In 2016 IMMI will focus on Data Protection.

Data Protection

Since the Snowden revelations, privacy and the protection of data have come to the fore as fundamental issues in the world of communications and technology. Data Protection should ensure:

  • Safety of journalistic sources
  • Safety of journalistic communications
  • Principles of proportionality
  • Trust between clients/users and intermediaries or common carriers (companies)
  • Our right to privacy

Without the protection of data, trust is undermined, journalists and media are hindered, and in that sense, transparency is jeopardized. Furthermore, trust within the business sector is put at risk, as is the trust between nation states. Dragnet collection of data, secret court orders and indiscriminate surveillance undermine our freedoms, leading to chilling effects such as self-censorship, less reliable journalism and a less informed public debate.

Calls for encryption to be outlawed are deeply misguided and reckless. Encryption is our strongest means of providing some level of safety to our communications and data. Furthermore, we need strong legislation that protects data and our privacy and, indeed, there have been calls for an agency overseeing such matters already. We need companies to protect our data and our privacy much better. Whether it is the apps they create, the hardware they produce or the platforms or services they offer – these all need to have better safeguards to protect our data and our privacy, without complying to any governments’ request for a backdoor entry. Encryption can help us avoid hacking, government snooping, other unlawful government actions and any forms of breaches of privacy.

We need to create legislation whereby a company cannot surrender personal data on account of secret court orders. Such a process is wholly undemocratic and violates our basic right to due process. When privacy is breached, the authority carrying out the breach must have a level of transparency and oversight to make it democratically accountable. Without such transparency, without democratic oversight, power becomes wholly unaccountable.

What IMMI intends to do is gauge the opinions of and collaborate with key stakeholders, legal experts and policy makers, conducting research into the threats posed and how best to combat them through comprehensive legislation that protects data and privacy. Subsequently, IMMI will draft a bill for parliament to establish new laws that protect both our data and our privacy. These laws can then be used as a blueprint or modified by other countries.

In a global sense, the issue of territoriality and jurisdiction is a fundamental one. The current Microsoft Case is a prime example of that, where a district court in the US has demanded Microsoft to hand over data belonging to an email address on Microsoft’s servers hosted in Ireland. Microsoft has, so far, failed to meet the demand, or rather, succeeded in raising the issue globally. Politicians in Ireland asked the European Commission to step in and now the Irish government has noted:

“Ireland does not accept any implication that it is required to intervene into foreign court proceedings to protect its sovereign rights in respect of its jurisdiction, or that Ireland not intervening is evidence of consent to a potential infringement thereof. Ireland respectfully asserts that foreign courts are obliged to respect Irish sovereignity (and that of all other sovereign states) whether or not Ireland is a party or intervener in the proceedings before them.”

Furthermore, the brief refers to a case that may have relevance to the current one:

“The Supreme Court of Ireland held that, in the absence of alternative means of obtaining information required for a criminal or similar investigation, there may be circumstances in which an Irish court would order the production of records from an Irish entity on foreign soil, but would do so only after being competently apprised of whether the execution of the order would violate the law of the foreign sovereign.”

We express our support to Microsoft for taking the matter forward, while also recognizing the need for legislation to take similar matters into account. If Iceland becomes a safe haven for information and expression, as laid out in the original IMMI resolution, companies and individuals need to be secure in the knowledge that their data, hosted in Iceland, is under Icelandic jurisdiction, and thereby, legislative protection. Without such assurances, any talk of legal protections is moot.

The byproducts of a Safe Haven for Information and Expression

The IMMI resolution was a response to a lack of media and information freedom, inspired by John Perry Barlow’s idea that Iceland could become the Switzerland of Bits, whilst also being a transparency haven. The team behind the IMMI resolution went about identifying various legislative changes and a new set of laws that, as a legislative package, would establish Iceland as such a Safe Haven. The obvious benefits, not just to Iceland but the global community, will be the media and information freedom, the legal protection afforded to journalistic sources and whistleblowers and the legal protections afforded to companies within the ICT sector.

The byproducts of establishing such a Safe Haven are various but enormously significant. Currently, no nation offers such a legally protected environment, despite the high demand. Turning this vision into reality would affect major investment, with many companies relocating at least parts of their operations to Iceland, strengthen the business environment in Iceland, increase employment, offer more specialized jobs, support higher education and further technological advancement.

A parliamentary resolution adopted this autumn (2014) on the Utilization of the Internet and the Protection of User Rights, awaits implementation, which will be underway in the next few weeks once a work team has been established (in which IMMI will have a representative), under the leadership of the Ministry of Industry and Innovation.

 

Feature photo by Sebastien Wiertz (CC BY 2.0)