WorldLII Home | Databases | WorldLII | Search | Feedback

Privacy Laws and Business International Report

You are here:  WorldLII >> Databases >> Privacy Laws and Business International Report >> 1998 >> [1998] PLBIRp 31

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

Privacy news worldwide US, Canada, Italy, Iceland, Thailand, Malaysia, Singapore, UK, Germany, Sweden [1998] PLBIRp 31; (1998) 46 Privacy Laws and Business International Report 2

Privacy News

EU procedure for accepting codes of conduct

The European Commission’s Data Protection Working Party (Article 29 Group) has published a procedure on its consideration and acceptance of European Community Codes of Conduct. The working party has an important role, as it will evaluate, with the authority given by articles 27 and 29 of the EU Data Protection Directive, whether the proposed codes are in accordance with the it.

Organisations that are representative of their sector, and established or active in a significant number of Member States, may put forward proposals for codes of conduct. Submitted draft codes, which meet the criteria for acceptance, will be discussed by the working party. In addition to considering whether the draft code is in line with the directive and, where relevant, with national laws, the working party will evaluate whether the draft addresses those data protection questions that are particularly important for the sector in question.

The document on the Procedure for Consideration by the Working Party of European Community Codes of Conduct, adopted on 10th September, is available on DG XV website: http: //www.europa.eu.int/comm/dg15

US FTC bans company from collecting personal data

Privacy advocates have been pleased to note that a recent United States Federal Trade Commission (FTC) ruling on the company GeoCities takes a strong position for protecting privacy on the Internet. GeoCities, the operator of a website which provides various services to its members, was ordered to stop collecting personal data without consent. The company provides free and fee-based home pages, free e-mail service, competitions and childrens’ clubs.

In order to become a member one must fill in an application form which requests personal data. This data was used, contrary to what the applicants were led to believe, for purposes to which they had not consented. In addition, data had also been used by third parties.

The Commission ordered the company to:

1.1. Stop collecting personal data in itsown name for third parties.
2.2. Stop the collection of children’s data altogether unless the child had released the information under parental guidance.
3.3. Post a clear and prominent noticeon its website, explaining the company’s practices with regard to collecting and using personal data. The notice must appear on the website’s home page, and at each location on the site where information is collected.
4.4. Contact all those whose data hasalready been collected, and provide them with the opportunity to have access to the data, or have it deleted.
5.5. Place a clearly visible hyperlinkwithin its privacy notice directing surfers to the FTC website, which includes educational material on privacy. The link has to be active for the next five years.
6.6. Establish an “information practices training program” for any employee who will be involved with the collection or disclosure to third parties of consumers’ personal data.

The GeoCities website is at http:// www.geocities.com and the FTC website’s text on “Site-seeing on the Internet” is available at http:// www.ftc.gov/bcp/conline/pubs/ online/sitesee/index.html

USA and Canada update encryption export rules

The United States administration made minor adjustments to its encryption policy on hardware and software in mid-September by allowing the export of strong

encryption, under certain circumstances, to almost 70 % of the world's economies. A White House press release of 16th September stated that exports will be permitted when the technology is to be used to protect sensitive financial, health, medical and business proprietary information in electronic form. Also, US companies will now be able to export strong encryption with or without key recovery components for use between their headquarters and foreign subsidiaries worldwide (excluding terrorist countries) to protect their sensitive information. However, products are subject to a technical review before export. Historically, the United States has restricted the export of strong encryption products in the interests of national security. While there are still concerns about the possible use of these technologies in international terrorism, drug trafficking, money laundering and organised crime, the Clinton administration has now introduced more flexible rules in order to support secure electronic commerce and privacy protection for Internet users.

Canada followed the United States by introducing a new encryption policy on 1st October. It makes the restrictions on exports more flexible, and therefore encourages electronic commerce. The most important aspect of the Canadian policy is, however, that there will be no restrictions on domestic use and development of cryptographic products. The new Canadian policy

has been praised by experts. More information on the new Canadian cryptographic policy is available at http://strategis.ic.gc.ca/ SSG/cy00001e.html. The US informa-tion was provided by the

White House Bureau of Export Administration, Fax: + 1 202 482 2421

Italy's Press Association adopts code of practice

The code of practice adopted by Italy's Press Association in August this year aims to achieve a balance between individuals' right to privacy and press freedom. The general principles of the code, which are based on those derived from the EU

Directive (Article 9 and recitals 17 and 37) state that collecting and storing data for journalistic activities is a very different activity from storing and processing personal data for other purposes. The code includes various specific requirements for collection of data. If personal data is collected from journalisti databanks, editors must inform the public at least twice a year, through announcements, of the existence of such databanks, so that individuals can exercise their rights. For the same reason, editors must also include the name of the person who processes information into management data. Journalists may keep data collected for their personal archives as long as necessary for the relevant purpose, but they must allow a right of access to sensitive information on facts of public interest. The code of practice applies to professional journalists, freelance and trainee journalists, an any other persons who carry out journalistic activities even occasionally.

The Press Association Code of Practice

was published in the Official Journal

no 179 of 3.8.1998 in Italy. The text

is available on the Internet, in Italian,

at http://www.privacy.it (see


WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback
URL: http://www.worldlii.org/int/journals/PLBIRp/1998/31.html