Monday, November 19, 2007

E-Comm Data Protection Law and Policy

Latest issue of E-Comm Data Protection Law and Policy, November 2007 is now available (requires subscription), but see the latest table of contents:

Contents:

# DHS defends PNR programme against 'misplaced' EU criticisms

The US Department of Homeland Security (DHS) has described EU criticisms of the recent controversial 'PNR' agreement, as 'misplaced', rejecting claims of discrimination against EU citizens.

# ICO to review DPA as part of UK's Freedom of Information expansion

The Information Commissioner's Office (ICO) is to lead a review of how personal information is shared in the public and private sector, as part of UK Government plans to expand freedom of information. The review, to be published in 2008, will examine if the Data Protection Act 1998 is adequate to protect shared personal details in the information age and will be led by Information Commissioner, Richard Thomas and Professor Mark Walport, Director of medical research charity, the Wellcome Trust.

# Businesses fined $7.7m for six DNC violations

Businesses have been fined almost $7.7 million for violations of the Do Not Call (DNC) Registry in the United States, in six settlements reached by the Federal Trade Commission (FTC).

Features:

# Editorial: The security debate

The security v privacy debate is heating up. Since 9/11, this has become one of the main challenges for privacy regulators worldwide. Clearly, the need for intelligence is more fundamental than ever in crime prevention terms and legislative measures like the data retention directive are a sign of the things to come. Recent calls for US-style passenger collection and storage obligations in privacy-conscious Europe are another step in that direction and the list of similar measures is bound to grow.

# United States: Department of Homeland Security addresses critics

US privacy policies, such as the recent Passenger Name Record (PNR) agreement, have attracted fierce criticism from European privacy experts. In this article, Lauren Saadat and Shannon Ballard, Associate Directors for International Privacy Policy at the US Department of Homeland Security (DHS), argue why such criticisms are misplaced stating that DHS policies - through recognition of the fundamental principles of transparency, an individual's right to know, individual redress and effective data security - arguably provide greater privacy protections than those offered by equivalent European agencies.

# Opinion: The Future of Privacy: part 1 - 'Privacy 1.0': the need for change

As information technology continues to evolve, regulators, privacy practitioners and citizens are increasingly questioning the suitability of current privacy frameworks to allow the effective processing of personal data whilst safeguarding individual privacy. In the first part of a two-part article, Christopher Millard, Partner at Linklaters LLP, suggests that current approaches to privacy regulation are fundamentally flawed. In particular, Millard argues that most privacy legislation is incompatible with the architecture of the internet and that the imposition by EU member states of bureaucratic obstacles destroys the usability of pre-approved rules which are supposed to facilitate simplified compliance procedures1.

# Personal Data: ICO Guidance: interpretation and consistency with 'Durant'

The recent ICO guidance on the concept of 'personal data' sets out eight questions to help organisations determine if they are processing such data. Some of the questions are designed to assist organisations in determining if information 'relates' to an individual, a key issue which was considered in the recent Durant judgment, which the ICO were bound by in drafting this guidance. Renzo Marchini, Counsel at Dechert LLP's London office, assesses this part of the guidance and its consistency with the Durant judgment.

# New Zealand: Privacy Risk Register: a practical perspective

A service enabling a person's identity to be verified quickly and easily is being built for use by government services in New Zealand. Developing this service while respecting an individual's right to privacy required the continued use of a Privacy Risk Register. Carolyn Adams, project advisor for the Department of Internal Affairs Te Tari Taiwhenua, provides a practical guide explaining how this was achieved.

# United States: Federal Court: ban on NSL notification is unconstitutional

National Security Letters work as administrative subpoenas that allow the FBI to obtain customer records without obtaining a court order. Michael Vatis, a partner in the New York office of Steptoe & Johnson LLP, explains the Federal Court's decision that 'gag' orders, which prohibit electronic communications providers from telling customers that they have received an NSL, violate the First Amendment.

No comments: