Tuesday, August 28, 2007

Latest issue of Data Protection Law and Policy

The latest Issue of Data Protection Law and Policy is available:

In the UK, there is a growing consensus that the Information Commissioner's Office (ICO) is toughening up. It all started with the rogue traders who passed themselves as official registrars and demanded a few hundred pounds a shot for registration. That did not go down well in Wilmslow, given that their modest registration fees make up the bulk of their own funding. Then, a handful of aggressive marketers clogging small businesses' fax machines got to see the darker side of a normally peaceful regulator. But it is the good old Principle 7 - or the lack of compliance with it - that has kept the enforcement arm of the UK data protection authority especially busy in recent times.

OPINION: PNR AGREEMENT: SETTING A BAD PRECEDENT The recently enacted EU-US agreement on the transfer of Passenger Name Records (PNR) data is intended to provide a legal framework facilitating the transfer of this data whilst safeguarding individual privacy. In this article, Sophie in't Veld, Member of the European Parliament (MEP) for the Dutch social-liberal party 'D66', sets out why the agreement is fundamentally flawed, sets a bad precedent for future agreements and represents a defeat in the fight against terrorism.


The Article 29 Data Protection Working Party's opinion on the concept of personal data, issued 20 June, interpreted the four 'building blocks' in the Data Protection Directive that determine what constitutes personal data.
Siobhan McManus of Bird & Bird explains the Working Party's findings, discussing the implications of its 'wide' interpretation of what constitutes personal data, in contrast to the 'narrow' UK position.

NETHERLANDS: DISMISSAL UNDER EMPLOYER TELEPHONE TAPPING A recent ruling by the Breda Subdistrict Court, which permitted the playing of a surreptitious recording of a telephone conversation between an employer and his employee in dismissal proceedings, has contradicted recent human rights case law concerning the privacy of employees in the workplace. Nicole Wolters Ruckert of the Dutch law firm, Kennedy Van der Laan examines the judgment and its implications for employee privacy.

ITALY: THE 'PEPPERMINT' CASE: PRIVACY V COPYRIGHT UPDATE An ongoing case in Italy concerning the desire of a German record company to obtain the identities of internet users from ISPS, over the alleged posting and downloading of copyright infringing music files on P2P networks, has attracted the attention of the Italian Privacy Commissioner over allegations of illicit monitoring of internet user activity. In this article, Daniela De Pasquale, a partner in La Scala & Associati in Milan, sets out current developments in this case and in this area at EU level.

IDENTITY THEFT: LIMITING CLASS ACTION LIABILITY FOR BUSINESSES As concern surrounding identity theft in the United States continues, financial organisations are threatened by lawsuits over failures to ensure sufficient levels of corporate security, particularly in the form of class-action lawsuits where customers are affected on a nationwide basis. R. Bruce Allensworth, Andrew C. Glass, Ryan M. Tosi and David D. Christensen of K&L Gates' Boston office report on a recent US district court case where they successfully represented the defendants and which may limit class action liability for organisations that electronically store consumer personal information."

No comments: