Home
| Databases
| WorldLII
| Search
| Feedback
Privacy Laws and Business International Report |
French study on online privacy practices
A study conducted by France's Data Protection Authority, CNIL, reveals that French organisations' online practises are reasonably good. Of the 100 French websites that were visited, 96 provide secure online payment. However, 55 of them have failed to register with CNIL. This is remarkable in view of the fact that 69 of the sites did include a reference to France's Data Protection Act.
With regard to passing information to third parties, most of the sites studied informed website visitors of disclosing data to out-siders, and also provided individuals with the opportunity to opt out. Half of the sites allow consumers to exercise this right online.
The results were worse in terms of informing visitors about the physical location of the organisations. Forty percent of the sites visited did not give their mail address. The majority of the sites did not inform visitors about the use of cookies.
The CNIL intends to remind the organisations about their obligation to register, and invites professional bodies to work together with CNIL to improve the current situation.
The 100 websites studied represent the ones with most traffic. For more information, see the CNIL website at http://www.cnil.fr (press releases).
UK takes action against unlawful fax marketing
The UK Data Protection Commissioner has issued enforcement notices against two UK based companies, Second Telecom Limited and Top 20 Limited. Both companies have appealed, and a hearing at the Data Protection Tribunal is expected to take place at the beginning of September.
The companies have been sending unsolicited faxes to individuals and therefore breached the new Telecommunications (Data Protection and Privacy) Regulations 1999, which came into force on 1st March 2000. The Commissioner's Office received hundreds of complaints from people who were targeted by these companies.
The Commissioner, Elizabeth France keeps a close eye on fax marketing: "These companies have shown a blatant disregard for the new rules. While it is too soon to name other companies, I am looking at a number of other possible enforcement actions against this abuse of personal privacy."
The Telecommunications Regulations ban the sending of unsolicited faxes to individuals without their prior consent. Guidance on the new regulations is available on the Commissioner's website at http://www.dataprotection.gov.uk or from Privacy Laws & Business Tel: + 44 (0)20 8423 1300 Fax: + 44 (0)20 8423 4536.
EU Data Protection Working Party nominates Chairman
Stefano Rodota, President of Italy's Data Protection Commission, has been nominated as the new Chairman of the EU Data Protection Working Party (the so-called Article 29 Group), a body of DP Authorities who advise the European Commission on the implementation of the EU Data Protection Directive. Stefano Rodota took over the post from Peter Hustinx, the Netherlands' Data Protection Commissioner on 16th March.
The recommendations adopted by the Article 29 Working Party, press releases and privacy studies prepared for the group can be seen at http://europa.eu.int/comm/ internal_market/en/
Norway and Denmark adopt new data laws
Denmark adopted a new Data Protection Act in May, which implements the Data Protection Directive. The Act entered into force on 1st July 2000.
Norway has also legislated to bring its law closer to the EU-level. It adopted a new Act in April. It is not expected to enter into force until the beginning of 2001.
EU Data Authorities publish an opinion on ISPs
The EU Data Protection Commissioners' annual spring conference, held in Stockholm on 6-7th April, issued an opinion on Internet Service Providers (ISPs). The Commissioners stated their concern over proposals that ISPs should routinely retain traffic data beyond the requirements of billing purposes in order to permit possible access by law enforcement bodies. The conference emphasised that such retention would be an improper invasion of the fundamental rights guaranteed to individuals by Article 8 of the European Convention on Human Rights.
The conference also discussed genetic and medical data, data protection audits, experience in implementing the EU Data Protection Directive, public access to official documents, the Internet and data protection, cybercrime initiatives, the EU Telecommunications Data Protection Directive and video-surveillance.
The programme of this closed conference is available in Swedish, English and French on the Internet at http://www.datainspektionen.se (there are no conference papers available on the website).
German Data Authorities' new recommendations
The German Federal and Lander Data Protection Commissioners adopted several recommendations at their conference in Hanover on 14- 15th March. The recommendations deal with, for example, data mining, telecommunication services and video surveillance.
The full texts are available on the Internet (in German) at http://www.lfd.niedersachsen.de/ dokumente/beschl/inhbeschl.htm
Lithuania and Slovakia sign Convention 108
Lithuania signed, on 11th February 2000, the Council of Europe Convention 108 on the Protection of Individuals with regard to the Automatic Processing of Personal Data. The country intends to ratify the convention soon.
Lithuania is also in the process of revising its existing Data Protection Act of 1996 in order to incorporate elements of the EU Data Protection Directive. A draft law was presented to the Government on 9th March, and is expected to be adopted later this year.
