Privacy Law and Policy Reporter
The European Union Data Protection Directive is now in force. European airlines are not turning away Australian passengers, and ATMs in Melbourne are still dispensing cash to European tourists. The world has not stopped turning. What are we to make of this — was the EU Directive just a hollow threat with no substance, and can it just be business as usual, and a continuation of the privacy regulation debate on purely domestic terms?
It is premature to reach these conclusions. It has long been clear that impact of the EU Directive will not be felt until member states have amended their domestic laws, further developed implementation mechanisms for the cross-border data transfer provisions, and concluded the present round of discussions with the US Government. We are dealing not with a pure textbook legal compliance issue, but with realpolitik, diplomacy and compromise. But whatever role European decisions about particular data transfers play over the months and years ahead, the trend and pressures are clear.
In this issue, we cover a number of international developments. In reporting on the International Data Protection Commissioner’s conference in Spain, and on the OECD Ministerial Meeting on Electronic Commerce in Canada, we address not only the contentious issue of the EU Directive, but also the wider consensus that privacy concerns must be dealt with if the information economy is to fulfil its potential. We include extracts from the recently released Global Internet Liberty Campaign survey of the state of privacy regulation around the world, and report on the recently introduced Canadian federal legislation. The report of the Spanish conference also highlights a number of current common issues facing privacy regulators in all countries such as intelligent transport systems and internet privacy.
Also in this issue we reproduce the conclusions of the Federal Joint Public Accounts Committee’s June 1998 report on Internet Commerce, which led the Committee to recommend privacy legislation for the private sector. The reports of two other federal committees — one on regulation of the telecommunications and information technology industries, and one specifically on privacy and the private sector — were delayed by the recent election, but are expected to be released soon.
On the private sector front, the General Insurance Industry released in August its Information Privacy Principles, which include a compliance and complaints mechanism. Insurers are currently being invited to adopt the principles and subject themselves voluntarily to the mechanisms. We reproduce this ‘code of practice’ in this issue.
As the debate in Australia about self-regulation and legislation intensifies (see (1998) 5 PLPR 61 for an account of latest developments in the direct marketing context) it will be increasingly important to take account of overseas experience and trends. This will hopefully assist all parties in the debate to keep the issues in perspective, and avoid exagerrated claims either about the impact of regulation or the need for a perfect regime. Even the Europeans acknowledge that their Directive is not the last word, and that safeguards and rules will need to continually evolve to meet the challenges of new technologies and services. The important discussion about the ideal long term regime should not be at the expense of early progress towards effective compliance and remedies in as many sectors as possible, provided these initiatives are not just paper tigers or window dressing, but involve real substance and commitment.
Nigel Waters, Associate Editor.