PHR2006 - Country Reports Overview

Privacy International

14/12/2007

Note: This summary is also available in German on the Unwatched website.

ARGENTINA

New law creates a “Do-Not-Call Registry” to protect telephone customers from possible abuses due to telemarketing activities.
More than 80 Argentinean models and actresses obtained court orders to force Google (google.com.ar) and Yahoo (yahoo.com.ar) to remove from their local search engines the models’ names and images that link to pornography and female-escorts sites, in order to preserve their constitutional rights to privacy, honor, and good name.
Argentinean Federal Courts began an investigation of the Society for Worldwide Interbank Financial Telecommunications for alleged violations of confidential financial information.

ARMENIA

Constitutional Reform includes a clearer articulation of the right to privacy.

Armenia court awards damages in a freedom of information suit for the first time.

AUSTRALIA

The State of Victoria became the second jurisdiction to incorporate a bill of rights that requires the public sector to observe the right to privacy when they create laws, set policies and provide services.

A “Do-Not-Call” registry was launched, with 50,000 registrants in the first few hours alone.

The proposed Anti-Money Laundering and Counter-Terrorism Financing Act 2006 requires businesses to keep records, monitor, and report on customers for certain financial services.

Access Cards, to be launched in 2008, will use smart card technology and include biometrics. The cards will be linked to a national Access Card Register.

AUSTRIA

Under the Prüm Treaty, Austria and Germany became the first countries in the world to match their DNA databases.

The Austrian Supreme Court ruled in 2005 that Internet Service Providers (ISPs) must hand over names and addresses of customers to rights holders in the case of infringement.

Austria will postpone implementation of the EU Data Retention Directive.

BELGIUM

The Commission for the Protection of Private Life investigated the SWIFT banking consortium’s transfer of financial data to US authorities and stated that these practices violate basic provisions of the Belgian and European data protection legislation.

The government began issuing Kids-ID for Belgian children between the ages of 6 and 12.

A Belgian court requires ISPs to use filtering technology to stop the spread of music on P2P networks.

Belgium will postpone implementation of the EU Data Retention Directive.

BOLIVIA

The Ministry of Labor requires, in a new Resolution, that employers have privacy policies aimed to protect employees’ personal data.

The new Resolution bans video cameras from areas where employees exhibit private behaviors.

BRAZIL

Several bills have been introduced in Congress on data retention, spam and the establishment of a do-not-call list.

The Supreme Court ruled that the inviolability of computer data is not absolute. In cases of seizure of computers in conformity with legal requirements, the information contained therein may be used as evidence.

The Brazilian National Road Traffic Council approved a Resolution adopting a Radio Frequency Identification (RFID) tags in all licensed vehicles across the country.

BULGARIA

Bulgaria joined the European Union on January 1, 2007.

Amendments to the Access to Public Information Act include increased sanctions, the requirement of appointed public information officials, and the establishment of proper reading rooms.

CANADA

The government conducted its five-year review of the Personal Information Protection and Electronic Documents Act.

Parliament voted not to extend sunset provisions for the preventative arrest and investigative hearing powers contained in the Anti-Terrorism Act.

Supreme Court of Canada declared that it is unconstitutional to detain people based on secret evidence and vacated that provision of the Anti-Terrorism Act.

Federal and provincial privacy commissioners strongly criticized the government’s Passenger Protect Program initiative, which includes a “no-fly” list.

CHILE

A new law establishes standards that State Administration Organizations’ websites must follow, including the proper protection of individuals’ personal data.

A new law establishes that debtors can clarify the debtors’ register if the debt has been paid or extinguished.

CHINA

China is installing surveillance cameras within its cities; Shanghai alone has 200,000, and the city of Guangzhou has budgeted $26 million US to install security and traffic-monitoring cameras on all its main streets.

The People’s Bank of China has developed a nationwide database system that includes credit records for 340 million Chinese residents, and covers 97.5 percent of all consumer loans granted by Chinese banks.

China’s State Administration for Industry and Commerce announced that no new Internet cafés would be licensed.

A new federal Disclosure of Government Information law was adopted.

COLOMBIA

Telecommunications firms operating in Colombia must provide infrastructure for communications wiretapping.

