UKNM: EU privacy directive

[Steve Bowbrick]

The EU's new privacy directive will not seriously effect countries with

robust data protection regulation in place - the UK, for instance. At least

not much (fx: lawyer kick-starts motorbike, zooms off towards high court).

The big effect, and the one the American Federal Trade Commission and

Commerce Department are exercised about, is likely to be the injunction

against the export of legally captured data to countries with 'inadequate'

regulation - the USA, for instance.


This will, in principle, make it illegal for US companies to ship employee

data from European branch offices to the US for processing, for airlines to

exchange passenger dietary preferences with US offices... <insert your

silly restriction here>.


American opinion on this matter is divided. For instance, John Perry Barlow

thinks it's damned European imperialist meddling, Esther Dyson thinks it's

a business opportunity for data havens, Simson Garfinkel thinks it will

compel the irresponsible US Govt. to face up to its responsibilities, come

into line and get some statutory regulation on the books.


Conflict over the directive will turn on the nicely philosophical issue of

whether there is such a thing as a 'data subject'. In the directive, you

are the 'subject' of the data held about you. This is pretty clever - it

nicely skirts the contradictions of copyright-based data protection (in

which you 'own' your data) but clashes with the typically individualistic

American perspective which would tend to deny the existence of the subject

altogether!


One likely real effect: a rush by American firms to adopt one or other of

the voluntary privacy codes. They will be hoping that a rash of charter

marks, privacy policies, data pledges and Boy Scout badges will forestall a

Euro clampdown.


Some groups, including the The Brookings Institute in the US, have been

trying to agitate American business on this topic to little effect:


http://www.brook.edu/ES/POLICY/polbrf29.htm. Given that the directive was

published in 1995 and comes into force at the end of October, it's all a

bit late in the day...



[I was going to paste the directive's URL in here but it's twenty-five

lines long! If I can find a shorter one I'll send it out]


s

--

Steve Bowbrick                                      Webmedia Group

0171 494 3177                                         0468 257 570



http://www.webmedia.com/steve

stevewebmedia [dot] com (mailto:stevewebmedia [dot] com)