About the Electronic Privacy Information Center
The
Electronic Privacy Information Center (EPIC) is a public interest research
center in Washington, DC. It was established in 1994 to focus public attention on emerging civil
liberties issues and to protect privacy, the First Amendment, and
constitutional values. EPIC is a member of the Transatlantic Consumer Dialogue,
the Global Internet Liberty Campaign, the Internet Free Expression Alliance and
the Internet Privacy Coalition.
The
EPIC Bookstore provides a comprehensive selection of books and reports on
computer security, cryptography, the First Amendment and free speech, open
government, and privacy. Visit the EPIC Bookstore at
<http://www.epic.org/bookstore/>.
About Privacy International
Privacy International
(PI) is a human rights group formed in 1990 as a watchdog on surveillance by
governments and corporations. PI is based in London, England, and has an office in Washington, DC. PI has conducted campaigns throughout the world on issues
ranging from wiretapping and national security activities to ID cards, video
surveillance, data matching, police information systems, and medical privacy.
An electronic version of this report and updates
are available from the EPIC web site at <http://www.epic.org> and the
Privacy International web page at <http://www.privacyinternational.org/>.
EPIC Staff
Marc Rotenberg, Executive
Director
David L. Sobel, General
Counsel
Lillie Coney, Senior
Policy Analyst
Chris Jay Hoofnagle,
Associate Director
Cédric Laurant, Policy
Counsel
Marcia Hofmann, IPIOP
Counsel
Frannie Wellings, IPIOP
Fellow
Wayne Madsen, Senior
Fellow
Stephanie Perrin, Senior
Fellow
Anna Slomovic, Senior
Fellow
Acknowledgments
This study was first
undertaken by David Banisar, then EPIC Policy Director, in 1998 and has been
updated on an annual basis since. Sarah Andrews, Research Director at EPIC, and
Gus Hosein, Senior Fellow at Privacy International, prepared the 2001 and 2002
updates. Cédric Laurant, EPIC Policy
Counsel, coordinated the research and edited the 2003 and 2004 editions. EPIC
Executive Director Marc Rotenberg was the chief editor for the 2002 through
2004 editions of the Privacy and Human Rights report.
EPIC staff and the law
students who have participated in the EPIC Public Interest Opportunities
Program (IPIOP) provided substantial writing and research. The 2002 IPIOP
Fellows were Nicole Anastasopoulos, Will DeVries, Marcia Hofmann, Dwayne
Nelson, Carla Meninsky, Greg Pemberton, Sara Rose and Jason Young. The 2003
IPIOP Fellows were John Baggaley, Doug Barnes, Erik Blum, Eva Gutierrez, Milana
Homsi, Waseem Karim, Heather Newton, Christian Schröder, Sherwin Siy, Tiffany
Stedman, Liz Tockman, and Maryam Zafar. The 2004 IPIOP Fellows were Cliff Chen,
Kenneth Farrell, Samantha Liskow, Dina Mashayekhi, Patrick Mueller, Katherine Oyama,
Olumide Owoo, Amanda Reid, Tara Wheatland, and Paul Jones
To gather information
for this study and previous editions, knowledgeable individuals from academia,
government, human rights groups and other fields were asked to submit reports
and information. Their reports were supplemented with information gathered from
constitutions, laws, international and national government documents, news
reports, human rights reports and other sources.
