International E-news - August 2010

  1. Changes to Spanish Decree
  2. Revision of the European Union’s Data Protection Directive on track
  3. Hong Kong Commissioner may investigate telecoms companies

1. Changes to Spanish Decree

Spain’s Supreme Court decided in July to void three articles in the Royal Decree 1720/2007 that amends the Spanish DP Act and apply to the processing of business contact data used in business-to-business transactions. A preliminary question has been submitted to the European Court of Justice to seek clarification on the compatibility of Royal Decree 1720/2007 with the European Data Protection Directive.

The Articles in question are Article 18, Article 38.2 and Article 123.

The decision (in Spanish) can be seen here here and here

More about this topic and how it will affect data processing in Spain in the next issue of PL&B International.

2. Revision of the European Union’s Data Protection Directive on track

The European Commission will publish plans for the review of the European Union’s Data Protection Directive by the end of this year (see PL&B International Newsletter August 2010, p.12). Any firm proposals, however, will not be published until 2011.

France’s Data Protection Authority (the CNIL) recently claimed that there would not be a proposal until the end of 2011 due to the DP Commissioners’ reservations on rushing the proposals. However, the European Commission is still evaluating the responses to its 2009 consultation on how to revise the Directive, and that takes time. The Commission is committed to have a formal proposal ready in 2012 with European Parliament and Council involvement during 2013-14.

3. Hong Kong Commissioner may investigate telecoms companies

The Standard, published in Hong Kong, reports that three telecoms operators are being investigated over their handling of customer data. The new Hong Kong Privacy Commissioner, Allan Chiang, said that his office had received twenty complaints in the last two years about telecoms companies’ data processing.

Chiang said he is "highly concerned" by the way telecoms operators are handling personal data and that a hearing is possible.

On his appointment on 4 August, Chiang spoke about the importance of his office: “I consider that this is a very opportune time for me to assume the role of Privacy Commissioner. The issues of privacy and the protection of personal data have been rapidly evolving in this information age. The recent investigation against the Octopus group of companies in relation to the management of their customers’ personal data have brought public awareness of their personal data privacy rights to an unprecedentedly high level. As the Privacy Commissioner, I pledge that I will secure the protection of personal data privacy through:

(i) promoting the awareness and understanding of privacy rights among data users, as well as

(ii) taking regulatory action to uphold this basic human right.”

For further details on the Privacy Laws & Business International Newsletter, please click here.

Copyright Privacy Laws & Business 2010