Argentine Republic

Articles 18 and 19 of the Argentine Constitution provide (in part), "The home is inviolable as is personal correspondence and private papers; the law will determine what cases and what justifications may be relevant to their search or confiscation. The private actions of men that in no way offend order nor public morals, nor prejudice a third party, are reserved only to God’s judgment, and are free from judicial authority. No inhabitant of the Nation will be obligated to do that which is not required by law, nor be deprived of what is not prohibited." Article 43, enacted in 1994, provides a right of habeas data: "Every person may file an action to obtain knowledge of the data about them and its purpose, whether contained in public or private registries or databases intended to provide information; and in the case of false data or discrimination, to suppress, rectify, make confidential, or update the data. The privacy of news information sources may not be affected." [1] The Supreme Court is currently reviewing a case involving Habeas Data.

In November 1998 the Senate approved a Law for the Protection of Personal Data. [2] It is in conformance with Article 43 of the Constitution and based on the E.U. Data Protection Directive. The bill covers electronic and manual records. It requires express consent before information can be collected, stored, processed, or transferred. Collection of sensitive data is given additional protections and is prohibited unless authorized by law. International transfer of personal information is prohibited to countries without adequate protection. Individuals have an express right of Habeas Data to access information about themselves held by government or private entities. The bill sets up an independent commission within the Ministry of Justice to enforce the law. The U.S. Direct Marketing Association launched a lobbying effort against the bill in December 1998 urging Argentinean companies to oppose the efforts to enact the law. [3] Previously, in December 1996, the Congress approved a data protection law. [4] However, upon request of the Central Bank, the law was subsequently vetoed by the President. [5]

Under the Code of Penal Procedure, "A judge may arrange, for the purposes of building a case, the intervention of telephone communications or whatever other means of communication. The Penal Code provides penalties for publishing private communications. [6] In April 1999, a judge ruled that those provisions also applied to electronic mail. [7] The National Defense Law prohibits domestic surveillance by military personnel. Two Army colonels and two non-commissioned officers were relieved of duty in May 1999 after testifying that they conducted domestic surveillance on “orders from above” to interfere with investigations into human rights abuses during the dictatorship. [8] Illegal wiretapping has been common since the transition to civilian rule. In 1990, the entire telephone switchboard of the President’s official residence was extensively bugged and a major government scandal ensued. [9] In 1996, the telephones of the Archdiocese of Formosa were found to be wiretapped. [10] Also that year, former Economy Minister Domingo Cavallo accused Interior Minister Carlos Corach of ordering the telephone bugging of a federal prosecutor. [11] In 1998, the Mayor of Buenos Aires and 1999 presidential candidate Fernando de la Rua lodged a criminal complaint against two city councilors and another party member, accusing them of tapping his family’s telephone for years and recording 3000 hours of conversation. [12] He also accused the secret police, known as SIDE, of complicity with the wiretaps. [13] The UN Human Rights Committee expressed concern that the judicial authorization for wiretaps was too broad. [14]

The Civil Code prohibits "that which arbitrarily interferes in another person’s life: publishing photos, divulging correspondence, mortifying another’s customs or sentiments or disturbing his privacy by whatever means." [15]

In 1996, the national government began a new crackdown on tax evaders. Measures included reviewing citizens’ credit card, insurance, and tax records. One bill allowed citizens whose credit card records had been obtained to sue for invasion of privacy. [16] The same year, the Argentina Passport and Federal Police Identification System, developed by Raytheon E-Systems, was inaugurated at the Buenos Aires airport. The system combines personal data, color photos and fingerprints. [17]

In November 1998, the City of Buenos Aires approved a law on access to information. The law gives all persons the right to ask for and to receive information held by the local authorities and creates a right of judicial review. Individuals have the right under habeas data to update, rectification, confidentiality or suppression of information. [18]

In 1994, Argentina adopted the American Convention on Human Rights into domestic law. The Argentine supreme court has used international human law to determine domestic cases. [19] 

Commonwealth of Australia

Neither the Australian Federal Constitution nor the Constitutions of the six States contain any express provisions relating to privacy. There is periodic debate about the value of a Bill of Rights but no current proposals. [20]

The principal federal statute is the Privacy Act of 1988. [21] It creates a set of eleven Information Privacy Principles (IPPs), based on those in the OECD Guidelines, that apply to the activities of most federal government agencies. A separate set of rules about the handling of consumer credit information, added to the law in 1989, applies to all private and public sector organizations. The third area of coverage is the use of the government issued Tax File Number (TFN), where the entire community is subject to Guidelines issued by the Privacy Commissioner, which take effect as subordinate legislation. The origins of the Privacy Act were the protests in the mid-1980s against the Australia Card scheme – a proposal for a universal national identity card and number. The controversial proposal was dropped, but use of the tax file number was enhanced to match income from different sources with the Privacy Act providing some safeguards. The use of the tax file number has been further extended by law to include benefits administration as well as taxation. Some controls over this matching activity were introduced in 1990. [22]

In December 1998, the reelected conservative government reversed its opposition to legislative privacy protection in the private sector, and as of June 1999, a bill was being drafted, based on a set of National Principles developed by the Privacy Commissioner during 1997 and 1998, originally as a self-regulatory substitute for legislation. The bill is described as a “light touch legislative regime” and will be based on industry codes. It should be introduced in mid-late 1999 or early in the year 2000.

The Office of Privacy Commissioner[23] has a wide range of functions, including handling complaints, auditing compliance, promoting community awareness, and advising the government and others on privacy matters. The Commissioner's office, which was initially well funded, suffered major budget cutbacks in 1997, at the same time as the Commissioner's range of responsibilities under several laws and in response to government requests, was expanding. In the 1998-99, the Commissioners Office received 128 complaints, closed 90 complaints and conducted 20 audits.[24]

The Telecommunications (Interception) Act of 1979 [25] strictly regulates the interception of telecommunications. A warrant is required under the Act, which also provides for detailed monitoring and reporting, but in 1997 the authority for issuing warrants was extended from federal court judges to designated members of the Administrative Appeals Tribunal, who are on term appointments rather than tenured. The Interception Act safeguards also need to be read alongside Part 15 of the Telecommunications Act of 1997, which places obligations on telecommunications providers to provide an interception capability and to positively assist law enforcement agencies with interception. There were a total of 675 warrants issued in the year 1997-1998.[26] This excludes an undisclosed number of interception warrants issued to the Australian Security Intelligence Organisation by the Attorney General. In June 1999, the Australian government publicly admitted its role in the Echelon international surveillance system. In May, the Parliamentary Committee that oversees intelligence agencies approved the Australian Security Intelligence Organisation Legislation Amendment Bill 1999. The bill gives ASIO new powers to access e-mails and data inside computers, use tracking device on vehicles, obtain tax and cash transaction information and intercept mail items carried by couriers. [27]

The Crimes Act [28] also contains a range of other privacy related measures, such as offenses relating to unauthorized access to computers, unauthorized interception of mail and telecommunications and the unauthorized disclosure of Commonwealth government information.[29] It also contains provisions relating to spent convictions, allowing individuals convicted of minor offenses to lawfully 'deny' them in most circumstances after a period of time. The Telecommunications Act of 1997 [30] contains a detailed list of "exceptions" from a basic presumption of confidentiality of customer records. [31] A privacy code of practice has been drafted under the new co-regulatory system for telecommunications and is expected to be adopted by the Australian Communications Authority after a period of public consultation. [32] In June 1999, Justice Minister Amanda Vanstone proposed a national DNA databank. [33]

The Australian States and Territories have varying privacy laws. In Victoria, a Data Protection Bill was introduced in May 1999 and is expected to be enacted later in the year. [34] It covers both the public and private sectors although the Victorian government is proposing to disapply the private sector provisions in favor of the federal legislation. [35] New South Wales, the most populous state, has had a Privacy Committee Act since 1975, but this only provided for a committee of part time members to advise government and to act as an "ombudsman." A small staff deals with inquiries from the public and sought to resolve complaints, but had no determinative powers. In December 1998, data protection legislation was enacted covering government agencies. An Office of Privacy Commissioner has been established. [36] The Australian Capital Territory (ACT) enacted a health privacy law in 1997 [37], and the Queensland government has committed to implement the April 1998 recommendation of a Parliamentary Committee for a public sector privacy law [38], but with no timetable yet announced. Specific privacy provisions are also found in many State laws dealing with such diverse matters as health, adoption, drug controls and registration of births, deaths and marriages. Most States and Territories also have laws relating to listening devices, although these are generally recognized as being badly in need of updating to cope with new technologies. [39]

The federal Freedom of Information Act 1982 [40] provides for access to government records. the Commonwealth Ombudsman promotes the Act and handles complaints about procedural failures. Merits review (appeals) of adverse FOI decisions is provided by the Administrative Appeals Tribunal, with the possibility of further appeals on points of law to the Federal Court. Budget cuts have severely restricted the capacity of the AGs Dept and Ombudsman to support the Act and there is now little central direction, guidance or monitoring. The government has announced an extension of the Act to cover contracted service providers, but a bill has not yet been introduced. All of the States and the ACT, but not the Northern Territory also have Freedom of Information laws which include rights for individuals to gain access to and to correct personal information about themselves. [41] 

Republic of Austria

The Austrian Constitution does not explicitly recognize the right of privacy. [42] Some sections of the data protection law (Datenschutzgesetz – DSG) have constitutional rank. Most important of these is § 1 Abs. 1, which reads: "(1) Everybody has the right of secrecy of his personal data, as far as he has an interest worthy of protection, particularly regarding respect for his private and family life." § 1 Abs. 3 and § 1 Abs. 4 grant the fundamental constitutional rights of access to personal data processed with support of automation, as well as rights to have any incorrect data corrected, and illegally obtained or processed data deleted. These rights may only be restricted under the conditions of Article 8 (2) of the European Convention of Human Rights (ECHR). The entire ECHR has constitutional rank and Article 8 is often cited by the constitutional court in privacy matters.

The 1978 Data Protection Law [43] concerns persons and legal entities. Anybody who processes personal data automatically must notify or register at the Data Protection Commission (Datenverarbeitungsregister). Individual rights can be asserted in the courts if the processor is not a public authority, or at the Commission in all other cases. Appeals against decisions of the Data Protection Commission can be made at the administrative court (Verwaltungsgerichtshof) or the Constitutional Court (Verfassungsgerichtshof). The Commission reports that there are 100,000 Data Controllers registered. It also handles around 40 formal complaints and 30 requests for information in written form every year, as well as a large number of informal requests for information.

A new data protection bill (Datenschutzgesetz 2000) [44] which will incorporate the E.U. Directive into Austrian law is pending before the Parliament. However, experts criticize the new bill as being inadequate because it retains the cumbersome structure of the current Act rather than replacing it. [45] The bill was approved by one chamber in June 1999 and is expected to be adopted by the other in July 1999.

Wiretapping, electronic eavesdropping and computer searches are regulated by the code of criminal procedure. [46] Telephone wiretapping is permitted if it is needed for investigating a crime punishable by more than one year in prison. Electronic eavesdropping and computer searches are allowed if they are needed to investigate criminal organizations or crimes punishable by more than ten years in prison. The provision concerning electronic eavesdropping and computer searches became effective between October 1, 1997, and July 1, 1998. Due to long and intensive discussion, the provisions are in effect only until December 31, 2001. Criticism of the drafts for this law has led to a number of restrictions, but whether or not these provisions can effectively prevent eavesdropping on innocent persons remains unresolved.

There are also a number of specific laws relating to privacy. The telecommunication law contains special data protection provisions for telecommunication systems, particularly problems like phone directories, unsolicited calls or ISDN calling line identification. [47] The Genetic Engineering Act of 1994 requires prior written consent for information to be used for purposes other than the original purpose. Austrians can have an anonymous “Sparbuch” bank account. The Financial Action Task Force, an anti-money laundering group coordinated by the OECD, has been pressuring Austria to change its laws to require that each account be personally identified. [48]

The Auskunftspflichtgesetz is a Freedom of Information law that obliges federal authorities to answer questions regarding their areas of responsibility. [49] However, it does not permit citizens to access documents, just to receive answers from the government on the content of information. The nine Austrian Provinces have laws that place similar obligations on their authorities.

