PL&B International E-news, Issue 31



  1. European regulators rethink data protection strategy
  2. Verizon wins privacy protection case
  3. British Columbia toughens privacy law
  4. California governor terminates privacy bills

1. European regulators rethink data protection strategy

The EU's Data Protection Working Party (a coalition of European data protection regulators) has outlined its approach to privacy regulation in a new strategy document. The Working Party - which produces guidance on the interpretation of the EU Data Protection Directive and advises the European Commission on data protection issues - has stressed the need to rethink its position following thegrowth in global data flows, the enlargement of the EU, and the advent of new regulations on electronic privacy.

One of the key issues outlined in the report is the number of divergences between EU data protection regimes, and the Working Party stresses that the need to improve harmonisation will be a priority over the next few months. The poor state of enforcement across Europe will also be tackled through a new sub-working group devoted to improving enforcement of national data protection laws. The Working Party reaffirmed its commitment to Binding Corporate Rules (a scheme that allows multinationals to manage privacy compliance through legally binding codes of conduct).

The Working Party has also addressed criticism over its 'closed shop' culture by pledging to be more proactive in its consultation with industry and by establishing communications channels with the media. And on the technology front, it has listed RFIDs, digital rights management and mobile location technologies as its focus for the short term.

Click here for a copy of the Working Party's strategy document

2. Verizon wins privacy protection case

The US Supreme Court on Tuesday upheld the right of Internet service provider Verizon to protect the identities of its customers. The Recording Industry Association of America (RIAA) launched a lawsuit in January 2001 after Verizon refused to comply with subpoenas that sought details on customers accused of illegally exchanging copyrighted music over the Internet.

Although losing the initial case, Verizon successfully argued before an appeal court in December 2003 that the RIAA's subpoena process - issued under the Digital Millennium Copyright Act (DMCA) - was unlawful.

The Supreme Court's decision not to review the appeal court's decision has been hailed as victory for privacy and free speech by civil liberties groups, who have been concerned over the lack of judicial oversight in the subpoena process used by the RIAA. Wendy Seltzer, staff attorney for the Electronic Freedom Foundation said, "The DMCA doesn't give the RIAA a blank fishing license to issue subpoenas and invade Internet users' privacy."

Sarah Deutsch, vice president and associate general counsel for Verizon, said, "The Supreme Court has now finally shut a door that was otherwise left wide open to false accusations, negligent mistakes, as well as to identity thieves and stalkers, who could use the cursory subpoena process (without any judicial supervision) to obtain the name, address, and telephone number of any Internet user in the country - without the user even knowing about it."

3. British Columbia toughens privacy law

The Canadian province of British Columbia (BC) has introduced amendments to the Freedom of Information and Protection of Privacy (FOIPP) Act, following concerns over the outsourcing of personal data to the United States.

In May this year, BC's Privacy Commissioner launched an investigation to assess whether personal data outsourced to the US could be accessed by government agencies through the US Patriot Act. To combat the concerns, the BC government introduced, on October 7th, restrictions on public bodies and service providers storing, accessing or disclosing personal data outside Canada. Organisations will also be required to report any demands for access to information made by US authorities. Breaching the new rules could lead to fines of up to CAN$500,000. The government has also made an additional commitment that public sector outsourcing contracts will be subjected to BC and Federal law, and to ensure that all personal data will be stored on Canadian territory.

Interestingly, the amendments to the FOIPP Act have been introduced ahead of results from the Privacy Commissioner's investigation, which has been delayed for a second time. Mary Carlson, Director of Policy & Compliance for the Commissioner's office said the "sheer volume of the submissions and the complexity of the issues have forced a second extension of the report's release date." The results are now expected to be published towards the end of October.

Click here for the press release

4. California governor terminates privacy bills

California governor, Arnold Schwarzenegger, has rejected two privacy bills passed by the California legislature. SB 1451, introduced by Democrat senator Liz Figueroa, proposed extensions to the existing state privacy law that would provide legal protection for personal data outsourced overseas. The bill was rejected on the grounds of its "ambiguity", although the governor stated that he would not be opposed to similar legislation.

The other bill, SB 1841, proposed the introduction of privacy controls on workplace monitoring that would require employers to inform staff about the surveillance of e-mail and Internet usage. The bill was rejected on the grounds that it placed an "unfair and unrealistic burden" on employers. Democrat Senator Deborah Bowen, who proposed the bill, said, "Just because your boss owns the computer and pays for the Internet access, doesn't mean he should have the right to spy on you without telling you. I understand why companies don't want to come out and tell employees point blank 'Guess what? We read your e-mail,' but people deserve the right to know if it's company policy to snoop."

For further details on the Privacy Laws & Business International Newsletter, please click here.