2006 Privacy Rankings

2006 Privacy Rankings

Privacy International, a human-rights organization that was formed in 1990 to track surveillance and privacy invasion by governments and corporations, has released the results of its 2006 international privacy survey. Using primarily quantitative data, the survey scored and ranked 36 countries — all of the members of the EU and 11 benchmark countries, including the U.S. and New Zealand — on 13 criteria concerning government surveillance and respect for privacy:

1. Constitutional protection
2. Statutory protection
3. Privacy enforcement
4. Identity cards & biometrics
5. Data sharing provisions
6. Visual surveillance
7. Communications interception
8. Workplace monitoring
9. Law enforcement access
10. Data retention practices
11. Travel & finance surveillance (including trans-border data sharing)
12. Global leadership
13. Democratic safeguards

A score was awarded for each criterion in each country:

5 = no invasive policy or widespread practice. Leading in best practice
4 = comprehensive efforts, protections and safeguards for privacy
3 = some safeguards, relatively limited practice of surveillance
2 = few safeguards, widespread practice of surveillance
1 = extensive surveillance. Leading in bad practice

Finally, a final score between 1 and 5 was calculated:

4.1-5.0 Consistently upholds human rights standards
3.6-4.0 Significant protections and safeguards
3.1-3.5 Adequate safeguards against abuse
2.6-3.0 Some safeguards but weakened protections
2.1-2.5 Systemic failure to uphold safeguards
1.6-2.0 Extensive surveillance societies
1.1-1.5 Endemic surveillance societies

Here are the final scores, from highest to lowest:

GERMANY 3.9
CANADA 3.6
BELGIUM 3.2
AUSTRIA 3.2
GREECE 3.1
HUNGARY 3.0
ARGENTINA 3.0
FRANCE 2.9
POLAND 2.9
PORTUGAL 2.9
CYPRUS 2.9
FINLAND 2.7
ITALY 2.6
LUXEMBOURG 2.6
LATVIA 2.6
ESTONIA 2.6
MALTA 2.6
NEW ZEALAND 2.5
DENMARK 2.5
CZECH REP. 2.5
IRELAND 2.5
SLOVAKIA 2.5
LITHUANIA 2.5
AUSTRALIA 2.4
SPAIN 2.4
SLOVENIA 2.3
NETHERLANDS 2.3
SWEDEN 2.2
ISRAEL 2.2
US 2.0
THAILAND 1.9
PHILIPPINES 1.9
UK 1.5
SINGAPORE 1.4
RUSSIA 1.4
MALAYSIA 1.3
CHINA 1.3

There aren’t too many surprises at the top or bottom of the list. In the middle, I am surprised by the strong scores earned by by Argentina, Portugal, and Poland and the low scores earned by Sweden and the Netherlands.

As for the U.S. — what is there to say? Its very low score seems to provide strong empirical support for Sandy Levinson and Jack Balkin’s theory of the “National Surveillance State,” which they describe as an “emerging regime of institutions and practices… that features increased government investments in technology and expanded government bureaucracies devoted to promoting domestic security and gathering intelligence and surveillance using all of the devices that the digital revolution allows.”

The reasons for the poor U.S. score are too numerous to explore in any detail here. Most, however, won’t surprise you: the lack of a comprehensive privacy-protection law for the private sector; widespread and essentially unchecked electronic surveillance; the PATRIOT Act; the increasing use of video surveillance and face-recognition technology in public places; the REAL ID Act’s de facto creation of a national identity card; CAPPS II; the supposedly-defunct Total Information Awareness program…

The whole report is well worth examining. And if you find the situation in the U.S. disturbing, you have at least one small consolation — things are even worse in the U.K.

Print Friendly, PDF & Email
Topics
General
Notify of
Matthew Gross
Matthew Gross

Key words here: surveillance and privacy invasion by governments and corporations,

If you look through the report, a lot of what they’re basing it off of is european restrictions on all manner of customer data gathering and retention. Much of this “privacy” is enforced via a tighter governmental control of what can be disclosed about people which has had a chilling effect on speech in the countries involved.

I am far more interested in government spying on the people than private citizens and/or corporations doing so. Mixing the two issues just serves to muddy the waters.

Cassandra
Cassandra

The report strikes me as hardly real-world confirmation that the US is an “extensive surveillance society.” As the other comment noted while Europeans restrict private corporations to a much greatly degree they leave their governments much less fettered in the same area. So as always, the report is a case of “your mileage may vary” and nothing more.

Kevin Heller
Kevin Heller

For the record, although Privacy International covers both governments and corporations, this report focused exclusively on governments. Not that I think either of our commentators would care. Why let empirical data get in the way of a comforting ideological position? What with reality’s well-known liberal bias and all…

privacy expert
privacy expert

A quick look at the report suggests that it is, in fact, measuring both direct government infringement of privacy as well as government protection of privacy in relation to actions of private corporations. Since most Americans don’t care much about the latter, the results are a bit mis-leading. As to the former, the wire-tapping debate provided ample evidence of how much more intrusive the Europeans are. See, e.g. http://www.slate.com/id/2136147/

Noryungi
Noryungi

To Matthew Gross:

You certainly have no idea on what you are talking about. Data protection and personal privacy have nothing to do with free speech.