EPIC and Privacy
International would like to thank the following people for providing invaluable
reports, information and advice to various editions of the Privacy and Human
Rights survey: Reijo Aarnio, Data Protection Ombudsman, Finland; Jason Abrams;
Linda Ackerman, Privacy Activism, United States; Andrzej Adamski, Nicolas
Copernicus University, Poland; Ada Redondo Aguilera, www.cybernotarios.com,
Guatemala; Yaman Akdeniz, University of Leeds and Cyber-Rights &
Cyber-Liberties, United Kingdom; Ken Anderson, Information and Privacy
Commission of Ontario, Canada; Christian Hess Araya, Corte Suprema de Justicia,
Costa Rica; Olesya Arkhypska, International Renaissance Foundation, Ukraine;
Antonio M. Aveleyra Ortiz, Universidad Iberoamericana, Mexico; Zuzana Babicová,
Office for Personal Data Protection, Slovak Republic; Christoffer Badse, Danish
Institute for Human Rights, Denmark; Aiga Balode, Data State Inspection,
Republic of Latvia; Andrej D. Bartosiewicz, Association for Support of Local
Democracy, Slovak Republic; Ralf Bendrath, Universität Bremen, Germany; Colin Bennett,
University of Victoria, Canada; Jacques Berleur, Facultés Universitaires
Notre-Dame de la Paix, Belgium; Mark Berthold, Office of the Ombudsman, New
Zealand; Diana Alonso Blas, College Bescherming Persoonsgegevens, Netherlands;
Renato Opice Blum, Opice Blum Advogados Associados, Brazil; Joze Bogataj, Data Protection Inspectorate, Republic of
Slovenia; Stefan Brands, Credentica and McGill School of Computer Science,
Canada; Ian Brown, Foundation for Information Policy Research, United Kingdom; Mads
Bryde Andersen, University of Copenhagen, Denmark; Herbert Burkert, GMD,
Germany; Heiner Busch, Switzerland; Lee Bygrave, Norwegian Research Centre for
Computers and Law (Institutt for rettsinformatikk) and Faculty of Law,
University of Oslo, Norway, Baker & McKenzie Cyberspace Law and Policy
Centre and Faculty of Law, University of New South Wales, Australia; Rafael Fernández
Calvo, CLI, Spain; Anne Carblanc, Organization for Economic Cooperation and
Development, France; Fred Carter, Privacy Commissioner's Office, Canada; Pavel Cerny,
EPS, Czech Republic; David Casacuberta, Computer Professionals for Social
Responsibility-Spain, Spain; Beng Seng Chan, Documentation for Action Groups in
Asia, Hong Kong; Dmitry Chereshkin, Russian Academy of Natural Sciences,
Russia; Chris Chiu, American Civil Liberties Union, United States; Kira Kolby
Christensen, Legal Adviser, Datatilsynet, Denmark; Panageas Christos,
City College, Greece; Tyng-Ruey Chuang, Taiwan Association of Human Rights,
Taiwan; David Clancy, Information Commissioner's Office, United Kingdom;
Richard Claude, United States; Julie Cohen, Georgetown University Law Center,
United States; Tracy Cohen, Independent Communications Authority of South
Africa; Bela Csiszer, Budapest University of Technology and Economics, Hungary;
Iain Currie, University of Witwatersrand, South Africa; Paulo Renato Dallagnol,
Brazil; Ulrich Dammann, Bundesbeauftragte für den Datenschutz, Germany; Fany
Davidova, Access to Information Programme, Bulgaria; Carlos
E. Delpiazzo, Olivera & Delpiazzo, Uruguay; Ravi Dhar, Punjab Agricultural
University, India; Alexander Dix, Commissioner for Data Protection and Access
to Information (Brandenburg) Germany; Olena Dmytrenko, Ukraine; Ronnie Downes,
Irish Data Protection Agency, Ireland; Pavan Duggal, Cyberlaws.net, Cyberlaw
Asia and Cyberlaw India, India; Alexandre Dulaunoy, Association Electronique
