TOPIC 4 PUBLICATION OF INFORMATION - PRIVACY AND DATA PROTECTION
TOPIK 4 08 ABCR3203 Topic 4
LEARNING OUTCOMES
By the end of this topic, you should be able to:
1. Define what is privacy;
2. Explain the categories of privacy;
3. Identify the limits within which the law works to protect privacy; and
4. Discuss the principles of data protection.
INTRODUCTION
The media in general have no right of access to information over other members
of the public. They may obtain information by searching for them from sources
available. The public has, many times, objected to the ways in which information
about them is published and the ways in which this information is obtained. For
example, when the media enter premises without consent or secretly take
photographs, the person affected describes this as an „invasion of privacy.‰
Therefore, in this topic, we will discuss the publication of information, particularly
privacy and data protection, in greater detail.
4.1 WHAT IS PRIVACY?
Before we proceed, do you know the meaning of privacy? Privacy has been
defined as follows (see Table 4.1):
Table 4.1: Definition of Privacy
Definition of Privacy Source
„/ A sphere of space that has not been dedicated to public use or Professor Milton
control. It is a kind of space that a man carries with him into his Konvits
bedroom or into the street. Then when public / is part of his
property / with respect to which its owner has delegated no
power to the state /‰
The desire of people to choose freely under what circumstances and Alan Westin privacy
to what extent they will expose themselves, their attitude and scholar
behaviour to others.
No one shall be subjected to arbitrary interference with his privacy, Article 12 Universal
family, home or correspondence, or to attacks upon his honour and Declaration of Human
reputation. Everyone has the right to the protection of the law Rights
against such interference or attacks.
? Everyone has the right to respect for his private and family life, Article 8 of the
his home and his correspondence. European Convention
on Human Rights
? There shall be no interference by a public authority with the (ECHR)
exercise of this right except such as in accordance with the law
and is necessary in a democratic society in the interests of
national security, public safety or the economic well-being of
the country, for the prevention of disorder or crime, for the
protection of health or morals, or for the protection of the
rights and freedoms of others.
4.2 CATEGORIES OF PRIVACY
Mainly, there are four categories of privacy (refer to Table 4.2):
Table 4.2: Categories of Privacy
Categories of Privacy // Description
Information privacy
This refers to such information that is not available to the public,
for example, information on the private lives of a public figure.
Bodily privacy ..
This refers to the right to have a personal space, for example,
pictures of the private lives of a celebrity.
Communications privacy .. This refers to whatever communications made between persons. It
should not be secretly listened to and published by others.
Territorial privacy.. This is similar to bodily privacy. Where bodily privacy refers more
to a personÊs space, territorial privacy refers to certain premises, for
example, the personÊs house.
4.3 HOW PRIVACY MAY BE PROTECTED
There is no doubt that the right to privacy has often been acknowledged to exist;
however, its protection by courts is vague. The courts do not recognise a right to
privacy per se. Privacy has been indirectly recognised through other areas of the
law (refer to Table 4.3):
Table 4.3: Areas of the Law
Areas of the Law // Description
Trespass .. The key element in all forms of trespass is that the wrong is actionable per
se, that is to say, the plaintiff can sue even though he has suffered no
damage (W.V.H. Rogers, 1994). The tort of trespass to land rewards the
land owner for a „temporary loss of use of his land‰. For example, in the
pursuit of information, the media trespassed on the ownerÊs land (Wacks,
1995).
Nuisance ... Nuisance has been defined as the „unlawful interference with a personÊs
use or enjoyment of land, or some right over, or in connection with it,‰
The interference needs to be on-going (more than once) (W.V.H. Rogers,
1994).
Defamation ... Defamation protects a personÊs reputation. In relation to protecting
privacy, defamation protects a personÊs reputation from being published,
from being exposed to the public. However, the weakness of this area of
law in relation to privacy is the defence of justification (truth) in
defamation is an absolute defence.
Confidential Information ... Confidential information law protects that information that is secret. In
certain circumstances the law imposes a duty on the recipient of
information to keep certain information confidential. Not all information
can be bought and sold as one pleases.
4.4 WHAT IS DATA PROTECTION?
In Malaysia, there is no express provision for the protection of privacy per se.
