Article III of the 1987 Constitution protects the right of privacy. Section 2 states "The right of the people to be secure in their persons, houses, papers, and effects against unreasonable searches and seizures of whatever nature and for any purpose shall be inviolable, and no search warrant or warrant of arrest shall issue except upon probable cause to be determined personally by the judge after examination under oath or affirmation of the complainant and the witnesses he may produce, and particularly describing the place to be searched and the persons or things to be seized." Section 3 states: "(1) The privacy of communication and correspondence shall be inviolable except upon lawful order of the court, or when public safety or order requires otherwise as prescribed by law. (2) Any evidence obtained in violation of this or the preceding section shall be inadmissible for any purpose in any proceeding." Section 7 states: "The right of the people to information on matters of public concern shall be recognized. Access to official records, and to documents and papers pertaining to official acts, transactions, or decisions, as well as to government research data used as basis for policy development, shall be afforded the citizen, subject to such limitations as may be provided by law." [1]

There is no general data protection law but there is a recognized right of privacy in civil law. [2] Bank records are protected by the Bank Secrecy Act. [3] The Senate debated a proposal in March to force three million citizens to file an annual “Statement of Assets and Liabilities (SAL)” [4]

The Anti-Wiretapping Law requires a court order to obtain a telephone tap. [5] In April 1999, The National Bureau of Investigation and the Ombudsman started investigations after reports that police had tapped at least 3,000 telephone lines including top government officials, politicians, religious leaders, businessmen and print and television journalists. In May 1998, Director Gen. Santiago Alino, chief of the Philippine National Police, ordered an investigation of the alleged electioneering and illegal wiretapping activities by members of the National Police's Special Project Alpha (SPA). Matillano said that his office received information that the former SPA men had been using the office as their "monitoring center" against Vice-President Estrada's political opponents. Five recorders used to monitor wiretaps were found at the offices. [6] The House and the Senate held investigations in August 1997 after officials of the telephone company admitted that their employees were being paid to conduct illegal wiretaps. [7]

The Supreme Court ruled in July 1998 that Administrative Order No. 308, the Adoption of a National Computerized Identification Reference System, introduced by former President Ramos in 1996, was unconstitutional. The Court said that the order, "will put our people's right to privacy in clear and present danger . . . No one will refuse to get this ID for no one can avoid dealing with government. It is thus clear as daylight that without the ID, a citizen will have difficulty exercising his rights and enjoying his privileges." Government lawyers asked the court to reconsider its decision in August, [8] and President Joseph Estrada reiterated his support for the use of a national identification system in August 1998 stating that only criminals are against a national ID. [9] Justice Secretary Serafin Cuevas authorized the National Statistics Office (NSO) to proceed to use the population reference number (PRN) for the Civil Registry System-Information Technology Project (CRS-ITP) on August 14, claiming that it is not covered by the decision. [10]

The 1993 Constitution provides for extensive privacy, data protection and freedom of information rights. Article 2 states, “Every person has the right (5) to solicit necessary information without explanation of the reason and to obtain it from any public entity within the legal deadline for a fee involved in the mailing. Information involving intimate personal matters and that expressly excluded by law or for reasons of national security from the foregoing. Banking secrecy and of tax returns may be withdrawn upon the injunction of a judge, the Attorney General of the National, or a congressional investigation committee, in accordance with the law and as long as they are related to the case being investigated. (6) To the news services, whether computerized or not, public or private, not to disclose information relating to personal or family matters. (7) To honor and good reputation, to privacy in personal or family matters, as well as to a person’s own expressions, and visual representations. Any person affect by inaccurate or damaging allegations in any communication media is entitled that the latter rectify it free of charge, immediately and to proportional degree, without prejudice to any liabilities under the law . . . (9) To secrecy and the inviolability of communications and private documents. Communications, telecommunications, or instrumentalities may be opened, impounded, intercepted, or examined only on the basis of an order by a judge, subject to the guaranties provided by law. The reason underlying such investigation is to be kept secret from others. Private documents obtained in violation or this provision are not legally valid. Books, supporting evidence, and accounting and administrative records are subject to inspection or audit by the competent authority in accordance with the law. Measures taken in their respect may not include their removal or impoundment except by judicial order.” [11] Furthermore, Article 97 of Title I "provides that when the Congress of the Republic, through its commissions, wishes to carry out any type of investigation and to that end, the members of those commissions can be given access to any type of information, including secret bank accounts and the accounts of the person or enterprise being investigated and to the tax reserves, the type of information which they have not the authority to obtain, whether they are members of the legislative authority or not, is the information affecting personal privacy." The Constitution was amended in 1993 to include a “constitutional guarantee of habeas data” in Article 200, clause 6: “Proceedings for habeas data which are taken in the case of an act or omission on the part of an authority, official or individual that impairs or threatens rights and which relates to article 2, paragraphs 5, 6 and 7 of the Constitution.”

Article 154 of the Penal Code states that "a person who violates personal or family privacy, whether by watching, listening to or recording an act, a word, a piece of writing or an image using technical instruments or processes and other means, shall be punished with imprisonment for not more than two years."[12]

Article 151 of the Penal Code states "that a person who unlawfully opens a letter, document, telegram, radiotelegram, telephone message or other document of a similar nature that is not addressed to him, or unlawfully takes possession of any such document even if it is open, shall be liable to imprisonment of not more than 2 years and to 60 to 90 days' fine." [13] A sentence of not less than one year nor more than three years is to be given to any "person who unlawfully interferes with or listens to a telephone or similar conversation". Public servants guilty of the same crime must serve not less than 3 or more than 5 years and must be dismissed from their post. A person who unlawfully tampers with, deletes, or misdirects "the address on a letter or telegram", but does not open it, "is liable to 20 to 52 days' community service."

However, there have been constant abuses of wiretap authority by the government Peru's National Intelligence Service (Servicio Nacional de Inteligencia or SIN), headed by a close adviser to the president Vladimiro Montesinos. The SIN has conducted widespread surveillance and illegal phone tapping of government ministers and judges assigned to constitutional cases, beginning in the early 1990s. Army agents used sophisticated Israeli phone-tapping equipment to monitor telephone conversations, and copies of the conversations were delivered to Montesinos.[14] The SIN maintains close ties with the U.S. Central Intelligence Agency, including a covert assistance program to combat drug trafficking.[15] The SIN has allegedly conducted a nationwide surveillance campaign with the sole purpose of intimidating political opposition figures. In 1990, an opposition congressman’s house was blown up after he delivered a congressional report on domestic surveillance of opposition politicians, journalists, human rights workers and companies suspected of tax evasion. [16] In August, 1997 former UN Secretary General Javier Perez de Cuellar Monday filed charges against the SIN with the Peruvian Attorney General and the Inter-American Human Rights Commission for taping 1,000 conversations he made from his home telephone between October 1994 and August 1995 while he ran for President against Alberto Fujimori. [17] President Fujimori absolved the SIN of the accusations against it, asserting that private individuals with commercial scanners had carried out the wiretapping. [18] The allegations prompted the resignation of the Defense Minister and a special prosecutor was appointed to investigate the incident.[19] The Defense Commission's three-month inquiry confirmed accusations of the widespread phonetapping but concluded that there was no evidence the intelligence services carried out the spying.[20] A Member of Congress and several journalists filed a suit on grounds that their constitutional rights had been violated (an acción de amparo), and to put an end to the tapping of their telephone calls.[21]

The Organic Law of the National Identification Registry and Civil Society (1995) created an autonomous agency which may “collaborate with the exercise of the functions of pertinent political and judicial authorities in order to identify persons” but is “vigilant regarding restrictions with respect to the privacy and identity of the person” and “guarantees the privacy of data relative to the persons who are registered.” The Law also requires all persons to carry a National Identity Document featuring a corresponding number, photograph and fingerprint.[22] The court must provide all personal data kept on file at the Public Registry upon request within 15 days. [23]

Freedom of information is constitutionally protected under the right of habeas data. The first case to test the habeas data clause, which reviewed clause 7 of Article 2, was brought in the criminal court system in January 1994. The Supreme Court ruled in March 1994 that the case should not have been brought in the criminal courts, nullified all previous decisions on the case, and ordered it resubmitted to the civil court system. [24] Several cases have allowed the courts to establish their jurisdiction over, and support for, habeas data. In 1996 the Supreme Court, citing clause 5 of Article 2 of the Constitution, ordered the Ministry of Energy and Mines to release environmental surveys of a private mining operation to the Peruvian Society of Environmental Rights. [25] Also in 1996, the Supreme Court sided with the Civil Labor Association against the General Director of Mining and ordered the release of an environmental impact study submitted by the Southern Perú Cooper Corporation.[26]

In May, 1994, Law N° 26301 was passed in order to set temporary legal standards for the legal application of habeas data. [27] The Law requires that all habeas data actions be notarized, although reasons for the requested action need not be given, and filed with the legal authority from which information or an action is desired. The Law sets out the time periods and procedures for taking actions under clauses 5, 6 and/or 7 of Article 2 of the Constitution. The Law was updated in June 1995 to give a right of action, provide greater access to records, and to limit its use as a means of censorship. [28]

Peru signed the American Convention on Human Rights on July 28, 1978, but withdrew from the jurisdiction of the American Court of Human Rights in July 1999.

