US privacy laws

Well, I have been taking a break from this, having been putting my head down with writing. Anyway, returning to my usual blog, I came across a recent press release that caught my attention. According to the this press release, some of the major tech companies including Google and Microsoft are calling for stronger privacy laws in the US.

The time has come for a serious process to consider comprehensive harmonized federal privacy legislation to create a simplified, uniform but flexible legal framework," said the CPL Forum's statement. "The legislation should provide protection for consumers from inappropriate collection and misuse of their personal information and also enable legitimate businesses to use information to promote economic and social value.

Whilst such efforts for stronger privacy laws in the US should be commendable, it is unclear whether the laws will in anyway be modelled on the European model on data protection. One can only await to see whether their calls are brought to fruition!

Data Protection Award

This is the first time I have heard, but there is a European award for best practice in data protection. According to the press release, the UK Information Commissioner is encouraging the public sector organisations to put in an application which must be received by 5 October 2006. The criteria is as follows:

procedures in place for ensuring quality of the personal data processed

design of an efficient system for furnishing mandatory information to citizens

respectful and efficient procedures to manage consent

existence of specific rules or procedures for processing sensitive data

security measures in place

procedures for the communication or disclosure of data to third parties

arrangements in place for access to the data by third parties

the planning and design of procedures which enable people to access and challenge content, and seek any correction or deletion

More information can be obtained from the Information Commissioner. Well, it is another way of raising awareness of data protection laws and promoting good practice! Why not!

ECJ judgment available

Following the ruling by the European Court of Justice (ECJ) on the joined Cases C-317/04 and C-318/04 European Parliament v Council and Commission on 30 May 2006 concerning the EU-US agreement that required airlines to transfer the personal data of their passengers to the US authorities, the judgment is now available.

The ECJ held that the Council Decision 2004/496/EC of 17 May 2004 on the conclusion of an Agreement between the European Community and the USA on the processing and transfer of Passenger Name Record ("PNR") data by Air Carriers to the US Department of Homeland Security, Bureau of Customs and Border Protection (see the Department's fact sheet on the agreement), and Commission Decision 2004/535/EC of 14 May 2004 on the adequate protection of personal data contained in the PNR of air passengers transferred to the United States Bureau of Customs and Border Protection, should be annulled.

Well, time to read up on the judgment!