PL&B International E-news, Issue 35

  1. European regulators launch privacy consultations
  2. European Commission mulls internal privacy restructuring
  3. Hungary’s privacy chief speaks out against data protection law
  4. Europe launches anti-spam initiative
  5. Former Sonera executive face illegal surveillance charges
  6. Choicepoint consumer data hacked

1. European regulators launch privacy consultations

Earlier this month, the EU’s Data Protection Working Party (an advisory body to the European Commission) launched two public consultations into the privacy implications of Radio Frequency Identification (RFID) and digital rights management technologies.

In a report accompanying the RFID consultation, the Working Party warned businesses that attempts to link RFID devices – smart ID tags - with information on individuals could breach European data protection legislation. RFID tags are currently being used for a variety of purposes (eg. better management of retail supply chains, aiding product recalls, or as anti-theft devices) but civil liberties groups and privacy regulators have expressed concerns that the technology could be used to track and profile individuals.

The Working Party suggested that organisations are likely to run into legal difficulties unless consumers agree to have their details linked in with RFID devices. “Under most of the scenarios where RFID technology is used,” said the report, “consent from individuals will be the only legal ground legitimise the collection of information through RFID”.

In a separate report, the Working Party suggested that attempts to prevent online copyright theft of music, games and software present serious privacy risks for Internet users. Industry is increasingly turning to the use of digital rights management technologies (DRM) to monitor and control access to copyright protected material. The Working Party, however, raised serious questions over the use of unique identifiers in DRM products that could be used to monitor Internet users’ activities. The Working Party urged industry to build stronger privacy controls into new DRM technologies and argued that Internet users should have the right to access protected information on an anonymous basis.

Interested parties have until March 31st to submit their responses to the two consultations.

Click here for more details on the consultation and the Working Party position papers

2. European Commission mulls internal privacy restructuring

The European Commission is considering moving its data protection unit out of the remit of the Internal Market directorate and placing it under the responsibility of the directorate for Justice and Home Affairs. Speaking at the British Institute of International & Comparative Law’s data protection seminar on Tuesday, Niovi Ringou, Deputy Head of the Commission’s Data Protection Unit, said that the outcome was still uncertain, but that the Commissioner’s college could reach a decision within the next month.

3. Hungary’s privacy chief speaks out against data protection law

Dr Attila Peterfalvi, the Parliamentary Commissioner for Data Protection and FOI, has criticised Hungary’s Data Protection Act, labelling its regulations on overseas data transfers as excessive.

Speaking at a seminar held by the British Institute of International & Comparative Law on Tuesday, Peterfalvi explained that data transfer regulations were causing real problems for organisations trying to move data outside the country.

“Our Act is simply bad,” said Peterfalvi, adding that Hungary’s 1992 privacy law “must be modified” to bring it further into line with the EU Data Protection Directive.

Along with nine other Central and Eastern European countries involved in last year’s accession to the European Union, Hungary has had to implement a number of changes to its national data protection law. The data transfer rules, however, were not amended and require organisations to go further than required under the European directive.

Peterfalvi explained that his office has presented a more pragmatic solution before Parliament and is currently waiting approval. He added that the two-thirds majority voting system adopted by Parliament has made it difficult to push through legislative changes, but said the Ministry of Justice has indicated that the proposed amendment is likely to be approved in the Spring of this year.

4. Europe launches anti-spam initiative

Earlier this month, a coalition of 13 European data protection regulators and consumer ombudsmen launched a joint initiative to combat the threat of unsolicited spam e-mail. Despite a host of global anti-spam legislation implemented over the last few years, spam is still proving to be a major threat. January figures from e-mail security firm MessageLabs showed that 80 per cent of e-mail traffic was spam-related.

In 2002, the European Union adopted an anti-spam directive which has since been implemented into national law by most European member states. Enforcement activity, however, has been relatively low. Under the new anti-spam initiative, European regulators have agreed to take on a more proactive enforcement role through sharing information, improving cooperative procedures and pursuing spam-related complaints across borders.

Commenting on the new initiative, Information Society & Media Commissioner Viviane Reding said, “Enforcement authorities in Member States must be able to deal effectively with spam from other EU countries, even though at present most spam originates from outside the EU.”

Reding added that further efforts were being made by the European Commission to combat the wider global implications of unsolicited e-mail. In addition to the European initiative, she said, “we are working on cooperation with third countries both bilaterally and in international fora like the OECD and the International Telcommunication Union.”

Members of the new coalition include:

  • Austria - Federal Ministry for Transport, Innovation and Technology
  • Belgium - Privacy Commission and Federal Public Service Economy – Directorate General Enforcement and Mediation
  • Cyprus - Office of the Commissioner for Personal Data Protection
  • Czech Republic - Data Protection Authority
  • Denmark –Danish Consumer Ombudsman
  • French - Data Protection Authority (CNIL)
  • Greece - Hellenic Data Protection Authority
  • Ireland - Department of Communications, Marine and Natural Resources and the Office of the Data Protection Commissioner
  • Italy - Data Protection Authority
  • Lithuania - State Data Protection Inspectorate
  • Malta - Office of the Commissioner for Data Protection
  • Netherlands - Electronic Communications Regulator (OPTA) and Data Protection Authority (CBP)
  • Spain - Data Protection Authority

5. Former Sonera executive face illegal surveillance charges

According to Finnish newspaper Helsingin Sanomat, former executives at international telecoms operator Sonera went on trial earlier in early February for carrying out illegal surveillance on journalists and employees.

Eight defendants, including ex-CEO Kaj-Erik Relander, have been accused of breaching privacy regulations after allegedly accessing workers’ telephone records as part of an investigation back in 1999 to identify the source of leaks to the press.

Protection against unauthorised surveillance is guaranteed by Finland’s constitution and by its Law on Telecommunications Privacy. If found guilty, the defendants – who have denied the charges - could face up to three years in prison.

6. Choicepoint consumer data hacked

Choicepoint, a major US provider of consumer data, admitted Tuesday that it had been the victim of a major security breach. According to, criminals posing as legitimate businesses managed to con their way into accessing Choicepoint’s consumer database. It is believed that the details of up to 35,000 consumers from the state of California may have been compromised. The records included names, addresses and credit reports.

As a result of the incident, Choicepoint announced that it has changed its procedures to prevent similar events from occurring.

Copyright Privacy Laws & Business 2005