Thus, there is a pressing need to protect personal data. According to Mohamed
Nor Hj Abd Aziz (2003), „The term Âpersonal data protection (PDP)Ê and ÂprivacyÊ
has been used interchangeably. It is a universal value relevant to each individual,
as it inheres the dignity of the individual. The legislation on privacy provides the
opportunity for individuals to the rights of protection for their personal privacy.‰
The PDP would complement the existing cyber laws. Initially, a proposed
Personal Data Protection Bill (PDP) aims to address personal data. Data
protection is the protection of any form of data. It may be personal data, or
business data. However, as stated earlier, Malaysia intends to enforce the
protection of personal data by having the Personal Data Protection Bill (PDP).
The scope of this bill is any personal data relating to individuals. Section 2 of the
Bill defines „personal data‰.
Section 2 provides:
Any information recorded in a document in which it can practically be processed
wholly or partly by any automatic means or otherwise which relates directly or
indirectly to a living individual who is identified or identifiable from that information
or from that and other information in the possession of the data user including and any
indication of the intentions of the data user in respect of that individual.
4.5 PRINCIPLES ON DATA PROTECTION
The PDP lays down nine data protection principles (in the First Schedule). Section
4 provides that data users must comply with the nine principles.
The nine data protection principles are:
(a) Principle 1: Fair Collection Principle
Manner of collection of personal data.
This principle provides for the fair and lawful collection of data for a
lawful purpose related to the function of the data user.
(b) Principle 2: Purpose Specification Principle
Purpose of collection of personal data
This provides for adequate, relevant but not excessive collection of data
for a lawful purpose related to the function of the data user.
(c) Principle 3: Use Limitation Principle
Use of personal data
Provides that unless with the consent of the data subject, personal data
should be used only for the purpose for which they are collected or a
purpose directly related to the purpose for which they are collected.
(d) Principle 4: Confidentiality Principle
Disclosure of personal data
Provides that unless the data subject gives consent, personal data can only
be disclosed for the purpose of which the data was obtained or a directly
related purpose.
(e) Principle 5: Accuracy Principle
Accuracy of personal data
Provides that personal data should be accurate, complete, relevant, not
misleading and up to date.
(f) Principle 6: Minimality Principle
Duration of personal data
Provides that personal data should not be kept longer than necessary.
(g) Principle 7: Individual Participation Principle
Access to and correction to personal data
Provides for individuals to have rights of access to and correction of their
personal data.
(h) Principle 8: Security Principle
Security of personal data ...
Requires practical measures to safeguard security of personal data.
(i) Principle 9: Accountability Principle
Information to be generally available
Requires data users to be open about the data held and the main purpose
for which the data are to be used. The data privacy policy of the data user
should be ascertainable.
However, after consultation with various sections of the public and industry, it
was later suggested that the first draft PDP will be modified in accordance with
the United States Safe Harbour arrangement. It will be divided into two sectors,
the private and public sector.
The private sector PDP principles (Mohamed Nor Hj Abd Aziz, 2003) are as
follows:
(a) Notice Principle;
(b) Choice Principle;
(c) Disclosure Principle;
(d) Security Principle;
(e) Data Integrity Principle;
(f) Access Principle; and
(g) Enforcement Principle.
The Public Sector PDP Principles (Mohamed Nor Hj Abd Aziz, 2003) are as
follows:
(a) Collection, use and disclosure by public sector only by written law;
(b) Right to access by written law;
(c) Responsibility to protect personal data; and
(d) Public sector to have a PDP policy.
SELF-CHECK 4.1
1. Explain what is privacy.
2. How is privacy protected? Explain.
3. Explain what is data proctection.
ACTIVITY 4.1
Discuss the applicable areas of law that protects privacy and examine
whether it protects privacy.
? Everyone has the right of respect for his private and family life, his home and
his correspondence.
? People may choose freely under particular circumstances and the extent to
which they will expose themselves, their attitude and behaviour to others.
? The courts do not recognise a right to privacy per se.
? Privacy has been indirectly recognised through other areas of the law like
trespass, nuisance, confidential information and defamation.
? Personal Data Protection Bill (PDP) addresses personal data.
? The PDP lays down nine principles on data protection.