The Polish Constitution recognizes the rights of privacy and data protection. Article 47 states, "Everyone shall have the right to legal protection of his private and family life, of his honor and good reputation and to make decisions about his personal life." Article 51 states, "(1) No one may be obliged, except on the basis of statute, to disclose information concerning his person. (2) Public authorities shall not acquire, collect nor make accessible information on citizens other than that which is necessary in a democratic state ruled by law. (3) Everyone shall have a right of access to official documents and data collections concerning himself. Limitations upon such rights may be established by statute. (4) Everyone shall have the right to demand the correction or deletion of untrue or incomplete information, or information acquired by means contrary to statute. (5) Principles and procedures for collection of and access to information shall be specified by statute." [29]

The Law on the Protection of Personal Data Protection was approved in October 1997 and took effect in April 1998. [30] The law is based on the European Union data protection directive. Under the Law, personal information may only be processed with the consent of the party, Everyone has the right to verify his or her personal records held by government agencies or private companies. Every citizen has the right to be informed whether such databases exist and who administers them; queries should be answered within 30 days. Upon finding out that data is incorrect, inaccurate, outdated or collected in a way that constitutes a violation of the Act, citizens will have the right to request that the data be corrected, filled in or withheld from processing. [31] Personal information cannot generally be transferred outside of Poland unless the country has “comparable” protections.

The Act is enforced by the recently created Bureau of Inspector General for the Protection of Personal Data. The Bureau maintains a register of data files and can make checks on the basis of a complaint or by random inspections. Another responsibility is to register databases. An inspector has the right to access data, check data transfer and security systems, and determine whether the information gathered is appropriate for the purpose that it is supposed to serve. [32] The office will monitor the activities of all central government, local government and private institutions, individuals and corporations. In its first year, the office received 402 complaints, of which it considered 258 and issued 15 decisions, issued 147 opinions on bills and ordinances, and conducted 19 site visits. It estimates that it will register between 100,000 and 150,000 databases by October 1999. [33] The Constitutional Tribunal ruled in March 1998 that requiring doctors to identify on sick leave certificates the disease of the patient violated the patients' right to privacy.

Interception of communications is regulated by the new code of penal procedure that took effect September 1, 1998. [34] The main difference between this and the previous code is that under the new regime, it is specified in the law in which cases tapping of communications is admissible. Telephones can be tapped only after the person in charge of the investigation has obtained permission from a court. In special instances, the prosecutor will have the right to authorize a wiretap, but the decision must be confirmed by a court within five days. [35] According to official data released by the Internal Affairs Ministry in 1995, wiretapping and correspondence control were ordered in approximately 3,000 instances. [36] In April 1999, Minister Janusz Palubicki admitted that the Office of State Security (UOP) had conducted surveillance of left and right political parties from 1992 until 1997. [37] An inquiry into the surveillance is ongoing. The Ministry of Justice has asked former Prime Ministers Waldemar Pawlak, Jozef Oleksy and Wlodzimierz Cimoszewicz to give testimony in the case. [38] The Sejm Committee on Special Services rejected the Military Information Services (WSI) bill in March 1999 saying that it failed to adequately restrict surveillance by military agencies. [39]

Controversy still surrounds efforts to create an expanded national id system. The Electronic Census System (PESEL) number, which has been issued since the mid-1970s, is the biggest collection of personal data in Poland. Every identity card contains a PESEL number, which is a confirmation of the owner's date of birth and sex. The system is fully computerized. A Tax Identification Number (NIP) is also being developed. This system will be fully computerized in the near future.

There is no general freedom of information act in Poland. A bill was introduced by the Unia Pracy (Union of Work) Party but they are no longer represented in the Parliament and no other party has stepped forward to advance the bill. Poland enacted The Classified Information Protection Act in January 1999 as a condition to entering NATO. [40] The act covers classified information or information collected by government agencies that disclosure “might damage interests of the state, public interests, or lawfully protected interests of citizens or of an organization.”

There have also been efforts to deal with the files and former employees of the communist era secret police. A law creating a National Remembrance Institute to allow victims of the communist era secret police access to records was approved by the Parliament in October1998. President Aleksander Kwasniewski vetoed the bill saying that it should allow all Poles access to the records but his veto was overridden and he later signed the bill. [41] The Screening Act, which allows a special commission to examine the records of government officials who might have collaborated with the secret police, was approved in June 1997 but was delaying until 1998. In November 1998, the Constitutional Tribunal ruled that the act was constitutional except for two provisions. As of January 1999, the Screening Department of the Appellate Court had received 23,460 screening statements from public officials. [42]

Poland is a member of the Council of Europe but has not signed the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (ETS No. 108). [43] Poland has signed and ratified the European Convention for the Protection of Human Rights and Fundamental Freedoms. [44] Poland is a member of the Organization for Economic Cooperation and Development and has adopted the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.

The Portuguese Constitution has extensive provisions on protecting privacy, secrecy of communications and data protection. Article 26 states, "(1) Everyone's right to his or her personal identity, civil capacity, citizenship, good name and reputation, image, the right to speak out, and the right to the protection of the intimacy of his or her private and family life is recognized. (2) The law establishes effective safeguards against the abusive use, or any use that is contrary to human dignity, of information concerning persons and families. (3) A person may be deprived of citizenship or subjected to restrictions on his or her civil capacity only in cases and under conditions laid down by law, and never on political grounds." Article 34 states, "(1) The individual's home and the privacy of his correspondence and other means of private communication are inviolable. (2) A citizen's home may not be entered against his will, except by order of the competent judicial authority and in the cases and according to the forms laid down by law. (3) No one may enter the home of any person at night without his consent. (4) Any interference by public authority with correspondence or telecommunications, apart from the cases laid down by law in connection with criminal procedure, are prohibited."

In 1997, Article 35 of the Constitutional was amended to give citizens a right to data protection. The new Article 35 states, “Use of Computers. 1.All citizens have the right of access to computerized data concerning themselves and may demand correction or updating of such data. They also have the right to know the final purpose to which such data will be put under the terms provided for by law. 2.The law defines the concept of personal data as well as the conditions applicable to its automated processing, linkage, transmission and use, and guarantees protection of such data, namely through the competent administrative body. 3.Computers may not be used to process data concerning philosophical or political beliefs, political party or trade union affiliations, religious faith, private life or ethnic origin except with the express consent of the data subject, or with authorization provided for in law and with non-discrimination guaranteed, or to process statistical data which is not individually identifiable. 4.Access to personal data by third parties is prohibited except in exceptional cases provided for in law. 5.It is prohibited to give citizens a unique national number. 6.Free access to public sector information networks is guaranteed for all, with the law defining the regime applicable to the crossborder flow of information and suitable ways of protecting personal and other data, the safeguarding of which is justified when in the national interest. 7.Personal data stored in manual file systems enjoys identical protection to that provided for in the previous numbers under the terms of the law.”

The 1998 Act on the Protection of Personal Data adopts the E.U. Data Protection requirements into Portuguese law. [45] It limits the collection, use and dissemination of personal information in manual or electronic form. It also applies to video surveillance or “other forms of capture, processing and dissemination of sound and images.” It replaces the 1991 Act on the Protection of Personal Data with Regard to Automatic Processing. [46]

The Act is enforced by the National Data Protection Commission (Comissão Nacional de Protecção de Dados - CNPD). [47] The Commission is an independent Parliament-based agency that registers databases, authorizes and controls databases, issues directives, and oversees the Schengen information system. [48] In 1997, the commission conducted 35 investigations, mostly banks and other financial institutions, information and business companies and filed seven complaints with the Attorney General’s Office. It also authorized 507 databases. [49] In June 1997, the Supreme Administrative Tribunal upheld the Commission in a case against a shoe company that used smart cards to control employees bathroom visits.

The penal code has provisions against unlawful surveillance and interference with privacy.[50] Evidence obtained by any violation of privacy, the home, correspondence or telecommunications without the consent of the interested party is null and void. [51] An inquiry was opened in October 1994 on illegal surveillance of politicians after microphones were discovered in the offices of a state prosecutor and several ministers. [52] The Portuguese government ordered cellular telephone companies to assist with surveillance in October 1996. [53]

There are also specific laws on the Schengen Information System, [54] computer crime, [55] and counseling centers. [56]

Law nº 65/93, of 26 August 1993 provides for access to government records in any form by any person. Documents can be withheld for “internal or external security”, secrecy of justice, and personal privacy. It is overseen by the Commission for Access to Administrative Documents (CADA) an independent Parliamentary agency. The CADA can examine complaints, provide opinions on access, and decide on classification of systems.

Portugal is a member of the Council of Europe and has signed and ratified the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (ETS No. 108).[57] It has signed and ratified the European Convention for the Protection of Human Rights and Fundamental Freedoms.[58] It is a member of the Organization for Economic Cooperation and Development and has adopted the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.

