Home
| Databases
| WorldLII
| Search
| Feedback
Privacy Laws and Business International Report |
Australia adopts new privacy law
Australia's Privacy Amendment (Private Sector) Bill 2000 passed its final stages in the Senate on 6th December The new law, which is based on the previously introduced non-binding National Privacy Principles (NPPs), expands privacy protection to the private sector. The privacy principles are a basis for organisations to draft their own codes of practice. Those not adopting a code will have to comply with the legislation.
The law regulates the way that private sector organisations collect, use, keep secure and disclose personal information. For the first time, it gives individuals the right to know the information which an organisation holds about them, why it holds it, and a right to correct that information if it is wrong. Also, how it will use the information and who else will be able to obtain it. Individuals may make a complaint or apply to the Federal Court or a Federal Magistrates Court for an order to stop an organisation from engaging in conduct that breaches the NPPs.
Most organisations will have just over a year to prepare for when the new law enters into force in January 2002. Small businesses have an additional year to prepare themselves.
Malcolm Crompton, Federal Privacy Commissioner, commented: "My Office will provide advice and other assistance to help businesses adjust over the next 12 months. In particular, we will be working with business to develop guidelines for drawing up sectoral codes and advice on establishing complaints handling bodies... I have established the Privacy Connections Network, comprising businesses, consumer groups and government agencies... to assist development of a deep understanding of privacy in Australia while providing real opportunities to communicate the advantages of protecting personal information."
See the website of the Privacy Commissioner, http://www.privacy.gov.au
IKEA USA in breach of customer privacy
The Swedish furniture retailer IKEA, discovered a security breach last September in the USA when tens of thousands of its customers' online details were accidentally disclosed. The unprotected database contained names, addresses, phone numbers and email addresses of people who had ordered an IKEA catalogue. Discovery of the lapse followed from an intentional act of sabotage, leading to the next web visitor being able to use his specialised knowledge to access the personal information. The company has now taken steps to protect itself from further security breaches.
Europol news
Alex Turk, a member of the French Data Protection Commission, (the CNIL) was appointed, on 10th October, as President of the Europol Joint Supervisory Body (JSB). The Joint Supervisory Body, which consists of national Data Protection Authorities, has the task of ensuring that the Europol processes personal data according to data protection principles.
Europol, the office of European police forces, was established to facilitate the exchange of police data between EU Member States in order to fight international crime, illegal immigration, terrorism and drugs. Europol has also been negotiating with non-EU states and organisations on two-way exchanges of data. Such countries include Norway, Iceland and Switzerland.
See http://www.cnil.fr
Bad PR for Amazon due to new privacy policy
Amazon.com, the US-based online bookstore, has suffered from bad publicity due to its new privacy policy. The policy includes several loopholes which enable the company to sell personal information to third parties. EPIC, the Electronic Privacy Center, which is a wellknown privacy watchdog in the US, has criticised the new policy and ended co-operation with the company.
Amazon's new privacy policy can be seen at http://www.amazon.com.
Anonymous Internet services
An addition to the existing anonymisers, MyPrivatePlanet's Privacy Suite claims to provide an all-encompassing privacy solution for the Internet. The Privacy Suite will offer Internet users control over their personal and financial data by offering several anonymous services, such as an Internet provider, browsing and online shopping. MyPrivatePlanet will issue anonymous credit cards, thus preventing Internet companies from building customer profiles.
For more information, see www.myprivateplanet.com.
Iceland adopts new data laws
Iceland adopted earlier this year the Act on Protection of Individuals with regard to the Processing of Personal Information (law 77/2000). The new Act replaces the Act of the Registration and Handling of Personal Data of 1979, and follows the EU Data Protection Directive. Iceland is a member of the European Economic Area, which means that it is obliged to transpose the directive's provisions into national law.
Iceland has also adopted an Act on Biobanks (law 110/2000 of 13th May 2000) to provide safeguards for the project of creating a nationwide genetic database of Icelanders (PL&B April 2000, p.23). The objective of the Act is to "authorise the collection, keeping, handling and utilisation of biological samples from human beings in such a way that confidentiality is ensured."
The Act on Biobanks requires informed consent from the individuals before genetic data is collected. The individuals can withdraw their consent at any time. However, the Act allows the use of samples that have been previously collected for clinical tests or treatment, provided that the health care professional gives relevant general information to the patient.
EU to form a data protection secretariat
The Council of the European Union decided, on 17th October, to form a data protection secretariat to assist the work of the data protection joint supervisory bodies, which have been established to monitor data processing under the Europol (see below) and Schengen Conventions (abolition of border checks). The data protection secretariat will be an independent body headed by a data protection secretary. The secretariat will be operational from 1st September 2001.
The Council decision (2000/641/JHA) was published in the Official Journal of the European Communities on 24th October 2000 (no L 271/1).
UK's Lawful Business Practice Regulations in force
The Lawful Business Practice Regulations, which have been made under the Regulation of Investigatory Powers Act (RIP) 2000, entered into force on 24th October.
The controversial RIP Act authorises interception where consent can be assumed, and authorises businesses to monitor their own communications without consent in order to determine whether those communications are strictly relevant. This will allow the monitoring of e-mail. However, there is a requirement to inform employees that monitoring may take place.
