PL&B International E-news, Issue 34



  1. EU to toughen up privacy controls
  2. Industry data transfer contracts get official approval
  3. Dutch regulator levies record spam fines

1. EU to toughen up privacy controls

Data Protection Authorities across Europe have promised to get tough on organisations breaching the law according to a new strategy paper published by a group representing member state regulators. Since the introduction of the EU Data Protection Directive, European regulators have been criticised by consumer groups and the European Commission over their failure to adequately enforce data protection laws.

The EU Data Protection Working Party's paper acknowledges that enforcement efforts have been under-resourced and are a low priority when ranked alongside other supervisory duties. To remedy the situation, the Working Party has drawn up a number of proposals. Among them are calls for national governments to provide better financial and legal resources for regulators. The Working Party also proposes combining best practices as well as the possibility of synchronised cross-border enforcement campaigns which will be used to target specific sectors or types of processing.

Click here for a copy of the Working Party’s strategy paper

2. Industry data transfer contracts get official approval

From April 1st, businesses will have a more practical route for legally transferring personal data outside the EU after the European Commission gave the green light to a new set of contractual clauses for data transfers.

The clauses, which received official backing from the Commission in December, were drawn up by seven industry groups – including the International Chamber of Commerce (ICC) and the American Chamber of Commerce to the EU (AmCham EU) – and follows four years of negotiations. While the EU Data Protection Directive provides a range of options for companies wishing to transfer data outside the EU, many – particularly in outsourcing relationships – have been forced to rely on official contractual clauses drawn up by the European Commission.

These clauses, however, have proved unpopular with industry and are regarded as being overly burdensome. Christopher Kuner, Chairman of the ICC’s privacy task force said: “Our clauses offer the same level of data protection as the Commission’s clauses, but use more flexible mechanisms that are more in line with business realities.”

Click here for a copy of the clauses

3. Dutch regulator levies record spam fines

OPTA, the telecoms watchdog responsible for enforcing the Netherlands’ anti-spam law, meted out close to 90,000 euros in penalties last December. The largest fine - reaching a total of 45,000 euros – was levied at a spammer for their part in four spam attacks, one of which claimed to come from a well known anti-spam activist with a message that praised the writings of Adolf Hitler.

But fraudulent spammers were not the only target for punitive action. According to OPTA’s website, publishing company Groenendaal Uitgeverij BV was fined 25,000 euros for enlisting a spammer to advertise its financial software.

OPTA, which operates a website for handling spam complaints, has said it received around 6,000 complaints since the spam law came into force last May. In addition to the fines, it has issued 14 warnings and has plans to issue further penalties in 2005.

Copyright Privacy Laws & Business 2005