Austria is a member of the Council of Europe and has signed and ratified the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (ETS No. 108).[50] It has signed and ratified the European Convention for the Protection of Human Rights and Fundamental Freedoms. [51] It is a member of the Organization for Economic Cooperation and Development and has adopted the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.  

Kingdom of Belgium

The Belgian Constitution recognizes the right of privacy and private communications. [52] Article 22 states, "(1) Everyone has the right to the respect of his private and family life, except in the cases and conditions determined by law. (2) The laws, decrees, and rulings alluded to in Article 134 guarantee the protection of this right." Article 29 states, "(1) The confidentiality of letters is inviolable. (2) The law determines which nominated representatives can violate the confidentiality of letters entrusted to the postal service." Article 22 was added to the Belgian Constitution in 1994. Prior to the constitutional amendment, the Cour de Cassation ruled that Article 8 of the European Convention applied directly to the law and prohibited government infringement on the private life of individuals. [53]

Legislation to update the Data Protection Act 1998 to make it consistent with the E.U. Directive was approved by the Parliament in December. [54] A Royal Decree to implement the Act is currently being presented to the Council of State for advice. The new Act will come into force four months after it is published in the Official Journal. However, there is concern among independent experts that the revised act is lacking is areas relating to government files and may not be fully consistent with the Directive. In September 1998, the state security office announced that it was "cleaning" the files on 570,000 individuals that it had been collecting since 1944 to bring the files into compliance with the 1992 law. [55] In 1995, the Belgian Government admitted spying on the peace and environmental movements. [56]

The Commission de la Protection de la Vie Privée oversees the law. [57] The Commission investigates complaints, issues opinions and maintains the registry of personal files. The Commission has received 24,000 registrations. [58] In 1998, the Commission answered 515 requests for general information and 65 requests for information about the public register. The Commission also investigated 397 complaints relative to consumer credit.

Surveillance of communications is regulated under a 1994 law. [59] Prior to its enactment, there was no specific law. The law requires permission of a juge d'instruction before wiretapping can take place. Orders are limited to a length of one month. There were 114 orders issued in 1996. [60] The law was amended in 1997 to remove restrictions on encryption. [61] The Parliament also amended the law in 1998 to require greater assistance from telecommunications carriers. [62] There are also laws relating to consumer credit, [63] social security, [64] electoral rolls, [65] the national ID number, [66] professional secrets, [67] and employee rights. [68] There are freedom of information laws on the right of access to administrative documents on the national [69] and local and regional levels. [70] Each jurisdiction has a Commission d'accès aux documents administratifs which oversees the act.

Belgium is a member of the Council of Europe and has signed and ratified the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (ETS No. 108). [71] It has signed and ratified the European Convention for the Protection of Human Rights and Fundamental Freedoms. [72] It is a member of the Organization for Economic Cooperation and Development and has adopted the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.  

Federative Republic of Brazil

Article 5 of the 1988 Constitution of Brazil provides, in part: “10. the privacy, private life, honor and image of persons are inviolable, and the right to compensation for property or moral damages resulting from the violation thereof is ensured; 11. the home is the inviolable asylum of the individual, and no one may enter it without the dweller's consent, save in the case of "in flagrante delicto" or disaster, or to give help, or, during the day, by court order; 12. the secrecy of correspondence and of telegraphic, data and telephone communications is inviolable, except, in the latter case, by court order, in the events and in the manner established by the law for purposes of criminal investigation or criminal procedural discovery; 14. access to information is ensured to everyone and confidentiality of the source is protected whenever necessary for the professional activity.”[73]

A bill promoting the privacy of personal data in conformance with the OECD guidelines, to affect both public and private sector databases, was proposed in the Senate in 1996 and has yet to be voted on. The bill provides that, "No personal data nor information shall be disclosed, communicated, or transmitted for purposes different than those that led to structuring such data registry or database, without express authorization of the owner, except in case of a court order, and for purposes of a criminal investigation or legal proceedings . . . It is forbidden to gather, register, archive, process, and transmit personal data referring to: ethnic origin, political or religious beliefs, physical or mental health, sexual life, police or penal records, family issues, except family relationship, civil status, and marriage system . . . Every citizen is entitled to, without any charge; access his/her personal data, stored in data registries or databases, and correct, supplement, or eliminate such data, and be informed by data registry or database managers of the existence of data regarding his/her person."[74] It is expected by many that the law will move forward once legislation is approved in neighboring countries such as Argentina and Chile.

The 1990 Code of Consumer Protection and Defense [75] allows all consumers to "access any information derived from personal and consumer data stored in files, archives, registries, and databases, as well as to access their respective sources. Consumer files and data shall be objective, clear, true, and written in a manner easily understood, and shall not contain derogatory information for a period over five years. Whenever consumers find incorrect data and files concerning their person, they are entitled to require immediate correction, and the archivist shall communicate the due alterations to the incorrect information within five days. Consumer databases and registries, credit protection services, and similar institutions are considered entities of public nature. Once the consumer has settled his/her debts, Credit Protection Services shall not provide any information which may prevent or hinder further access to credit for this consumer." The Informatics Law of 1984 [76] protects the confidentiality of stored, processed and disclosed data, and the privacy and security of physical, legal, public, and private entities. Citizens are entitled to access and correct their personal information in private or public databases.

Individuals have a constitutional right of Habeas Data to access information about themselves held by public agencies which has been adopted into law. [77]

In 1996, a law regulating wiretapping was enacted. [78] Official wiretaps are permitted for 15 days, renewable on a judge's order for another 15 days, and can only be resorted to in cases where police suspect serious crimes punishable by imprisonment, such as drug smuggling, corruption, contraband smuggling, murder and kidnapping. The granting of judicial eavesdropping permits by judges was previously an ad hoc process without any legal basis. [79] Illegal wiretapping by police and intelligence agencies is still ongoing. The Agencia Brasileira de Informacoes (Abin) was suspected of wiretapping President Cardoso after tapes of his conversations were leaked to the press in May 1999. [80] Several ministers resigned in 1998 after tapes of wiretapped conversation involving the Brazilian Development Bank were disclosed in what was called the “Telegate scandal.” In 1992, amid a scandal that toppled President Fernando Collor de Mello, it was discovered that Vice President Itamar Franco’s phones at his official residence in Brasilia and in a Rio de Janeiro hotel room had been tapped. [81] In 1996, Abin was put under military control with the task of evaluating the background of people appointed to government posts. According to the new director, "every instrument authorized by the courts will be used to keep the president well informed, including wiretapping of phones, opening of personal mail, and infiltration of Abin agents into social movements such as the Landless Peasant's Movement (Movimento sem Terra)." Abin is the central body of an intelligence system that is spread out through federal, state, municipal and even private organizations. The intelligence system operates under the name of Sisbin (Brazilian Intelligence System). [82] The Agency’s guidelines prevent it from performing police operations, and require it to obtain a judicial order to perform wiretaps. [83]

A candidate for mayor of São Paulo, Celso Pitta, discovered wiretaps on two of his telephone lines in 1996. [84] A man with AIDS charged the city of Morretes, Paraná of discrimination and invasion of privacy after a city government proclamation identifying him and his HIV status was posted in public buildings. [85]

Brazil signed the American Convention on Human Rights on 25 September 1992. 

Republic of Bulgaria

The Bulgarian Constitution of 1991 recognizes rights of privacy, secrecy of communications and access to information. Article 32 states, "(1) The privacy of citizens shall be inviolable. Everyone shall be entitled to protection against any illegal interference in his private or family affairs and against encroachments on his honor, dignity and reputation. (2) No one shall be followed, photographed, filmed, recorded or subjected to any other similar activity without his knowledge or despite his express disapproval, except when such actions are permitted by law." Article 33 states, "(1) The home shall be inviolable. No one shall enter or stay inside a home without its occupant's consent, except in the cases expressly stipulated by law. (2) Entry into, or staying inside, a home without the consent of its occupant or without the judicial authorities' permission shall be allowed only for the purposes of preventing an immediately impending crime or a crime in progress, for the capture of a criminal, or in extreme necessity." Article 34 states, "(1) The freedom and confidentiality of correspondence and all other communications shall be inviolable. (2) Exceptions to this provision shall be allowed only with the permission of the judicial authorities for the purpose of discovering or preventing a grave crime." Article 41 states, "(1) Everyone shall be entitled to seek, obtain and disseminate information. This right shall not be exercised to the detriment of the rights and reputation of others, or to the detriment of national security, public order, public health and morality. (2) Citizens shall be entitled to obtain information from state bodies and agencies on any matter of legitimate interest to them which is not a state or other secret prescribed by law and does not affect the rights of others."[86]

There are currently efforts to enact comprehensive data protection legislation in Bulgaria. In 1996, the government began developing data protection legislation in preparation for integration into the E.U. Internal Market under the Treaty for Association of Bulgaria to the E.U. Data protection is also a key element of the information legislation which is a priority in the National Assembly's legislative activities. The draft Law on Protection of Citizens' Personal Data sets rules on the fair and responsible handling of personal information by the public and private sector. Entities collecting personal information must do the following: inform people why their personal information is being collected and what it is to be used for; allow people reasonable access to information about themselves and the right to correct it if it is wrong; ensure that the information is securely held and cannot be tampered with, stolen or improperly used; and limit the use of personal information, for purposes other than the original purpose, without the consent of the person affected, or in certain other circumstances. The draft law envisions a special supervising body with additional regional bodies to enforce the Act. The European Commission stated in 1997 that "considerable efforts are still needed to adopt and implement measures to meet Community requirements on data protection." [87]

Electronic surveillance used in criminal investigations is regulated by the criminal code and requires a court order. [88] The Telecommunications Law also requires that agencies must ensure the secrecy of communications. [89] The 1997 Special Surveillance Means Act regulates the use of surveillance techniques by the Interior Ministry for investigating crime but also for loosely defined national security reasons. A court order is generally required but in cases of emergency, an order from the Interior Minister is sufficient. [90] The head of the National Security Service, Col. Yuli Georgiev, resigned in February 1997 after allegations of wiretapping politicians. [91] Bulgaria's military prosecutor filed a suit in December 1996 against an unidentified state official for illegally bugging telephones at the offices of the main opposition, Union of Democratic Forces (UDF), including those of president-elect Petar Stoyanov. [92]

There are additional provisions relating to privacy in laws such as the Statistics Law, Tax Administration Law, Insurance Law, [93] and Social Assistance Law. [94] The Radio and Television Act sets limits [95] on broadcasting of personal information. In conjunction with the preparation of the Law on Protection of Citizens’ Personal Data, analyses of Bulgarian legal acts related to personal data of individuals are planned. Proposals of reforms and supplements in the relevant acts also can be made, if necessary.

As part of the Bulgaria 2001 program, the Bulgarian government committed in February 1998 to enacting a Law for Access to Information to provide access to government records. A draft bill is currently pending before the Judiciary Committee in the Parliament. [96] The Bulgarian National Bank announced in July 1999 that it would be the first state institution to open up its archive of documents from the Communist era, starting in September. [97] The 1997 Access to Documents of the Former State Security Service Act regulates the access, proceedings of disclosure and use of information kept in the documents of the former State Security Service.

Bulgaria is a member of the Council of Europe and has signed but not ratified the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (ETS No. 108). [98] It has signed and ratified the European Convention for the Protection of Human Rights and Fundamental Freedoms. [99]  

Canada

There is no explicit right to privacy in Canada's Constitution and Charter of Rights and Freedoms. [100] However, in interpreting Section 8 of the Charter, which grants the right to be secure against unreasonable search or seizure, Canada's courts have recognized an individual's right to a reasonable expectation of privacy. [101]

The Privacy Act [102] provides individuals with a right of access to personal information held by the federal public sector. In addition, the Privacy Act contains provisions regulating the confidentiality, collection, correction, disclosure, retention and use of personal information. Individuals may request records directly from the institution that has the custody of the information. The Act establishes a code of fair information practices that apply to government handling of personal records.

