Privacy and Human Rights 2002

An International Survey of Privacy Laws and Developments

Executive Summary
This annual report by EPIC and Privacy International reviews the state of privacy in over fifty countries around the world. It outlines legal protections for privacy, and summarizes important issues and events relating to privacy and surveillance. A major focus of the 2002 report has been to document the effects of September 11, 2001 on privacy and civil liberties. In response to the events of that day, specific anti-terrorism measures have been introduced in Australia, Austria, Canada, Denmark, France, Germany, India, Singapore, Sweden, the United Kingdom and the United States. Another significant development was the adoption, in June 2002, of the European Union’s Electronic Communications Privacy Directive. This Directive allows European Union member states to enact laws requiring Internet Service Providers, and other telecommunications operators, to retain the traffic and location data of all people using mobile phones, text messaging, land-line telephones, faxes, e-mails, chatrooms, the Internet, or any other electronic communication devices, to communicate.

Such data retention schemes are already in place in Belgium, France, Spain and the United Kingdom and have been proposed in the Netherlands. In New Zealand a law granting significant new interception authority to law enforcement is also pending. Among all of these measures, it is possible to identify a number of trends including: increased communications surveillance and search and seizure powers; weakening of data protection regimes; increased data sharing; and increased profiling and identification. While none of the above trends are necessarily new; the novelty is the speed in which these policies gained acceptance, and in many cases, became law.

On the other hand, the report finds that efforts to pass new data protection laws or to strengthen existing laws are continuing in Eastern Europe, Asia and Latin America. In August 2001, Peru enacted a data protection law covering credit reporting agencies and, in March 2002, created a Commission to draft a more comprehensive law. In Bulgaria, a new Personal Data Protection Act came into effect in January 2002. In Estonia, the Government is currently working on an amendment bill to the Data Protection Act to bring it into full compliance with the 1995 European Union Data Protection Directive. Poland ratified the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (ETS No. 108) in May 2002. In Slovakia, an amended data protection law has been introduced and is expected to take place in September 2002. In 2001, Slovenia amended its Data Protection Act in order to establish an independent supervisory authority. A Personal Data Protection Act is pending in Malaysia. In Japan, two new anti-spam laws were adopted in 2002. In Singapore a National Internet Advisory Committee issued a Model Data Protection Code for the Private Sector in February 2002.

In addition, laws or codes to protect privacy in the workplace are gaining more prominence. In Finland, a new law on Data Protection in Working Life entered into force in October 2001. In December 2001, the President of the Russian Federation, signed into law the new Labor Code which includes protection of personal data. The United Kingdom Privacy Commissioner has drafted a fourpart code on data protection in the workplace. The first of these, relating to privacy in the recruitment and selection process was issued in March 2002. The second, on employee monitoring, was released for public comment in April 2002.

In Sweden, a national committee issued a proposal in March 2002 recommending specific legislation to protect the personal information of current employees, former employees and employment applicants in both the private and public sectors. In May 2002, the European Union Article 29 Data Protection Working Party issued a working paper on monitoring and surveillance of electronic communications in the workplace. In June 2002, the Hong Kong Data Protection Commission issued a draft a code of practice on workplace for public consultation. The new European Union Electronic Communications Directive, while leaving open the possibility of data retention in the members states, has also established important safeguards for information transmitted across the Internet. It prohibits unsolicited commercial marketing by e-mail (spam) without consent, and protects mobile phone users from precise location tracking and surveillance.

During the year new Freedom of Information Laws were passed in Peru and Mexico and went into effect in Poland. ..more.. by Electronic Privacy Information Center, Washington, DC, USA -and- Privacy International, London, United Kingdom