Presentation is loading. Please wait.

Presentation is loading. Please wait.

The European influence on privacy law and practice Nigel Waters, Pacific Privacy Consulting International Dimension of E-commerce and Cyberspace Regulation.

Published byNeil Freeman Modified over 8 years ago

Similar presentations

Presentation on theme: "The European influence on privacy law and practice Nigel Waters, Pacific Privacy Consulting International Dimension of E-commerce and Cyberspace Regulation."— Presentation transcript:

1 The European influence on privacy law and practice Nigel Waters, Pacific Privacy Consulting International Dimension of E-commerce and Cyberspace Regulation Conference, 25 October 2002

2 Pacific Privacy Consulting 2 Trans-national institutions European Union –15 member states – expansion in 2004 Council of Europe –44 member states + other observer countries OECD –30 members – Europe + N. America, Australasia, Japan & Korea

3 Pacific Privacy Consulting 3 Council of Europe European Convention on Human Rights 1950 Article 8 – privacy 1981 Convention on data protection Recommendations – working parties Case law – European Court of Human Rights Other relevant work –Cybercrime Convention

4 Pacific Privacy Consulting 4 European Union General data protection (privacy) law Telecommunications privacy law Other relevant law Areas outside jurisdiction –Public security –Defence –State security –Criminal law

5 Pacific Privacy Consulting 5 EU General Privacy Directive Developed early 1990’s Adopted 1995 (95/46/EC) Deadline for compliance 1998 Action to enforce compliance 3 states still not fully compliant –Ireland –Luxembourg –France

6 Pacific Privacy Consulting 6 EU General Privacy Directive Currently under review Public consultation July 2002 –Submissions on web site Conference Sept/Oct 2002 Report by end of 2002? Won’t necessarily lead to change in the law – focus on compliance and implementation

7 Pacific Privacy Consulting 7 EU General Privacy Directive Template for national laws Protection for data about EU citizens/residents when data is exported Articles 25 & 26 – limit transfer unless certain criteria are met –Adequate law or code (A.25) –Consent, fulfilment of contracts, legal proceedings, emergencies (A.26.1) –Case by case arragments (contract or MoU)

8 Pacific Privacy Consulting 8 Adequacy assessment Proposal from Commission bureaucracy Opinion from A.29 Committee of DP regulators Opinion from A.31 committee of national government representatives Scrutiny by European Parliament Commission Decision

9 Pacific Privacy Consulting 9 Adequacy assessment Decisions to date –Switzerland (law) –Hungary (law) –Canada (law) –USA (US Department of Commerce Safe harbor Privacy Principles) Discussions with others including Australia

10 Pacific Privacy Consulting 10 Australia – adequacy? EU criticisms: –wide exemptions for small businesses, employee data and publicly available information –breadth of the ‘authorized by law’ exception to several principles –tolerance of notice of purpose being given after the time of collection

11 Pacific Privacy Consulting 11 Australia – adequacy? EU criticisms continued: –lack of a requirement for an opt-out choice where data is used for the primary purpose of direct marketing –absence of additional controls over the use and disclosure of sensitive data –lack of correction rights or rights under NPP 9 for most EU citizens, and –absence of a role for the Privacy Commissioner in advising on adequacy under NPP9

12 Pacific Privacy Consulting 12 Influence on Australian privacy laws Onward transfer principles Potential disruption of common data exchanges Commissioners reluctant to enforce Role for Codes of Practice –Internet Industry Association draft “EU compliant’ Code

13 Pacific Privacy Consulting 13 Telecommunications Privacy Telecommunications Privacy Directive adopted 1997 (97/66/EC), compliance required by 2000. Set standards for: –authorisation for interception (Article 5) –access to traffic data (A.6 ) –itemised billing (A.7) –calling line identification (art 8) –personal information in directories (A.11) –unsolicited calls (Art 12).

