Europe Moves Toward Comprehensive Privacy Protection; U.S. Heads in the Opposite Direction
by Dave Banisar
Electronic Privacy Information Center
CPSR News Volume 13, Number 1: Winter 1995
The European Union is on the verge of passing EU-wide comprehensive privacy protection legislation. After four years of discussion, it appears that the EU will enact its directive on data protection during February 1995 and will put it into effect by 1996. The directive will set minimum standards for privacy protection in all EU member countries. All EU countries except for Italy and Greece already have data protection legislation but the level of protection varies by country. France and Germany have strong protections while the UK's is considered to be extremely weak.
The Directive requires that all states enact a minimum level of protection for personal information stored on computers or in records that are in files.
The major points of the Directive specify that it
- Applies to both private and government databases.
- Requires that fair information practices be implemented.
- Generally requires consent before personal information is used for purposes other than those for which it was originally obtained.
- Requires that individuals have rights to access, correct, and demand erasure of personal information about them.
- Prohibits transfers of personal data to countries without equivalent protections. This may significantly affect the flow of personal data between the U.S. and the KU.
- Requires the creation of a national privacy commission in each country to oversee the implementation and execution of the Directive. Creates supranational groups to review implementation and recommend future changes.
The directive will set minimum standards for privacy protection in all EU member countries.
Other countries are recognizing the need for strong privacy protection. The Canadian government just released a discussion paper on privacy and the information superhighway, and is calling for comments. The Canadian Standards Association is releasing draft privacy standards. Even the Croatian and Taiwanese Parliaments have moved toward enacting comprehensive privacy legislation.
Meanwhile, the U.S. headed in the opposite direction. In the 103rd Congress, privacy legislation ground to a halt while several bills to increase surveillance were enacted. Bills to create a privacy commission, to update the Fair Credit Reporting Act for the first time in 20 years, and to protect medical records all failed to pass. The only legislation enacted that protected privacy was a small provision in the crime bill to require that states allow citizens to limit access to motor vehicle records. However, after lobbying by the direct marketers, the bill has been severely weakened and prevents the states from passing stronger laws.
Legislation requiring telecommunications companies to redesign their systems to make surveillance easier was enacted in the last minutes of the session after strenuous lobbying by the FBI and intelligence agencies. The bill requires that telephone companies and other common carriers program switches to make them capable of wiretapping. In exchange, the phone companies will receive $500 million over three years. A few weak privacy provisions were thrown in to give the appearance of a compromise.
Another bill to allow the Foreign Intelligence Surveillance Court to authorize searches for "national security" cases was quietly appended to the CIA authorization bill. The crime bill gives the FBI $100 million to set up a national DNA database.
Finally, the GATT legislation passed with a provision to require that social security numbers be issued at birth if the family wishes to take a tax credit.
The status of privacy legislation in the 104th Congress is uncertain. Major bills, such as the FCRA update and the medical records bill had bipartisan support in the previous Congress. Republican members were also critical of the telephony bill and the Clipper Chip, and limits on exports of encryption software. On the other hand, new proposals such as welfare and immigration reform may lead to a renewed push for a national identity card. Stay tuned.
Dave Banisar is a policy analyst at the Electronic Privacy Information Center and editor of the International Privacy Bulletin. He can be reached at firstname.lastname@example.org.
© Computer Professionals for Social Responsibility
P.O. Box 717 Palo Alto, CA 94302-0717
Tel. (415) 322-3778 Fax (415) 322-3798 email@example.com
Created before October 2004