PL&B International E-news, Issue 90

1. Financial police help Italy’s DPA to use its strong enforcement powers

The Garante, Italy’s Data Protection Authority, has recently increased its audit activity. Speaking at PL&B’s Privacy Roundtable in Rome on 14 October, Professor Francesco Pizzetti, the Garante’s President, said that Italy has the best enforcement regime in the EU. Apart from the Garante’s own audit department, the authority has a huge audit capacity through a cooperation arrangement with the Financial Police, the Guardia di Finanza. This police department conducts audits that the Garante has delegated to it, and has 40 specialist data protection auditors. In addition to these specialists, other Guardia di Finanza inspectors in offices throughout the country include data protection issues in their visits to every organisation, for example, for tax inspections. Audits of the most sensitive nature are still conducted by the Garante and some are conducted by a team from both organisations. Fines have increased greatly in the last four years since enforcement was stepped up in 2005.

2. EU lobbyists must be named

The European Court of Justice is very likely to order disclosure of names of industry representatives at meetings. An Advocate Gerneral has advised the Court that it should uphold a lower court order to disclose the minutes of meetings with brewery representatives, including the names of those objecting to their identification.

(Bavarian Lager v. Commission, 15 October 2009)

3. South African data protection bill introduced

After 10 years’ gestation, this bill is designed for EU adequacy. The Bill, which started as part of an Open Democracy omnibus bill in 1999, is a reasonable approximation of the EU Directive, and was published in the official Gazette on 14 August. The massive (824 pages) Report by the Law Reform Commission published on 26 August says it is hoped that it will be found adequate by the EU “without a hitch”.

4. Hong Kong consults on a review of the Personal Data (Privacy) Ordinance

Hong Kong’s Constitutional and Mainland Affairs Bureau has released a Consultation Document on Review of the Personal Data (Privacy) Ordinance (August 2009), calling for submissions by 30 November 2009. Among the issues that the Consultation Document raises for consideration are: whether the Commissioner should be able to provide legal assistance to complainants seeking compensation under s66; whether the Commissioner should be able to award compensation; whether contraventions of a data protection Principle should be an offence; whether repeated contraventions of a Principle should be an offence.; and whether there should be heavier penalties for repeat offenders. The issues under consideration give a good indication of the level of dissatisfaction with the enforcement aspects of the Hong Kong Ordinance.

5. New Zealand publishes guidance on Portable Storage Devices

The Privacy Commissioner of New Zealand, Marie Shroff, has published guidelines on the use of ‘portable storage devices’ (PSDs). They include USB sticks, mobile phones, iPods, PDAs (personal digital assistants), and smart phones such as BlackBerrys and iPhones. All these are small in size and therefore easily lost.

See the guidelines.

6. Argentina rules that Yahoo and Google are liable for third party content

An Argentine civil court ruled on July 29 July that Google and Yahoo! are liable for content posted by third parties. The companies claimed that they were mere intermediaries and therefore not responsible for the pornographic and female-escort websites that posted pictures of two individuals without their consent .

Yahoo and Google were ordered to pay a total ARS100,000 ($26,248) in damages—ARS50,000 each—plus interest.

“Search engines are responsible due to their activities as website-access facilitators,” the judge wrote. They are “enormous tools that help amplify the spread of information and have an equal ability to amplify harm,” she added.

Without Yahoo!’s and Google's participation, access to those websites might be extremely difficult, the court wrote. Besides, experts have shown that there is no technical impediment to prevent them from filtering out certain content in order to avoid causing further damage, she added.

Similar cases on search engine liability have been heard in EU Member States. The ruling from Argentina: Da Cunha v. Yahoo de Argentina, Juzg. N., No. 99620/2006, 7/29/09

Click here for further information about subscribing to the international newsletter.

Copyright Privacy Laws & Business 2009