The Privacy Act is overseen by the independent Privacy Commissioner of Canada. [103] The Commissioner has the power to investigate, mediate and make recommendations, but cannot issue binding orders. The commissioner received 2,455 complaints in 1997-1998 and completed 1,821 investigations. [104] The Commissioner can initiate a Federal Court review. In the Fall of 1998, the Commissioner asked a court to review the matching of the Customs declarations of returning travelers against the Employment Insurance database. The Federal Privacy Commissioner asked the court to decide whether the Customs Act overrides the government's obligation in the Privacy Act to use personal information only for the purpose for which it is collected unless the individual consents. In February 1999, the court ruled that the matching could not be conducted without ministerial approval and the program was suspended.

The Federal Parliament is currently reviewing Bill C-54, the “Personal Information Protection and Electronic Documents Act”, [105] a privacy law that will cover the private sector. The proposal is based on adopting the Canadian Standards Association's privacy standard into law for areas that are under federal regulation, such as banks, telecommunications, transportation and enterprises that trade data interprovincially and internationally. In three years, it would cover other sectors that process personal information in every province unless the province enacts "substantially similar" laws, such as Quebéc’s law. The bill was introduced in October 1998 and has the support of the Prime Minister who has committed to have the legislation enacted in 1999. [106] However, it was not approved before the summer recess. The government plans to continue working on the bill after the break in September and, if it is not approved it in the current session of Parliament, reintroduce it in the next Parliament. There are also provincial efforts to adopt new laws to cover sectors that are not federally regulated.

Privacy legislation covering government bodies exists in almost all provinces and territories. [107] In the province of Québec, the Charter of Rights specifically mentions the right to privacy and the law regulates the collection and use of personal information held by private sector businesses operating in the province of Québec. [108] This law sets rules the collection, confidentiality, correction, disclosure, retention and use of personal information by these businesses. It also provides individuals with a right of access and correction. Québec holds the distinction of being the only North American jurisdiction to regulate personal information in the private sector. Nearly every province has some sort of oversight body but their powers vary. The Québec Commission d'accès à l'information has broad powers over the public and private sectors. The Information and Privacy Commissioners of British Columbia and Ontario have been very active in promoting privacy through their oversight powers of public bodies and public education efforts.

Part VI of Canada's Criminal Code makes the unlawful interception of private communications a criminal offense. [109] Police are required to obtain a court order. In 1997, there were 185 orders for warrants under the Criminal Code, a decrease from 276 in 1996 and 266 in 1995. [110] Amendments to the Radiocommunication Act [111] also forbid the divulgence of intercepted radio-based telephone communications. The Canadian Security Intelligence Service Act [112] authorizes to interception of communications for national security reasons. A federal court in Ottawa ruled in 1997 that the Canadian Security Intelligence Service was required to obtain a warrant in all cases. [113] On October 1, 1998, Industry Minister John Manley announced a new liberal government policy for encryption that allows for broad development, use and dissemination of encryption products.

Other federal legislation also has provisions related to privacy. The Telecommunications Act[114] has provisions to protect the privacy of individuals, including the regulation of unsolicited communications. Also, the Bank Act, [115] Insurance Companies Act, [116] and Trust and Loan Companies Act [117] permit regulations to be made governing the use of information provided by customers. There are sectoral laws for pensions, [118] video surveillance, [119] immigration, [120] and Social Security. [121] The Young Offenders Act [122] regulates what information can be disclosed about offenders under the age of eighteen while the Corrections and Conditional Release Act [123] speaks to what information can be disclosed to victims and victims' families. In addition, most provinces have some form of legislation protecting consumer credit information. However, the vast majority of information collected by the private sector is on the provincial level and is not currently protected by any provincial laws. A poll in April 1999 found that 88 percent of people said the government should "not allow banks to use information about their customer's bank accounts and other investments to try to sell customers insurance." [124]

Identity issues are currently under debate in Canada. There is great concern about the use of the Social Insurance Number (SIN) by the private sector and identity theft. A Parliamentary committee recommended in May 1999 that the SIN be scrapped and replaced with a new smart card. [125] Québec considered creating a mandatory ID card but dropped the idea in 1998. In April 1999, it hired DMR Consulting Group to examine the possibility of creating a central database of all government records on residents. [126] In Toronto, a system to fingerprint all welfare recipients was dropped in March 1999 after Citibank, the contractor, was unable to create a working system. [127] The UN Human Rights Commission was critical of the increasing use of fingerprinting in Canada and recommended in April 1999 “that Canada take steps to ensure the elimination of increasingly intrusive measures which affected the right of privacy of people relying on social assistance, including identification techniques such as fingerprinting and retinal scanning.”[128]

The Access to Information Act [129] provides individuals with a right of access to information held by the federal public sector. The Act gives Canadians and other individuals and corporations present in Canada the right to apply for and obtain copies of federal government records. "Records" include letters, memos, reports, photographs, films, microforms, plans, drawings, diagrams, maps, sound and video recordings, and machine-readable or computer files. The Act is overseen by the Office of the Information Commissioner of Canada. [130] The Commissioner can investigate and issue recommendations but does not have power to issue binding orders. The Canadian Federal Court has ruled that government has an obligation to answer all access requests regardless of the perceived motives of the requesters. Similarly, the commissioner must investigate all complaints even if the government seeks to block him from so doing on the grounds that the complaints are made for an improper purpose. Each of the provinces also has a freedom of information law. [131]  

Republic of Chile

Article 19 of Chile’s Constitution secures for all persons: "Respect and protection for public and private life, the honor of a person and his family. The inviolability of the home and of all forms of private communication. The home may be invaded and private communications and documents intercepted, opened, or inspected only in cases and manners determined by law." [132]

A comprehensive privacy bill was approved by the Senate in May 1999 and unanimously by the House of Deputies in June 1999 following several years of debate. [133] The bill covers both the public and private sectors. Information can only be collected if it is authorized by law or with the express consent of the person, who must be told of its purpose. Individuals have a right of access and can demand corrections or removal of information. Information can only be used for the purposes for which the information was provided. Information collected for journalistic purposes is exempt. Violators can be imprisoned.

Chile’s transition to democratic rule in 1990 did not eliminate personal privacy violations by government agencies. The Investigations Police – a plainclothes civilian agency that functions in close collaboration with the International Criminal Police Organization (Interpol) and with the intelligence services of the army, navy, and air force – keeps records of all adult citizens and foreign residents and issues identification cards that must be carried at all times. [134] The personal data compiled during military rule was never destroyed. In January 1998, former dictator Gen. Augusto Pinochet threatened to use "compromising information" from secret military intelligence files against those who were trying to keep him from becoming a Senator for Life, a position which would provide immunity from civil suits and public accountability for crimes which took place during his dictatorship. [135] Under current law, the voter registration list is publicly disclosed and used for direct marketing purposes. In 1999, the UN Human Rights Committee criticized the requirement that hospitals report all women who receive abortions. [136]

A 1995 law bars obtaining information by undisclosed taping, telephone intercepts, and other surreptitious means, and bars the dissemination of such information, except by judicial order in narcotics-related cases. [137] In August 1996, the head of the Direccion de Inteligencia Policial (Dipolcar), the police intelligence service, was charged with authorizing a surveillance operation against the defense ministry official responsible for Carabineros, the militarized national police force. His resignation in disgrace allowed a greater role for the civilian security police, Investigaciones, in anti-drug operations. [138] In 1992, a surveillance center with 24-hour scanning devices was uncovered in downtown Santiago. It was run by an active army intelligence unit (DINE, incorporating former members of the secret police, the CNI) and, among other incidents, was found to have tapped into presidential candidate Sebastian Pinera’s cellular phone [139] and taped the calls of President Patricio Aylwin. [140] The Army admitted to tapping telephones in order to comply with its mission, but reaffirmed that it "does not tap phones in an attempt to interfere with peoples' privacy."[141] The scandal provoked the retirement of General Ricardo Contreras, head of the Army Telecommunications Command. [142]

Chile signed the American Convention on Human Rights on 20 August 1990. 

People’s Republic of China

There are limited rights to privacy in the Chinese Constitution. Article 37 provides that the “freedom of the person of citizens of the People's Republic of China is inviolable,” and Article 40 states: Freedom and privacy of correspondence of citizens of the People's Republic of China are protected by law. No organization or individual may, on any ground, infringe on citizens' freedom of privacy of correspondence, except in cases where to meet the needs of state security or of criminal investigation, public security or prosecutorial organs are permitted to censor correspondence in accordance with procedures prescribed by law.” [143]

There is no general data protection law in China and few laws that limit government interference with privacy. China has a long-standing policy on keeping close track of its citizens. According to expert W.J.F. Jenner, “Chinese states by the fourth century BC at latest were often remarkably successful in keeping records of their whole populations so that they could be taxed and conscripted. The state had the surname, personal name, age and home place of every subject and was also able to ensure that nobody could move far from home without proper authorization.” [144]

Concerns with the growing use of the Internet has led to technical and legal restrictions. With the assistance of American companies such as Bay Networks, China has developed a “Great Firewall” which limits traffic to the Internet outside China to only three gateways. [145] The firewall also blocks some western news web sites such as the BBC, New York Times and the Voice of America. In February 1999, the government announced the creation of the State Information Security Appraisal and Identification Management Committee which according to the official Xinhua state news agency “will be responsible for protecting government and commercial confidential files on the Internet, identifying any net user, and defining rights and responsibilities... The move is intended to guard both individual and government users, protect information by monitoring and keep them from being used without proper authorization.” [146] In December 1998, a Chinese businessman was handed a two-year jail sentence for subversion for supplying 30,000 e-mail addresses of Chinese computer users to a U.S.-based electronic dissident magazine. [147]

Under Article 7 of the Computer Information Network and Internet Security, Protection and Management Regulations “the freedom and privacy of network users is protected by law. No unit or individual may, in violation of these regulations, use the Internet to violate the freedom and privacy of network users.”[148] Article 8 states that “units and individuals engaged in Internet business must accept the security supervision, inspection, and guidance of the public security organization. This includes providing to the public security organization information, materials and digital document, and assisting the public security organization to discover and properly handle incidents involving law violations and criminal activities involving computer information networks.”[149] Articles 10 and 13 stipulate that Internet account holders must be registered with the public security organization and lending or transferring of accounts is strictly prohibited. Sections 285 to 287 of the Criminal Code prohibit intrusions into computer systems and punish violations of the regulations. There were news reports in June 1999 that the Chinese government limited the import and use of the Intel Pentium III chip because of concern over the Processor Serial Number. [150]

The secrecy of communications is named in the constitution and in law but apparently with little effect. In practice authorities often monitor telephone conversations, fax transmissions, electronic mail, and Internet communications of foreign visitors, businessmen, diplomats, and journalists, as well as Chinese dissidents, activists, and others. [151] UK Prime Minister Tony Blair was reported to be upset by the bugging and wiretapping of his rooms during his state visit to China in October 1998. [152]

Postal enterprises and postal staff are prohibited from providing information to any organization or individual about users’ dealings with postal services except as otherwise provided for by law. [153] However, Article 21 of the Postal Law permits postal staff to examine, on the spot, the contents of non-letter postal materials. Mail handed in or posted by users must be in accordance with the stipulations concerning the content allowed to be posted; postal enterprises and their branch offices have the right to request users to take out the contents for examination, when necessary.

