Privacy International

Project Compliance


Latest News
New Documents
Activities
Issues
Resources
Conferences
About PI

Privacy International is monitoring the enactment of legislation implimenting the European Union's Directive 95/46/EC on the protection of individuals with regard to the processing of personal data (data protection directive). PI is also monitoring other countries and companies' compliance with the directive and transborder data flows. PI intends pursuing legal action on behalf of European citizens against companies which violate European privacy rules by transferring information to countries which do not have adequate protections.

Latest News

*EU Releases Safe Harbour Review.
The European Commission released a "Commission Staff Working Paper" on 13 February 2002 on the status of the EU/US Safe Harbour agreement. The Commission found that there is a lack of transparency among organizations and many of enforcement mechanisms may not be adequate.

*  EU Reviews Adequacy of Canadian Privacy Law.
The Article 29 working group of the European Commission released a report on January 29 reviewing the 2000 Personal Information and Electronic Documents Act. The group recommended that any fiding of adequacy take into account that the law only covers private sector organizations that are using the information for commercial purposes and that it will not fully be in place until 2004. It also raised questions about provincial laws, health information, sensitive information and transborder dataflows.

*PI Asks UK Data Protection Commissioner to Investigate Amazon.co.uk.
PI International Director Simon Davies wrote to the UK Data Protection Commissioner on 4 December 2000 asking her to investigate Amazon's transfer of personal information and non-compliance with the UK Data Protection Act 1998. See below for details.

*Australia Approves Data Protection Act.
The Australian Senate on 6 December 2000 approved the Privacy Amendment (Private Sector) Bill which extends privacy protections to the private section. The bill was strongly critized by privacy advocates and the opposition political party as being far too weak. Commentary by privacy expert Roger Clarke who describes the bill as "the world's worst privacy legislation." The European Commission has also expressed concern that the law would not be adequte for transborder data flows. Editorial in the Sydney Morning Herald on flaws in the bill. The Act goes into effect in January 2002

*Argentina Approves Data Protection Act.
The Argentine Senate approved the Habeas Data Act (spanish) on October 4. The House of Representatives approved the Habeas Data Bill on September 14, 2000. (text of debate). English translation of the act.

Amazon.co.uk

Privacy International is currently investigating the practices of Amazon.co.uk, the UK affiliate of the US-based bookstore Amazon.com for possible breaches of the UK Data Protection Directive 1998 and the EU Data Protection Directive. On 4 December 2000, PI asked the UK Data Protection Commissioner to investigate Amazon.

  • Letter from PI Director Simon Davies to Mr Steve Frazier, Managing Director, Amazon.co.uk , 14 September 2000.
  • Letter from Steve Frazier to Simon Davies, 22 November 2000.
  • Letter from Simon Davies to the UK Data Protection Commissioner requesting an investigation of Amazon.co.uk practices under the UK Data Protection Act, 4 December 2000.
  • Letter from Simon Davies to Mr Steve Frazier, 5 December 2000.
  • Letter from Simon Davies to the UK Data Protection Commissioner requesting clarification of Amazon's contacts with the DPC, 6 December 2000.
  • Letter from Steve Frazier to Simon Davies, 13 December 2000.
  • Letter from Simon Davies to Mr Steve Frazier, December 2000.

 

Safe Harbor

  • The European Commission on July 26, 2000 announced that it would go forward with the Safe Harbor agreement despite the opposition of the Parliament.

  • The European Parliament voted 279-259 on July 5, 2000 to approve a report sponsored by Italian MEP Elena Ornella Paciotti calling on the European Commission to reopen the Safe Harbor negotiations and to stop all EU-US data exchanges under the agreement until the principles are in effect. The Commission also decided that the laws of Switzerland the Hungary were adequate.

  • The EU member states approved the Safe Harbor agreement on May 31, 2000. The agreement now goes to the Parliament for approval in July. Data Protection Working Group of the EU released a opinion critical of the agreement and calling for more changes to ensurte that privacy is protected.
  • The principles were also criticized by the Trans Atlantic Consumer Dialog (TACD) as being insufficient.
  • US Department of Commerce, Safe Harbor pages
    • Comments to US Department of Commerce of five US law professors on inadequacy of Safe Harbor, November 1998.
    • List of comments received on Safe Harbor proposal

  • Privacy International Statement on Meeting with US Officials. Privacy International staff met with US officials on December 16, 1998 to discuss the EU/US conflict over privacy laws and transborder dataflows. PI issued the following statement on the lack of agreement reached in the meeting.

  • EU Finds US Privacy Plan Flawed. The European Union on November 23 announced that the US Department of Commerce's proposal for addressing privacy is not sufficient to protect privacy. The US proposal for "Safe Harbor" entailed voluntary self-regulation by the industry to protect privacy. A European Commission Spokeswoman, Betty Olivi, said at a November 23 briefing said that all 15 members of the EU found the proposals "unacceptable". The EU's two major concerns were individuals access to their files and their ability to stop the sale and use of their personal information. The US Govt is continuing to pressure the EU in meetings held in Washington, DC and has hired industry lobbyist Peter Swire to travel around Europe to convince governments, public interest advocates (including PI) and others that Safe Harbor is adequate.

 Resources

 

 Old News Stories