Download presentation
Presentation is loading. Please wait.
Published byNeil Freeman Modified over 9 years ago
1
The European influence on privacy law and practice Nigel Waters, Pacific Privacy Consulting International Dimension of E-commerce and Cyberspace Regulation Conference, 25 October 2002
2
Pacific Privacy Consulting 2 Trans-national institutions European Union –15 member states – expansion in 2004 Council of Europe –44 member states + other observer countries OECD –30 members – Europe + N. America, Australasia, Japan & Korea
3
Pacific Privacy Consulting 3 Council of Europe European Convention on Human Rights 1950 Article 8 – privacy 1981 Convention on data protection Recommendations – working parties Case law – European Court of Human Rights Other relevant work –Cybercrime Convention
4
Pacific Privacy Consulting 4 European Union General data protection (privacy) law Telecommunications privacy law Other relevant law Areas outside jurisdiction –Public security –Defence –State security –Criminal law
5
Pacific Privacy Consulting 5 EU General Privacy Directive Developed early 1990’s Adopted 1995 (95/46/EC) Deadline for compliance 1998 Action to enforce compliance 3 states still not fully compliant –Ireland –Luxembourg –France
6
Pacific Privacy Consulting 6 EU General Privacy Directive Currently under review Public consultation July 2002 –Submissions on web site Conference Sept/Oct 2002 Report by end of 2002? Won’t necessarily lead to change in the law – focus on compliance and implementation
7
Pacific Privacy Consulting 7 EU General Privacy Directive Template for national laws Protection for data about EU citizens/residents when data is exported Articles 25 & 26 – limit transfer unless certain criteria are met –Adequate law or code (A.25) –Consent, fulfilment of contracts, legal proceedings, emergencies (A.26.1) –Case by case arragments (contract or MoU)
8
Pacific Privacy Consulting 8 Adequacy assessment Proposal from Commission bureaucracy Opinion from A.29 Committee of DP regulators Opinion from A.31 committee of national government representatives Scrutiny by European Parliament Commission Decision
9
Pacific Privacy Consulting 9 Adequacy assessment Decisions to date –Switzerland (law) –Hungary (law) –Canada (law) –USA (US Department of Commerce Safe harbor Privacy Principles) Discussions with others including Australia
10
Pacific Privacy Consulting 10 Australia – adequacy? EU criticisms: –wide exemptions for small businesses, employee data and publicly available information –breadth of the ‘authorized by law’ exception to several principles –tolerance of notice of purpose being given after the time of collection
11
Pacific Privacy Consulting 11 Australia – adequacy? EU criticisms continued: –lack of a requirement for an opt-out choice where data is used for the primary purpose of direct marketing –absence of additional controls over the use and disclosure of sensitive data –lack of correction rights or rights under NPP 9 for most EU citizens, and –absence of a role for the Privacy Commissioner in advising on adequacy under NPP9
12
Pacific Privacy Consulting 12 Influence on Australian privacy laws Onward transfer principles Potential disruption of common data exchanges Commissioners reluctant to enforce Role for Codes of Practice –Internet Industry Association draft “EU compliant’ Code
13
Pacific Privacy Consulting 13 Telecommunications Privacy Telecommunications Privacy Directive adopted 1997 (97/66/EC), compliance required by 2000. Set standards for: –authorisation for interception (Article 5) –access to traffic data (A.6 ) –itemised billing (A.7) –calling line identification (art 8) –personal information in directories (A.11) –unsolicited calls (Art 12).
14
Pacific Privacy Consulting 14 Telecommunications Privacy Influence on Australian regulation –Telecommunications Act 1997, Part 13 –Telecommunications (Interception) Act 1979 –ACIF Codes of Practice: Customer Personal Information Calling Number Display Integrated Public Number Database
15
Pacific Privacy Consulting 15 Telecommunications Privacy Electronic Communications Privacy Directive adopted 2002 (2002/58/EC), compliance required by October 2003. Main changes: –Broadens scope beyond telephony –More privacy protective on: unsolicited emails, SMS and faxes, (opt-in basis with prior consent) cookies, explained to customers, with a right to decline them use of mobile phone location data - right to ‘block’ it prior consent to inclusion in public directories –Less privacy protective on retention of traffic data
16
Pacific Privacy Consulting 16 Other Directives Many have privacy implications No systematic privacy impact assessment New supervisory authority being established Proposed Directive on re-use and commercial exploitation of public sector information –Parallel debate in Australia – public register principles in NSW & Victorian Acts + consultations
17
Pacific Privacy Consulting 17 Other EU Activity ECHELON – communications interception by UKUSA alliance Investigative journalism in 1990’s European Parliament Inquiry – reported 2001 Negotiations between EU and UKUSA countries Caught up in anti-terrorism response
18
Pacific Privacy Consulting 18 Other International work OECD – Europe + other developed countries –Pioneer – 1981 Privacy Guidelines & Principles – foundation of most privacy laws –IT Security Guidelines 1992, 2002 –Cryptography Policy Guidelines 1997 –Privacy Statement Generator
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.