistence that it must be totally impossible for anybody to unauthorized access medical data does in many cases hinder effective treatment).
Also, Ecocrime have an excellent track record in loosing court cases as well, and I'm pretty sure they are not going to get anywhere with the DeCSS case either.
The reason why I say they are a real problem is that their incompentense makes them do whatever they are told to do. The result is that they can harass citizens without having any case at all. They'll loose in court, but the mere threat of having the police knocking down the door seizing equipment may be enough to silence critics. I wrote an e-mail to the Minister of Justice about it (she's not awfully clued either), I haven't heard anything, but at least it didn't bounce...
:-)