The Constitution of the Russian Federation recognizes rights of privacy, data protection and secrecy of communications. Article 23 states, "1. Everyone shall have the right to privacy, to personal and family secrets, and to protection of one's honor and good name. 2. Everyone shall have the right to privacy of correspondence, telephone communications, mail, cables and other communications. Any restriction of this right shall be allowed only under an order of a court of law." Article 24 states, "1. It shall be forbidden to gather, store, use and disseminate information on the private life of any person without his/her consent. 2. The bodies of state authority and the bodies of local self-government and the officials thereof shall provide to each citizen access to any documents and materials directly affecting his/her rights and liberties unless otherwise stipulated under the law." Article 25 states, "The home shall be inviolable. No one shall have the right to enter the home against the will of persons residing in it except in cases stipulated by the federal law or under an order of a court of law." [59] The Russian Supreme Court ruled in 1998 that regulations requiring individuals to register and obtaining permission from local officials before they could live in Moscow violated the Constitution. [60]

The Duma approved the Law of the Russian Federation on Information, Informatization, and Information Protection in January 1995. [61] The law covers both the government and private sectors and licenses the processing of personal information by the private sector. It prohibits the use of personal information to “inflict economic or moral damage on citizens.” The use of sensitive information (social origin, race, nationality, language, religion or party membership) is also prohibited. Citizens and organizations have the right of access to the documented information about them, to correct it and supplement it.

The Russian law does not establish a central regulatory body for data protection and it is not clear that it has been effective. The law specifies that responsibility for data protection rests with the data controllers. The law is overseen by the Committee of the State Duma on Information and Informatization and the State Committee on Information and Informatization under the Russian President Authority.

There are currently efforts by the two oversight committees to update the data protection law to make it more compliant with the Council of Europe's Convention 108 and the E.U. Directive.

Secrecy of communications is protected by the 1995 Communications Act. The tapping of telephone conversations, scrutiny of electric-communications messages, delay, inspection and seizure of postal mailings and documentary correspondence, receipt of information thereon, and other restriction of communications secrets are allowed only on the basis of a judicial decision. [62] The Law on Operational Investigation Activity regulates surveillance methods of the secret services and requires a warrant. [63] This law was amended in December 1998 by the State Duma: guarantees for the protection of privacy were stressed and additional controls imposed on prosecutors. Previously, there were numerous reports that the security services have conducted illegal wiretaps of politicians throughout Russia. In June 1998, it was publicly revealed that the Federal Security Service was drafting a ministerial act code-named SORM-2 (Systems for Ensuring Investigative Activity) that would require Internet Service Providers to install surveillance devices and high speed links to the Federal Security Service in their systems agencies which would allow police direct access to the communications of Internet users without a warrant. [64] By the end of summer 1999 this document was still not signed and published in open media but Russian secret services pressed on ISPs to install SORM systems as an alternative of loosing licenses. The only Russian provider that opposed the illegal wiretapping proposals was cut from Internet and is now under threat of being shut down. [65]

There are also privacy protections in the Civil Code [66] and the Criminal Code. [67] The United Nations Human Rights Committee expressed concerns over the state of privacy in Russia in 1995 and recommended the enactment of additional privacy laws. It noted: "The Committee is concerned that actions may continue which violate the right to protection from unlawful or arbitrary interference with privacy, family, home or correspondence. It is concerned that the mechanisms to intrude into private telephone communication continue to exist, without a clear legislation setting out the conditions of legitimate interference with privacy and providing for safeguards against unlawful interference . . . The Committee urges that a legislation be passed on the protection of privacy, as well as strict and positive action be taken to prevent violations of the right to protection from unlawful or arbitrary interference with privacy, family, home or correspondence." [68]

Law of the Russian Federation on Information, Informatization, and Information Protection also serves as a Freedom of Information law.

Russia is a member of the Council of Europe but has not signed and ratified the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (ETS No. 108). [69] It has signed and ratified the European Convention for the Protection of Human Rights and Fundamental Freedoms. [70]

Some of the twenty-two autonomous republics of the Russian Federation have constitutional provisions on privacy. In some cases, these republics claim that their constitutions take precedence within their territories over that of the Russian Federation.

The Act Regulating the Computerized Collection of Personal Data was enacted in 1983 and amended in 1995. [71] The Act applies to any computerized filing system or data bank, both private and public. It prohibits the collection of personal and confidential data through fraudulent, illegal or unfair means. It requires that information is accurate, relevant and complete. Any individual is entitled both to inquire whether his or her personal data have been collected or processed, to obtain a copy, and to require that inaccurate, outdated, incomplete or ambiguous data, or data whose collection, processing, transmission or preservation is forbidden, be rectified, integrated, clarified, updated or canceled. The creation of a data bank requires the prior authorization of both the State Congress (the Government) and the Guarantor for the Safeguard of Confidential and Personal Data. There are additional rules for sensitive information. Infringements can be punished by means of administrative sanctions or penalties. There were a number of Regency's Decrees issued under the 1983 Act that remained in force after the 1995 revisions. [72] The Regulation on Statistical Data Collection and Public Competence in Data Processing [73] regulates data processing within the Public Administration.

The Act is enforced by the Guarantor for the Safeguard of Confidential and Personal Data, a judge of the Administrative Court. The Guarantor can examine any claim or petition relating to the application of the above-mentioned law and pass judgment whenever the confidentiality of personal data is violated. His judgment can be appealed to a higher court. The release of information to other countries is conditioned on the prior authorization of the Guarantor, who must verify that the country to which confidential information is being transmitted ensures the same level of protection of personal data as that established in Sammarinese legislation.

San Marino is a member of the Council of Europe but has not signed or ratified the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (ETS No. 108). [74] It has signed and ratified the European Convention for the Protection of Human Rights and Fundamental Freedoms. [75]

The Singapore Constitution is based on the British system and does not contain any explicit right to privacy. [76] The High Court has ruled that personal information may be protected from disclosure under a duty of confidences. [77]

There is no general data protection or privacy law in Singapore. The government has been aggressive in using surveillance to promote social control and limit domestic opposition.[78] In 1986, then-Prime Minister and founder of modern Singapore Lee Kwan Yew proudly described his stance on privacy:

I am often accused of interfering in the private lives of citizens. Yet, if I did not, had I not done that, we wouldn’t be here today. And I say without the slightest remorse, that we wouldn’t be here, we would not have made economic progress, if we had not intervened on very personal matters – who your neighbor is, how you live, the noise you make, how you spit, or what language you use. We decide what is right, never mind what the people think. That’s another problem. [79]

In September 1998, the National Internet Advisory Board proposed an industry-based self-regulatory "E Commerce Code for the Protection of Personal Information and Communications of Consumers of Internet Commerce." [80] The code would oblige providers to ensure the confidentiality of business records and personal information of users, including details of usage or transactions, would prohibit the disclosure of personal information, and would require providers not to intercept communications unless required by law. The code would also limit collection and prohibit disclosure of personal information without informing the consumer and giving them an option to stop the transfer, ensure accuracy of records and provide a right to correct or delete data. The Code would be enforced by an industry-run Compliance Authority. Providers that were in compliance could use a "Privacy Code Compliance Symbol." The regulatory authority for the electronic medium in Singapore is the Singapore Broadcasting Authority (SBA). SBA is a statutory board under the Ministry of Information and the Arts (MITA).

In July 1998, the Singapore government passed three major bills concerning computer networks. They are the Computer Misuse (Amendment) Act, the Electronic Transactions Act and the National Computer Board (Amendment) Act. The CMA prohibits the unauthorized interception of computer communications. [81] The CMA also provides the Police with additional powers of investigations. Under the amended Act, it is now an offense to refuse to assist the Police in an investigation. Amendments also widened the provisions allowing the Police lawful access to data and encrypted material in their investigations of offenses under the CMA as well as other offenses disclosed in the course of their investigations. Such power of access requires the consent of the Public Prosecutor. The Electronic Transactions Act imposes a duty of confidentiality on records obtained under the act and imposes a maximum SG$10,000 fine and 12 month jail sentence for disclosing those records without authorization. Police has broad powers to search any computer to require disclose of documents for an offence related to the act without a warrant. [82]

Electronic surveillance of communications is governed by the Telecommunications Authority of Singapore (TAS). The government has extensive powers under the Internal Security Act and other acts to monitor anything that is considered a threat to "national security." The U.S. State Department in 1998 stated, "Divisions of the Government's law enforcement agencies, including the Internal Security Department and the Corrupt Practices Investigation Board, have wide networks for gathering information. It is believed that the authorities routinely monitor citizens' telephone conversations and use of the Internet. While there were no proven allegations that they did so in 1997, it is widely believed that the authorities routinely conduct surveillance on some opposition politicians and other critics of the Government." [83] All of the Internet Services Providers are operated by government-owned or government-controlled companies. [84] Each person in Singapore wishing to obtain an Internet account must show their national ID card to the provider to obtain an account. [85] ISPs reportedly provide information on users to government officials without legal requirements on a regular basis. In 1994, Technet – then the only Internet provider in the country serving the academic and technical community – scanned through the email of its members looking for pornographic files. According to Technet, they scanned the files without opening the mails, looking for clues like large file sizes. In September 1996, a man was fined US$43,000 for downloading sex films from the Internet. It was the first enforcement of Singapore's Internet regulation. The raid followed a tip-off from Interpol, which was investigating people exchanging pornography online. Afterwards, the SBA assured citizens that it does not monitor e-mail messages, chat groups, what sites people access, or what they download.[86] In 1999, the Home Affairs Ministry scanned 200,000 users of SingNet ISP at the request of the company looking for the “Back Orifice” program without telling the subscribers. The Telecommunications Authority of Singapore said that the ISP had violated no law but SingNet apologized for the scans and the National Information Technology Committee announced that it would create new guidelines. [87]

