caslon analytics elephant logoahrooogah!!title graphic for Privacy guide

home | about | site use | services | guides | briefings  

overview

issues

Aust law

EU law

N America

 agencies

advocacy

reports

primers

other writing

technologies
section heading icon     EU, Asia and the Pacific

 This page looks at legislation and developments in the EU and Asia.

subsection heading icon     the EU

During the 1970's Germany, France and much of Scandinavia enacted comprehensive privacy legislation. 

That development was reflected in the suite of information privacy guidelines adopted in 1980 by the Organization for Economic Cooperation & Development (OECD) and in the 1980 Council of Europe Convention binding member countries to create legislation establishing fair information practices. As John Gaudin notes in his 1996 paper The OECD Guidelines: Can They Survive Technological Change? those regulatory frameworks predated the web. 

In 1995 the European Union (EU) passed a Data Protection Directive protecting personal information and harmonizing privacy laws among its member states. 

The Directive, now in effect across the EU, has resulted in enactment of legislation among all EU member states - and many trading partners - that enshrines a high level of privacy protection and ensures that privacy is on the agenda in government policy making.

The Directive requires that the laws of member states protect personal information in both the private and public sectors. These laws must contain provisions to block transfers of information to non-member states that do not provide an "adequate" level of protection.

The EU, in contrast to Australia and North America, has not relied on self-regulation of ISPs and commercial or other sites: Brussels is moving to ensure compliance with mandatory EU-wide principles and operational standards.  It was the subject of None of Your Business: World Data Flows, Electronic Commerce and the European Privacy Directive (Washington, Brookings 98) by Peter Swire and Robert Litan.

While overall responses within the EU have been positive, some critics argue that the Directive and new Directive-related national legislation is unduly bureaucratic or used to suppress freedom of speech.  

A recent example is Jacob Palme's overstated paper on Freedom of Speech, the EU Data Protection Directive and the Swedish Personal Data Act and his less temperate view of Swedish regulation of the Web.  

The essays by Mayer-Schoenberger and Bennett in Technology & Privacy: The New Landscape (Cambridge, MIT Press 97), edited by Marc Rotenberg & Philip Agre, are of more value in assessing European developments and their wider implications. 

David Flaherty's Protecting Privacy in Surveillance Societies: The Federal Republic of Germany, Sweden, France, Canada & the United States (Chapel Hill, Uni of North Carolina Press 92) dates from the early 1980s but remains of value.

At the national level Scandinavia, Germany and the Netherlands continue to set the pace for the rest of the EU. 

subsection heading icon     Asia and the Pacific

Non-European countries recently enacting private sector data protection legislation consistent with the EU include Hong Kong, with a statutory Privacy Commissioner (PCO) under the Personal Data (Privacy) Ordinance covering the public and public sectors, and Taiwan.

Japan does not have a comprehensive national privacy/data protection regime. The 1990 Protection of Computer Processed Personal Data Act 1990 provides partial regulation of some national government agencies and provincial/municipal government agencies are in theory covered by local privacy protection regulations.

subsection heading icon     New Zealand

Information about the New Zealand Privacy Act 1993, one of the most comprehensive outside Europe, is available at the NZ Privacy Commissioner's site.

In December 2000 the Statutes Amendment Bill was introduced into Parliament. It will amend the Privacy Act to secure a finding from the European Commission that New Zealand provides an "adequate level of protection" for the purposes of the EU Data Protection Directive.

NZ currently does not restrict transborder movement of personal data, a key feature of the EU privacy regime and the basis of the Safe Harbour agreements with Canada and the US. The NZ legislation will be amended to cover export of personal information .

The new bill will also remove existing restrictions on data access or correction. At the moment, to request access to data about yourself or require a correction, you must be a New Zealand citizen, permanent resident, or in New Zealand at the time of the request. The change will ensure that Europeans and others have enforceable access and correction rights, which can be exercised from outside the country, when information is held or processed in New Zealand.


icon for link to next page    next page (N American law and developments)