14 Pacific Privacy Consulting 14 Telecommunications Privacy Influence on Australian regulation –Telecommunications Act 1997, Part 13 –Telecommunications (Interception) Act 1979 –ACIF Codes of Practice: Customer Personal Information Calling Number Display Integrated Public Number Database

15 Pacific Privacy Consulting 15 Telecommunications Privacy Electronic Communications Privacy Directive adopted 2002 (2002/58/EC), compliance required by October 2003. Main changes: –Broadens scope beyond telephony –More privacy protective on: unsolicited emails, SMS and faxes, (opt-in basis with prior consent) cookies, explained to customers, with a right to decline them use of mobile phone location data - right to ‘block’ it prior consent to inclusion in public directories –Less privacy protective on retention of traffic data

16 Pacific Privacy Consulting 16 Other Directives Many have privacy implications No systematic privacy impact assessment New supervisory authority being established Proposed Directive on re-use and commercial exploitation of public sector information –Parallel debate in Australia – public register principles in NSW & Victorian Acts + consultations

17 Pacific Privacy Consulting 17 Other EU Activity ECHELON – communications interception by UKUSA alliance Investigative journalism in 1990’s European Parliament Inquiry – reported 2001 Negotiations between EU and UKUSA countries Caught up in anti-terrorism response

18 Pacific Privacy Consulting 18 Other International work OECD – Europe + other developed countries –Pioneer – 1981 Privacy Guidelines & Principles – foundation of most privacy laws –IT Security Guidelines 1992, 2002 –Cryptography Policy Guidelines 1997 –Privacy Statement Generator

Download ppt "The European influence on privacy law and practice Nigel Waters, Pacific Privacy Consulting International Dimension of E-commerce and Cyberspace Regulation."

Similar presentations

EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure.

EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure.
Ex-ante Impact Assessment Unit Directorate for Impact Assessment and European Added Value 9 October 2013.

Ex-ante Impact Assessment Unit Directorate for Impact Assessment and European Added Value 9 October 2013.
1 Enforcement Powers of National Data Protection Authorities and Experience gained of the Data Protection Directive Safe Harbour Conference Washington.

1 Enforcement Powers of National Data Protection Authorities and Experience gained of the Data Protection Directive Safe Harbour Conference Washington.
Data Protection Billy Hawkes Data Protection Commissioner Irish Human Rights Commission 20 November 2010.

Data Protection Billy Hawkes Data Protection Commissioner Irish Human Rights Commission 20 November 2010.
International Privacy Laws Ashley Michele Green Sensitive Information in a Wired World October 30, 2003.

International Privacy Laws Ashley Michele Green Sensitive Information in a Wired World October 30, 2003.
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
The Geopolitics of Personal Data and the Governance of Privacy Colin J. Bennett Department of Political Science University of Victoria BC, Canada www.colinbennett.ca.

The Geopolitics of Personal Data and the Governance of Privacy Colin J. Bennett Department of Political Science University of Victoria BC, Canada
Data Protection and Records Management

Data Protection and Records Management
Managing Personal Information - Australian Companies Outsourcing to India and the Philippines Professor Margaret Jackson and Marita Shelly.

Managing Personal Information - Australian Companies Outsourcing to India and the Philippines Professor Margaret Jackson and Marita Shelly.
Www.oaic.gov.au Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
EU: Bilateral Agreements of Member States

EU: Bilateral Agreements of Member States
EU: Bilateral Agreements of Member States. Formerly concluded international agreements of Member States with third countries Article 351 TFEU The rights.

EU: Bilateral Agreements of Member States. Formerly concluded international agreements of Member States with third countries Article 351 TFEU The rights.
Privacy in Ontario Brian Beamish Office of the Information and Privacy Commissioner/Ontario Presentation to Security Canada Central 2002 International.

Privacy in Ontario Brian Beamish Office of the Information and Privacy Commissioner/Ontario Presentation to Security Canada Central 2002 International.
The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.

The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.
A European View of Privacy Protection John Woulds Director of Operations UK Data Protection Commissioner National Conference on Privacy, Technology & Criminal.

A European View of Privacy Protection John Woulds Director of Operations UK Data Protection Commissioner National Conference on Privacy, Technology & Criminal.
The U.S.-E.U. Safe Harbor Framework The U.S.-E.U. Safe Harbor Framework New Developments in Data Flows, Standards, & Compliance Damon Greer U.S. Department.

The U.S.-E.U. Safe Harbor Framework The U.S.-E.U. Safe Harbor Framework New Developments in Data Flows, Standards, & Compliance Damon Greer U.S. Department.
Transborder dataflows Flow of information across national borders Much of this data involves personal information.

Transborder dataflows Flow of information across national borders Much of this data involves personal information.
Anomalous Aspects of Transfer of Personal Data from the E.U. to the U.S. Stephen R. Bell Willkie Farr & Gallagher ABA Section of International Law New.

Anomalous Aspects of Transfer of Personal Data from the E.U. to the U.S. Stephen R. Bell Willkie Farr & Gallagher ABA Section of International Law New.
Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

Similar presentations

Ads by Google