An extensive Electronic Road Pricing system for monitoring road usage went into effect in 1998. The system collects information on an automobile's travel from smart cards plugged into transmitters in every car and in video surveillance cameras. [88] The service claims that the data will only be kept for 24 hours and does not maintain a central accounting system. Video surveillance cameras are also commonly used for monitoring roads and preventing littering in many areas. [89] It was proposed in Tampines in 1995 that cameras be placed in all public spaces including corridors, lifts, and open areas such as public parks, car parks and neighborhood centers and broadcast on the public cable television channel. [90] A man was prosecuted under the Films Act in May 1999 for filming women in bathrooms. [91]

The Banking Act prohibits disclosure of financial information without the permission of the customer. [92] Numbered accounts can also be opened with the permission of the authority. The High Court can require disclosure of records to investigate drug trafficking and other serious crimes. The Monetary Authority of Singapore issued new “Know your customer” guidelines to banks in May 1998 on money laundering. Banks are required to “clarify the economic background and purpose of any transactions of which the form or amount appear unusual in relation to the customer, finance company or branch office concerned, or whenever the economic purpose and the legality of the transaction are not immediately evident. [93] Banks must report suspicious transactions to the MAS.

The 1992 Constitution provides for protections for privacy, data protection and secrecy of communications. Article 16 states "(1) The inviolability of the person and its privacy is guaranteed. It can be limited only in cases defined by law." Article 19 states "(1) Everyone has the right to the preservation of his human dignity and personal honor, and the protection of his good name. (2) Everyone has the right to protection against unwarranted interference in his private and family life. (3) Everyone has the right to protection against the unwarranted collection, publication, or other illicit use of his personal data." Article 22 states "(1) The privacy of correspondence and secrecy of mailed messages and other written documents and the protection of personal data are guaranteed. (2) No one must violate the privacy of correspondence and the secrecy of other written documents and records, whether they are kept in privacy or sent by mail or in another way, with the exception of cases to be set out in a law. Equally guaranteed is the secrecy of messages conveyed by telephone, telegraph, or other similar means." [94]

The Act on Protection of Personal Data in Information Systems was approved in February 1998. [95] The Act replaces the previous 1992 Czechoslovakian legislation (see Czech Republic report for information). The new act closely tracks the E.U. Data Protection Directive and limits the collection, disclosure and use of personal information by government agencies and private enterprises either in electronic or manual form. It creates duties of access, accuracy and correction, security, and confidentiality on the data processor. Processing of information on racial, ethnic, political opinions, religion, philosophical beliefs, trade union membership, health, and sexuality is forbidden. Transfers to other countries are limited unless the country has "adequate" protection. All systems are required to be registered with the Statistical Office of the Slovak Republic. [96] The Act creates a new office for a Commissioner for the Protection of Personal Data in Information Systems who will supervise and enforce the Act.

Under the Code of Criminal Procedure, the police are required to obtain permission from a court or prosecutor before undertaking any telephone tapping. [97] However, the communist-era secret police remain unreformed and there have been many public revelations of illegal wiretapping of opposition politicians, reporters and dissidents. [98] In 1997, the UN Human Rights Committee recommended that the government: "ensure control, by an independent judicial authority, of the interception of confidential communications – related to, for example, wire-tapping and protection of the right to privacy." [99]

There are also other legal protections. Article 11 of the Civil Code states "everyone shall have the right to be free from unjustified interference in his or her privacy and family life." There are also computer-related offenses linked with the protection of a person (unjustified treatment of a personal data). [100] The Slovak Constitutional Court ruled in March 1998 that the law allowing public prosecutors to demand to see the files or private correspondence of political parties, private citizens, trade union organizations and churches, even if this is not necessary for prosecution, was unconstitutional. Court chairman Milan Cic said this was "not only not usual, but opens the door to widespread violation of peoples’ basic rights and their right to privacy." [101]

Slovakia is a member of the Council of Europe but has not signed the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (ETS No. 108). [102] It has signed and ratified the European Convention for the Protection of Human Rights and Fundamental Freedoms. [103]

The 1991 Constitution recognizes many privacy rights. Article 35 on the Protection of the Right to Privacy and of Personal Rights states, "The physical and mental integrity of each person shall be guaranteed, as shall be his right to privacy and his other personal rights." Article 37 on the Protection of Privacy of Post and Other Means of Communication states, "The privacy of the post and of other means of communication shall be guaranteed. In accordance with statute, a court may authorize action infringing on the privacy of the post or of other means of communication, or on the inviolability of individual privacy, where such actions are deemed necessary for the institution or continuance of criminal proceedings or for reasons of national security." Article 38 on the Protection of Personal Data states, "The protection of personal data relating to an individual shall be guaranteed. Any use of personal data shall be forbidden where that use conflicts with the original purpose for which it was collected. The collection, processing and the end-use of such data, as well as the supervision and protection of the confidentiality of such data, shall be regulated by statute. Each person has the right to be informed of the personal data relating to him which has been collected and has the right to legal remedy in the event of any misuse of same." [104]

The Law on Personal Data Protection was enacted in 1990. [105] It broadly adopts the basic principles of the OECD Guidelines on the Protection of Privacy and the Council of Europe's Convention. Specifically, the law regulates the security of personal data in data files; restricts third-party access and use only upon the written consent of the data subject; provides for data subject access to his or her files; and permits the transfer of personal data to other countries only if the recipient country has guaranteed "full protection of personal data" to include that held on "foreign citizens." However, the Slovenian law merely provides for a somewhat nebulous "republican organ" oversight of personal data protection practices, and therefore is not compliant with the pan-European instruments on data protection, including the E.U.'s Privacy Directive.

Slovenia is in the process of amending its data protection law to be fully compliant with E.U. and COE requirements. This includes the establishment of a separate data protection office. Since Slovenia is one of the first of central and eastern European nations likely to join the E.U., it was told by European Internal Market Commissioner Mario Monti during his visit to Slovenia in May 1998, that "legislative adjustments" to its data protection law were required before the country could accede to E.U. membership. [106] Slovenia hopes to conclude its negotiations and enter the E.U. as a full member by the year 2002.

A judge's warrant must be issued prior to a house search or telephone tapping. A new Law on the Police was adopted in 1998 allows for surveillance to be authorized under special circumstances by a General Police Director.[107] In 1994, Parliament fired the country's defense minister, Janez Jansa, following claims that he tapped journalists' phones. [108] Defense Minister Tit Turnsek resigned in February 1998 after two military intelligence officers were arrested by Croatian authorities while driving a vehicle filled with electronic surveillance equipment. [109] The Law on National Statistics regulates the privacy of information collected for statistical purposes. [110]

Slovenia is a member of the Council of Europe and has signed and ratified the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (ETS No. 108). [111] It has also signed and ratified the European Convention for the Protection of Human Rights and Fundamental Freedoms. [112]

Section 14 of the South African Constitution of 1996 states, "Everyone has the right to privacy, which includes the right not to have – (a) their person or home searched; (b) their property searched; (c) their possessions seized; or (d) the privacy of their communications infringed." Section 32 states: "(1) Everyone has the right of access to – (a) any information held by the state, and; (b) any information that is held by another person and that is required for the exercise or protection of any rights; (2) National legislation must be enacted to give effect to this right, and may provide for reasonable measures to alleviate the administrative and financial burden on the state." [113] The interim Constitution contained an essentially similar provision to Section 14, in Section 13. [114] It is clear that both sections are written in a way that directly responds to the experiences during the apartheid era of gross interferences with peoples' right to privacy.

The South African Constitutional Court has delivered a number of judgments on the right to privacy relating to the possession of indecent or obscene photographs, [115] the scope of privacy in society, [116] and searches. [117] All the judgments were delivered under the provisions of the Interim Constitution as the causes of action arose prior to the enactment of the Final Constitution. However, as there is no substantive difference between the privacy provisions in the Interim and Final Constitutions, the principles remain authoritative for future application.

South Africa is currently in the process of adopting a comprehensive privacy and freedom of information law. The Open Democracy Bill was introduced in July 1998. [118] The bill covers both public and private sector entities and allows for access, rights of correction and limitations on disclosure of information. The bill would be enforced by the Human Rights Commission. This Bill is now before the Portfolio Committee on Justice, which has promised to hold public hearings on the final draft before sending the Bill to Parliament for tabling. Human Rights Commissioner Pansy Tlakula criticized the draft in July 1999 for not providing access to information held by private institutions or individuals. Parliament has a deadline of February 2000 to enact the bill.

South Africa does not have a privacy commission but has a Human Rights Commission which was established under Chapter 9 of the Constitution and whose mandate is to investigate infringements on and to protect the fundamental rights guaranteed in the Bill of Rights, and to take steps to secure appropriate redress where human rights have been violated.