Libre, Belgium; Jos Dumortier, Katholieke Universiteit of Leuven and
Interdisciplinary Centre for Law and Information Technology, Belgium; Kathy Eivazi,
Australian National University, Australia; Bo Elkjaer, Denmark; Jón Erlendsson,
Iceland; Gal Eschet, University of California – Berkeley, United States;
Alberto Escudero-Pascual, University of Dar es Salaam, Tanzania; Maria Farrell,
International Chamber of Commerce, France; Emilio Aced Félez, Agencia de Protección
de Datos,
Spain; William G. Ferroggiard, National
Security Archive, United States; Eric Fischer, Congressional Research Service,
United States; Anne-Marije Fontein, College Bescherming Persoonsgegevens,
Netherlands; Maurice Frankel, Campaign for Freedom of Information, United
Kingdom; Gabor Freidler, Office of the Parliamentary Commissioner for Data
Protection and Freedom of Information, Hungary; Zoltan Galantai, Budapest
University of Technology and Economics, Hungary; Ula Galster, University of
Ottawa, Canada; Miguel Angel Garcia, MAG (Estudios de Consumo), Spain;
Robert Gellman, United States; Marie Georges, CNIL (Commission Nationale Informatique
et Libertés), France; Rishab Aiyer Ghosh, India; Ann Goldsmith, Office of
the Privacy Commissioner, Canada; Eric Goldstein, Human
Rights Watch Middle East/North Africa, United States; Graham Greenleaf,
University of New South Wales, Australia; Marina Gromova, Russia; Andrés Guadamuz,
University of Edinburgh, Scotland; Valeriu Guguianu, Ministry of Public
Information, Romania; Alex Hamilton, Liberty, United Kingdom; Edward Hasbrouck,
United States; Pétur Hauksson, Mannvernd, Iceland; Hordur Helgi Helgason,
Icelandic Data Protection Authority (Persónuvernd), Iceland; Bénédicte Havelange,
Commission de la protection de la vie privée, Belgium; Helmut. Heil, Bundesbeauftragte
für den Datenschutz, Germany; Jan Holvast, Holvast and Partners,
Netherlands; Masao Horibe, Chuo University School of Law, Japan; Axel Horns,
FITUG e.V. (Förderverein Informationstechnik und Gesellschaft), Austria;
Deborah Hurley, Harvard Information Infrastructure Project, United States; Pavol Husar, Commissioner for the Protection of
Personal Data in Information Systems, Slovak Republic; Yutaka Ishikawa, Chuo University School of Law, Japan
and Georgetown University School of Law, United States;
Joichi Ito, Japan; Joel Jaakkola, Finland; Triinu Jaaksoo, Data Protection
Inspectorate, Estonia; Ona Jakstaite, State Data Protection Inspectorate,
Lithuania; Rikke Frank Joergensen, Digital Rights, Denmark; Sigrún Jóhannesdóttir,
The Icelandic Data Protection Commission, Iceland; Barbara Jurgeleviciene,
State Data Protection Inspectorate of the Republic of Lithuania, Lithuania;
Omar Kaminski, Kaminski, Cerdeira e Pesserl Advogados Associados, Brazil; Jerry
Kang, Georgetown University Law Center, United States; Myungkoo Kang, Seoul
National University, South Korea; Marina Karakonova, Access to Information Programme,
Bulgaria; Alexander Kashumov, Access to Information Programme, Bulgaria;
Michael Kassner, Electronic Privacy Information Center, United States; Yeoh Beng
Keat, Ministry of Energy, Communications and Multimedia, Malaysia; Mindaugas Kiskis,
Law University of Lithuania, Lithuania; Jon Klaaren, Wits Law School, South
Africa; Maija Kleemola, Office of Data Protection Ombudsman, Finland; Albert Koellner,
VIBE!AT (Verein für Internet-Benutzer Österreichs), Austria; Matej Kovacic,
University of Ljubljana, Slovenia; Igor Kowalewski, The Bureau of the Inspector