The Practicing Physician Law requires that doctors not reveal health information obtained during treatment. Doctors who violate the law face criminal penalties. In May of 1999, the Ministry of Health, with the approval of the State Council, published an administrative order declaring that personal information about HIV/AIDS sufferers be kept secret, and that the legal rights and interests of those people and their relatives should not be infringed. The Ministry of Health order asked all units and individuals who are in charge of diagnosis, treatment, and management work not to publish any personal information about HIV/AIDS sufferers, such as the name and the family address. [154]

Since 1984, all Chinese citizens over the age of 16 have been required to carry identification cards issued by the Ministry of Public Security. Identification cards include name, sex, nationality, date of birth, address and term of validity, of which there are three. Between the ages of 16 and 25, it is 10 years, between the ages of 25 and 45, it is 20 years and for those aged 45 and over it is permanent. In carrying out their duties public security organs have the right to ask citizens to show their ID cards. In handling political, economic and social affairs, which involve rights and interests, government offices, people’s organizations and enterprises may also ask citizens to show their ID cards. [155] Failure to register for an identification card, forging or otherwise altering a residence registration, or assuming another person’s registration are all prohibited by law and punishable by fine. Failure to notify local authorities concerning visiting guests is also punishable by fine. [156] In 1997, the State Bureau of Technical Supervision began working on a new number system that will be used for Social Security and ID cards. [157] In December 1998, authorities began a test program requiring five hotels in Guangzhou to fax copies of the data of all customers to the Public Security Bureau to capture "unwanted elements." [158] 

Czech Republic

The 1993 Charter of Fundamental Rights and Freedoms provides for extensive privacy rights. Article 7(1) states, "Inviolability of the person and of privacy is guaranteed. It may be limited only in cases specified by law." Article 10 states, "(1) Everybody is entitled to protection of his or her human dignity, personal integrity, good reputation, and his or her name. (2) Everybody is entitled to protection against unauthorized interference in his or her personal and family life. (3) Everybody is entitled to protection against unauthorized gathering, publication or other misuse of his or her personal data." Article 13 states, "Nobody may violate secrecy of letters and other papers and records whether privately kept or sent by post or in another manner, except in cases and in a manner specified by law. Similar protection is extended to messages communicated by telephone, telegraph or other such facilities." [159]

The Act on Protection of Personal Data in Information Systems was adopted in 1992. [160] The Act regulates the protection of personal data for both government and private databases that are contained in an information system. The Act covers systems that contain personal information relating to race, nationality, political attitudes and membership, criminal records, health, sexuality and property. The Act requires that there be legal authority to collect information and limits use to the purpose for which it was established (unless another law provides otherwise.) Operators of systems must register. There is no independent oversight agency to enforce the Act. The Council of Ministers rejected a proposal by the Ministry of Economy to create an independent body in 1996, opting for a small office under the Council of Ministers.

The bill is considered weak and there have been a number of high profile scandals involving abuse of personal information. In 1992, the Interior Ministry sold the addresses of all children under the age of two and all women between 15 and 35 – a total of two million people – to Procter & Gamble. The company used the information for a direct marketing campaign for Pampers diapers and Always brands. One official was charged with violating the law. In 1995, Prague City Police Chief Rudolf Blazek admitted his men had access to information about criminal suspects that is by law available only to the Czech Republic Police. [161] In 1996, a black-market CD-ROM that listed all telephone numbers in the Czech Republic, including President Vaclav Havel's home number, appeared on the market. Also in 1996, Internet service providers handed over data about their users in response to a police investigation of a bomb found inside a ketchup bottle. Police believe the information was obtained from the Internet and were attempting to determine who accessed it. [162] A poll conducted in January 1997 found that seventy-nine percent of Czechs cite undisturbed privacy as a top personal priority [163] while one released in October 1998 found that 75 percent believe that their personal data is misused and two thirds consider data protection a serious problem. [164]

There are currently efforts to update the law as part of the Czech effort to join the European Union. The Office for the State Information System (USIS) has been appointed to develop a new data protection law and create a new data protection agency. [165] The Cabinet approved a draft information policy in May 1998 calling for data protection. In January 1999, the government announced its intention to adopt new legislation compatible with the E.U. Directive. [166] The draft Act on the Personal Data Protection and on the Competence of the Office Supervising the Personal Data Protection is currently being reviewed by the Government Legislation Council and is expected to be approved by the government in September or October 1999. The E.U. has been pressuring the Republic to move quicker in adopting new legislation. In February 1998, the European Commission set as a "medium term goal" for the Czech Republic to join the Union the establishment of an independent body for supervision of data protection. [167] In November 1998, the Commission was critical of the slow pace of adopting a new data protection law [168] and in April 1999, the European Parliament issued a resolution urging the Czech Republic to put more effort in adopting a new law on data protection.

Wiretapping is regulated under the criminal process law. [169] Police must obtain permission from a judge to conduct a wiretap. The judge can approve an initial order for up to six months. There are special rules for intelligence services. In 1996, the Czech secret service (BIS) was accused of monitoring politicians, civic and environmental groups such as Greenpeace, including the use of illegal wiretaps. [170] In 1993, Justice Minister Jiri Novak's telephone was reportedly tapped. A secret service employee found a bugging device in the ministry's central telephone switchboard in the middle of September 1993.

The Penal Code covers the infringement of the right to privacy in the definitions of criminal acts of infringement of the home [171], slander [172] and infringement of the confidentiality of mail. [173] There are also sectoral acts concerning statistics, medical personal data, banking law, taxation, social security and police data. Unauthorized use of personal data systems is considered a crime. [174]

The Parliament approved the Freedom of Information Law in May 1999. The law is based on the U.S. FOIA and provides for citizens access to all government records held by State bodies, local self-governing authorities and certain other official institutions, such as the Chamber of Lawyers or the Chamber of Doctors except for classified information, trade secrets or personal data. [175]

In April 1996, the Parliament approved a law that allows any Czech citizen to obtain his or her file created by the Communist-era secret police (StB). Non-Czech citizens are not allowed to access their records. The Interior Ministry holds 60,000 records but it is estimated that many more were destroyed in 1989. In October 1998, there was a controversy over the rumors that the records showed that former Vienna Mayor Helmut Zilk, who was about to receive an award from Czech President Vaclav Havel, was a collaborator with the StB. It was suspected that the Office for the Documentation and Investigation of the Crimes of Communism was the source of the documents.

The Czech Republic is a member of the Council of Europe but has not signed the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (ETS No. 108). [176] It has signed and ratified the European Convention for the Protection of Human Rights and Fundamental Freedoms. [177] It is a member of the Organization for Economic Cooperation and Development and has adopted the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.

Kingdom of Denmark

The Danish Constitution of 1953 contains two provisions relating for privacy and data protection. Section 71 provides for the inviolability of personal liberty. Section 72 states, "The dwelling shall be inviolable. House searching, seizure, and examination of letters and other papers as well as any breach of the secrecy to be observed in postal, telegraph, and telephone matters shall take place only under a judicial order unless particular exception is warranted by Statute." [178] The European Convention on Human Rights was formally incorporated into Danish law in 1992.

The central rules on data protection in Denmark are found in two Acts. The Private Registers Act of 1978 governs the private sector. [179] The Public Authorities’ Registers Act of 1978 governs the public sector. [180] The Private Registers Act not only regulates the registration and further processing of data on natural/physical persons, but also data on legal persons, such as private corporations. A bill for a new Data Protection Act to replace the above two Acts was debated by the Parliament, [181] but was not approved before the end of the session due to opposition from the conservative “Venstre” party, which felt that the legislation was not strong enough. The legislation will be introduced again in October when Parliament returns.

An independent agency, the Data Surveillance Agency (Registertilsynet), enforces both Acts. [182] The Agency supervises registries established by public authorities and private enterprises in Denmark. It ensures that the conditions for registration, disclosure and storage of data on individuals – and to a certain extent also on private enterprises – are complied with. It mainly deals with specific cases on the basis of inquiries from public authorities or private individuals, or cases taken up by the agency on its own initiative.

Wiretapping is regulated by the Penal Code. [183] Other pieces of legislation with rules relating to privacy and data protection include the Criminal Code of 1930, [184] Act on Video Surveillance, [185] the Administrative Procedures Act of 1985, [186] the Payment Cards Act of 1994, [187] and the Access to Health Information Act of 1993. [188] All citizens in Denmark are provided with a Central Personal Registration (CPR) number that is used to identify them in public registers.

The Access to Information Act and the Access to Public Administration Files Act [189] govern access to government records. There is currently an effort to replace the acts with a new law based on E.U. Directive 95/46.

Denmark is a member of the Council of Europe and has signed the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (ETS No. 108). [190] It has signed and ratified the European Convention for the Protection of Human Rights and Fundamental Freedoms. [191] It is a member of the Organization for Economic Cooperation and Development and has adopted the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.

Greenland

The original unamended Danish Public and Private Registers Acts of 1979 continue to apply within Greenland, a self-governing territory. The 1988 amendments that brought Denmark into compliance with the Council of Europe's Convention 108 do not apply to Greenland. Greenland is not part of the European Union and therefore has not adopted the E.U. Privacy Directive. Greenland's data protection requirements are much less stringent than those of Denmark and the other nations of the E.U.

Republic of Estonia

The 1992 Estonia Constitution recognizes the right of privacy, secrecy of communications, and data protection. Article 42 states, "No state or local government authority or their officials may collect or store information on the persuasions of any Estonian citizen against his or her free will." Article 43 states, "Everyone shall be entitled to secrecy of messages transmitted by him or to him by post, telegram, telephone or other generally used means. Exceptions may be made on authorization by a court, in cases and in accordance with procedures determined by law in order to prevent a criminal act or for the purpose of establishing facts in a criminal investigation." Article 44 (3) states, "Estonian citizens shall have the right to become acquainted with information about themselves held by state and local government authorities and in state and local government archives, in accordance with procedures determined by law. This right may be restricted by law in order to protect the rights and liberties of other persons, and the secrecy of children's ancestry, as well as to prevent a crime, or in the interests of apprehending a criminal or to clarify the truth for a court case."[192]

The Riigikogu, Estonia's Parliament, enacted the Personal Data Protection Act in June 1996. [193] The Act protects the fundamental rights and freedoms of persons with respect to the processing of personal data and in accordance with the right of individuals to obtain freely any information which is disseminated for public use. The Personal Data Protection Act divides personal data into two groups – non-sensitive and sensitive personal data. Sensitive personal data are data which reveal political opinions, religious or philosophical beliefs, ethnic or racial origin, health, sexual life, criminal convictions, legal punishments and involvement in criminal proceedings. Processing of non-sensitive personal data is permitted without the consent of the respective individual if it occurs under the terms that are set out in the Personal Data Protection Act. Processed personal data are protected by organizational and technical measures that must be documented. Chief processors must register the processing of sensitive personal data with the data protection supervision authority.

In April 1997, the Riigikogu passed the Databases Act. [194] The Databases Act is a procedural law for the establishment of national databases. The law sets out the general principles for the maintenance of databases, prescribes requirements and protection measures for data processing, and unifies the terminology to be used in the maintenance of databases. Pursuant to the Databases Act, the statutes of state registers or databases that were created before the law took effect must be brought into line with the Act within two years. The Databases Act also mandates the establishment of a state register of databases that registers state and local government databases, as well as databases containing sensitive personal data which are maintained by persons in private law. The chief processor of the register has the right to make proposals to the government, to the chief processors of various databases, and to the state information systems. He or she would also be responsible for coordinating authority with respect to the expansion, merger or liquidation of databases, interbase cross-usage, or the organization of data processing or data acquisition in a manner aimed at avoiding duplication of effort or substantially repetitive databases.

The Data Protection Department of the Ministry of Internal Affairs is the supervisory authority for the Personal Data Protection Act and the Databases Act. Currently there are only four staff members in the department – head of department, IT technology specialist, organizational specialist, and legal specialist. [195] The Legal Committee of Parliament exercises supervision over the Data Protection Supervision Authority. The Data Protection Department is currently developing legislation that would make it independent and bring the law in line with the E.U. Directive. [196]

According to Estonian press reports in November 1996, databases of the financial and police records of thousands of Estonians are easily available on the black market. The records were available on CD-ROM and sold for $4,000 each, and included details of individual’s bank loans and police files. [197]

On February 22, 1994, the Riigikogu adopted a law on electronic eavesdropping. The punishment for such activity is a fine and three years imprisonment for general surveillance activity, and five years imprisonment for special measures like opening correspondence or telephone bugging. [198] In May 16, 1996, the Estonian Intelligence Service started an inquiry on the involvement of former Vice Prime Minister Edgar Saavisar in a politically motivated wiretapping scandal. It eventually led to a change of government. [199] At the end of 1997, the intelligence service and parliament were continuing to investigate the Savisaar case. [200] There is a telecommunications bill that will adopt the E.U. telecommunications privacy directive and will take effect at the beginning of next year. A Digital Signature Law is also being drafted which will be introduced in1999.