COSTA RICA

The “Civil Defense of the Victim Bill” was introduced into Congress. The bill would widen the scope of wiretapping to crimes like simple and qualified homicide, simple and aggravated theft, and fraud.

CYPRUS

A Constitutional amendment provides that the Attorney General can authorize phone tapping if it is necessary to save time. The amendment also allows the police to monitor web logs, downloads and emails as admissible evidence for criminal investigations.

Forty traffic cameras have been installed, with plans to deploy 450 across Cyprus in the next four years.

The Cyprus Neuroscience and Technology Institute launched an Internet safety awareness campaign called the CyberEthics project.

Cyprus will postpone implementation of the EU Data Retention Directive.

CZECH REPUBLIC

Ministry of Informatics to develop a citizen registry and data exchange system.

Amendment to the Act on Register of Population and Birth Numbers, promulgates new restrictions on the use of birth numbers in the private sphere

There was an increased use of wiretapping and consumer data transfer.

The Czech Republic will postpone implementation of the EU Data Retention Directive.

DENMARK

A new administrative order implements the EU Data Retention Directive.

Parliament introduced amendments to the Administration of Justice Act, the Act Prohibiting Video Surveillance, and the Act on Air Traffic in order to improve the police’s ability to prevent, investigate, and combat acts of terror.

DOMINICAN REPUBLIC

The Dominican Republic Monetary and Financial System Act stipulates that credit risk information systems must supply truthful, accurate and exact data on debtors. The Act establishes a 10-year term for retention.

The Code for the Protection of Child and Adolescents Rights provides the right to a private life and bans any intrusion from the State or anyone else.

ECUADOR

The Law of Credit Reporting Companies establishes that credit reporting companies are forbidden to collect historic credit information of natural or juridical persons when this information exceeds six years of age.

The Regulation of the Transparency and Access to Public Information Law establishes exceptions to the right to access to public information.

EL SALVADOR

Women have very little privacy concerning their reproductive health in El Salvador, where abortion is a serious felony.

An NGO received death threats and was reportedly under surveillance in an attempt to halt the organization's work on behalf of lesbian, gay, bisexual and transgender people.

ESTONIA

The Data Protection Inspectorate became an independent agency.

Over 70% of the population now has an Estonian ID card.

Estonia will postpone implementation of the EU Data Retention Directive.

EUROPEAN UNION

European leaders agreed to finalize and adopt, not a Constitution, but a "reform treaty" for the European Union.

Development of a new, second generation Schengen Information System, SIS II, for international border control is underway.

Seven Member States (Austria, Belgium, France, Germany, Luxembourg, Spain and the Netherlands) signed a treaty in Prüm to enhance cross-border police and judicial cooperation, including the matching of DNA databases.

The Directive on Mandatory Retention of Communications Traffic Data requires retention for a period of between 6 months and 2 years.

FINLAND

Employers cannot use Internet search engines to research prospective employees without the employees’ consent.

The Finnish government announced a voluntary scheme asking Finnish ISPs to block a list of web pages suspected of containing child pornography.

The Helsinki District Court handed down suspended sentences to five defendants in a case involving unauthorized use of mobile telephone records by executives of telecommunications service provider Sonera.

Finland will postpone implementation of the EU Data Retention Directive.

FRANCE

A new Anti-Terror law was enacted. It grants increased powers to the police and intelligence services, allowing them to directly get telecom data from ISPs.

Expansion of the National Computerized File of Genetic Data continued.

France ratified the Council of Europe Convention on Cybercrime.

GEORGIA

The International Organization for Migration has developed “Personnel Identification and Reporting System (PIRS) Border Management/Passport Control/Anti-Terrorism” software specifically for Georgia.

An amendment to the Criminal Code added the crime of cyber terrorism.

GERMANY

A significant public movement against data retention has been formed.

Biometric passports now include digital photographs and fingerprints.

The Federal Freedom of Information (FOI) Act entered into force.

GREECE

Video surveillance cameras, originally installed to ensure security of the Olympic games, have stayed in place on roads of high circulation for traffic monitoring, but police have been fined for breaching the terms of the system’s use.

More than 100 mobile phones were tapped around the time of the Olympic games; no one has been found responsible, but Vodafone has been fined for failing to secure its network.

An amendment to the Data Protection Act adds provisions concerning the transfer of data to third countries.