Slovakia, which has a data protection law of 1998, signed the Convention on 14th April 2000.
For a list of countries that have signed and ratified Convention 108, see http://www.coe.fr/dataprotection
UK Commissioner fully supportive of FOI
The UK Data Protection Commissioner, Elizabeth France, has been accused of attacking the Freedom of Information Bill (The Guardian, 16th May and The Mirror, 15th May). She has since clarified in a press release that she remains fully supportive of the Bill regardless of some concerns over the Bill which is currently in Parliament.
The press release states that "The policy and content of the FOI Bill are a matter for Ministers and Parliament. Elizabeth France has previously expressed the view that the Bill would benefit firstly by the addition of a 'purpose clause' to clarify the policy of openness and assist with the implementation of the legislation, and secondly by clearer drafting, particularly on the interface between FOI and data protection."
The Commissioner's overriding concerns are that there should be a simple access regime, easy to understand and straightforward to administer, and an effective supervisory authority with meaningful powers of enforcement.
Elizabeth France will have a dual role enforcing both data protection and FOI laws, and will be renamed the Information Commissioner.
For more information about the Freedom of Information Bill, see http:// www.homeoffice.gov.uk/ foi/index.htm, and the Campaign for Freedom of Information (UK): http://www.cfoi.org.uk
US-Japan privacy seal being developed
BBBOnline and the Japan Information Processing Development Center (JIPDEC) announced, on 18th May, a joint venture to develop reciprocal online privacy seals. The transnational privacy seal, expected to be launched in the autumn, will make it easier for Japanese and US consumers to identify privacy-friendly websites based in these countries. The seal will be especially useful for businesses that market their products both in Japan and the United States.
"As use of the Internet increases around the world, more online businesses are discovering the opportunity to sell products and services in other countries. It will no doubt be helpful for consumers to find a trusted and well-known mark on the website of a foreign, unfamiliar business. Moreover, the reciprocal seal option contemplated by BBBOnline and JIPDEC is an important first step in harmonising online privacy standards globally," said Ken Hunter, President and CEO of the Council of Better Business Bureaus.
The Better Business Bureau, BBB, launched its privacy seal programme in March 1999 (PL&B May '99 p.17), see http://www.bbbonline.org. More information about the JIPDEC privacy programme (PL&B May '99 p.22-23) is available at http://www. jipdec.or.jp/security/privacy/ certifylist.html
CEN/ISSS make further plans for privacy standards
Following an open meeting in Brussels in March (PL&B April 2000 p.18-19), the CEN/ISSS (European Standardisation Organisations) standardisation initiative is being developed. A group of experts will draft a Business Plan for public consultation during the summer. The aim is to introduce a privacy standard which would provide further guidance for organisations on compliance with the EU Data Protection Directive.
Presentations and meeting minutes are available on CEN/ISSS website at http://cenorm.be/isss
UK Commissioner investigates Mayoral campaign
The UK Data Protection Commissioner, Elizabeth France, has concluded her investigation into the processing of personal data by the Frank Dobson campaign. Dobson, who stood for the position of Mayor of London, had failed to register although the campaign was processing personal data of Labour Party members. The period was relatively short, just over two months, and a registration has been received since. There was also a question of whether the campaign would be covered by the Labour Party's registration as the party is an unincorporated members' club.
The Commissioner was concerned about whether the processing was outside the reasonable expectation of the members about how their personal data would be used. The Commissioner has informed the Labour Party that unfair processing is likely to occur, unless it is made clear to members how widely their data will be used.
A press release is available at http://www.dataprotection.gov.uk
UK Commissioner's new website and ad campaign
The UK DP Commissioner's Office has redesigned its website, which now includes more infor-mation about the 1998 Act. There is a new section on Frequently Asked Questions. Topics include transitional periods, data transfers abroad and manual data (see "Guidance/compliance advice").
These useful pages will, in the near future, be amended to include answers to many other questions about compliance with the new Act.
The Commissioner, Elizabeth France, told the Privacy Laws & Business conference at the beginning of July that she will also soon inform data subjects about the law and their new rights. A nation-wide television campaign will take place in August. Data controllers ought to be prepared for a possible increase in subject access requests as a result of this awareness campaign.
The Commissioner's office is also planning to produce an information pack about individuals' rights.
The website can be found at http://www.dataprotection.gov.uk
WorldLII:
Copyright Policy
|
Disclaimers
|
Privacy Policy
|
Feedback
URL: http://www.worldlii.org/int/journals/PLBIRp/2000/21.html