The new Communication on Spam acknowledges that legislative tools to fight these threats already exist, in particular the EU-wide “ban on spam” adopted in 2002 as part of the ePrivacy Directive (see IP/03/1015). However, implementation is still a problem in most EU Member States. To improve, they should now lay down clear lines of responsibility to use the tools available under EU law effectively. Because of the criminal trend in spam and its cross border aspects, good cooperation between enforcement authorities is paramount. In the Commission's view, spam fighters should have sufficient resources. The Dutch fall in spam was achieved through prosecutions by spam fighter OPTA, with just 5 full-time employees and €570,000 invested in equipment. Although we have the Directive on Privacy and Electronic Communications 2002/58/EC, more still needs to be done to tackle this problem.
Thursday, November 30, 2006
Saturday, November 04, 2006
‘an assessment of any actual or potential effects that an activity or proposal may have on individual privacy and the ways in which any adverse effects may be mitigated’;
• ‘a process. The fact of going through this process and examining the options will bring forth a host of alternatives which may not otherwise have been considered’;
• an approach and a philosophy that holds promise by instilling a more effective culture of understanding and practice within organisations that process personal data;
• a form of risk-assessment, which therefore cannot escape the uncertainties of identifying and estimating the severity and likelihood of the various risks that may appear, to privacy, life-chances, discrimination equality and so on;
• a tool for opening up the proposed technologies or applications to in-depth scrutiny, debate and precautionary action within the organisation(s) involved;
• like PETs, premised on the view that it is better to build safeguards in than to bolt them on;
• an early-warning technique for decision-makers and operators of systems that process personal information, enabling them to understand and resolve conflicts between their aims and practices, and the required protection of privacy above or the control of surveillance;
• ideally, a public document, leading to gains in transparency and in the elevation of public awareness of surveillance issues and dangers may be realised; in turn, it may assist regulatory bodies in carrying out their work effectively.
PIA should not be confused with compliance audits and the like, which are usually ex post facto and legally-oriented; as with environmental impact assessment, PIA assesses the likely impact of technology applications or new systems in the future, and considers a wider range of criteria.