Estonia is a member of the Council of Europe but has not signed the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (ETS No. 108). [201] Estonia has signed and ratified the European Convention for the Protection of Human Rights and Fundamental Freedoms. [202]

Republic of Finland

Section 8 of The Constitution Act of Finland states, "The private life, honor and home of every person shall be secured. More detailed provisions on the protection of personal data shall be prescribed by Act of Parliament. The secrecy of correspondence and of telephone and other confidential communications shall be inviolable. Measures impinging on the sphere of the home which are necessary for the protection of fundamental rights or the detection of crime may be prescribed by Act of Parliament. Necessary restrictions on the secrecy of communications may also be provided by Act of Parliament in the investigation of offenses which endanger the security of society or of the individual or which disturb domestic peace, in legal proceedings and security checks as well as during deprivation of liberty." [203]

The Personal Data Protection Act 1999 [204] went into effect on June 1, 1999. The law replaced the 1987 Personal Data File Act [205] to make Finnish law consistent with the E.U. Data Protection Directive.

The Data Protection Ombudsman (DPO) enforces the Act and receives complaints. The office conducted 450 complaints and 10 investigations in 1998. It also receives 5,000-8,000 requests for advice each year. [206] A Data Protection Board resolves disputes and hears appeals of decisions rendered by the DPO. It also determines if personal information can be exported. [207]

The Finnish government has enacted special ordinances that apply to particular personal data systems. These include those operated by the police such as criminal information systems, [208] the national health service, passport systems, population registers, farm registers, and the agency responsible for motor vehicle registration. [209]

Electronic surveillance and telephone tapping are governed by the Criminal Law. A judge can give permission to tap the telephone lines of a suspect if the suspect is liable for a jail sentence for crimes that are exhaustively listed in the Coercive Criminal Investigations Means Act. Transactional data of a suspect's telecommunications activity can be obtained if the suspect faces at least four months of jail. Electronic surveillance is possible, with the permission of the judge, if the suspect is accused of a drug related crime or a crime that can be punished with more than four years in jail. There were 12 orders for wiretapping in 1997. Although cases of political telecommunications eavesdropping are rare in Finland, there have been published reports that the Finnish military has either supported Western signals intelligence operations (via its large base at Santahamina on the outskirts of Helsinki), or acquiesced to a Swedish/U.S. eavesdropping collaborative effort from the Swedish embassy in downtown Helsinki. [210] In 1996, the PENET anonymous remailer was forced to shut down after Scientologists demanded that the identity of the users posting critical messages be revealed to the Church. The court order was later enjoined by the Court of Appeals. [211]

The Publicity (of Public Actions) Act will go into effect on December 1, 1999 replacing the Publicity of Official Documents Act of 1951. [212] It provides for a general right to access any document created by a government agency, or sent or received by a government agency, including electronic records. Finland is a country that has traditionally adhered to the Nordic tradition of open access to government files. In fact, the world's first freedom of information act dates back as far as the Riksdag's (Swedish Parliament) 1766 "Access to Public Records Act." This Act also applied to Finland, then a Swedish-governed territory. [213]

Aland Islands

The Parliament of the self-governing Aland Islands (Landsting) passed its own Data Protection Act in 1991 and independently ratified the Council of Europe's Convention 108. [216] Although the Aland Act makes reference to the Finnish Data Protection Act, there has always been some resistance by the Aland Swedish-speaking majority to following orders from Helsinki. Constitutionally, the Aland Parliament may nullify Finnish laws on its territory. [217]

French Republic

The right of privacy is not explicitly protected in the French Constitution of 1958. The Constitutional Court ruled in 1994 that the right of privacy was implicit in the Constitution. [218]

The Data Protection Act was enacted in 1978 and covers personal information held by government agencies and private entities. [219] Anyone wishing to process personal data must register and obtain permission in many cases relating to processing by public bodies and for medical research. Individuals must be informed of the reasons for collection of information and may object to its processing. Individuals have rights to access and to demand corrections. Fines and imprisonment can be imposed for violations. The law is currently being amended to make it consistent with the E.U. Directive. A report was issued in February 1998 by M. Guy Braibant setting out the plan for the changes. [220] The Interministerial Committee on the Information Society on January 19,1999 announced a legislative framework to protect exchanges and privacy. Under the framework, the law will be modified to incorporate the European directive in law and to strengthen the role of the CNIL. The committee also announced the relaxation of controls on encryption in France. [221]

The Commission Nationale de L'informatique et des Libertés (CNIL) is an independent agency which enforces the Data Protection Act and other related laws. [222] The Commission takes complaints, issues rulings, sets rules, conducts audits and issues reports. It reported in its 1998 annual report that it had registered 668,000 data processings since 1978. [223] It received 2,900 complaints (up 13% from 1997) and 1,115 written requests (up 35% from 1997) for advice in 1998. [224]

Electronic surveillance is regulated by a 1991 law that requires permission of an investigating judge before a wiretap is installed. The duration of the tap is limited to four months and can be renewed [225] There were 4,746 orders for national security taps and 1,684 renewals in 1998. [226] The number of taps has been between 4,500 and 4,800 since 1995. The number of judicial wiretaps for criminal cases declined from 11,453 in 1994 to 9,230 in 1997. The law created the Commission National de Contrôl des Interceptions de Sécurité, which sets rules and reviews wiretaps each year.

The European Court of Human Rights has ruled against France a number of times for violations of Article 8 of the Convention. The Court's 1990 decision in Kruslin v. France resulted in the enactment of the 1991 law. [227] Most recently, the court fined France FF 25,000 for wiretap law violations. [228] There have been many cases of illegal wiretapping, including most notably a long running scandal over an anti-terrorist group in the office of President Mitterand monitoring the calls of journalists and opposition politicians. [229] The CNCIS estimated that there were over 100,000 illegal taps conducted by private companies and individuals in 1996, many on the behalf of government agencies. A decree was issued in 1997 to limit the dissemination of tapping equipment. [230]

The tort of privacy was first recognized in France as far back as 1858 [231] and was added to the Civil Code in 1970. [232] There are additional specific laws on administrative documents, [233] archives, [234] video surveillance [235], correspondence [236], employment. [237] There are also protections incorporated in the Penal Code. [238]

There is currently a major debate over the creation of the STIC (Système de Traitement des Infractions Constatées). Civil rights groups in April 1999 called for the dismantling of database, an initiative by the Minister of Interior to merge police and other records.

Two laws in France provide for a right to access government records. [239] The Commission d’accèss aux documents administratifs is charged with enforcing the acts.

France is a member of the Council of Europe and has signed and ratified the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (ETS No. 108). [240] It has signed and ratified the European Convention for the Protection of Human Rights and Fundamental Freedoms. [241] It is a member of the Organization for Economic Cooperation and Development and has adopted the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.

Federal Republic of Germany

Article 10 of the Basic Law (amended 24 June 1968) states "(1) Privacy of letters, posts, and telecommunications shall be inviolable. (2) Restrictions may only be ordered pursuant to a statute. Where a restriction serves to protect the free democratic basic order or the existence or security of the Federation, the statute may stipulate that the person affected shall not be informed of such restriction and that recourse to the courts shall be replaced by a review of the case by bodies and auxiliary bodies appointed by Parliament." Attempts to amend the Basic Law to include a right to data protection were discussed after reunification when the constitution was revised and were successfully opposed by the then-conservative political majority. In 1983, the Federal Constitutional Court, in a case against a government census law, acknowledged formally an individual’s "right of informational self-determination" which is limited by the "predominant public interest." The central part of the verdict stated, "Who can not certainly overlook which information related to him or her is known to certain segments of his social environment, and who is not able to assess to a certain degree the knowledge of his potential communication partners, can be essentially hindered in his capability to plan and to decide. The right of informational self-determination stands against a societal order and its underlying legal order in which citizens could not know any longer who what and when in what situations knows about them." [242] This landmark court decision derived the "right of informational self-determination" directly from Article 2 of the German Constitution which declares protective personal rights (Persönlichkeitsrechte).

In Germany, the first data protection law was passed in the Land of Hessen in 1970. It was the first data protection law worldwide. In 1977, a Federal Data Protection Law followed, which was reviewed in 1990. [243] The general purpose of this law is "to protect the individual against violations of his personal right (Persönlichkeitsrecht) by handling person-related data." The law covers collection, processing and use of personal data collected by public federal and state authorities (as long as there is no state-regulation), and of non-public offices, as long as they process and use data for commercial or professional aims. Changes to the law to make it consistent with the E.U. Directive are currently being developed by the government. All of the 16 Länder have their own specific data protection regulations that cover the public sector of the Länder administrations.

The Federal Data Protection Commission (Bundesbeauftragter für den Datenschutz) is responsible for supervision of the Data Protection Act. [244] There are also commissions in each of the Länders who enforce the Länder data protection acts. [245] Supervision, however, is carried out for the private sector by the Land authority designated by the Land data protection law (usually the Land Data Protection Commissioner). In 1996, the Berlin Data Protection Commissioner reached an agreement with Citibank on the use of RailwayCards as Visa cards. The agreement may be an important precursor for transborder dataflows to the U.S. and other countries without privacy laws when the E.U. Directive goes into effect in October 1998. [246]

Wiretapping is regulated by the "G10-Law" and requires a court order for criminal cases. [247] In July 1999, the Supreme Court issued a decision on a 1994 law which authorizes warrantless automated wiretaps (screening method) of international communications by the intelligence service (BND) for purposes of preventing terrorism and the illegal trade in drugs and weapons. [248] The court ruled that the procedure did violate privacy rights protected by the Basic Law but that screening could continue as long as the intelligence service did not pass on the information to the local police and the Parliament must enact new rules by June 2001. It was reported that the BND has 1,400 operatives listening in on satellite communications. [249]

After a fiercely fought six-year political debate, a two-third majority of the German parliament eventually approved a change to Section 13 of the Constitution in April 1998, which makes it legal for police authorities to place bugging devices even in private homes (provided there is a court order). The change was the provision for the "Law for the enhancement of the fight against organized crime," which became effective on May 9.

In addition, wherever they deal with the handling of personal information on natural persons either directly or by amendments, nearly all German laws contain references to the respective data protection law or carry special sections on the handling of personal data that reflect the right to privacy. Most recently there have been a number of laws relating to communications privacy. The Telecommunications Carriers Data Protection Ordinance of 1996 protects privacy of telecommunications information. [250] The Information and Communication Services (Multimedia) Act of 1997 sets protections for information used in computer networks. [251] The Act also sets out the legal requirements for digital signatures. The German Federal Supreme Court ruled in March 1999 that Commerzbank AG could not include a clause in their contracts that clients agree to receive telephone "consulting." In April 1998, a law was passed that allows the Bundeskrimalamt to run a nationwide databank of genetic profiles related to criminal investigations and convicted offenders. One month later, the Bundesgrenzschutz, originally a para-military border police force, and now responsible among other tasks for railways and stations, received permission to check persons' identities and baggage without any concrete suspicion.

There is no general freedom of information act in Germany. The Land of Brandenberg adopted a freedom of information law in 1998 to allow citizen access to government records.[252] The act is enforced by the Information and Data Protection Commissioner. Since11990, a law allows for access to the files of the Stasi, East Germany's former security service, by individuals and researchers. The law created a Federal Commission for the Records of the State Security Services of the Former GDR (the Gauck Authority) which has a staff of 3,000 piecing together shredded documents and making files available. [253] There have been 1.6 million requests from individuals for access to the files and 2.7 million requests for background checks since the archives became available. [254] Many of the files were destroyed in 1989 but sometime in 1990, the U.S. Central Intelligence Agency was able to obtain the names, aliases and payment histories of 4,000 spies who worked in various countries for Stasi of informers from the Soviet Union. The U.S. Government is refusing to give the files to the German government, claiming that it would harm the people in the files. [255]

Germany is a member of the Council of Europe and has signed and ratified the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (ETS No. 108). [256] It has signed and ratified the European Convention for the Protection of Human Rights and Fundamental Freedoms. [257] It is a member of the Organization for Economic Cooperation and Development and has adopted the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.

