Subject: Perspectives of the Center for Democracy and Technology From: Ari Schwartz, Center for Democracy and Technology, 202-637- 9800, ari@cdt.org To: Internet Caucus Advisory Committee BRIEFING MATERIALS ON THE EUROPEAN UNION DIRECTIVE ON DATA PROTECTION This material may be found online at: http://www.cdt.org/privacy/eudirective/ EU DOCUMENTS 1. Directive 95/46/EC on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data http://www.cdt.org/privacy/eudirective/EU_Directive_.html 2. News Release : Directive on Data Protection Enters Into Effect http://europa.eu.int/comm/dg15/en/media/dataprot/news/925.htm 3. Transfers of personal data to third countries : Applying Articles 25 and 26 of the EU data protection directive http://www.europa.eu.int/comm/dg15/en/media/dataprot/wpdocs/wp12en.ht m 4. Working Document: "Judging industry self-regulation: when does it make a meaningful contribution to the level of data protection in a third country?" http://europa.eu.int/comm/dg15/en/media/dataprot/wpdocs/wp7en.htm BACKGROUND 1. A generic Code of Fair Information Principles http://www.cdt.org/privacy/privacy/guide/basic/generic.html 2. OECD Guidelines http://www.cdt.org/privacy//privacy/survey/oecdguidelines.html 3. Public Records: Access, Privacy, and Public Policy: A Discussion Paper Prepared by Robert Gellman http://www.cdt.org/privacy//privacy/pubrecs/pubrec.html INTERNATIONAL RESPONSES CANADA 1. "The Protection of Personal Information," a joint report by the industry and justice ministries. http://strategis.ic.gc.ca/virtual_hosts/e-com/english/privacy/632d2.html 2. "Canada's New Approach to Privacy Standards" by Robert Gellman [not available online] UNITED STATES 3. Privacy Elements Paper," a proposal by the National Telecommunications and Information Administration of the Department of Commerce http://www.ntia.doc.gov/ntiahome/privacy/6_5_98fedreg.htm 4. "Options for Promoting Privacy on the National Information Infrastructure," a report by the Information Policy Committee of the National Information Infrastructure Task Force http://www.ntia.doc.gov/ntiahome/privwhitepaper.html 5. Report to Congress: "Privacy Online," a report by the Federal Trade Commission, executive summary and introduction http://www.ftc.gov/reports/privacy3/index.htm http://www.ftc.gov/reports/privacy3/exeintro.htm 6. "Recycled Self-Regulation Stance of US May Only Irk Europeans" by Robert Gellman [not available online] UNITED KINGDOM 7. "Implementing the EU Data Protection Directive," a discussion by the Data Protection Registrar http://www.open.gov.uk/dpr/impeudir.htm INTERPRETATIONS 1. "Paper 6: Individuals' Rights," a comparison of pre- and post-directive privacy regimes in the UK http://www.open.gov.uk/dpr/paper6.htm 2. Irish "Consultation Paper," sections concerning data controllers' obligations individuals' rights under the directive DOCUMENTS DISCUSSED AT THE BRIEFING 1. CSA Standard CAN/CSA-Q830-96, Model Code or the Protection of Personal Information, principles in summary [full text available from the CSA for CAN$22] http://www.gov.mb.ca/mihac/eng/csa.html http://www.csa.ca 2. Council of Europe Convention for the Protection of Individuals with Regard for Automatic Processing of Personal Data (ETS No. 108) http://www.coe.fr/eng/legaltxt/108e.htm 3. Discussion Paper 2: "Information Privacy Principles," part of the review of the (New Zealand) Privacy Act 1993 by the New Zealand Privacy Commissioner http://www.knowledge-basket.co.nz/privacy/discpp/discpr2.htm 4. Fragmented, Incomplete, and Discontinuous: The Failure of Federal Privacy Regulatory Proposals and Institutions," by Robert Gellman. IV Software Law Journal 200 [not available online] NEW LINKS [ ADDED JANUARY 10, 2000 ] 1. Background Information on the European "Privacy" Directive http://europa.eu.int/comm/dg15/en/media/dataprot/backinfo/info.htm 2. European Commission (Directorate General XV) - Data Protection Working Party : Recommendation 3/97 : Anonymity on the Internet (3 December 1997) http://www.europa.eu.int/comm/dg15/en/media/dataprot/wpdocs/wp6en.ht m 3. Data protection applied to the telecommunications sector : Directive 97/66/EC of the European Parliament and of the Council of 15 December 1997 concerning the processing of personal data and the protection of privacy in the telecommunications sector http://www2.echo.lu/legal/en/dataprot/protection.html 4. European Commission (Directorate General XV) - Data Protection Working Party : Working Document : Preliminary views on the use of contractual provisions in the context of transfers of personal data to third countries (22 April 1998) http://www.europa.eu.int/comm/dg15/en/media/dataprot/wpdocs/wp9en.ht m 5. European Commission (Directorate General XV) - Data Protection Working Party : Second Annual Report (30 November 1998) http://www.europa.eu.int/comm/dg15/en/media/dataprot/wpdocs/wp14en.ht m 6. European Commission (Directorate General XV) - Data Protection Working Party : Opinion 1/99 concerning the level of data protection in the United States and the ongoing discussions between the European Commission and the United States Government (26 January 1999) http://www.europa.eu.int/comm/dg15/en/media/dataprot/wpdocs/wp15en.ht m 7. European Commission (Directorate General XV) - Data Protection Working Party : Working Document: Processing of Personal Data on the Internet (23 February 1999) http://www.europa.eu.int/comm/dg15/en/media/dataprot/wpdocs/wp16en.ht m 8. European Commission (Directorate General XV) - Data Protection Working Party : Recommendation 1/99 on Invisible and Automatic Processing of Personal Data on the Internet Performed by Software and Hardware (23 February 1999) http://www.europa.eu.int/comm/dg15/en/media/dataprot/wpdocs/wp17en.ht m 9. European Commission (Directorate General XV) - Data Protection Working Party : Opinion 2/99 on the Adequacy of the "International Safe Harbor Principles" issued by the US Department of Commerce on 19th April 1999 http://www.europa.eu.int/comm/dg15/en/media/dataprot/wpdocs/wp19en.ht m 10. European Commission (Directorate General XV) - Data Protection Working Party : Opinion 4/99 on the Frequently Asked Questions to be issued by the US Department of Commerce in relation to the proposed "Safe Harbor Principles" on the Adequacy of the "International Safe Harbor Principles", (7 June 1999) http://www.europa.eu.int/comm/dg15/en/media/dataprot/wpdocs/wp21en.ht m 11. European Commission (Directorate General XV) - Data Protection Working Party : Working document on the current state of play of the ongoing discussions between the European Commission and the United States Government concerning the "International Safe Harbor Principles" (7 July 1999) http://www.europa.eu.int/comm/dg15/en/media/dataprot/wpdocs/wp23en.ht m 12. European Commission (Directorate General XV) - Data Protection Working Party : Opinion 7/99 on the Level of Data Protection provided by the "Safe Harbor" Principles as published together with the Frequently Asked Questions ( FAQs) and other related documents on 15 and 16 November 1999 by the US Department of Commerce (3 December 1999) http://www.europa.eu.int/comm/dg15/en/media/dataprot/wpdocs/wp27en.ht m 13. European Commission (Directorate General XV) - Status of implementation of Directive 95/46 in the 15 countries of the European Union http://www.europa.eu.int/comm/dg15/en/media/dataprot/law/impl.htm