[CPSR Home Page] | [CPSR Newsletter Index] | [Winter 1995 Issue--Table of Contents ]

Europe Moves Toward Comprehensive Privacy Protection; U.S. Heads in the Opposite Direction

by Dave Banisar
Electronic Privacy Information Center

CPSR News Volume 13, Number 1: Winter 1995

The Directive requires that all states enact a minimum level of protection for personal information stored on computers or in records that are in files.

The major points of the Directive specify that it

1. Applies to both private and government databases.
2. Requires that fair information practices be implemented.
3. Generally requires consent before personal information is used for purposes other than those for which it was originally obtained.
4. Requires that individuals have rights to access, correct, and demand erasure of personal information about them.
5. Prohibits transfers of personal data to countries without equivalent protections. This may significantly affect the flow of personal data between the U.S. and the KU.
6. Requires the creation of a national privacy commission in each country to oversee the implementation and execution of the Directive. Creates supranational groups to review implementation and recommend future changes.

The directive will set minimum standards for privacy protection in all EU member countries.

Other countries are recognizing the need for strong privacy protection. The Canadian government just released a discussion paper on privacy and the information superhighway, and is calling for comments. The Canadian Standards Association is releasing draft privacy standards. Even the Croatian and Taiwanese Parliaments have moved toward enacting comprehensive privacy legislation.

Meanwhile, the U.S. headed in the opposite direction. In the 103rd Congress, privacy legislation ground to a halt while several bills to increase surveillance were enacted. Bills to create a privacy commission, to update the Fair Credit Reporting Act for the first time in 20 years, and to protect medical records all failed to pass. The only legislation enacted that protected privacy was a small provision in the crime bill to require that states allow citizens to limit access to motor vehicle records. However, after lobbying by the direct marketers, the bill has been severely weakened and prevents the states from passing stronger laws.

Legislation requiring telecommunications companies to redesign their systems to make surveillance easier was enacted in the last minutes of the session after strenuous lobbying by the FBI and intelligence agencies. The bill requires that telephone companies and other common carriers program switches to make them capable of wiretapping. In exchange, the phone companies will receive $500 million over three years. A few weak privacy provisions were thrown in to give the appearance of a compromise.

Another bill to allow the Foreign Intelligence Surveillance Court to authorize searches for "national security" cases was quietly appended to the CIA authorization bill. The crime bill gives the FBI $100 million to set up a national DNA database.

Finally, the GATT legislation passed with a provision to require that social security numbers be issued at birth if the family wishes to take a tax credit.

The status of privacy legislation in the 104th Congress is uncertain. Major bills, such as the FCRA update and the medical records bill had bipartisan support in the previous Congress. Republican members were also critical of the telephony bill and the Clipper Chip, and limits on exports of encryption software. On the other hand, new proposals such as welfare and immigration reform may lead to a renewed push for a national identity card. Stay tuned.

Dave Banisar is a policy analyst at the Electronic Privacy Information Center and editor of the International Privacy Bulletin. He can be reached at banisar@washofc.epic.org.

[Previous Article] | [Table of Contents] | [Next Article]

© Computer Professionals for Social Responsibility
P.O. Box 717 Palo Alto, CA 94302-0717
Tel. (415) 322-3778 Fax (415) 322-3798 webmaster@cpsr.org