Greece will postpone implementation of the EU Data Retention Directive.

GUATEMALA

The Law Against Organized Crime allows communications interception whenever it is necessary to prevent, interrupt or investigate organized crime.

HONG KONG

A new law regulates the interception of communications and surveillance activities engaged in by law enforcement agencies. The law also creates an oversight board, chaired by a judge, who may inspect and review law enforcement interception requests.

The national ID card, now fully implemented, functions as a banking card, a library card for all public libraries, and as an immigration document.

Legislative Council passed the Unsolicited Electronic Messages Ordinance.

HUNGARY

The Constitutional Court ordered the Parliament to establish conditions of the proper judicial overview of applications for secret data surveillance and collection by law enforcement.

Hungarian e-passports contain a chip with biometric information about the passport holder, namely the facial image and the digital fingerprints.

ICELAND

The rule on Electronic Surveillance prohibits discreet surveillance “in the workplace, in schools, and in other areas generally traversed by a limited number of people” unless the surveillance is based on a legal act or a court order.

There was in increase in cases concerning foreign collaboration and processing of personal data that require a permit from the Icelandic Data Protection Authority.

INDIA

The Indian government created the Indian Computer Emergency Response Team to enhance the security of India's Communications and Information.

India’s High Court stated that intrusions into privacy may only be made by legislative provisions, administrative/executive orders, and judicial orders.

Problems with the implementation of the Right to Information Act persist due to a lack of a central Office and prohibitive fees.

IRAQ

The new security plan for Baghdad grants further martial law powers to military commanders, including broad authority to conduct warrantless searches and arrests, monitor all private communications, and to restrict all public gatherings and association.

U.S. troops began using mobile scanners to take fingerprints, eye scans, and input other personal data from Iraqis at checkpoints, workplaces, the sites of attacks, and door-to-door canvasses.

IRELAND

Irish online civil rights group Digital Rights Ireland commenced a High Court action against the Irish Government, challenging the Criminal Justice (Terrorist Offences) Act data retention provisions.

The use of Automatic Number Plate Recognition is being considered to check for outstanding motor offences and motor tax issues.

Irish e-Passports contain a chip that stores a digital photograph and the individual’s personal information.

ISRAEL

The Privacy Law was amended to require informed consent from an individual. The amendment also increases damage amounts available.

The Israeli Government established the Legal Authority for Information Technologies and Privacy Protection under the Ministry of Justice.

Ben Gurion Airport installed electronic devices that allow inspectors to see through travelers’ clothes.

ITALY

An Italian judge ruled that to plant bugging devices in a car is not a criminal offence because the provisions forbidding bugging apply only to homes.

Italian law enforcement made three arrests under a new anti-terrorism law. The law empowers police to arrest individuals without any evidence of direct involvement with terrorist groups or in the planning of terrorist attacks.

Italian law enforcement made 26 arrests from two separate groups of phishing fraudsters, in the culmination of an operation, dubbed 'Phish and Chip', aimed at tracking down phishers defrauding banking clients of the national postal service.

JAPAN

Japanese ISPs issued new Guidelines for the disclosure of user identity information.

Yokohama now requires residents to register in the Resident Registry Network System (Juki-Net). Only three municipalities refuse to participate in Juki-Net.

The question of whether Juki-Net is constitutional is pending before the Supreme Court.

JORDAN

Jordan launched its flight security system, eGate, and the e-Card, which stores identity, travel history, fingerprint and electronic travel records.

The Lower House of Parliament endorsed a draft Access to Information law.

LATVIA

The European Court of Human Rights concluded that Latvia violated applicants’ rights to respect for private and family life when the country failed to regularize the citizenship of stateless individuals within Latvian territory.

The Latvian financial police agency was ordered to pay damages to a high-profile TV news presenter for illegally tapping her telephone and selling the transcripts to a newspaper.

Latvia will postpone implementation of the EU Data Retention Directive.

LITHUANIA

There has been a noticeable increase in establishment of video surveillance systems throughout Lithuania.

Passports contain biometric data (digital images of the face and fingerprints), and this information storage in the state register.

Lithuania will postpone implementation of the EU Data Retention Directive.

LUXEMBOURG

Luxembourg passports include the holder’s name, date of birth, gender, nationality, place of residence and a digital photograph.

