Talking Data Protection:

Right of Privacy

Round Table
National Commission for Informatics and Liberty NCIL
USJ-
25 April 2018
Mona Al Achkar Jabbour
 Maping
• What is the subject matter?
• What is happening?
– The actual fact
• Why it is not trivial?
– because it is about fundamental human rights
– safety, security & trust in cyber space
• What can be done?
– Ensure Legal safety
• Legislations
• New administration paradigms
• none of your business
• too much information
• I don’t care / who cares?
Let’s hear talking Giants of surveillance
• In a 2009 CNBC documentary, then-
Google CEO Eric Schmidt famously said:
“If you’re doing something you don’t
want anyone to know, maybe you
shouldn’t be doing it in the first place.”
• Yet when CNET Magazine published an
article containing private info about
Schmidt, including his income, his
neighborhood, and his political
donations, he condemned the site for
invading his privacy and under Google’s
control publicly blacklisted the site.
 Personal Data: right of Privacy
• Right to be left alone: Not Having to Explain or
Justify Oneself
• Respect of individuals
• Reputation Management
• Respect of Liberties and rights
• Maintaining Appropriate Social Boundaries
• Trust
• Limit on power
• Freedom of Thought and Speech
• Freedom of Social and Political Activities
• Hallmark of liberty: Decide One’s Life
• Ability to Change and Have Second Chances
 Why Now you should care more?
• Privacy is evolving!
• Surveillance Is Evolving
• Mass Surveillance Is Conditioning
You to Act Differently
• You are over connected
• Your Actions Today May Haunt
You Tomorrow
• What You Do Is Your Business
• Everyone Has Something to Hide
 We are there to stay
• We can clear our cookies, delete
our search history, but our digital
footprints will forever hang about
 Digital Age & The Right to Privacy

Advantages
• - foster democratic
participation
• - amplify the voices of human
rights defenders
• - help abuses' exposure
• - offer the promise of improved
enjoyment of human rights
• [September 2013 and February
Disadvantages
• - new technologies are vulnerable
to electronic surveillance and
interception
• - Secret development of efficient
technology to enhance
surveillance
• - Threatening human rights
(Privacy, freedom of expression,
association,
• High Commissioner statements
2014]
• - hindering the free functioning of
a vibrant civil society
Cybercriminals can trade with personal data
Free online services use data to make money
The government’s intentions are not good all the time
 How?! keep your personal information
private
• Watch out :
• Personal identity theft
• Banking information theft
• Burglaries
• Job opportunities
• Business online reputation
• Credit card scams
• Insurance policy- perilous
behaviors
• Protection from lawsuits or legal
issues
Why Personal Data?

• Personal data is in any decisions made

about you
– (loan, a license, a job, personal /
professional reputations).
• It establishes if you are investigated,
searched at the airport, or denied some
rights.
• Personal data can be used to influence
our decisions and shape our behavior
• It can be used as a tool to exercise
control over us
• In the wrong hands, it can be used to
cause us great harm
 What is personal Data (GDPR)
• ‘personal data’ means any information
relating to an identified or identifiable
natural person (‘data subject’); an
identifiable natural person is one who can
be identified, directly or indirectly, in
particular by reference to an identifier
such as a name, an identification number,
location data, an online identifier or to
one or more factors specific to the
physical, physiological, genetic, mental,
economic, cultural or social identity of
that natural person;
 Why Data Protection?

• Control
• Legal rights
• Be informed
• What is known about us
• Who uses this data and how
• Have our complaints heard when data
uses can harm us
 Some Lebanese facts
Who spies who?
• The constitution doesn’t explicitly mention this right
• No Data protection law
• No Specialized authority
• Recent scandals: EFF malware-infected messaging
apps have been operating since 2012
– possibly involving a nation-state actor.
– Mass surveillance (domestic and extraterritorial)
– Lack of Security
– Exposure
– Lack of Convenient framework
• ID regime: Biometric passports and residence permits
 Legal framework!?
Lebanon is a signatory of a number of Regional &
international conventions & treaties with privacy
implications, including:
• Universal Declaration of Human Rights
• International Covenant on Civil and Political Rights
• International Convention on the Elimination of All
Forms of Racial Discrimination
• Convention on the Rights of the Child
• the International Convention for the Protection of
All Persons from Enforced Disappearance
• the United Nations Convention against
Transnational Organized Crime
• the Arab Charter on Human Rights
 International concern & legal framework
Resolution 68/167 adopted In December 2013, By the UNGA
• Deep concern at the negative impact
that surveillance and interception of
communications may have on human
rights.
• The General Assembly affirmed:
• - rights held offline must also be
protected online
• it called upon all States:
• - to respect and protect the right to
privacy in digital communication
• - to review their procedures, practices
and legislation related to
communications surveillance,
interception and collection of personal
data
• - to ensure the full and effective
implementation of their obligations
under international human rights law
• It recalled that:
• International human rights law
provides the universal framework
against which any interference in
individual privacy rights must be
assessed.
• The International Covenant on
Civil and Political Rights, ratified by
167 States, provides that no one
shall be subjected to arbitrary or
unlawful interference with his or
her privacy, family, home or
correspondence, nor to unlawful
attacks on his or her honor and
reputation.
• - “Everyone has the right to the
protection of the law against such
interference or attacks.”
 Data Protection
• Data protection laws
– No law explicitly regulates the protection of PD
– the legal framework for data protection is weak
– Various provisions on privacy:
• Law 140/99
• Article 2 of the Banking Secrecy Law of 3 September 1956
• the Penal Code under articles 579, 580, and 581 relating to the
violation of secrets
• Right to Access Information Law «prevents public institutions from
providing anyone with private and personal information about
Lebanese citizens.»
• Article 7 of the Code of Medical Ethics (Law no. 288 of 22 February
1994) the confidentiality of physician and patients relationships
• Articles 51 and 58 of the Consumer Protection Code (Law no. 659 of
4 February 2005)
 Law 140/1999
judicial authorization
• Article 2 and Article
• - interception may be authorized
by court order in cases of
emergency, provided the
targeted individual is the suspect
of a crime.
• The court order should specify
the means of communication
• subject matter of the procedure
• the crime subject matter of the
prosecution or the investigation
• the duration of interception
(which may not exceed 2
months)
administrative authorisation
• Article 9
• in order to gather information aimed at
combating terrorism, crimes against
state security, and organized crime
• administrative authorization, by the
minister of interior/ the minister of
defense, after obtaining approval of the
Prime Minister
• Decisions must be approved in writing,
duly justified and approved by the
Prime Minister and should specify:
• - the means of communication
• - subject matter of the procedure
• - the subject matter of the prosecution
or the investigation
• - the duration of interception (may not
exceed 2 months)
• Electronic Transactions and Personal Data
Law
– Proposed In 2010, amended in 2017, remains a
draft
– Regulation of electronic signatures, e-commerce
transactions, respect for individual privacy and the
protection of personal data.
– Article 82 would allow for warrantless search and
seizure of financial, managerial, and electronic
files, including hard drives, computers, etc.
 Law’s shortcomes:

• it does not specify the cases where personal data

processing is permitted
• It only mentions specific cases that would warrant an
authorization
• There is:
• No independent body to monitor implementation and
compliance
• No specification about transferring data to foreign
countries
Conclusion: we need trust (NCIL)

• We need efficient legal framework

• Control the way our information is
handled
• Regulate
• Have legal rights
• Be informed
• Advise
• Anticipate
• Hear Complains
• Impose sanction