The Interception and Monitoring Act of 1992 regulates the interception of communications. [119] This Act prohibits the interception of certain communications and the monitoring of certain conversations and also provides for the interception of postal articles and communications and for the monitoring of conversations in the case of a serious offense, or if the security of the country is threatened. In 1996, it was revealed that the South African Police Service was monitoring thousands of international and domestic phone calls without a warrant. [120] In November 1998, the South African Law Commission recommended changes to the Interception and Monitoring Act to facilitate monitoring of cellular phones and Internet Service Providers. [121]

There are no other specific pieces of legislation on general data protection law. Other than the Constitutional right to privacy, the South African common law protects rights of personality under the broad umbrella of the actio injuriarum. The elements of liability for an action based on invasion of privacy are the same as any other injury to the personality, namely an unlawful and intentional interference with another's right to seclusion and to private life.

The Cabinet approved a plan in March 1998 to issue a multi-purpose smart card that combines access to all government departments and services with banking facilities. This is part of the information technology strategy formulated by the Department of Communications to provide kiosks for access to government services. [122] In the long term, the smart card is intended to function as passport, driver's license, identity document and bank card. The driver's license will include fingerprints.

The Constitution recognizes the right to privacy, secrecy of communications and data protection. Article 18 states, "(1). The right of honor, personal, and family privacy and identity is guaranteed. (2) The home is inviolable. No entry or search may be made without legal authority except with the express consent of the owners or in the case of a flagrante delicto. (3) Secrecy of communications, particularly regarding postal, telegraphic, and telephone communication, is guaranteed, except for infractions by judicial order. (4) The law shall limit the use of information, to guarantee personal and family honor, the privacy of citizens, and the full exercise of their rights." [123]

The Spanish Data Protection Act (LORTAD) was enacted in 1992 and was based on an early draft of the E.U. Directive. [124] It covers automated files held by the public and private sector. The law establishes the right of citizens to know what personal data is contained in computer files and the right to correct or delete incorrect or false data. Personal information in an automated system may only be used or disclosed to a third party with the consent of the individual and only for the purpose for which it was collected. The government approved a bill revising the act to make it consistent with the E.U. Directive in July 1998. It is waiting to be approved by the Parliament.

The Agencia de Protección de Datos is charged with enforcing the LORTAD. [125] The Agency maintains the registry and can investigate violations of the law. The agency has issued a number of decrees setting out in more detail the legal requirements for different types of information. [126] It can also impose penalties. In June 1997, it fined Telefonica, the Spanish telephone company, 110 million pesetas for providing information from their subscriber database to banks, direct marketing companies and Reader's Digest. [127] The agency in 1997 registered 3,312 new databases, received 682 complaints, conducted over 10,000 telephone consultations, and issued 20 reports. [128] As of December 1997, 229,000 databases were listed in the Register.

Interception of communications requires a court order. [129] The 1997 Telecommunications Act amended the law and restricts the use of cryptography. [130] There have been a number of scandals in Spain over illegal wiretapping by the intelligence services. In 1995, Deputy Prime Minister Narcis Serra, Defense Minister Julian Garcia Vargas and military intelligence chief Gen. Emilio Alonso Manglano were forced to quit following revelations that they had monitored the conversations of hundreds of people, including King Juan Carlos. [131] In May 1999, Gen. Manglano, the former director of the CESID, and Col. Juan Alberto Perote, a former operations chief were convicted and sentenced to six months jail time for their role in the wiretappings. Five other ex-agents who did the actual surveillance were given four-month terms. [132]

There are also additional laws in the penal code, [133] and relating to credit information [134] video surveillance, [135] and automatic tellers [136].The Spanish Supreme Court ruled in March 1999 that a Spanish reporter who disclosed the initials of two AIDS-infected inmates working in a prison kitchen would be given a one-year suspended sentence, fined $26,000 and be barred from journalism for a year. [137]

The law of 30/26/11/1992 provides for access to government information if a legal interest is shown. It does not apply to computerized records.

Spain is a member of the Council of Europe and has signed and ratified the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (ETS No. 108). [138] It has signed and ratified the European Convention for the Protection of Human Rights and Fundamental Freedoms. [139] It is a member of the Organization for Economic Cooperation and Development and has adopted the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.

Sweden’s Constitution, which consists of several different legal documents, contains several provisions which are relevant to data protection. Section 2 of the Instrument of Government Act of 1974 [140] provides, inter alia, for the protection of individual privacy. Section 13 of Chapter 2 of the same instrument states also that freedom of expression and information – which are constitutionally protected pursuant to the Freedom of the Press Act of 1949 [141] – can be limited with respect to the "sanctity of private life." Moreover, Section 3 of the same chapter provides for a right to protection of personal integrity in relation to automatic data processing. The same article also prohibits non-consensual registration of persons purely on the basis of their political opinion. It is also important to note that the European Convention on Human Rights has been incorporated into Swedish law as of 1994. The ECHR is not formally part of the Swedish Constitution but has, in effect, similar status.

Sweden enacted the Personal Data Act of 1998 to bring Swedish law into conformity with the requirements of the EC Directive on data protection. [142] The new Act basically repeats what is set out in the EC Directive. This Act regulates the establishment and use, in both public and private sectors, of automated data files on physical/natural persons. The Act replaced the Data Act of 1973, which was the first comprehensive national act on privacy in the world. [143] The 1973 Act shall continue to apply until October 2001 with respect to processing of personal data which is initiated prior to October 24, 1998. Following some controversy over the application of the act to the Internet, the Data Inspection Board has proposed revision to the act to cover “harmless data” “if it is obvious that there is no risk of infringement of the privacy of the data subject.” This proposal will be introduced in the fall.

The Data Inspection Board (Datainspektionen) is an independent board that oversees the enforcement of the Data Act. [144] As of June 1999, under the new act, the board received 102 complaints and have made 28 investigations. In 1998, the board received 269 complaints according and conducted 199 investigations. In 1997, it received 250 complaints and made 302 investigations. There are 47, 921 registered databases. [145] The Board has been active in trying to limit the use of the personal identity number. [146] They are also pursuing a case against SABRE, the airline reservation system, for transferring medical information of passengers without adequate controls. The case is currently pending before the Supreme Administrative Court. Several lower courts have upheld the Board’s ruling.

Numerous other statutes also contain provisions relating to data protection. These include the Secrecy Act of 1980, [147] Credit Reporting Act of 1973, [148] Debt Recovery Act of 1974, [149] and Administrative Procedure Act of 1986. [150] A court order is required to obtain a wiretap. [151] The law was amended in 1996 to facilitate surveillance of new technologies. [152]

Over the past year, there has been increasing publicity and discussion about the fact that Sweden’s police/security services have carried out, over a long period, covert surveillance of a large number of Swedish citizens, mostly politically leftists, often on highly tenuous or trivial grounds. Pressure is mounting for an official Commission of Inquiry to be set up, similar to the Commission set up in Norway (see above), in order to investigate these surveillance practices, which were demanded by the United States as a condition to receiving military technology. Previously, it was also discovered that the Swedish statistical agency, Statistika, was monitoring 15,000 Stockholm residents born in 1953 in intimate detail. The information included statistics on drinking habits, religious beliefs, and sexual orientation. The DIB was not even aware of this program and subsequently ordered the destruction of the master tape containing the data. [153]

Sweden is a country that has traditionally adhered to the Nordic tradition of open access to government files. The world's first freedom of information act was the Riksdag's (Swedish Parliament) "Freedom of the Press Act of 1766." The Act required that official documents should “upon request immediately be made available to anyone making a request” at no charge. The Freedom of the Press Act is now part of the Constitution and decrees that “every Swedish citizen shall have free access to official documents.” Decisions by public authorities to deny access to official documents may be appealed to general administrative courts and ultimately, to the Supreme Administrative Court. The Parliamentary Ombudsman has some oversight functions for freedom of information.

Sweden is a member of the Council of Europe and has signed and ratified the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (ETS No. 108). [154] It has signed and ratified the European Convention for the Protection of Human Rights and Fundamental Freedoms. [155] It is a member of the Organization for Economic Cooperation and Development and has adopted the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.