Confidential information
Nuisance
Data
Personal space
Data principles
Right of access to information
Defamation
Trespass
Invasion of privacy
TOPIK 4 08 ABCR3203 Topic 4
LEARNING OUTCOMES
By the end of this topic, you should be able to:
1. Define what is privacy;
2. Explain the categories of privacy;
3. Identify the limits within which the law works to protect privacy; and
4. Discuss the principles of data protection.
INTRODUCTION
The media in general have no right of access to information over other members
of the public. They may obtain information by searching for them from sources
available. The public has, many times, objected to the ways in which information
about them is published and the ways in which this information is obtained. For
example, when the media enter premises without consent or secretly take
photographs, the person affected describes this as an „invasion of privacy.‰
Therefore, in this topic, we will discuss the publication of information, particularly
privacy and data protection, in greater detail.
4.1 WHAT IS PRIVACY?
Before we proceed, do you know the meaning of privacy? Privacy has been
defined as follows (see Table 4.1):
Table 4.1: Definition of Privacy
Definition of Privacy Source
„/ A sphere of space that has not been dedicated to public use or Professor Milton
control. It is a kind of space that a man carries with him into his Konvits
bedroom or into the street. Then when public / is part of his
property / with respect to which its owner has delegated no
power to the state /‰
The desire of people to choose freely under what circumstances and Alan Westin privacy
to what extent they will expose themselves, their attitude and scholar
behaviour to others.
No one shall be subjected to arbitrary interference with his privacy, Article 12 Universal
family, home or correspondence, or to attacks upon his honour and Declaration of Human
reputation. Everyone has the right to the protection of the law Rights
against such interference or attacks.
? Everyone has the right to respect for his private and family life, Article 8 of the
his home and his correspondence. European Convention
on Human Rights
? There shall be no interference by a public authority with the (ECHR)
exercise of this right except such as in accordance with the law
and is necessary in a democratic society in the interests of
national security, public safety or the economic well-being of
the country, for the prevention of disorder or crime, for the
protection of health or morals, or for the protection of the
rights and freedoms of others.
4.2 CATEGORIES OF PRIVACY
Mainly, there are four categories of privacy (refer to Table 4.2):
Table 4.2: Categories of Privacy
Categories of Privacy // Description
Information privacy
This refers to such information that is not available to the public,
for example, information on the private lives of a public figure.
Bodily privacy ..
This refers to the right to have a personal space, for example,
pictures of the private lives of a celebrity.
Communications privacy .. This refers to whatever communications made between persons. It
should not be secretly listened to and published by others.
Territorial privacy.. This is similar to bodily privacy. Where bodily privacy refers more
to a personÊs space, territorial privacy refers to certain premises, for
example, the personÊs house.
4.3 HOW PRIVACY MAY BE PROTECTED
There is no doubt that the right to privacy has often been acknowledged to exist;
however, its protection by courts is vague. The courts do not recognise a right to
privacy per se. Privacy has been indirectly recognised through other areas of the
law (refer to Table 4.3):
Table 4.3: Areas of the Law
Areas of the Law // Description
Trespass .. The key element in all forms of trespass is that the wrong is actionable per
se, that is to say, the plaintiff can sue even though he has suffered no
damage (W.V.H. Rogers, 1994). The tort of trespass to land rewards the
land owner for a „temporary loss of use of his land‰. For example, in the
pursuit of information, the media trespassed on the ownerÊs land (Wacks,
1995).
Nuisance ... Nuisance has been defined as the „unlawful interference with a personÊs
use or enjoyment of land, or some right over, or in connection with it,‰
The interference needs to be on-going (more than once) (W.V.H. Rogers,
1994).
Defamation ... Defamation protects a personÊs reputation. In relation to protecting
privacy, defamation protects a personÊs reputation from being published,
from being exposed to the public. However, the weakness of this area of
law in relation to privacy is the defence of justification (truth) in
defamation is an absolute defence.
Confidential Information ... Confidential information law protects that information that is secret. In
certain circumstances the law imposes a duty on the recipient of
information to keep certain information confidential. Not all information
can be bought and sold as one pleases.
4.4 WHAT IS DATA PROTECTION?
In Malaysia, there is no express provision for the protection of privacy per se.
