Home | Databases | WorldLII | Search | Feedback Privacy Laws and Business International Report

Privacy news worldwide US, UK, EU, Canada, Italy, Australia, OECD [2000] PLBIRp 2; (2000) 52 Privacy Laws and Business International Report 2

Privacy News

Safe Harbour still unsatisfactory

The EU Data Protection Working Party, consisting of EU Data Protection Authorities, published its opinion 7/99 on 3rd December on the Safe Harbour principles aimed at facilitating transfers of personal data from the EU to the United States.

The Working Party finds that the latest drafts of the principles, published on 15th and 16th November, remain unsatisfactory. The group urges the US officials to clarify the scope of the Safe Harbour, provide more reliable arrangements allowing the participants to be identified, and ensure that enforcement of the principles is given to an appropriately empowered public body. The body would deal with all unresolved complaints from data subjects.

The Working Party further criticises the principles for having too many exemptions. At the moment, all publicly available data would be exempt. The US officials are also encouraged to strengthen the principle of individual choice. According to the current version of the Safe Harbour principles, organisations are not obliged to offer individuals the choice to opt out of having their data processed for purposes other than those notified by the organisation.

Although the Working Party notes that some progress has been made with the principles, it considers that they still do not include all the principles of the OECD Privacy Guidelines, which have been adopted by the United States. The Working Party emphasises that including the

OECD principles is a minimum requirement.

The Safe Harbour negotiations will continue in March. To see the full text of opinion 7/99, visit

http://www.europa.eu.int/comm/dg15/en/index.htm

UK secondary legislation in Parliament

The secondary legislation needed to complete the implementation of the EU Data Protection Directive is about to be adopted. Several drafts were laid before Parliament at the end of January.

The draft notification regulations have now been published (see p. 6-7).

EU and Canada support standards for e-commerce

A joint statement on Electronic Commerce in the Global Information Society, published by the EU and Canada on 16th December 1999, indicates future legislative frameworks for protecting privacy in electronic commerce.

The EU and Canada will “support internationally a standardsbased approach to complement national frameworks.” This could lead to a global e-commerce standard in the future.

The joint statement was made at the EU-Canada summit, which took place in Ottawa. The text of the statement is available on http://e-com.ic.gc.ca/english/71ta.html

Italy’s data authority about to launch a website

The Italian Data Protection Authority, the Garante, is developing its own website. The site, which is currently under construction, will include information about Italy’s data protection law and the latest news both in Italian and English.

The site can be found at http://www.dataprotection.org/garante

Australian private sector law

The Bill establishing privacy rules for the Australian private sector was published on 14th December last year. The Bill is based on the previously introduced non-binding national privacy principles. The principles are meant to be a basis for organisations drafting their own codes of practice. Those who will not adopt a code will have to comply with the future legislation.

The Bill is available on http://www. law.gov.au. Comments were sought by 17th January.

UK accreditation body for e-commerce codes

A new body, TrustUK, is being set up to accredit e-commerce codes of practice and is expected to be operational by March.

TrustUK will accredit codes that meet its minimum requirements for consumer protection, including privacy, in the field of e-commerce. This organisation represents a joint venture between the Alliance for Electronic Business and the Consumers' Association. The Alliance of Electronic Business is formed by the Confederation of British Industry, the Direct Marketing Association, Computer Services and Software Association, the Federation of Electronics Industry and E-Centre UK.

For more information, visit TrustUK's temporary website at http://www.trustuk.org.uk, or e-mail secretariat@trustuk.org.uk

OECD adopts guidelines for e-commerce

The Organisation for Economic Co-operation and Development (OECD) adopted, on 10th December, a set of guidelines to help protect consumers when shopping online.

The non-binding guidelines include a chapter on privacy, which states that "business-to-consumer electronic commerce should be conducted in accordance with the recognised privacy principles set out in the OECD Guidelines Governing the Protection of Privacy and Transborder Flow of Personal Data (1980), and taking into account the OECD Ministerial Declaration on the Protection of Privacy on Global Networks (1998), to provide appropriate and effective protection for consumers."