Luxembourg will postpone implementation of the EU Data Retention Directive.

MACEDONIA

The Directorate for Personal Data Protection is reviewing and proposing amendments to the existing Law on Personal Data Protection.

Data processors must notify the Central Register of their data systems by December 2007.

MALAYSIA

Camera surveillance continues to expand in Malaysian cities.

The government requires citizens to have a MyKad identification card to sign official documents, and individuals cannot apply for licenses without one.

MALTA

The Data Protection Commissioner created working groups to identify privacy issues unique to their industry. The groups will work with the Commissioner to develop appropriate privacy principles to guide their sectors.

Malta established an electronic health information portal for its citizens.

MEXICO

Commissioners of the Federal Institute of Access to Public Information unanimously approved the creation of a working group to develop a data protection bill.

The Mexican Advertising Internet Association (AMIPCI) released its trustmark, “Sello de Confianza AMIPCI.

MONGOLIA

The Mongolian government signed and ratified the United Nations Convention Against Corruption.

The Cabinet of Ministers is considering a final draft of a Freedom of Information law.

NETHERLANDS

The electronic child file for youth healthcare (EKD) will not be brought online until 2008, and it is not expected to be compulsory law until 2009.

A proposal to create a general and unique registration number for every citizen for use for all government services was postponed again.

A proposed bill was submitted that would expand the use of photos and fingerprints to determine the identity of suspects and convicted persons.

NEW ZEALAND

The Crimes (Intimate Covert Filming) Amendment Act 2006 came into force.

A Memorandum of Understanding between the Ministry of Health and the New Zealand Police relating to the disclosure "Guthrie" card health information came into effect.

The Unsolicited Electronic Messages Act 2007 received royal assent.

NIGERIA

The Nigerian government sponsored a Cybercrime bill, which will require service providers to track and turn over subscriber information to law enforcement upon production of a warrant.

The outgoing President declined to sign a Freedom of Access to Information Bill into law. Both houses must now pass the Bill by a two-thirds vote for it to become law.

The new electronic passport contains biometrics.

NORWAY

Norway recently created a Personal Privacy Commission. The commission's work will be part of the information considered for creating guidelines for security technology in the European Union.

Norway is proposing to increase the police’s access to storing DNA samples to everyone who is convicted to a prison sentence

A database containing biometric information of asylum seekers was opened to the police in criminal investigations even though the original intent of the database was to help establish the identity of asylum seekers.

PARAGUAY

There were reports that some government officials occasionally spied on individuals and monitored communications for partisan or personal reasons.

PERU

A bill to create a Data Protection Authority is being considered.

The alimentary debtors’ register will list any individual who owes three installments, successive or not, of his or her alimentary obligations to his/her children.

PHILIPPINES

The Supreme Court upheld the constitutionality of the new ID scheme for executive-branch workers.

An Act to Secure the State and Protect Our People from Terrorism, which increases police powers regarding arrest, surveillance, wiretap and seizures, was enacted.

POLAND

The PESEL II Steering Committee was formed to develop a two-stage identification card implementation that includes biometric storage.

The European Court of Human Rights found that the monitoring and censorship of an inmate’s correspondence violates Article 8 of the European Convention on Human Rights.

The municipality of Auschwitz installed the largest CCTV surveillance system for centralized monitoring of schools and municipality in Poland.

Poland will postpone implementation of the EU Date Retention Directive.

PORTUGAL

A new law established a national identification card system that will be fully implemented by 2008. The card’s chip stores residential address, a fingerprint, digital authentication and digital signature certificates, as well as space for personal data of the choice of the individual.

A new law regulates the collection and use of health and genetic information.

ROMANIA

Romania joined the European Union on January 1, 2007.

The National Authority for the Supervision of Personal Data Processing opened and began issuing decisions.

A new anti-terrorism and organized crime act was adopted at the end of 2006 without any public debate.

The Law regarding Free Access to Information of Public Interest was amended twice to expand the institutions and kinds of information covered by the law.

RUSSIA

The data protection Law on Personal Data, and the access Law on Information, Information Technologies and Protection of Information were adopted.

New regulations give law enforcement agencies greater access to telephone and cellular phone company clients' personal information and require providers to grant the Ministry of Internal Affairs and Federal Security Service 24-hour remote access to their client databases.