Thus, there is a pressing need to protect personal data. According to Mohamed
Nor Hj Abd Aziz (2003), „The term Âpersonal data protection (PDP)Ê and ÂprivacyÊ
has been used interchangeably. It is a universal value relevant to each individual,
as it inheres the dignity of the individual. The legislation on privacy provides the
opportunity for individuals to the rights of protection for their personal privacy.‰
The PDP would complement the existing cyber laws. Initially, a proposed
Personal Data Protection Bill (PDP) aims to address personal data. Data
protection is the protection of any form of data. It may be personal data, or
business data. However, as stated earlier, Malaysia intends to enforce the
protection of personal data by having the Personal Data Protection Bill (PDP).
The scope of this bill is any personal data relating to individuals. Section 2 of the
Bill defines „personal data‰.
Section 2 provides:
Any information recorded in a document in which it can practically be processed
wholly or partly by any automatic means or otherwise which relates directly or
indirectly to a living individual who is identified or identifiable from that information
or from that and other information in the possession of the data user including and any
indication of the intentions of the data user in respect of that individual.
4.5 PRINCIPLES ON DATA PROTECTION
The PDP lays down nine data protection principles (in the First Schedule). Section
4 provides that data users must comply with the nine principles.
The nine data protection principles are:
(a) Principle 1: Fair Collection Principle
Manner of collection of personal data.
This principle provides for the fair and lawful collection of data for a
lawful purpose related to the function of the data user.
(b) Principle 2: Purpose Specification Principle
Purpose of collection of personal data
This provides for adequate, relevant but not excessive collection of data
for a lawful purpose related to the function of the data user.
(c) Principle 3: Use Limitation Principle
Use of personal data
Provides that unless with the consent of the data subject, personal data
should be used only for the purpose for which they are collected or a
purpose directly related to the purpose for which they are collected.
(d) Principle 4: Confidentiality Principle
Disclosure of personal data
Provides that unless the data subject gives consent, personal data can only
be disclosed for the purpose of which the data was obtained or a directly
related purpose.
(e) Principle 5: Accuracy Principle
Accuracy of personal data
Provides that personal data should be accurate, complete, relevant, not
misleading and up to date.
(f) Principle 6: Minimality Principle
Duration of personal data
Provides that personal data should not be kept longer than necessary.
(g) Principle 7: Individual Participation Principle
Access to and correction to personal data
Provides for individuals to have rights of access to and correction of their
personal data.
(h) Principle 8: Security Principle
Security of personal data ...
Requires practical measures to safeguard security of personal data.
(i) Principle 9: Accountability Principle
Information to be generally available
Requires data users to be open about the data held and the main purpose
for which the data are to be used. The data privacy policy of the data user
should be ascertainable.
However, after consultation with various sections of the public and industry, it
was later suggested that the first draft PDP will be modified in accordance with
the United States Safe Harbour arrangement. It will be divided into two sectors,
the private and public sector.
The private sector PDP principles (Mohamed Nor Hj Abd Aziz, 2003) are as
follows:
(a) Notice Principle;
(b) Choice Principle;
(c) Disclosure Principle;
(d) Security Principle;
(e) Data Integrity Principle;
(f) Access Principle; and
(g) Enforcement Principle.
The Public Sector PDP Principles (Mohamed Nor Hj Abd Aziz, 2003) are as
follows:
(a) Collection, use and disclosure by public sector only by written law;
(b) Right to access by written law;
(c) Responsibility to protect personal data; and
(d) Public sector to have a PDP policy.
SELF-CHECK 4.1
1. Explain what is privacy.
2. How is privacy protected? Explain.
3. Explain what is data proctection.
ACTIVITY 4.1
Discuss the applicable areas of law that protects privacy and examine
whether it protects privacy.
? Everyone has the right of respect for his private and family life, his home and
his correspondence.
? People may choose freely under particular circumstances and the extent to
which they will expose themselves, their attitude and behaviour to others.
? The courts do not recognise a right to privacy per se.
? Privacy has been indirectly recognised through other areas of the law like
trespass, nuisance, confidential information and defamation.
? Personal Data Protection Bill (PDP) addresses personal data.
? The PDP lays down nine principles on data protection.
Confidential information
Nuisance
Data
Personal space
Data principles
Right of access to information
Defamation
Trespass
Invasion of privacy
No comments:
Post a Comment