The e-commerce guidelines also recommend that organisations allow consumers to opt-out from unsolicited commercial e-mail messages.

The text of the guidelines is available at http://www.oecd.org.

BBBOnline developing an e-commerce code

The American website privacy seal scheme, BBBOnline is developing a Code of Online Business Practices. The voluntary code would give organisations guidance on how to conduct business online in a consumer-friendly way. The draft code includes a recommendation to post and comply with a privacy policy based on fair information principles, take appropriate measures to ensure security, and to respect consumers' preferences regarding unsolicited e-mails. The code is expected to be completed by spring 2000.

For more information, contact Elizabeth Blumenfeld, Project Director, at bbbcode@cbbb.bbb.org. The draft code can be found at http://www.bbbOnline.com. Suggestions and comments are welcome.

UK and US e-mail preference services

The UK Direct Marketing Association (DMA) launched, on 10th January, an e-mail preference service. The service should enable individuals to refuse unsolicited emails by registering with the service. All DMA members who wish to send unsolicited e-mail ought to weed their mailing lists against the list of people registered with the preference service. The service is free of charge for consumers. Marketers using the service send their marketing lists electronically to the preference service. They will then receive "cleaned" lists back within hours. A similar service has been developed in the US.

For further information, contact the UK DMA at 1 Oxendon Street, London SW1Y 4EE, Tel: 0171 321 2525, Fax: 0171 321 019, e-mail: dma@dma.org.uk, Internet: http://www.dma.org.uk. In the US, contact the DMA headquarters at 1120 Avenue of the Americas, New York, NY 10036-6700, Tel: + 1 212 768 7277, Fax: + 1 212 302 6714, email: privacy@the-dma.org, Internet: http://www.the-dma.org and http://www.e-mps.org.

FTC establishes online security committee

The US Federal Trade Commission (FTC) has announced the establishment of an advisory committee on online access and security. The advisory committee, operational by February, seeks to provide advice and recommendations to the FTC regarding options for the implementation of privacy principles on commercial websites. The advisory committee will present its report describing the options for online security and access by 15th May.

For more information, see http://www.ftc.gov

Microsoft to improve security on the Internet

Having suffered from some unwanted publicity, Microsoft announced a series of initiatives in January intended to improve the protection of consumers' security on the Internet.

The company will relaunch its security centre which will respond to every report from consumers about security breaches within 24 hours. The company is also committed to develop a website that will provide tools and resources for consumers to keep their personal data secure.

Microsoft is building the P3P standard into its own products, which will allow consumers to compare their privacy preferences to the privacy policies of the websites they visit.

For more information, see http://www.microsoft.com

DoubleClick faces court action for privacy breach

DoubleClick, the Internet's largest advertising company, is accused of misleading consumers to believe that it has been collecting only information that was not personally identifiable. The company is able to track the online behaviour of Internet users because of a recent merger with Abacus Direct Corp., a direct marketing company that has a wealth of information on Americans' purchasing habits.

While DoubleClick had previously used cookies to learn about website visitors, it can now conduct customer profiling with the help of the Abacus database, and send consumers targeted e-mail advertising.

American privacy activists have condemned the company's tactics. The Electronic Privacy Information Center, Junkbusters and Privacy International plan to file a complaint with the Federal Trade Commission. In California, a private individual has already filed a lawsuit against DoubleClick.

For details, see http://www.epic.org

Chase Manhattan ceases to share financial data

Chase Manhattan Bank USA agreed, in January, to alter its privacy policy by ceasing to share personal customer account and credit details with third parties. The agreement was a result of a settlement with New York State Attorney General, Eliot Spitzer. The bank denies violating the law, but agreed to pay $101, 500, the cost of the investigation, to the AG's office. But, if customers do not want their nonfinancial information such as name and address to be passed on, they need to opt out. The settlement applies only in New York State.

For more information, see http:// www.oag.state.ny.us/press/2000/jan/ jan25b_00.html