Hellenic Republic (Greece)

The Constitution of Greece recognizes the rights of privacy and secrecy of communications. Article 9 states, "(1) Each man's home is inviolable. A person's personal and family life is inviolable. No house searches shall be made except when and as the law directs, and always in the presence of representatives of the judicial authorities. (2) Offenders against the foregoing provision shall be punished for forced entry into a private house and abuse of power, and shall be obliged to indemnify in full the injured party as the law provides." Article 19 states, "The privacy of correspondence and any other form of communication is absolutely inviolable. The law shall determine the guarantees under which the judicial authority is released from the obligation to observe the above-mentioned right, for reasons of national security or for the investigation of particularly serious crimes." [258]

The Law on the Protection of Individuals with regard to the Processing of Personal Data was approved in 1997. [259] Greece was the last member of the European Union to adopt a data protection law and its law was written to apply the E.U. Directive into Greek law.

The Protection of Personal Data Authority is an independent public authority set up under the law. Its mission is to supervise the implementation of the law and the other rulings pertaining to the protection of individuals against the processing of personal data. It also exercises other powers delegated to it from time to time.

The law requires that police wishing to conduct telephone taps must obtain court permission. [260] However, there are continuing reports of government surveillance of human rights groups, Orthodox religious groups, and activist members of minority groups by government agents who are conducting illegal wiretapping and interception of mail. [261] In June 1994, a parliamentary investigation committee recommended the indictment of former Prime Minister Mitsotakis and 30 persons from his administration on charges of wiretapping political opponents from 1989 to 1991. In January 1995, the Parliament voted to drop all charges against Mitsotakis, and the Supreme Court ordered the dismissal of other charges in April 1995. The late Greek Prime Minister Andrea Papandreou was also investigated for illegally wiretapping his political opponents. [262]

The law of 1599/1986 regulates the use of the Single Register Code Number (EKAM). [263] The number is the official national ID number for the population register, ID card, voting register, passport number, tax number, drivers license number, and other registers. Until the 1997 data protection law was enacted, this protected the privacy of information in those registers. There were major protests during the ratification of the Schengen Agreement for border controls and information sharing. According to news reports, police used tear gas to disperse a group of about 1,000 protesters, including Orthodox priests, when they tried to push their way into Parliament as the pact was being debated. [264] The European Parliament passed a resolution in 1993 calling on the Greek government not to place religion on its national ID cards. [265]

Law 1599/1986 is also a freedom of information act that provides citizens the right to access administrative documents created by government agencies.

Greece is a member of the Council of Europe and has signed and ratified the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (ETS No. 108). [266]

Greece has signed and ratified the European Convention for the Protection of Human Rights and Fundamental Freedoms. [267] Greece is a member of the Organization for Economic Cooperation and Development and has adopted the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.

[1]. Constitucion de la Nacion Argentina (1994), http://www.constitution.org/cons/argentin.htm.

[2]. S. 577/98, Ley de Protección de los Datos Personales, 26 November 1998. Also see S.0684/98, S.1582/98, S.1094/98, S. 277/98.

[3]. Argentina wars on the direct practice, Precision Marketing, January 11, 1999.

[4]. Law No. 24.745 of December 23, 1996, http://www.privacyexchange.org/legal/ppl/nat/argpending.html .

[5]. Decree No. 1616/96, Comment by Supreme Court of Argentina Comparative Law Research and Library Secretary.

[6]. Código Penal de la República Argentina, Art 153-157 http://www.codigos.com.ar/penal/indice.htm .

[7]. “Un fallo protégé la privacidad de los correos electrónicos,” Clarín Digital, April 13, 1999.

[8]. “Two army officers, others relieved of duty over intelligence scandal,” BBC Summary of World Broadcasts, May 1999.

[9]. Reuters News Service - Central and South America, January 29, 1990.

[10]. La Nacion, Buenos Aires, Sept. 8, 1996.

[11]. “Cavallo lashes out against corruption,” Latin American Weekly Report, October 31, 1996.

[12]. “Argentine candidate says own party men bugged him,” Reuters World Report, June 2, 1998.

[13]. “Argentine security services accused over phone tap,,” Reuters World Report, June 2, 1998.

[14]. United Nations, 19th Annual Report of the Human Rights Committee, A/50/40, 3 October 1995.

[15]. Código Civil, Art. 1071bis, incorporated by Law No. 21.173.

[16]. New York Times, June 10, 1996.

[17]. Business Wire, September 12, 1996.

[18]. See Pablo Andrés Palazzi, El derecho de acceso a la información pública en la ley N° 104 de la Ciudad Autónoma de Buenos Aires. REDI, Número 11 - Junio de 1999 http://publicaciones.derecho.org/redi/index.cgi?/N%FAmero_11_-_Junio_de_1999 .

[19]. See Janet Koven Levit, “The Constitutionalization of Human Rights in Argentina: Problem or Promise?” 37 Columbia Journal of Transnational Law 281.

[20]. The Commonwealth of Australia Constitution Act, http://www.republic.org.au/const/cconst.html .

[21]. Privacy Act 1988 (Cwth), http://www.austlii.edu.au/au/legis/cth/consol_act/pa1988108/longtitle.html .

[22]. The Data-matching program (Assistance and Tax) Act 1990. http://www.austlii.edu.au/au/legis/cth/consol_act/dpata1990349/ .

[23]. See http://www.privacy.gov.au/.

[24]. Letter from Bernard Silva, Office of the Federal Privacy Commissioner, August 6, 1999.

[25]. Telecommunications (Interception) Act 1979,

http://www.austlii.edu.au/au/legis/cth/consol_act/ta1979350/

[26]. Attorney General's Department, Report on the Telecommunications (Interception) Act for the year ending 30 June 1998.

[27]. Spy watchdog committee says new ASIO legislation, The Australian Associated Press, May 13, 1999.

[28]. Crimes Act, 1989 http://www.austlii.edu.au/au/legis/cth/consol_act/ca191482/s85zl.html

[29]. See http://www.austlii.edu.au/au/legis/cth/consol_act/ca191482/index.html#s85m .

[30]. See http://www.austlii.edu.au/au/legis/cth/consol_act/ta1997214 .

[31]. The Data-matching program (Assistance and Tax) Act 1990, http://www.austlii.edu.au/au/legis/cth/consol_act/dpata1990349/.

[32]. See http://www.acif.org.au/ccrp_wc1/.

[33]. Australian Associated Press, June 23, 1999.

[34]. See http://www.dms.dpc.vic.gov.au/ .

[35].See http://www.austlii.edu.au/au/legis/nsw/consol_act/papipa1998464/

[36].See http://www.lawlink.nsw.gov.au/pc.nsf/pages/

[37]. See http://www.austlii.edu.au/au/legis/act/consol_act/hraaa1997291/

[38]. See http://www.parliament.qld.gov.au/comdocs/legalrev/lcarc9.PDF

[39]. See the NSW Law Reform Commission's Issues Paper http://www.lawlink.nsw.gov.au/lrc.nsf/pages/IP12TOC and the ACIF Guideline on Participant monitoring at http://www.acif.org.au/.

[40]. Freedom of Information Act 1982 http://www.austlii.edu.au/au/legis/cth/consol_act/foia1982222/, Freedom of Information (Fees and Charges) Regulations 1982, http://www.austlii.edu.au/au/legis/cth/consol_reg/foiacr432/index.html , Freedom of Information (Miscellaneous Provisions) regulations 1982 http://www.austlii.edu.au/au/legis/cth/consol_reg/foipr612/index.html

[41]. For an overview of FOI laws in Australia and links to relevant government sites, see the University of Tasmania's FOI Review web pages at http://www.comlaw.utas.edu.au/law/foi/ .

[42]. Constitution of Austria http://www.uni-wuerzburg.de/law/au00t___.html.

[43]. Datenschutzgesetz – DSG, BGBl 1978/565 changed by 1981/314, 1982/228, 1986/370, 1987/605, 1988/233, 1989/609, 1993/91, 1994/79, 1994/632. See http://www.ad.or.at/office/recht/dsg.htm .

[44]. See http://www.parlinkom.gv.at/pd/pm/XX/I/his/016/I01613_.html

[45]. See Viktor Mayer-Schoenberger and Ernst Brandl, Datenschutzgesetz 2000, (Line Publishing Vienna, 1999).

[46]. § 149a to § 149p Strafprozeßordnung – StPO.

[47]. § 87 to § 101, Telekommunikationsgesetz – TKG, BGBl I 1997/100.

[48]. Financial Action Task Force on Money Laundering Issues: a Warning about Austrian Anonymous Savings Passbooks, February 11, 1999.

[49]. BGBl 1987/285 (15 May 1987).

[50]. Signed 28/01/81, Ratified 30/03/88, Entered into force 01/07/88, http://www.coe.fr/tablconv/108t.htm .

[51]. Signed 13/12/57, Ratified 03/09/58, Entered into force 03/09/58, http://www.coe.fr/tablconv/5t.htm .

[52]. Constitution of Belgium, http://www.fed-parl.be/constitution_uk.html .

[53]. Cour de Cassation, 26 September 1978.

[54]. Act concerning the protection of privacy with regard to the treatment of personal data files, December 8, 1992. http://www.law.kuleuven.ac.be/icri/papers/legislation/privacy/tabel/index.html .

[55]. La Sûreté de l'Etat trie 570.000 fiches individuelles, Le Soir, September 19, 1998.

[56]. Statewatch Bulletin, Vol. 5 No 6, November-December 1995.

[57]. Commission de la protection de la vie privée http://www.privacy.fgov.be/.

[58]. Email from Commission de la protection de la vie privée,July 1999.

[59]. loi de 30 juin 1994 relative à la protection de la vie privée contre les écoutes, la prise de connaissance et l'enregistrement de communications et de télécommunications privées.

[60]. Ecoutes : une pratique décevante et. flamande !Le résultat judiciaire des écoutes téléphoniques est médiocre. La Chambre va modifier la donne, Le Soir, December 12, 1997.

[61]. Chapitre 17, Loi modifiant la loi du 21 mars 1991 portant réforme de certaines entreprises publiques économiques afin d'adapter le cadre réglementaire aux obligations en matière de libre concurrence et d'harmonisation sur le marché des télécommunications découlant des décisions de l'Union européenne, 19 Decembre 1997.

[62]. Loi modifiant la loi du 30 juin 1994 relative à la protection de la vie privée contre les écoutes, la prise de connaissance et l'enregistrement de communications et de télécommunications privées, 10 Juin 1998.Le GSM en toute sécurité ? Pas sûr., Le Soir, 20 Feb. 1998.

[63]. La loi du 12 juin 1991 relative au crédit à la consommation. l'arrêté royal du 11 janvier 1993 modifiant l'arrêté royal du 20 novembre 1992 relatif à l'enregistrement par la Banque Nationale de Belgique des défauts de paiement en matière de crédit à la consommation.

[64]. La loi du 15 janvier 1990 relative à l'institution et à l'organisation d'une banque-carrefour de la sécurité sociale. Modified by la loi du 29 avril 1996.

[65]. la loi du 30 juillet 1991.

[66]. La loi du 8 août 1993: le registre national.

[67]. Article 458 of the Penal Code.

[68]. See Roger Blanpain, Employee Privacy Issues: Belgian Report, 17 Comp. Lab. L. 38, Fall 1995.

[69]. 11 avril 1994 relative à la publicité de l'administration Law, la loi du 12 novembre 1997 relative à la publicité de l'administration dans les provinces et les communes.

[70]. COMMISSION COMMUNAUTAIRE COMMUNE DE BRUXELLES-CAPITALE, Ordonnance relative à la publicité de l'administration, 26 Juin 1997; Flanders law of 23.10.1991.

[71]. Signed 07/05/82, Ratified 28/05/93, Entered into Force 01/09/93, http://www.coe.fr/tablconv/108t.htm .