Article 36(4) of the Constitution states, "The inviolability of the secrecy of letters and telegrams is guaranteed." [156]

The Federal Act of Data Protection of 1992 regulates personal information held by government and private bodies. [157] The Act requires that information must be legally and fairly collected and places limits on its use and disclosure to third parties. Private companies must register if they regularly process sensitive data or transfer the data to third parties. Transfers to other nations must be registered and the recipient nation must have equivalent laws. Individuals have a right of access to correct inaccurate information. Federal agencies must register their databases. There are criminal penalties for violations. There are also separate data protection acts for the Cantons (states). In June 1999, the E.U. Data Protection Working Party determined that Swiss law was adequate under the E.U. Directive. [158]

The Act creates a Federal Data Protection Commission. [159] The commission maintains and publishes the Register for Data Files, supervises federal bodies and private bodies, provides advice, issues recommendations and reports, and conducts investigations. The commissioner also consults with the private sector. Its most recent report, the Commission recommended that ISPs and Website hosts institute clear data protection policies. [160]

Telephone tapping is governed by the Penal Code and Penal Procedure Code amended by the 1997 Telecommunication Act. [161] A court order is required for every wiretap. A proposal to modify wiretapping and mail interception was introduced in July 1998. [162] There were 1,020 wiretaps authorized in 1996. [163] There have been numerous public revelations of illegal wiretapping. A 1993 inquiry found that phones used by journalists and ministers in the Swiss Parliament were tapped. [164] The Data Protection Commissioner also accused PTT, the state telephone company, of illegally wiretapping telephones. There were considerable protests in 1996 when it was revealed that the federal government was wiretapping journalists to discover their sources. Swiss President Arnold Koller described the taps as "excessive." [165] In December 1997, the newspaper Sonntags Zeitung reported that Swisscom, the Swiss telephone company, was tracking the location of cellular phone users and maintaining those records for an extended period. [166] The Data Protection Commissioner issued a report in July 1998. [167] A Department of Justice working group has been developing revisions for the legislation for several years and in 1999, the Privacy Commission withdrew its support after the working group expanded the number of offenses to include many minor offenses. [168]

Besides the Data Protection Act, there are also legal protections for privacy in the Civil Code [169] and Penal Code, [170] and special rules relating to workers' privacy from surveillance, [171] telecommunications information, [172] banking privacy, [173] health care statistics, [174] professional confidentiality including medical and legal information, [175] medical research, [176] police files, [177] and identity cards. [178] In 1989, a Parliamentary inquiry revealed that the Federal Police had collected files on about 900,000 people, most of whom were not suspected of having committed any offence.

Switzerland is a member of the Council of Europe and signed and ratified the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (ETS No. 108) in 1997. [179] Switzerland has signed and ratified the European Convention for the Protection of Human Rights and Fundamental Freedoms. [180] Switzerland is a member of the Organization for Economic Cooperation and Development and has adopted the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. Switzerland is not an E.U. member state but has been granted associate status.

Article 12 of the 1994 Taiwanese Constitution states: "The people shall have freedom of privacy of correspondence." [181]

The Computer-Processed Personal Data Protection Law was enacted in August 1995. [182] The Act governs the collection and use of personally identifiable information by government agencies and many areas of the private sector. The Act requires that "The collection or utilization of personal data shall respect the rights and interests of the principal and such personal data shall be handled in accordance with the principles of honesty and credibility so as not to exceed the scope of the specific purpose." Individuals have a right of access and correction, the ability to request cessation of computerized processing and use, and the ability to request deletion of data. Data flows to countries without privacy laws can be prohibited. [183] Damages can be assessed for violations. The Act also establishes separate principles for eight categories of private institutions: credit information organizations, hospitals, schools, telecommunication businesses, financial businesses, securities businesses, insurance businesses, mass media, and "other enterprises, organizations, or individuals designated by the Ministry of Justice and the central government authorities in charge of concerned end enterprises."

There is no single privacy oversight body to enforce the Act. The Ministry of Justice enforces the Act for government agencies. For the private sector, the relevant government agency for that sector enforces compliance. The Criminal Investigation Bureau (CIB) arrested several people in November 1998 for selling lists of more than 15 million voters and personal data of up to 40 million individuals in violation of the Act. [184]

Under the martial law-era Telecommunications Surveillance Act, permission for telephone tapping and other similar interferences with privacy of communications must be granted according to law. According to the Taiwan Association for Human Rights, "prosecutors appeared to have abused their eavesdropping power by authorizing law enforcement units to monitor more than 16,000 telephone calls in less than a year. Such behavior has constituted a serious infringement of people's privacy." [185] On July 26, 1997, the Independence Morning Post accused intelligence director Yin Tsung-wen of ordering the phone-tapping of National Assembly deputies who had opposed a proposal to modify the Constitution to eliminate the provincial government. The report said Yin passed on the phone-tapping order to a number of police and other intelligence agencies. [186] Article 315 of Taiwan's Criminal Code states that a person who, without reason, opens or conceals a sealed letter or other sealed document belonging to another will be punishable under the law. The TSA was amended in June 1999 to imposes stricter guideline on when and how wiretaps can be used.

Responding to public concern following repeated incidents of the filming and selling of videotapes of couples making love in motels, the Taiwanese Ministry of Justice has decided to revise the Criminal Code to impose stiffer penalties on those convicted of eavesdropping or making secret videos. A person found guilty of eavesdropping or making secret films without any business motives would be punished with a prison term of up to three years. [187]

In 1997, the Taiwanese government proposed a new national ID card called the "National Integrated Circuit (IC) Card.” The plan called for a smartcard based system with over 100 uses for the card including ID, health insurance, driver's license, taxation and possibly small-value payments. The card would be issued and operated by Rebar Corporation, a private company which would have set up and paid for the system on its own but would have kept any profits from its creation. The entire system was estimated to cost NTD 10 billion (USD 357 million). There were hearings to evaluate privacy concerns after protests about the plan arose. [188] Rebar withdrew from the project in November 1998 over costs and amid public protests. The government is now considered creating its own paper-based card, and may later transfer it to a private company for operation. [189] It is also now considering a smartcard-based system just for health information. [190]

Article 37 of the 1997 Constitution states, "Persons have the freedom to communication with one another by lawful means. Search, detention or exposure of lawful communication materials between and among persons, as well as actions by other means so as to snoop into the contents of the communications materials between and among persons, is prohibited unless it is done by virtue of the power vested in a provision of the law specifically for the purpose of maintaining national security or for the purpose of maintaining peace and order or good public morality." [191]

The National Information Technology Committee (NITC) approved plans in February 1998 for a series of information technology (IT) laws. Six sub-committees under the National Electronics and Computer Technology Centre (Nectec) are currently drafting laws on E-Commerce Law, EDI Law, Privacy Data Protection Law, Computer Crime Law, Electronics Digital Signature Law, Electronics Fund Transfer Law and Universal Access Law. The first three, the electronic commerce law, a digital signature law and the electronic fund transfer law are expected to be completed in 1999 and submitted to the Parliament. [192] The second group of laws is expected to be completed in 2000. A proposed Internet Promotion Act put forward by the Internet Society of Thailand in late 1997 that included censorship provisions generated intense opposition.

The Official Information Act was approved in 1997. [193] The Act sets a code of information practices on personal information system run by state agencies. The agency must ensure that the system relevant to and necessary for the achievement of the objectives of the operation of the State agency, make efforts to collect information directly from the person who is the subject, public material about its use in the Government Gazette, provide for an appropriate security system; notify such person if information is collected about them from a third party, not disclose personal information in its control to other State agencies or other persons without prior or immediate consent given in writing by the person except in limited circumstances, and provide rights of access, correction and deletion. A high level Official Information Board oversees the act.

Phone tapping is a criminal offense under the 1934 Telegraph and Telephone Act. [194] In 1996, Prime Minister Banharn introduced a bill that would give the Supreme Commander and the three armed forces chiefs the power to approve wire-tapping for national security reasons. It drew strong opposition from the chairman of the House justice and human rights committee, Witthaya Kaewparadai, who described the proposal as "irrational". The Bangkok Post described it as an "unsavory move". [195] Illegal wiretapping is common in Thailand. In April 1997, tapes and transcripts from wiretaps of Sanan Kachornprasart, the opposition party Democrat secretary-general, were found in the compound of Government House. [196] The Armed Forces Security Centre was accused of being behind the tapping. [197]

In June 1998, the Royal Thai Police Department asked Thai Internet service providers to adopt Caller-ID in order to keep a record of the telephone numbers and login information of people who access the network. Under the proposal, ISPs will be asked to record this information on their servers, and allow the police to access this information in the course of investigations of Internet-related crime. [198]

In 1997, Thailand began issuing a new national ID card with a magnetic strip. The computer system will be linked with other government departments including the Revenue Department, the Ministry of Foreign Affairs, the Ministry of Defense and the Office of the Narcotics Control Board. The government also plans to link the system with other governments to allow holders to travel in Asian countries without the need for a passport, using only the new card. Bank customers who carry the new ID card can use it as an ATM card as well. [199] In 1995, Control Data Systems was awarded a $11.5 million contract by the Bangkok Metropolitan Administration (BMA) project to install the Computerized National Census and Services Project. The system includes names, addresses, national ID card numbers, and census information such as birth and death records and address changes. It will be used for checking individual tax returns and compiling census statistics. [200] It is expected to be completed by next year for elections.

The Official Information Act also allows for citizens to obtain government information such as the result of consideration or a decision which has a direct effect on a private individual, work-plan, project and annual expenditure estimates, and manuals or order relating to work procedure of State officials which affects the rights and duties of private individuals. Individuals can appeal denials to an Information Disclosure Tribunal.

Section Five of the 1982 Turkish Constitution is entitled, "Privacy and Protection of Private Life." [201] Article 20 of the Turkish constitution deals with "Privacy of the Individual’s Life," and it states, "Everyone has the right to demand respect for his private and family life. Privacy of individual and family life cannot be violated. Exceptions necessitated by judiciary investigation and prosecution are reserved. Unless there exists a decision duly passed by a judge in cases explicitly defined by law, and unless there exists an order of an agency authorized by law in cases where delay is deemed prejudicial, neither the person nor the private papers, nor belongings of an individual shall be searched nor shall they be seized." Article 22 states, "Secrecy of communication is fundamental. Communication shall not be impeded nor its secrecy be violated, unless there exists a decision duly passed by a judge in cases explicitly defined by law, and unless there exists an order of an agency authorized by law in cases where delay is deemed prejudicial. Public establishments or institutions where exceptions to the above may be applied will be defined by law." There is a state of emergency is some areas of Turkey and Constitutional rights have been limited.

