European regulators launch privacy consultations
2. European Commission mulls internal
3. Hungary's privacy chief speaks out
against data protection law
4. Europe launches anti-spam initiative
5. Former Sonera executive face illegal
6. Choicepoint consumer data hacked
1. European regulators
launch privacy consultations
Earlier this month, the EU's Data Protection Working Party (an advisory
body to the European Commission) launched two public consultations
into the privacy implications of Radio Frequency Identification
(RFID) and digital rights management technologies.
In a report accompanying the RFID consultation, the Working Party
warned businesses that attempts to link RFID devices - smart ID
tags - with information on individuals could breach European data
protection legislation. RFID tags are currently being used for a
variety of purposes (eg. better management of retail supply chains,
aiding product recalls, or as anti-theft devices) but civil liberties
groups and privacy regulators have expressed concerns that the technology
could be used to track and profile individuals.
The Working Party suggested that organizations are likely to run
into legal difficulties unless consumers agree to have their details
linked in with RFID devices. "Under most of the scenarios where
RFID technology is used," said the report, "consent from individuals
will be the only legal ground available...to legitimize the collection
of information through RFID".
In a separate report, the Working Party suggested that attempts
to prevent online copyright theft of music, games and software present
serious privacy risks for Internet users. Industry is increasingly
turning to the use of digital rights management technologies (DRM)
to monitor and control access to copyright protected material. The
Working Party, however, raised serious questions over the use of
unique identifiers in DRM products that could be used to monitor
Internet users' activities. The Working Party urged industry to
build stronger privacy controls into new DRM technologies and argued
that Internet users should have the right to access protected information
on an anonymous basis.
Interested parties have until March 31st to submit their responses
to the two consultations.
here for more details on the consultation and the Working Party
2. European Commission
mulls internal privacy restructuring
The European Commission is considering moving its data protection
unit out of the remit of the Internal Market directorate and placing
it under the responsibility of the directorate for Justice and Home
Affairs. Speaking at the British Institute of International &
Comparative Law's data protection seminar on Tuesday, Niovi Ringou,
Deputy Head of the Commission's Data Protection Unit, said that
the outcome was still uncertain, but that the Commissioner's college
could reach a decision within the next month.
3. Hungary's privacy chief
speaks out against data protection law
Dr Attila Peterfalvi, the Parliamentary Commissioner for Data Protection
and FOI, has criticised Hungary's Data Protection Act, labeling
its regulations on overseas data transfers as excessive.
Speaking at a seminar held by the British Institute of International
& Comparative Law on Tuesday, Peterfalvi explained that data
transfer regulations were causing real problems for organizations
trying to move data outside the country.
"Our Act is simply bad," said Peterfalvi, adding that Hungary's
1992 privacy law "must be modified" to bring it further into line
with the EU Data Protection Directive.
Along with nine other Central and Eastern European countries involved
in last year's accession to the European Union, Hungary has had
to implement a number of changes to its national data protection
law. The data transfer rules, however, were not amended and require
organizations to go further than required under the European directive.
Peterfalvi explained that his office has presented a more pragmatic
solution before Parliament and is currently waiting approval. He
added that the two-thirds majority voting system adopted by Parliament
has made it difficult to push through legislative changes, but said
the Ministry of Justice has indicated that the proposed amendment
is likely to be approved in the Spring of this year.
4. Europe launches anti-spam
Earlier this month, a coalition of 13 European data protection regulators
and consumer ombudsmen launched a joint initiative to combat the
threat of unsolicited spam e-mail. Despite a host of global anti-spam
legislation implemented over the last few years, spam is still proving
to be a major threat. January figures from e-mail security firm
MessageLabs showed that 80 per cent of e-mail traffic was spam-related.
In 2002, the European Union adopted an anti-spam directive which
has since been implemented into national law by
most European member states. Enforcement activity, however, has
been relatively low. Under the new anti-spam initiative, European
regulators have agreed to take on a more proactive enforcement role
through sharing information, improving cooperative procedures and
pursuing spam-related complaints across borders.
Commenting on the new initiative, Information Society & Media
Commissioner Viviane Reding said, "Enforcement authorities in Member
States must be able to deal effectively with spam from other EU
countries, even though at present most spam originates from outside
Reding added that further efforts were being made by the European
Commission to combat the wider global implications of unsolicited
e-mail. In addition to the European initiative, she said, "we are
working on cooperation with third countries both bilaterally and
in international fora like the OECD and the International Telecommunication
Members of the new coalition include:
5. Former Sonera executive
face illegal surveillance charges
- Austria - Federal Ministry for Transport, Innovation and Technology
- Belgium - Privacy Commission and Federal Public Service Economy
- Directorate General Enforcement and Mediation
- Cyprus - Office of the Commissioner for Personal Data Protection
- Czech Republic - Data Protection Authority
- Denmark - Danish Consumer Ombudsman
- French - Data Protection Authority (CNIL)
- Greece - Hellenic Data Protection Authority
- Ireland - Department of Communications, Marine and Natural
Resources and the Office of the Data Protection Commissioner
- Italy - Data Protection Authority
- Lithuania - State Data Protection Inspectorate
- Malta - Office of the Commissioner for Data Protection
- Netherlands - Electronic Communications Regulator (OPTA) and
Data Protection Authority (CBP)
- Spain - Data Protection Authority
According to Finnish newspaper Helsingin Sanomat, former executives
at international telecoms operator Sonera went on trial earlier
in early February for carrying out illegal surveillance on journalists
Eight defendants, including ex-CEO Kaj-Erik Relander, have been
accused of breaching privacy regulations after allegedly accessing
workers' telephone records as part of an investigation back in 1999
to identify the source of leaks to the press.
Protection against unauthorised surveillance is guaranteed by Finland's
constitution and by its Law on Telecommunications Privacy. If found
guilty, the defendants - who have denied the charges - could face
up to three years in prison.
6. Choicepoint consumer
Choicepoint, a major US provider of consumer data, admitted Tuesday
that it had been the victim of a major security breach. According
to CNET.com, criminals posing as legitimate businesses managed to
con their way into accessing Choicepoint's consumer database. It
is believed that the details of up to 35,000 consumers from the
state of California may have been compromised. The records included
names, addresses and credit reports.
As a result of the incident, Choicepoint announced that it has changed
its procedures to prevent similar events from occurring.