[72]. http://www.coe.fr/tablconv/5t.htm .

[73]. The Constitution of Brazil, 1988.

http://www.uni-wuerzburg.de/law/br00t___.html .

[74] Federal Senate Bill No. 61, 1996 (in English) http://www.privacyexchange.org/legal/ppl/nat/brazilpending.html .

[75]. Law No. 8078, September 11, 1990.

[76]. Law No. 7.232, October 29, 1984.

[77]. LEI Nº 9.507, DE 12 DE NOVEMBRO DE 1997.

[78]. Lei Nº 9.296, de 24 de Julho de 1996. Home Page ? .

[79]. “Brazil makes police phone-taps legal,” Reuters World Service, July 24, 1996.

[80]. “Is Abin behind Telegate?,” Latin America Weekly Report, June 8, 1999.

[81]. “Brazil vice-president claims his phone was tapped,,” Reuters North American Wire, September 9, 1992.

[82]. “’O Globo', Rio de Janeiro,” (in Portuguese) August 4, 1996, BBC Monitoring Service: Latin America, August 7, 1996.

[83]. “President transfers control of new intelligence agency to military,” Agencia Estado news agency, Sao Paulo, BBC Summary of World Broadcasts, April 11, 1996.

[84]. Reuters News Service, October 2, 1996.

[85]. SEJUP (Servico Brasileiro de Justica e Paz), Number 117, February 17, 1994.

[86]. Constitution of the Republic of Bulgaria of 13 July 1991, http://www.uni-wuerzburg.de/law/bu00t___.html.

[87]. http://europa.eu.int/comm/dg1a/agenda2000/en/opinions/bulgaria/b1.htm .

[88]. Art. 170-171 (1) (As amended - SG, Nos. 28/1982, 10/1993).

[89]. Telecommunications Law, Art. 5.

[90]. Bulgarian Helsinki Committee, Human Rights in Bulgaria in 1997.

[91]. “Security chief resigns: reportedly was to be dismissed,” BBC Summary of World Broadcasts, February 7, 1997.

[92]. Reuters World Service, December 19, 1996.

[93]. Insurance Law, Art.7 par. 1.

[94]. Social Assistance Law, Art. 32 par. 2.

[95]. Radio and Television Act, Articles 10, 15.

[96]. See http://www.bild.acad.bg/infaccss.htm .

[97]. RFE/RL NEWSLINE Vol. 3, No. 142, Part II, 23 July 1999

[98]. Signed 02/06/98, http://www.coe.fr/tablconv/108t.htm .

[99]. Signed 107/05/92, Ratified 007/09/92, Entered into force 07/09/92, http://www.coe.fr/tablconv/5t.htm .

[100]. http://canada.justice.gc.ca/Loireg/charte/const_en.html

[101]. Hunter v. Southam, 2 Supreme Court Reports 2 (1984) 159-60.

[102]. Privacy Act, c. P-21. http://canada.justice.gc.ca/stable/EN/Laws/Chap/P/P-21.html .

[103]. Privacy Commissioner of Canada, http://www.privcom.gc.ca

[104]. Privacy Commissioner, 1997-98 annual report, July 1998.

[105]. Bill C-54, Personal Information Protection and Electronic Documents Act

http://e-com.ic.gc.ca/english/privacy/632d1.html

[106]. For more information, see Industry Canada's website at http://strategis.ic.gc.ca/sc_mrksv/privacy/engdoc/homepage.html .

[107]. A list of state laws and commissions is available at http://infoweb.magi.com/~privcan/other.html .

[108]. http://www.cai.gouv.qc.ca/commiss.htm .

[109]. Criminal Code, c. C-46. ss. 184, 184.5, 193, 193.1.

[110]. Solicitor General Canada, Annual Report on the Use of Electronic Surveillance, 1997.

[111]. Radiocommunication Act, R.S.C. 1985, c. R-2, s. 9.

[112]. CHAPTER C-23, Canadian Security Intelligence Service Act, http://canada.justice.gc.ca/STABLE/EN/Laws/Chap/C/C-23.html

[113]. CSIS has wiretap green light, The Hamilton Spectator, October 1, 1997.

[114]. Telecommunications Act, 1993, c. 38, s. 39, s. 41.

[115]. Bank Act, c. 46, ss. 242, 244, 459.

[116]. Insurance Companies Act, s. 489, s. 607.

[117]. Trust and Loan Companies Act, s. 444.

[118]. Canada Pension Plan, R.S.C. 1985, c. C-8, s. 104.07.

[119]. Criminal Code, c. C-46, s. 487.01.

[120]. Immigration Act, S.C. 1985, c. I-2, s. 110.

[121]. Old Age Security Act, c. O-9, s. 33.01.

[122]. Young Offenders Act, C. Y-1, s. 38.

[123]. Corrections and Conditional Release Act, 1992, c. 20, s. 26, 142.

[124]. “88% of Canadians Oppose Banks Target-Marketing Insurance: Compas Poll,” Canada NewsWire, April 27, 1999.

[125]. “Beyond the Numbers: The Future of the Social Insurance Number System in Canada” May 1999 http://www.parl.gc.ca/InfocomDoc/36/1/HRPD/Studies/Reports/hrpdrp04-e.htm#TOC .

[126]. “Quebec hires DMR to study ID database,” Computing Canada, April 30, 1999.

[127]. “City Welfare Fingerprint Plan Flops,” The Toronto Star, May 21, 1999.

[128]. Human Rights Committee concludes sixty-fifth session held at headquarters from 22 March to 9 April, April 12, 1999.

[129]. Access to Information Act, C. A-1. http://canada.justice.gc.ca/STABLE/EN/Laws/Chap/A/A-1.html . (Annotated)

[130]. Information Commissioner of Canada, http://magi.com/~accessca/ .

[131]. See Alasdair Roberts, Limited Access: Assessing the Health of Canada's Freedom of Information Laws, April 1998. http://qsilver.queensu.ca/~foi/foi.pdf .

[132]. Constitution of Chile, 1980, http://www.georgetown.edu/LatAmerPolitical/Constitutions/Chile/chile97.html .

[133]. BOLETIN N° 896-07, Proyecto de ley sobre protección de la vida privada An English translation of an earlier version is available at http://www.privacyexchange.org/legal/ppl/nat/chilepending.html .

[134]. Chile: A Country Report, 1994: U.S. Library of Congress

[135]. “Chile's Ex-Dictator Tries to Dictate His Future Role,” The New York Times, February 1, 1998.

[136]. United Nations, Human rights committee concludes consideration of Chile's fourth periodic report, March 25, 1999.

[137]. Ley No.19.423

[138]. “Rows grow over security services,” Southern Cone Report, September 12, 1996.

[139]. “Television Nacional de Chile,” BBC Summary of World Broadcasts, September 26, 1992.

[140]. “Army's bugging centre uncovered,” Latin America Weekly Report, October 8, 1992.

[141]. “Navy, Air Force Deny Allegations of Telephone Tapping,” BBC Summary of World Broadcasts, September 28, 1992.

[142]. “Chile army to take action against servicemen involved in telephone-tapping case,” BBC Summary of World Broadcasts, November 27, 1992.

[143]. PRC Constitution from ChinaLaw Web - Constitution of the People’s Republic of China – 1993 (Adopted at the Fifth Session of the Fifth National People’s Congress and Promulgated for Implementation by the Proclamation of the National People’s Congress on December 4, 1982, as amended at the First Session of the Seventh National People’s Congress on April 12, 1988, and again at the First Session of the Seventh National People’s Congress on March 29,1993.) http://www.qis.net/chinalaw/prccon5.htm

[144]. W.J.F Jenner “China and Freedom” in Kelly & Reid, Asian Freedoms (Cambridge University Press, 1998).

[145]. Gary Chapman, “China Represents Ethical Quagmire in High-Tech Age,” Los Angeles Times, January 27, 1997.

[146]. “China forms information security oversight committee,” Xinhua News Agency, February 12, 1999.

[147]. “Beijing convicts Internet dissident; Businessman sold Chinese e-mail addresses,” The Washington Times, January 21, 1999.

[148]. Computer Information Network and Internet Security, Protection and Management Regulations

(Approved by the State Council on December 11, 1997 and promulgated by the Ministry of Public Security on December 30, 1997) http://www.usembassy-china.gov/english/sandt/index.html

[149]. Charles D. Paglee, Chinalaw Web - Computer Information Network and Internet Security, Protection and Management Regulations (last modified April 7, 1998) http://www.qis.net/chinalaw/prclaw54.htm

[150]. Guangming Daily newspaper, Wednesday, June 30, 1999 http://jya.com/cn-p3-peril.htm

[151]. U.S. Department of State, Bureau of Democracy, Human Rights, and Labor, China Country Report on Human Rights Practices for 1998, February 26, 1999 http://www.state.gov/www/global/human_rights/1998_hrp_report/china.html , Amnesty International, 1999 World Report: China.

[152]. “Blair: I Never Want to Visit Beijing Again; Blair Claims He was Bugged by China's Secret Police,” The Mirror, October 12, 1998.

[153]. Chinalaw Computer-Assisted Legal Research Center Peking University – Postal Law of the People’s Republic of China (Adopted at 18th Meeting of the Standing Committee of the National People’s Congress, promulgated by Order No. 47 of the President of the People’s Republic of China on December 2, 1986, and effective as of January 1, 1987) CHINALAW No. 396

[154]. Xinhua news agency, Beijing, 20 May 1999.

[155]. Xinhua news agency, Beijing, in English, 7 May 1984, via BBC Summary of World Broadcasts; Regulations of the People’s Republic of China Concerning Resident Identity Cards (Adopted at the 12th Meeting of the Standing Committee of the Sixth National People's Congress, promulgated for implementation by Order No. 29 of the President of the People's Republic of China on September 6, 1985, and effective as of September 6, 1985) CHINALAW No. 304.

[156]. Chinalaw Computer-Assisted Legal Research Center Peking University – Regulations of the People’s Republic of China on Administrative Penalties for Public Security (Adopted at the 17th Meeting of the Standing Committee of the Sixth National People's Congress, promulgated by Order No. 43 of the President of the People's Republic of China on September 5, 1986, and effective as of January 1, 1987) CHINALAW No. 368

[157]. China: Numbering system aids social security, China Daily, November 27, 1997.

[158]. Guangzhou Hotels Send Personal Data on Guests To Police, Hong Kong Standard, 30 Dec 1998.

[159]. Charter of Fundamental Rights and Freedoms, 1993, http://www.psp.cz/cgi-bin/eng/docs/laws/charter.html .

[160]. Act of April 29, 1992 on Protection of Personal Data in Information Systems (No. 256/92).

[161]. “Information Protection Laws Must Be Passed Now,” The Prague Post, January 11, 1995.

[162]. “Ketchup-Bottle Bomb Sparks Internet Privacy Row,” The Prague Post, September 25, 1996.

[163]. “Undisturbed Privacy Top Priority -- Poll, “CTK National News Wire, January 23, 1997.

[164]. “Most People Believe that their Personal Data is Misused– Poll,” CTK National News Wire, October 6, 1998.

[165]. The Czech Republic Government Resolution No. 467 of 1 July 1998 http://www.usiscr.cz/en/dokumenty/domaci/u1998_467.html

[166]. Resolution No. 70 of 27 January 1999.

[167]. E.U. Enlargement: What the Accession Agreements Contain, Country by Country, European Report, February 11, 1998.

[168]. E.U. warns applicants on slow preparations, Financial Times, November 5, 1998.

[169]. Article 88 of Criminal Process Law.

[170]. CTK National News Wire, November 8, 1996.

[171]. Penal Code, section 238.

[172]. Penal Code, section 206.

[173]. Penal Code, section 239.

[174]. Centre de Recherches Informatique et Droit, Legal Aspects of Information Services and Intellectual Property Rights in Central and Eastern Europe, Feb 1995.

[175]. “Freedom of info clears last hurdle,” The Prague Post, May 19, 1999.

[176]. See http://www.coe.fr/tablconv/108t.htm .

