Friday, June 23, 2006

US privacy laws

Well, I have been taking a break from this, having been putting my head down with writing. Anyway, returning to my usual blog, I came across a recent press release that caught my attention. According to the this press release, some of the major tech companies including Google and Microsoft are calling for stronger privacy laws in the US.

The time has come for a serious process to consider comprehensive harmonized federal privacy legislation to create a simplified, uniform but flexible legal framework," said the CPL Forum's statement. "The legislation should provide protection for consumers from inappropriate collection and misuse of their personal information and also enable legitimate businesses to use information to promote economic and social value.

Whilst such efforts for stronger privacy laws in the US should be commendable, it is unclear whether the laws will in anyway be modelled on the European model on data protection. One can only await to see whether their calls are brought to fruition!

Saturday, June 10, 2006

Data Protection Award

This is the first time I have heard, but there is a European award for best practice in data protection. According to the press release, the UK Information Commissioner is encouraging the public sector organisations to put in an application which must be received by 5 October 2006. The criteria is as follows:

  • procedures in place for ensuring quality of the personal data processed
  • design of an efficient system for furnishing mandatory information to citizens
  • respectful and efficient procedures to manage consent
  • existence of specific rules or procedures for processing sensitive data
  • security measures in place
  • procedures for the communication or disclosure of data to third parties
  • arrangements in place for access to the data by third parties
  • the planning and design of procedures which enable people to access and challenge content, and seek any correction or deletion
More information can be obtained from the Information Commissioner. Well, it is another way of raising awareness of data protection laws and promoting good practice! Why not!

Wednesday, June 07, 2006

ECJ judgment available

Following the ruling by the European Court of Justice (ECJ) on the joined Cases C-317/04 and C-318/04 European Parliament v Council and Commission on 30 May 2006 concerning the EU-US agreement that required airlines to transfer the personal data of their passengers to the US authorities, the judgment is now available.

The ECJ held that the Council Decision 2004/496/EC of 17 May 2004 on the conclusion of an Agreement between the European Community and the USA on the processing and transfer of Passenger Name Record ("PNR") data by Air Carriers to the US Department of Homeland Security, Bureau of Customs and Border Protection (see the Department's fact sheet on the agreement), and Commission Decision 2004/535/EC of 14 May 2004 on the adequate protection of personal data contained in the PNR of air passengers transferred to the United States Bureau of Customs and Border Protection, should be annulled.

Well, time to read up on the judgment!