A draft on open government law passed the first of three readings in the Russian Parliament.

SAN MARINO

San Marino continues to conduct a complete overhaul of its financial sector regulations.

SINGAPORE

A new law requires businesses to add the tag “ADV” on all advertisement email and SMS messages that they send to individuals.

Singapore introduced the BioPass, a biometric e-passport embedded with a chip featuring fingerprint and facial identifiers.

The Bioethics Advisory Committee drew up guidelines for the use of personal information in biomedical research.

SLOVAK REPUBLIC

New regulations address cookies and unsolicited communications in order to fully implement EU Directive 2002/58/EC.

The European Court of Human Rights found that the inability to change one’s paternity status was a violation of the individual’s right to privacy found at Article 8 of the European Convention on Human Rights.

Slovakia will postpone implementation of the EU Date Retention Directive.

SLOVENIA

The Inspectorate for Personal Data Protection and the Commissioner for Access to Public Information offices merged into the Information Commissioner, an autonomous and independent body.

The Act on Electronic Communications transposes the EU Data Retention Directive into the Slovenian legal system.

Slovenia began issuing biometric passports.

SOUTH AFRICA

The National Credit Act, consumer protection legislation aiming to regulate the market in consumer credit principally by improving access to credit and preventing unfair business practices, came into full force.

The final recommendations of the Law Reform Commission, made in response to a huge volume of comments received on its draft data protection bill, will be published in the form of a Report to the Minister of Justice and Constitutional Development.

SOUTH KOREA

Internet users are required to provide their real names and their Resident Registration Numbers before posting comments or uploading video or audio clips on bulletin boards. The proposed law is a response to the increasing number of libelous and fraudulent accusations made by Koreans about public figures, as well as cyber-bullying between schoolchildren.

Protection of Communications Secrets Act revisions require mobile phone service providers, credit card firms and mass transit operators to store clients’ records for up to a year and provide the information at the request of state investigators.

An Information Disclosure Task Force comprised of government, media and academics was formed to create proactive disclosure policies and to suggest revisions to the Information Disclosure Act.

SPAIN

The Spanish Data Protection Agency published a new regulation on video surveillance.

All passports issued by Spain are electronic passports that contain an RFID tag.

The Spanish Data Protection Agency investigated the SWIFT banking consortium’s transfer of financial data to US authorities and stated that these practices violate European data protection legislation.

SRI LANKA

The government has launched a comprehensive “Re-engineering Government” project to provide citizen services in sectors such as eMotoring, ePension, eCitizen ID, eForeign Employment, Ministry of Public Administration and Home Affairs.

The government enacted the Electronic Transactions Act No. 19 of 2006.

SWEDEN

A proposed bill would allow the National Defense Radio Establishment to search all phone and e-mail communication passing through cables or wires across the country’s borders with a parliamentary committee approval.

Enhanced surveillance for criminal and counterterrorism measures were proposed in several bills.

The Personal Data Act was amended in 2006 to prevent processing of “unstructured materials,” such as running texts, sounds and images, and email if it constitutes a violation of the registered person’s personal integrity.

Sweden will postpone implementation of the EU Data Retention Directive.

SWITZERLAND

Revisions to the federal Data Protection Act include: a requirement that processors of sensitive data actively notify data subjects; further requirements for controllers to ensure that third party processors have adequate security in place; and restrictions on the methods of ensuring adequate data protection in transfers to third countries.

The new anti-hooliganism law introduces stadium bans, a national hooligan database, travel restrictions for known troublemakers and increased police powers.

The Freedom of Information Law came into effect.

TAIWAN

The Citizen Digital Certificate system allows citizens to engage in online activities such as tax filing, personal retirement program inquiry, personal travel restriction inquiry, health insurance inquiry, electronic motor vehicle needs, ID loss report and household registration office e-net services.

The government pledged between TWD 400 million and TWD 700 million per year between 2006 and 2009 to develop the infrastructure for becoming the global leader in producing RFID technology.

THAILAND

The new Cyber Crime Act defines 12 Internet crimes with punishments ranging from six months in jail to 20 years in jail, and requires certain Internet Service Providers to keep logs of traffic data up to 90 days.