[177]. Signed 21/02/91, Ratified 18/03/92, Entered into Force 01/01/93. http://www.coe.fr/tablconv/5t.htm

[178]. Constitution of Denmark http://www.uni-wuerzburg.de/law/da00t___.html

[179]. Private Registers Act of 1978 (Lov nr 293 af 8 juni 1978 om private registre mv), in force 1 January 1979.

[180]. Public Authorities’ Registers Act of 1978 (Lov nr 294 af 8 juni 1978 om offentlige myndigheders registre), also in force 1 January 1979.

[181]. Behandling af personoplysninger Processing of personal data, Bet. 1345, 1997.

[182]. Home Page: http://www.registertilsynet.dk/eng/index.html.

[183]. Penal Code Section 263.

[184]. Borgerlig Straffelov.

[185]. Act No. 278 respecting the prohibiting against video surveillance by private persons, etc, 9 June 1982 (Lovtidende A, No. 44, 1982, p. 644).

[186]. lov nr 571 af 19 desember 1985 om forvaltning.

[187]. ovbekendtgørelse nr 811 af 12 september 1994 om betalingskort mv.

[188]. lov nr 504 af 30 juni 1993 om aktindsigt i helbredsoplysninger.

[189]. lov nr 572 af 19 desember 1985 om offentlighed i forvaltningen).

[190]. Signed 28/01/81, Ratified 23/10/89, Entered into Force 01/02/90, http://www.coe.fr/tablconv/108t.htm

[191]. Signed 21/02/91, Ratified 18/03/92, Entered into Force 01/01/93, http://www.coe.fr/tablconv/5t.htm

[192]. Constitution of Estonia, http://www.uni-wuerzburg.de/law/en00t___.html

[193]. Law on the protection of personal data (RT I 1996, 48, 944) http://www.sisemin.gov.ee/ako/eng/Personal%20Data%20Protection%20Act.html

[194]. Databases Act (RT* I 1997, 28, 423) http://www.sisemin.gov.ee/ako/eng/Databases%20Act.htm

[195]. Home Page: http://www.sisemin.gov.ee/ako/eng/about.html

[196]. http://www.sisemin.gov.ee/ako/eng/about.html

[197]. The Baltics Worldwide, Spring 1997.

[198]. Criminal Code article 134.

[199]. Deutsche Presse-Agentur, “Estonian intelligence begins probe into former premier Saavisar,” May 16, 1996.

[200]. http://www.state.gov/www/global/human_rights/1997_hrp_report/estonia.html .

[201]. http://www.coe.fr/tablconv/108t.htm

[202]. Ratified 14/05/93, Enacted 16/04/96, Entered into Force 16/04/96, http://www.coe.fr/tablconv/5t.htm

[203]. Constitution of Finland http://www.eduskunta.fi/kirjasto/Lait/constitution.html .

[204]. Personal Data Act (523/99).

[205]. Personal Data Files Act (Law No. 471/87).

[206]. Home Page: http://www.tietosuoja.fi/engl.html

[207]. http://www.tietosuoja.fi/engl.html

[208]. Criminal Records Act (770/93)

[209]. Jorma Kuopus, “Data Protection Regulatory System,” Data Transmission and Privacy, D. Campbell and J. Fisher, eds., (Netherlands: Martinus Nijhoff Publishers, 1994).

[210]. http://www.qainfo.se/~lb .

[211]. See http://www.penet.fi/injuncl.html .

[212]. Act 83/9/2/1951

[213]. Wayne Madsen, Handbook of Personal Data Protection (London: Macmillan; New York: Stockton Press, 1992).

[214]. Signed 10/04/91, Ratified 02/12/91, Entered into force 1/04/92, http://www.coe.fr/tablconv/108t.htm .

[215]. Signed 05/05/89, Ratified 10/05/90, Entered into force 10/05/90, http://www.coe.fr/tablconv/5t.htm .

[216]. Kuopus, ibid.

[217]. Madsen, op. cit.

[218]. Dècision 94-352 du Conseil Constitutionnel du 18 Janvier 1995.

[219]. Loi N° 78-17 du Janvier 1978 relative à l'informatique, aux fichiers et aux libertés. Journal officiel du 7 janvier 1978 et rectificatif au JO du 25 janvier 1978, modifiée par la loi n° 88-227 du 11 mars 1988, article 13 relative à la transparence financière de la vie politique (JO du 12 mars 1988), la loi n° 92-1336 du 16 décembre 1992 (JO du 23 décembre 1992) et la loi n° 94-548 du ler juillet 1994 (JO du 2 juillet 1994), http://www.cnil.fr/textes/text02.htm.

[220]. Guy Braibant, Donnees Personnelles et Societe De 'Information: Rapport au Premier Ministre sur la transposition en droit français de la directive no 95/46, le 3 mars 1998 Home Page

[221]. http://www.internet.gouv.fr/francais/index.html

[222]. Home Page: http://www.cnil.fr The web page contains extensive materials on the applications of the law and other international materials.

[223]. The CNIL's 18th Report 1998, Commission nationale de l'informatique, July 1999.

[224]. Ibid.

[225]. La loi n° 91-636 du 10 juillet 1991 relative au secret des correspondances émises par la voie des télécommunications.

[226]. 7e rapport d' activité 1998, Commission national de contrôl des interceptions de sécurité, May 1999.

[227]. Kruslin v. France, 176-A, Eur. Ct. H.R. (ser. A) (1990).

[228]. la France condamnée par la Cour européenne des droits de l'homme, Le Monde, 27 Août 1998.

[229]. see Capitaine Paul Barril, Guerres Secrètes à L'Élysée, (Albin Michel, 1996), Francis Zamponi, Les RG à l'écoute de la France: Police et politique de 1981 à 1997, (La Découverte, 1998).

[230]. 5e rapport d' activité 1997, Commission national de contrôl des interceptions de sécurité, May 1998.

[231]. The Rachel affaire. Judgment of June 16, 1858, Trib. pr. inst. de la Seine, 1858 D.P. III 62. See Jeanne M. Hauch, Protecting Private Facts in France: The Warren & Brandeis Tort is Alive and Well and Flourishing in Paris, 68 Tul. L. Rev. 1219 (May 1994).

[232]. Civil Code, Article 9, Statute No. 70-643 of July 17, 1970.

[233]. Loi n° 78-753 du 17 juillet 1978 portant diverses mesures d'amélioration des relations entre l'administration et le public et diverses dispositions d'ordre administratif, social et fiscal. (Journal officiel du 18 juillet 1978, page 2851). http://www.cnil.fr/textes/text05.htm

[234]. Loi n° 79-18 du 3 janvier 1979 sur les archives (Journal officiel du 5 janvier 1979, page 43, rectificatif au journal officiel du 6 janvier 1979, page 55). http://www.cnil.fr/textes/text052.htm

[235]. Loi d'orientation et de programmation n° 95-73 du 21 janvier 1995 relative à la sécurité (Journal officiel du 24 janvier 1995, page 1249). http://www.cnil.fr/textes/text054.htm . Also see Décret n° 96-926 du 17 octobre 1996 relatif à la vidéo-surveillance pris pour l'application de l'article 10 de la loi n° 95-73 du 21 janvier 1995 d'orientation et de programmation relative à la sécurité (Journal officiel du 20 octobre 1996, page 15432). http://www.cnil.fr/textes/text055.htm and Circulaire du 22 octobre 1996 relative à l'application de l'article 10 de la loi n° 95-73 du 21 janvier 1995 d'orientation et de programmation relative à la sécurité (décret sur la vidéosurveillance) (Journal officiel du 7 décembre 1996, page 17835). http://www.cnil.fr/textes/text056.htm .

[236]. Code of Post and Telecommunications, L. 41.

[237]. Loi n° 92-1446 du 31 décembre 1992 relative à l'emploi, au développement du travail à temps partiel et à l'assurance chômage. (Journal officiel du 1er janvier 1993, page 19). http://www.cnil.fr/textes/text053.htm .

[238]. Penal Code, Article 368.

[239]. Loi no. 78-753 du 17 juillet 1978 de la liberté d’accès au documents administratifs; Loi no 79-587 du juillet 1979 relative à la motivation des actes administratifs et à l’amélioration des relations entre l’administration et le public.

[240]. Signed 28/01/81, Ratified 24/03/83, Entered into Force 01/10/85, http://www.coe.fr/tablconv/108t.htm .

[241]. Signed 04/11/50, Ratified 03/05/74, Entered into Force 03/05/74, http://www.coe.fr/tablconv/5t.htm .

[242]. BverfGE 65,1

[243]. Federal Act on Data Protection, 27 January 1977 (Bundesgesetzblatt, Part I, No 7, 1 February 1977), Amended 1990. http://www.datenschutz-berlin.de/gesetze/bdsg/bdsgeng.htm .

[244]. http://www.datenschutz-berlin.de/sonstige/behoerde/bundes.htm .

[245]. Links to the Ländesbeauftragten für den Datenschutz are available at http://www.datenschutz-berlin.de/sonstige/behoerde/ldbauf.htm

[246]. Dr.iur. Alexander Dix, Case Study: North America and the European Directive - The German RailwayCard: A model contractual solution of the "adequate level of protection" issue?, September 1996. http://www.datenschutz-berlin.de/sonstige/konferen/ottawa/alex3.htm .

[247]. "Gesetz zur Beschraenkung des Brief-, Post- und Fernmeldegeheimnisses - Gesetz zu Artikel 10 des Grundgesetzes (GG10)" (Law on restriction of the right of secrecy of letters, mail and telecommunication - Law applying to article 10 of the constitution). 13. August 1968 (G10 BGBl. I, p. 949) and was changed the last time by the bill of 28.10. 1994 (BGBl. I, p.3186ff) "Verbrechensbekaempfungsgesetz" ('Crime-fighting law').

[248]. http://www.uni-wuerzburg.de/glaw/bv093181.html .

[249]. German Phone Taps are Routine, The Independent, July 10, 1999.

[250]. Telecommunications Carriers Data Protection Ordinance (TDSV) As of: 12 July 1996 (Federal Law Gazette I p 982), Federal Ministry of Posts and Telecommunications. http://www.datenschutz-berlin.de/gesetze/medien/tdsve.htm .

[251]. Federal Act Establishing the General Conditions for Information and Communication Services - Information and Communication Services Act - (Informations- und Kommunikationsdienste-Gesetz - IuKDG) 13 June 1997 http://www.datenschutz-berlin.de/gesetze/medien/iukdge.htm . Also see Resolution of the Conference of Data Protection Commissioners of the Federation and the Länder of 29 April 1996 on key points for the regulation in matters of data protection of online services. http://www.datenschutz-berlin.de/sonstige/konferen/sonstige/old-res2.htm .

[252]. Akteneinsichts- und Informationszugangsgesetz (AIG), 1998

[253]. Web Site: http://www.snafu.de/~bstu

[254]. “Gauck reports steady flow of inquiries about stasi records,” The Week in Germany, July 16, 1999

[255]. "U.S.-Held Files Seen Uncovering E. German Spies." Reuters, February 4, 1999.

[256]. http://www.coe.fr/tablconv/108t.htm .

[257]. http://www.coe.fr/tablconv/5t.htm .

[258]. Constitution of Greece, Adopted: 11 June 1975, http://www.uni-wuerzburg.de/law/gr00t___.html

[259]. Law no. 2472 on the Protection of Individuals with regard to the Processing of Personal Data.

[260]. Law no 2225/94.

[261]. U.S. Department of State, Greece Country Report on Human Rights Practices for 1997, January 30, 1998. See also Greece Report, Human Rights Watch World Report, 1998.

[262]. Reuters World Service, November 20, 1996.

[263]. Law no 1599/1986 on the relationship of a new type of identification card and other provisions.

[264]. The Reuters European Community Report, June 10, 1997.

[265]. The Reuters European Community Report, April 23, 1993.

[266]. Signed 17/02/83, Enacted 11/08/95, Entered into Force 01/12/95, http://www.coe.fr/tablconv/108t.htm

[267]. Signed 28/11/50, Enacted 28/11/74, Entered into Force 28/11/74, http://www.coe.fr/tablconv/5t.htm