The Turkish Ministry of Justice is currently working on draft legislation on the Protection of Personal Data. The new proposals follow the Council of Europe’s 1981 Convention and the European Union Directive. The new proposals will cover the collection and processing of data by both public and private bodies. However, in this special draft legislation, the tendency is to put in penalties of administrative nature. Criminal penalties will be appearing under articles 193-196 of the draft Criminal Law. The new proposals would make it a criminal offense to collect and process data unlawfully or without consent with a maximum prison sentence of three years. In the draft law, it is considered a criminal offense to cause the data to be seized by others, to be deteriorated, or to be damaged as a result of failure to take the necessary security measures. A prison sentence of one to four years is contemplated for these offences. The draft Criminal Law also regulates the collection and processing of ethical characteristics, political, philosophical and religious opinions, races, union relationships, sexual lives and health conditions of individuals as criminal offenses unless permitted by laws. The prison sentence for violating the regulation is one to two years. The draft Criminal Law also considers the disclosure and delivery of personal data to unauthorized persons. Furthermore, failure to destroy the data required to be destroyed within a specific time period is a criminal offense with a prison sentence of 6 months to one year. The draft states that the above mentioned criminal offenses are applicable for all systems in which data is held and emphasizes the liability of legal entities. The new proposals discussed within the May 1998 E-Commerce Laws Working Party Report [202] emphasize both the importance of facilitating the collection and processing of personal data and the protection of personal data of individuals in the information age.

Within the Turkish national legislation, the protection of personal rights is regulated in the Civil Code. Pursuant to Article 24 of the Civil Code, an individual whose personal rights are violated unjustly may request from the judge protection against the violation. Individuals can bring action on violation of their private rights. However, there is no criminal liability for such violations of personal rights and currently there is no protection of personal data laws (through data protection laws or any other laws) under the current Turkish Criminal Code.

Articles 195-200 of the Turkish Criminal Code on the freedom of communications govern communication through letters, parcels, telegram and telephone. Despite the existing laws and regulations, the right to privacy and to private communications seem to be rather problematic in Turkey. According to Civaoglu, a columnist for the Turkish daily Milliyet: "Apart from the right of privacy of individuals being violated in Turkey, it would be correct to say that these rights are practically "raped" in Turkey." [203] Civaoglu’s strong words stemmed from the unregulated use of bugging devices within Turkey. His article describes how the former opposition leader Mesut Yilmaz (now the prime minister) was annoyed that his telephones were tapped and also that his house walls were bugged. According to acting Security Director Kemal Celik, all telephones in Turkey are bugged. The Turkish parliament’s telephone bugging committee, set up to investigate allegations of government phone taps, confirmed allegations that the Security Directorate listens in on all telephone communications, including cellular calls, according to a secret 50-page report documenting and confirming the bugging of telephones. [204] According to Celik’s report, selective secret bugging of phones in Turkey has enabled the Security Directorate to solve 33 assassination attempts since 1995. Numerous other incidents, including bombings and murders, have also been solved since indiscriminate and unregulated bugging of phones began in Turkey.

In 1990, a parliamentary commission on human rights was established with the power to monitor the human rights situation in Turkey and abroad. Currently, the commission consists of 25 parliamentarians, three consultants and four secretaries. Since its inception, the commission has taken up some 20 cases on its own initiative. Most of these cases relate to alleged violations of physical integrity [205] and it is unknown whether the Commission has dealt with any cases of individual privacy.

Turkey is a member of the Council of Europe and has accepted the Council’s monitoring mechanism. [206] Turkey has also been a member of the Organization for Economic Co-operation and Development since 1961.

The UK does not have a written constitution. In 1998, the Parliament approved the Human Rights Act that will incorporate the European Convention of Human Rights into domestic law, a process which will establish an enforceable right of privacy. [207] The Act will go into force in October 2000.

The Parliament approved the Data Protection Act (1998) in July 1998. [208] The legislation updates the 1984 Data Protection Act in accordance with the requirements of the European Union's Data Protection Directive. [209] The Act covers records held by government agencies and private entities. It provides for limitations on the use of personal information, access to records and requires that entities that maintain records register with the Data Protection Commissioner.

The Office of the Data Protection Commissioner is an independent agency that enforces the Act. [210] Under the previous act, a total of 225,000 organizations and businesses registered, [211] although this figure is believed to fall well short of the total number of entities that qualify to register. The Commission also received over 4,000 complaints in 1997-1998 and issued Guidance notes on homeworkers, financial service intermediaries and debt tracing.

There are also a number of other laws containing privacy components, most notably those governing medical records [212] and consumer credit information. [213] Other laws with privacy components include the Rehabilitation of Offenders Act, 1974, the Telecommunications Act 1984, the Police Act 1997, the Broadcasting Act 1996, Part VI and the Protection from Harassment Act 1997. Some of these acts are amended and may be repealed in part by the 1998 Data Protection Act. The Police and Criminal Evidence Act (1984) allows police to enter and search homes without a warrant following an arrest for any offense. And while police may not demand identification before arrest, they have the right to stop and search any person on the street on grounds of suspicion. Following arrest, a body sample will be taken for inclusion in the national DNA database. [214]

The privacy picture in the UK is mixed. [215] There is, at some levels, a strong public recognition and defense of privacy. Proposals to establish a national identity card, for example, have routinely failed. On the other hand, crime and public order laws passed in recent years have placed substantial limitations on numerous rights, including freedom of assembly, privacy, freedom of movement, the right of silence and freedom of speech. [216] There has been a proliferation of Closed Circuit Television (CCTV) cameras in hundreds of towns and cities in Britain. The camera networks can be operated by police, local authorities or private companies, and are partly funded by a Home Office grant. Their original purpose was crime prevention and detection, though in recent years the cameras have become important tools for city center management and the control of "anti social behavior". Between 150 million and 300 million pounds a year is spent expanding the web of 200,000 cameras covering public spaces in Britain [217], but despite the ubiquity of the technology, successive governments have been reluctant to pass specific laws to govern their use. Their use has come under greater criticism recently and recent research by the Scottish Centre for Criminology found that the cameras did not reduce crime, nor improved public perception of crime problems. [218]

The Interception of Communications Act of 1985 sets limitations on surveillance of telecommunications. Police can obtain telephone taps by obtaining a warrant signed by the Home Secretary. In 1998, 1,913 orders for intercepting telephone communications were approved, an increase of 25 percent from the previous year and nearly 400 percent over ten years. Telephone taps for national security purposes are authorized by the Foreign Minister. The law was amended in 1997 to allow bugging of homes with only the permission of a chief constable or police commissioner. A Special Commissioner will review these activities. [219] There were also 118 orders for interception of mail communications. The National Criminal Intelligence Service published a series of codes of practice on interception, surveillance, use of informants, undercover operations and use of intelligence materials in May 1999 to ensure adherence with the European Convention on Human Rights incorporation into UK law. [220] In June 1999, the Home Office issued a Consultation Paper on wiretapping proposing many changes to the existing law, including requiring Internet Service Providers facilitate wiretappings, lengthening the times for taps to three months and authorizing the use of roving wiretaps. [221] However, the report was silent on key areas such as judicial review of taps and public oversight.

There is a long history of illegal wiretapping of political opponents, labor unions and others in the UK. [222] In 1985, the European Court of Human Rights ruled that police interception of individuals’ communications was a violation of Article 8 of the European Convention on Human Rights. [223] The decision resulted in the adoption of the Interception of Communications Act 1985. Most recently, the European Court of Human Rights ruled in 1997 that police eavesdropping of a policewoman violated Article 8. [224] In the late 1970’s, M15, Britain’s security service, tapped the phones of many left-leaning activists including the future Secretary of State for Trade and Industry Peter Mandelson, and kept files on Jack Straw, now Home Secretary, and Harriet Harman, former Social Security Secretary, as well as Guardian journalist Victoria Brittain. The High Court issued an injunction against the Mail on Sunday preventing the publication of further revelations. In September 1998, it was revealed that there were secret talks between the Association of Chief Police Officers (ACPO) and representatives for Internet Service Providers (ISPs) with the aim of reaching a "memorandum of understanding" to give the police access to private data held by ISPs. [225]

In late 1997, a report commissioned by the European Parliament and prepared by the UK based research group Omega Foundation, confirmed that Britain was a key player in a vast global signals intelligence operation controlled by the U.S. National Security Agency (NSA). [226] According to the report, the U.S. and its UK partner, GCHQ, "routinely and indiscriminately" intercepted large amounts of sensitive data which had been identified through keyword searching. The eavesdropping was carried out from a number of spy bases in the UK, most notably the Menwith Hill base in the north of England. The report led to some concern in various European States, and on September 14, 1998, the European Parliament, in plenary session in Strasbourg, took the unprecedented step of openly debating the operation. A "compromise resolution" framed in the wake of the debate by the four leading parties called for greater accountability and "protective measures" over such intelligence gathering. [227]

