PL&B International E-news, Issue 57

1. The Art. 29 Data Protection Working Party discusses SWIFT, search engines' retention policies and the definition of “personal data”

The Art. 29 Data Protection Working Party (a group of the European Union’s national Data Protection Authorities) at its meeting on 19th and 20th June held discussions on several issues.

  1. SWIFT – The members discussed the legal obligation of financial institutions to provide appropriate information to their clients that “the US authorities might have access to personal data when money is transferred within the European Union.” The Working Party set a deadline of 1st September 2007 for financial institutions to take “all necessary steps” to improve the current situation. From the perspective of the financial services companies involved, the Data Protection Authorities’ opinion raises questions over the distinction between the definition of “data controller” and “data processor.”
  2. Search engines – The Working Party took note of Google’s response this month to its letter of 16th May on storage periods for server logs. The Working Party will now extend its assessment to other search engine companies’ privacy policies.
  3. Definition of personal data – The Working Party adopted a detailed document interpreting the definition of “personal data.”
  4. EU joint audit of the health insurance sector: The Working Party approved a report on an audit of the health insurance sector by national Data Protection Authorities in most EU member states. The investigation, co-ordinated by Spain’s Data Protection Agency, was conducted by a written questionnaire and provided a first attempt at a cross Europe data protection audit. The Working Party will continue its cooperation with the health insurance industry by issuing recommendations for promoting privacy enhancing policies to raise awareness among customers.

2. Argentina appoints a new Data Protection Commissioner

Argentina’s Official Bulletin announced on 25th June the appointment of a new Director for Argentina’s Data Protection Agency, Dr Francisco Orue. He may well want to address the doubts in the European Union about the “adequacy” of Argentina’s law (see PL&B International E-News June 15th).

There will be a fuller report about the European Commission’s concerns about the “adequacy” of Argentina’s data protection law in PL&B’s next International Newsletter to be published in July.

Click here for further information about subscribing to the international newsletter.

Copyright Privacy Laws & Business 2007