Political bugging is no less common. Politicians and human rights activists accused a political party of wiretapping political opponents and journalists.

New passports are embedded with a microchip that contains biometric information including fingerprints and facial data.

TURKEY

The government adopted amendments to its Antiterror Law. The amendments have been highly criticized for placing further restrictions on the already censored media.

The European Court of Human Rights ruled that Turkey infringed the right to privacy of a human rights defender whose premises were searched and whose private professional materials were seized without the requisite authorization.

A government proposal would allow police to take fingerprints of anyone applying for a gun license, driving license, passport or Turkish citizenship. It would also provides the police with a larger authority to stop, search and demand identification from individuals.

The Law on the Right to Information was amended to enable citizens to dispute all decisions of state agencies regarding denials of requests for information.

UGANDA

The government introduced the Regulation of Interception of Communications Bill, which would legalize the interception and monitoring of certain telephone calls and postal mail.

Uganda began issuing electronic passports that contain biometric technology and will soon issue electronic driver’s licenses.

HIV-positive citizens face increasing pressure to openly divulge their health status.

UKRAINE
The Foreign Intelligence Service of Ukraine, which combats counterterrorism, international organized crime, drug and weapon trafficking, and illicit migration, became an independent state body, detached from law enforcement agencies.

The government announced that all court judgments not qualified as state secrets will be sent to a single state register that is free for all to access.

The European Court of Human Rights found that the Ukrainian government had violated an individual’s right to privacy where interception orders of private correspondence against the suspect remained valid for more than a year after the criminal proceedings against him had terminated.

UNITED KINGDOM

The UK’s DNA database now contains over 3 million samples.

New anti-terrorism measures focus on detention periods, “control orders” and increasing penalties for “encouraging” terrorism.

The Identity Cards Act was approved in March 2006 after years of contentious debate. The Act requires the creation of a central National Identity Register and the issuing of "voluntary" ID cards that will include biometric identifiers. The National Identity Scheme will be phased in over 10 years or more years starting in 2008.

UNITED STATES

Congress amended the Foreign Intelligence Surveillance Act in a way that significantly weakens the FISA court, and permits warrantless surveillance of American citizens when one party to the conversation may be outside of the United States.

Although the REAL ID Act was passed in May 2005, states and public organizations have rebelled against the scheme. Sixteen states have passed legislation rejecting REAL ID and there are bills in both US legislative houses that would repeal the Act creating the national identification system.

The Automated Targeting System, originally established to assess cargo that may pose a threat to the United States, has been proposed to establish a secret terrorism risk profile for millions of people.

Congress passed an Act implementing more recommendations of the 9/11 Commission. The Act strengthens the Board by requiring Senate confirmation for its members.

URUGUAY

A new law creates a register of public and private entities that process personal data.

The Supreme Court confirmed an individual has the right to amend gender information included on a birth certificate since the plaintiff had changed her sex by surgery.

Children and Adolescents Code states that any child or adolescent has the right to private life and the right to control their own image. Children’s images cannot be used in a harmful way that would damage or identify them.

UNITED ARAB EMIRATES

The Dubai International Financial Centre established the Data Protection Law 2007. This is the first data protection law in the Middle East, and it is modeled on the EU Data Protection Directive.

The UAE Telecommunications Regulatory Authority announced in June 2007 that it would create a UAE Computer Emergency Response Team for the detection and prevention of cyber crime in the country.

Identity cards are mandatory for all citizens 15 years of age. The cards include a chip that stores a digital photo, digital certification and fingerprints.

VENEZUELA

A new required official government polycarbonate electronic identification card is being considered.

Complete name, identification card number, home address, fingerprints and signature must be collected from buyers of cellular phones and landlines and delivered to government officials upon official request. The law also requires that a registry of all traffic data, including initiating number, called number, duration of call and geographic details be maintained by the carrier.

ZIMBABWE

The Access to Information and Protection of Privacy Act requires journalists to be licensed by the government.

The Interception of Communications Act gives his government the authority to eavesdrop on phone, Internet and other electronic communications and read physical mail. Interception activities are approved by the Communications Minister and are not reviewable by the courts.

<< Back

Email us at privacyint@privacy.org.
Call on +44 (0)208.123.7933.
Privacy Policy - About PI - Support PI