The regulations are available on the website of the Department of Trade and Industry, http://www.dti. gov.uk/cii/lbpintro.htm. For further information, see PL&B UK Newsletter, Dec 2000.p.4
Denmark's new law now in English translation
Denmark's new Data Protection Act (PL&B Oct 2000, p. 3-5), which entered into force on 1st July, has now been translated into English. The text, which is an unofficial translation, can be found at the Data Protection Authority's new website address, http://www. datatilsynet.dk.
Australia's motorway surveillance causes concern
Australia has introduced an electronic motorway toll system in Melbourne, which may breach individuals' privacy. Drivers are required to have electronic "e-tags" in their cars, reports New Zealand's Privacy Commissioner's newsletter Private World in its September issue. The signals are read with the help of monitoring devices, and licence plates of cars not having a valid "etag" will be photographed. The tollway owner is not allowed to identify who the drivers are, so the records are handed over to the police. However, there are still concerns over the security of the system with regard to privacy.
For more information, contact Australia's Privacy Commissioner's Office at privacy@hreoc.gov.au.
Telecoms working group comments on cyber-crime
The International Working Group on Data Protection in Telecommunications adopted, on 14th September, a common position on data protection aspects in the draft Council of Europe Convention on cyber-crime. The draft convention, which is expected to be finalised by December 2000, is aimed at fighting international computerrelated crime.
The telecoms working group, consisting of Data Protection Commissioners, is concerned about how these measures can be balanced with the right to privacy and to telecommunications secrecy. The group considers that any interception of private communications should be subject to appropriate safeguards, such as auditing and limits on use.
The Common Position, adopted at the group's 28th meeting on 13th-14th September in Berlin, can be found at http://www.datenschutz-berlin.de.
New Zealand's new guide on health information privacy
The Privacy Commissioner of New Zealand has published a guide which explains the provisions of the Health Information Privacy Code (adopted in 1994). The guide is designed to assist health agencies in dealing with personal health information, whether they collect, hold or use personal data. Especially useful are the chapters on disclosing information to third parties. The guide On the Record: A practical guide to health information privacy, was published in July. It is available from the Office of the Privacy Commissioner, PO Box 466, Auckland, New Zealand, Tel: +64 9 302 8680, Fax: +64 9 302 2305, e-mail: privacy@iprolink.co.nz.
Canada appoints new Privacy Commissioner
Following the expiry of the term of office of Privacy Commissioner Bruce Phillips, Canada has appointed George Radwanski as the Federal Privacy Commissioner. He is a former journalist and editor. His interim appointment took effect from 1st September. On 19th October, following approval by Parliament, he was formally confirmed as Privacy Commissioner of Canada for a seven-year term.
George Radwanski's biography can be found at http://www.privcom. gc.ca. For more information, contact the Office of the Privacy Commissioner, 112 Kent Street, Ottawa, Ontario, Canada K1A 1H3, Tel: +1 613 995 8210, Fax: +1 613 947 6850, e-mail: info@privcom.gc.ca.
Ireland's new Commissioner
Joe Meade has been appointed as Ireland's Data Protection Commissioner. He has previously served in the Office of the Comptroller and Auditor General (the State Auditor), where he held the position of Secretary General. Joe Meade started his five-year term on 9th September, replacing the previous Commissioner, Fergus Glavey.
New contact details for Greece's DPA
The Hellenic Data Protection Authority has new contact details: Mr Konstantinos Dafermos, President, Omirou 8, 10564 Athens, Tel: + 30 1 3352 6045, Fax: + 30 1 3352 617, e-mail: contact@dpa.gr, Internet: http://www.dpa.gr.
UK Freedom of Information Act to impact all sectors
The UK Freedom of Information Bill was enacted on November 30th. The new law gives a right of access to information held by 50,000 public bodies and some companies. It will enter into force in stages over the next five years, starting with central government and government agencies, then extending to local government, the National Health Service, the police and education.
The right of access will extend to two categories of private sector companies: those carrying out public functions to be designated by order; and those carrying out public fuctions under a contract. Companies will also want to monitor public access to information which has formerly been passed to government on a confidential basis.
The new law will be supervised by Elizabeth France whose title will change from Data Protection Commissioner to Information Commissioner with responsibility for both laws from January 30 2001. In most cases, the new law imposes on public bodies a duty to disclose exempted information where it is in the public interest. Also, each public body will have to adopt a scheme for the publication of information. These schemes require approval from the Commissoner, and will specify the classes of information intended for publication, and the manner and cost (if any) of publishing this information.
Although open government campaigners are disappointed by the extent of the law's exemptions and ministers' powers to withold information, they recognise that adoption of a UK FOI law is a historic achievement. They are encouraged that the new law will be supervised by a Commissioner who is supportive of open government and committed to making it work.
For more information on the new law, visit www.homeoffice.gov.uk/foi/index/htm and www.dataprotection.gov.uk
WorldLII:
Copyright Policy
|
Disclaimers
|
Privacy Policy
|
Feedback
URL: http://www.worldlii.org/int/journals/PLBIRp/2000/45.html