Most European countries provide the following protection:

-1- Personal data retention by corporations should be as limited as possible.

-2- Selling and exchanging personal customer data is prohibited.

-3- Cross-referencing and merging of personal customer data is prohibited for both corporations and government (meaning: Wal-Mart and Auto dealerships cannot exchange or merge databases).

-4- Customers can, at any moment, request the deletion or the modification of their personal data.

-5- Corporations are responsible for the security and confidentiality of their customer’s data.

The measures above are simple, effective and do not require governement surveillance at all.

Compare this to the situation in the USA, where corporations — and the US Governement — are free to do all this and more. And where simple fraud and identity theft can mean you will black-listed by every credit bureau from Alaska to Florida.

I much prefer the European situation, thank you very much.

Matthew Gross
Matthew Gross

You certainly have no idea on what you are talking about. Data protection and personal privacy have nothing to do with free speech.

Data protection and personal privacy have everything to do with free speech and the restriction thereof. Some people simply like to pretend that free speech doesn’t apply to corporations.

In particular, it allows for the manipulation of public opinion and business without transparency. It grants a free reign to sock-puppetry and masquerading on the internet at large, as any 3rd party host is prohibited by law from disclosing the actual identity of a client.

A particular illustrative incident comes to mind, the matter of what appears to be Exxon propoganda on YouTube:

link

The author was revealed by his e-mail routing information, but what if he had not been? YouTube is in the unenviable position of being a mouthpiece for a piece of propoganda represented as being unrelated to the group for which it was lobbying. Yet they would be unable to speak out on the identity of the author, regardless of the merits, under European law.

Similiarly, one wonders how it would relate to the outing of the blatant use of sock puppets to manipulate debate:

link

Kevin Heller
Kevin Heller

Here I was, thinking that we were talking about data protection and personal privacy in terms of things like government access to medical and financial records, the ability of corporations to sell their customers’ financial information to third parties, workplace surveillance, database security, etc. And now I learn that what we were really talking about was the ability to backtrace e-mails so we can expose alleged sockpuppetry by liberal bloggers.

I stand corrected.

privacy expert
privacy expert

Ah, now we’re getting somewhere. In your first comment, you said “this report focused exclusively on governments.” But now in your latest comment you refer to “the ability of corporations to sell their customers’ financial information to third parties, workplace surveillance, database security, etc.” So, it turns out you do stand corrected.

Again, the report blurs the government/private distinction in a way that makes it quite mis-leading for those who care far more about government intrusions.

Kevin Heller
Kevin Heller

With all due respect, I do not stand corrected. The report focused on the extent to which governments regulate the ability of corporations to sell, exchange, and disclose private information, not on the activities of the corporations themselves: 5. Data sharing provisions This section relates to the provision for administrative convergence in the private and public sectors and cross notification requirements between various administrative functions. The practice is often based on the quest for increased efficiency, but compromises the long-held principle of functional separation under data protection law. The extent of the practice was assessed along with the presence of constitutional and legislative controls. 9. Law enforcement access to data This category relates the access by law enforcement agencies to the full spectrum of personal information on both criminals and the general population. Aspects include fingerprint and DNA data, criminal intelligence, access to general information systems, access to road and vehicle data, financial data and specific-purpose databases. We considered a range of operational aspects of policing along with capacity for data analysis, data sharing, national integration of data, interoperability and free text searching through systems. 10. Communications data retention We considered the length of time under law for the retention… Read more »

privacy expert
privacy expert

As I said in my initial comment, the report appears to measure “both direct government infringement of privacy as well as government protection of privacy in relation to actions of private corporations.” The latter aspect is the one we are focusing on now. You seem to agree that this was an element of the report, as you say: “The report focused on the extent to which governments regulate the ability of corporations to sell, exchange, and disclose private information, …” My point is that I (and many others) distinguish between government and private intrusions into privacy. We worry much more about the government than about private companies. Thus, we don’t care if the governments “regulate the ability of corporations to sell, exchange, and disclose private information.” (In fact, we may even prefer that the government not regulate in this area.) So, blurring the line between government intrusions, and government regulation of private company intrusions, makes the report very mis-leading for us.

privacy expert
privacy expert

Note these other factors:

6. Visual surveillance

This category measured the extent of electronic visual surveillance, in particular closed circuit television cameras. Factors included availability of the technology, safeguards and limitations, requirements by licencing, police and other bodies and use of the technology in private and semi-private locations.

8. Workplace monitoring

Scoring for this category was based on the nature and extent of workplace surveillance, the availability of safeguards, requirements for monitoring in legislation and employment contracts, the use of employer/employee negotiation and legal remedies.

I care very little about the “use of [visual surveillance] technology in private and semi-private locations”; and I also don’t carry much about legislation for privacy in company workplaces. By including these factors, the report does not provide a useful comparison based on the factors I (and many others) do care about, i.e. direct government intrusion.