There have been efforts for over 20 years to enact a Freedom of Information Law. A 1994 “Code of Practice on Access to Government Information” provides some access to government records but has 15 broad exemptions. Dissatisfied applicants can complain, via a Minister of Parliament, to the Parliamentary Ombudsman if their request is denied. [228] The government released a draft act for consultation in May 1999. [229] The draft act would allow for access to government records and would create an Information Commissioner to enforce the Act. However the bill provides for broad exemptions and is considered weaker than the existing code. The draft was strongly criticized by many politicians across the political spectrum and NGOs. The Campaign for Freedom of Information, Charter 88 and 23 other organizations started a campaign to strengthen the law in June 1999. Following the criticism, Home Secretary Jack Straw indicated a willingness to strengthen some of the provisions but a revised proposal has not yet been issued. The Scottish Parliament also promised to enact a stronger Freedom of Information Law as one of their first actions. Currently, there are several restrictions on FOI in UK law. The repressive Official Secrecy Act [230] is currently being used against journalist Tory Geraghty for his book “The Irish War”, which details surveillance techniques used in Northern Ireland and the UK by the police and intelligence services. [231]

The UK is a member of the Council of Europe and has signed and ratified the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (ETS No. 108) [232] along with the European Convention for the Protection of Human Rights and Fundamental Freedoms. [233] In addition to these commitments, the UK is a member of the Organization for Economic Cooperation and Development and has adopted the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.

Territories

The dependent territories of the Isle of Man, [234] Isle of Guernsey, and Isle of Jersey each have a data protection act and data protection commission.

There is no explicit right to privacy in the U.S. Constitution. The Supreme Court has ruled that there is a limited constitutional right of privacy based on a number of provisions in the Bill of Rights. This includes a right to privacy from government surveillance into an area where a person has a "reasonable expectation of privacy" [235] and also in matters relating to marriage, procreation, contraception, family relationships, child rearing and education. [236] However, records held by third parties such as financial records or telephone calling records are generally not protected unless a legislature has enacted a specific law. The court has also recognized a right of anonymity [237] and the right of political groups to prevent disclosure of their members' names to government agencies. [238]

The U.S. has no comprehensive privacy protection law for the private sector. The Privacy Act of 1974 protects records held by U.S. Government agencies and requires agencies to apply basic fair information practices. [239] Its effectiveness is significantly weakened by administrative interpretations of a provision allowing for disclosure of personal information for a "routine use" compatible with the purpose for which the information was originally collected. Limits on the use of the Social Security Number have also been undercut in recent years for a number of purposes.

There is no privacy oversight agency in the U.S. The Office of Management and Budget plays a limited role in setting policy for federal agencies and has not been particularly active or effective. The Federal Trade Commission has oversight and enforcement powers for the laws protecting consumer credit information and fair trading practices but has no authority to enforce privacy rights, other than those arising from fraudulent or deceptive trade practices. [240] The FTC has received thousands of complaints but issued opinions in only three cases. It has also organized a series of workshops and surveys, which typically show that industry protection of privacy on the Internet is poor, but the FTC has said that the industry should have more time to make self-regulation work.

A patchwork of federal laws covers some specific categories of personal information. [241] These include financial records, [242] credit reports, [243] video rentals, [244] cable television, [245] educational records, [246] motor vehicle registrations, [247] and telephone records. [248] However such activities as the selling of medical records and bank records, monitoring of workers, and video surveillance of individuals are currently not prohibited under federal law. There is also a variety of sectoral legislation on the state level that may give additional protections to citizens of individual states. [249] The tort of privacy was first adopted in 1905 and all but two of the 50 states recognize a civil right of action for invasion of privacy in their laws.

Surveillance of telephone, oral and electronic communications for criminal investigations is governed by the Omnibus Safe Streets and Crime Control Act of 1968 and the Electronic Communications Privacy Act of 1986. [250] Police are required to obtain a court order based on a number of legal requirements. Surveillance for national security purposes is governed by the Foreign Intelligence Surveillance Act that has less rigorous requirements. [251] The federal wiretap laws were amended by a controversial bill in 1994 that required telephone companies to redesign their equipment to facilitate electronic surveillance. [252]

There were 1,329 orders for interceptions for criminal purposes and 796 for national security purposes in 1998. [253] The use of electronic surveillance has more than tripled in the last ten years. The intelligence agencies have also pushed for more authority and funding to conduct surveillance of Internet communications, arguing that this is necessary to protect the nation’s infrastructure from “information warfare.” In July 1999, it was revealed that the FBI was pressing for the creation of a Federal Intrusion Detection Network (FIDNet) that would permit widespread monitoring of Internet traffic. [254]

There has been significant debate in the United States in recent years about the development of privacy laws covering the private sector. Over 100 bills on privacy protection were introduced in the previous Congress, including laws on genetic and medical records, Internet privacy, children's privacy and other issues. Only a provision on the collection of personal information from children on the Internet was approved. [255] The current position of the White House and the private sector is that self-regulation is sufficient and that no new laws should be enacted except for a limited measure on medical information. There are currently efforts in Congress to improve financial privacy by prohibiting banks from selling personal information of customers without permission but the proposal is strongly opposed by the banking industry. There is substantial activity in the states, particularly California, New York and Massachusetts, where comprehensive privacy bills for the private sector are now under consideration.

There have been a series of high-profile revelations about privacy invasions in the past year. The Michigan Attorney General sued several banks for revealing that they were selling information about their customers to marketers. Other banks across the country subsequently admitted that there were also selling customer records but many continue to do so. Intel and Microsoft developed products to secretly track the activities of Internet users and in the Microsoft case, TRUSTe, an industry-sponsored self-regulation watchdog ruled that the Microsoft practices did not violate their privacy seal program. [256] Thousands of pharmacies were discovered to be selling their patients’ records to Elenysis, a company which then sold the records to pharmaceutical companies.[257] The Federal Depository Insurance Company proposed new “Know Your Customer” rules that would have required banks to track their customers’ activities and inform the federal government of “unusual” transactions. The rules were withdrawn after over 250,000 people wrote the government, opposing the rules.

The Freedom of Information Act was enacted in 1966. [258] It allows for broad access to federal government records, except those held by the courts or the White House by any requestor. It was amended by the Electronic Freedom of Information Act in 1996 to specifically provide access to electronic records. There are also laws in all states on providing access to government records. [259]

The U.S. is a member of the Organization for Economic Cooperation and Development but has not implemented the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data in many sectors, including the financial sector and the medical sector. The 150 U.S. companies that signed the OECD Guidelines in 1981 do not appear to have kept their promises to enforce fair information practices once the threat of legislation faded in the early 1980s.

[1]. Constitution of the Republic of the Philippines, http://pdx.rpnet.com/consti/index.htm.

[2]. Cordero v. Buigasco, 34130-R, April 17, 1972, 17 CAR (2s) 539; Jaworski v. Jadwani, CV-66405, December 15, 1983.

[3]. Republic Act 7653

[4]. House Bill 5345

[5]. Republic Act 4300, June 19, 1965; Penal Code, Articles 290-292.

[6]. Balita News Service, May 7, 1998.

[7]. “Wiretapping probe,” BusinessWorld (Manila), August 26, 1997.

[8]. “Gov't lawyers ask Supreme Court to reconsider decision,” Businessworld, August 12, 1998.

[9]. “Erap wants nat'l ID system (Only criminals disagree with it, says the President),” Businessworld, August 12, 1998.

[10]. “Opinion Number 91. See Foundation laid for proposed nat'l ID, “Businessworld, August 14, 1998.

[11]. Political Constitution of Peru, 1993. Constitutions of the Countries of the World, January 1995.

[12]. The United Nations High Commissioner For Human Rights. Third periodic report of Peru : Peru. 21/03/95. CCPR/C/83/Add.1. Paragraph 260.

[13]. The United Nations High Commissioner For Human Rights. Third periodic report of Peru : Peru. 21/03/95. CCPR/C/83/Add.1. Paragraph 268.

[14]. “Former Agent Accuses Peru Spy Chief,” AP, March 17, 1998

[15]. 1998 Human Rights Watch Report, http://www.hrw.org/hrw/worldreport/Americas.htm

[16]. “As Lima Talks Hit Snag, Some Ex-Hostages Are Complaining,,” The New York Times, January 13, 1997

[17]. “Former U.N. chief charges Peru tapped his phone,” Reuters, Aug 4, 1997

[18]. “President Fujimori denies intelligence services behind phone-tapping,,” America Television, Lima, BBC Summary of World Broadcasts, July 19, 1997

[19]. “Peru defense head resigns in crisis,” Reuters, July 17, 1997.

[20]. “Peru Congress probe fails to catch phonetappers,” Reuters World Report, May 29, 1998.

[21]. International Freedom of Expression eXchange (IFEX) Clearing House (Toronto), July 21, 1997 http://www.ifex.org/alert/00002190.html.

[22]. LEY ORGANICA DEL REGISTRO NACIONAL DE IDENTIFICACION Y ESTADO

CIVIL, Ley No. 26497, July 11, 1995 http://www.congreso.gob.pe/ccd/leyes/cronos/1995/ley26497.htm .