General for Personal Data Protection, Poland; Natalia Krajcovicova, Inspection
Unit for the Protection of Personal Data, Slovak Republic; Andreas Krisch,
VIBE!AT (Verein für Internet-Benutzer Österreichs), Austria; Dieter Kronegger,
Arge Daten, Austria; Peter Kuhm, VIBE!AT (Verein für Internet-Benutzer
Österreichs), Austria; Jorma Kuopus, Office of the Parliamentary Ombudsman,
Finland; Margarita Lacabe, Derechos Human Rights, United States;
Anne-Christine Lacoste, Commission de la protection de la vie privée,
Belgium; Gary Laden, Council of Better Business Bureaus, Inc., United States;
Stephen Lau, former Hong Kong Privacy Commissioner, Hong Kong; Pierre-Emmanuel Laurant,
Elsewhere Entertainment, Belgium; Pippa Lawson, Public Interest Advocacy
Centre, Canada; Georg Lechner, Österreichische Datenschutzkommission,
Austria; Anatoly Levenchuk, Russia; Vaida Linartaite, State Data Protection
Inspectorate, Lithuania; An Machtens, Commission de la protection de la vie privée,
Belgium; Prathiba Mahanamahewa, University of Colombo, Sri Lanka; László Majtényi, Hungarian Information and Privacy
Commissioner, Hungary; Bogdan Manolea, Romanian Information Technology
Initiative, Romania; Veni Markovski, Internet Society Bulgaria,
Bulgaria; Joe Meade, Data Protection Commissioner, Ireland; Meryem Marzouki, Imaginons
un Réseau Internet Solidaire, France; Viktor Mayer-Schönberger, Harvard
University, United States; Robin McLeish, Hong Kong; Pedro Mendizábal Simonetti;
Computer Professionals for Social Responsibility-Peru, Peru; Erich Moechel, Quintessenz,
Austria; Andrea Monti, Studio Legale Monti, Italy; Christoph
Mueller, University of Zurich, Switzerland; Ioan Muraru,
Avocatul Poporului, Romania; Dinesh Nair, Malaysia; Sjoera Nas, Bits of
Freedom, Netherlands; Victor Naumov, Saint Petersburg Institute for Informatics
RAS, Russia; Karel Neuwirt, Office for Personal Data Protection, Czech
Republic; Joăo Miguel Neves, Portugal; Detlef Nogala, Max-Planck-Institut,
Germany; Bruno Nowak, Investlife, Luxembourg; Mícheál O Dowd, Ireland; Nelly Ognyanova,
Bulgarian Institute for Legal Development, Bulgaria; Toshimaru Ogura, Toyama
University, Japan; Edetaen Ojo, Media Rights Agenda, Nigeria; Ville Oksanen,
Electronic Frontiers Finland, Finland; Kaidi Oone, Estonian State Chancellery,
Department of State Information Systems, Estonia; Maxim Otstavnov, Computerra-Russia,
Russia, Russia; Pablo A. Palazzi, Supreme Court of Argentina, Argentina; Fereniki
Panagopoulou, Humboldt University, Germany; Vagelis Papakonstantinou, University
of Frankfurt, Germany; Iris Pappo, Eitan, Pearl, Latzer & Cohen-Zedek,
Israel; Hugues Parasie, Commission de la protection de la vie privée,
Belgium; Andriy Pazyuk, Privacy Ukraine, Ukraine; Stephanie Perrin, Digital
Discretion, Canada, and Electronic Privacy Information Center, United States;
Alberto Escudero-Pascual, Royal Institute of Technology, Sweden; Charlotte Edholm
Petersen, Datatilsynet, Denmark; Vladimir Pirosik, Environmental
Lobbying Facility, Slovak Republic; Signe Plumina, State Data Inspection,
Latvia; Erki Podra, Data Protection Inspectorate, Ukraine; Yves Poullet, Centre
de Recherches Informatique et Droit, Belgium; Andrei Pribylov, Human Rights
Network, Russia; Ivan Procházka, Office for Personal Data Protection, Czech
Republic; Arturo Quirantes, University of Granada and Computer Professionals
for Social Responsibility-Spain, Spain; Felix Rauch, Swiss Internet User Group,
Switzerland; Joel Reidenberg, Fordham University Law School, United States;
Nelson Remolina Angarita, Universidad de Los Andes, Colombia; Katitza Rodríguez
Pereda, Computer Professionals for Social Responsibility-Peru and Privaterra-Perú,
Peru; Dovota Rowicka, Bureau of Inspector General for the Protection of
Personal Data, Poland; Felipe Rodriquez, Electronic Frontiers Australia,
Australia; Roman Romanov, Sebastopol Group for Human Rights Protection,
Ukraine; Anneliese Roos, University of South Africa, South Africa; Karen
Rosier, Centre de Recherche Informatique et Droit, Belgium; Paul Roth,
University of Otago, New Zealand; Sinapan Samydorai, Think Centre, Singapore; Dag
Wiese Schartum, University of Oslo, Norway; Christian Schröder, Germany; Anat Scolnicov,
Association for Civil Rights in Israel, Israel; Lindsay Scotton, Office of the
Privacy Commissioner of Canada, Canada; Jin Wan Seo, University of Inchon,
South Korea; Antonino Serra, Consumers International– Oficina para América
Latina y el Caribe, Chile; Justyna Seweryoska, Bureau of the Inspector
General for the Protection of Personal Data, Poland; Maria U. Shkarlat, Internews-Ukraine,
Ukraine; Bernard Silva, Office of the Federal Privacy Commissioner, Australia;
Pedro Mendizábal Simonetti, CPSR-Perú, Peru; Sergei Smirnov, Human Rights
Network, Russia; Robert Ellis Smith, Privacy Journal, United States; Christoph Sobotta,
University of Frankfurt, Germany; Daniel Soto, Amnesty International USA, Latin
America; Per Helge Sřrensen, Digital Rights Denmark, Denmark; Barry Steinhardt,
American Civil Liberties Union, United States; Hana Stepankova, Office for
Personal Data Protection, Czech Republic; Blair Stewart, New Zealand Privacy
Commission, New Zealand; Bettina Stomper, Quintessenz, Austria; Thordur Sveinsson,
Personuvernd (Privacy and Data Protection Authority), Iceland; Iván
Székely, Central European University, Hungary; Alina Szymczak, Inspector
General for Personal Data Protection, Poland; Raymond Tang, Office of the
Privacy Commissioner for Personal Data, Hong Kong; Gustavo Tanus, www.protecciondedatos.com.ar,
Argentina; Jérôme Thorel, France; Simonas Toliu, Law University of Lithuania,
Lithuania; Juan Antonio Travieso, Dirección Nacional de Protección de Datos Personales,
Argentina; Kosmas Tsiraktsopulos, Swiss Data Protection Commission,
Switzerland; Toivo Übi, Andmekaitse Inspektsioon, Estonia; Eduardo Ustaran,
Berwin Leighton Paisner, United Kingdom; Mikko Valimaki, Electronic Frontiers
Finland, Finland; Marie Vallée, Videotron, Canada; Shauna Van Dongen, Privacy
Journal, United States; Vasja Vehovar, University of Ljubljana, Slovenia; Ondrej
Veis, Charles University, Czech Republic; Cristos Velasco, Instituto Tecnológico
Autónomo de Mexico (ITAM), Mexico; Geetha Veloo, Malaysia; Maria José Viega,
Viega & Asociados, Uruguay; Elisabeth Wallin, The Data Inspection Board,
Sweden; Nigel Waters, Pacific Privacy Consulting and Australian Privacy Charter
Council, Australia; Raymond Wacks, The University of Hong Kong, Hong Kong;
Elizabeth Jane Walsh, University College Cork, Ireland; Maurice Wessling, Bits
of Freedom, Netherlands, and European Digital Rights; Ingrid Wilson, Australian
Privacy Commission, Australia; Niti Wirudchawong, Official Information
Commission, Thailand; Bobson Wong, Digital Freedom Network, United States;
Jason Young, Privaterra-Canada and Lex Informatica, Canada; Ko Youngkyoung,
Social Information Networking Group, South Korea.
Financial support for the 2004 Privacy and Human
Rights report was provided by the Open Society Institute and the Ford
Foundation.
