Europe - EC Commission proposal to publish a draft revised EU Data Protection Directive by the end of 2010 - watch this space
In March 2010, Viviane Reding, the Commissioner responsible for Justice, Fundamental Rights and Citizenship, delivered a speech at the European Policy Centre in Brussels stating that she intends to present a legislative proposal for the reform of the Data Protection Directive (95/46/EC) (the Directive) by the end of 2010.
In this speech, she announced plans for the development of a comprehensive and coherent framework for the protection of personal data. The European Commission is currently analysing over 160 responses to an online consultation on the legal framework for the fundamental right to the protection of personal data published in July 2009. The intention is that by modernising the Directive, it will respond to new technological advances and challenges of the information age, such as globalisation, development of information technologies, the internet, online social networking, e-commerce, cloud computing, video surveillance, behavioural advertising and data security breaches amongst others. This list corresponds materially to the 2010/11 agenda of the EU Article 29 Working Party (an advisory body made up of representatives of national data protection regulators that, amongst other things, is mandated to advise the European Commission on changes to the Directive) and its publications on these topics should be tracked closely to see how such issues may be addressed.
Ms Reding made it clear that this is not an exhaustive list of the changes she intends to propose.
The European Data Protection Supervisor (EDPS) (an independent authority that primarily deals with the supervision of the processing of personal data by EU institutions and bodies) represented by Peter Hustinx has called on the European Commission to be ambitious in its approach in updating the existing framework to avoid the risk of an increasing loss of relevance and effectiveness of data protection in a society that is ever more driven by technological change and globalisation.
There has not been much detailed public information published on the changes to be proposed to the Directive and so it appears that there is everything to play for. We will be monitoring areas where changes that affect our clients are likely and will provide alerts on them, including when the European Commission actually publishes its proposal.
Australia - Amendments to the Do Not Call Register
The Australian Government recently made changes to the National Do Not Call Register (DNCR), set up under the Do Not Call Register Act 2006 (Cth), to extend the scope of its operations. However, the extension was not as far reaching as originally proposed, and does not cover business telephone numbers.
The DNCR is a database managed by the Australian telecommunications regulator, where telephone numbers can be listed to avoid receiving unsolicited telemarketing calls. The protection covers telemarketing calls from within Australia and overseas. In general, it is an offence for an organisation to place an unsolicited call to a number on the DNCR.
Before the recent changes, only private fixed line and mobile telephone numbers could be registered. A number must also be re-registered every three years.
In May 2010 the DNCR was amended in three ways:
- extended the registration period to five years;
- allowing government bodies and emergency services to register their numbers; and
- allowing fax numbers (both business and personal) to be registered.
The second and third changes extend the operation of the DNCR, and are considered desirable to avoid the situation where unwanted telemarketing calls divert emergency or government resources, and to reduce unwanted marketing faxes impacting on business productivity.
The original plan to extend the DNCR to business telephone numbers has been withdrawn, following lobbying from small business and marketing industry lobby groups. In particular, there were concerns that extending the DNCR to cover business telephone numbers may impede legitimate business communications. However, the Minister for Telecommunications has indicated that this issue may be revisited in the future.
Australia - Developments in the fight against Spam SMS
The Australian Communications and Media Authority (ACMA), Australia's peak regulatory body overseeing the communications and media industries, is turning up the heat on spam with the launch of its new reporting tool, Spam SMS.
This month, ACMA commenced the use of a new tool aimed at improving the reporting of spam, particularly in the younger community. Spam SMS encourages persons who are exposed to spam via text messages on their mobile phones to forward any such messages they receive to a new dedicated Spam SMS number. ACMA Chairman, Chris Chapman, emphasised the ease with which Spam SMS could be used in that the message need only be forwarded to this number. Such ease of use is hoped to increase the likelihood that younger people will be more inclined to report any unsolicited marketing text messages they receive. This will provide ACMA with more information, helping to improve its ability to investigate breaches of the Spam Act 2003 (Cth), and enable ACMA to pursue any appropriate action against the offending party.
This latest initiative comes after ACMA commenced its first court proceedings last year regarding the sending of unsolicited SMS messages in breach of the Spam Act. In that one matter alone, the Australian Federal Court issued a total of $22.25 million in penalties.
The new Spam SMS tool demonstrates ACMA's continued strict stance against SMS spam and the significant penalties issued by the Court highlight the importance of getting it right.
China - New tort law creates actionable privacy rights
With the adoption of a landmark new law on tort liability (the Tort Law), the government of the People's Republic of China (PRC) is moving one step further in its attempt to codify its civil law.
After years of discussions, the Tort Law will enter into effect on 1 July 2010 and will considerably strengthen previous attempts to develop a tort law regime in the PRC. The Tort Law covers a wide range of tort liability issues ranging from product liability to medical malpractice.
Amongst the most interesting aspects of the Tort Law, it is worth noting the recognition of a "right to privacy" and its effects on individuals and the fact that the Tort Law construes data protection violations as a tort.
Recognition of a stand alone right to privacy
The Tort Law recognizes the right to privacy as a stand alone legal principle. It is generally considered to reflect the growing concern from PRC authorities to provide an adequate legal solution to privacy issues raised by the increasing use of the internet and other systems allowing a wide-scale collection and processing of personal data. As a direct result, infringement of the right to privacy may give rise to a tort claim before PRC tribunals - it includes for the first time the possibility to claim damages for "mental distress".
Privacy protection of internet users and medical patients
As regards internet users, stringent constraints are imposed on ISPs to protect data privacy. The Tort Law specifies that if an ISP is aware that a user's privacy right is being infringed through content posted on its website or is warned of such infringement by an injured party and fails to take appropriate measures (removing the content, disconnection, etc.), it is jointly and severally liable with the party having posted that content. In addition, if the injured party requests registered information about the party having posted infringing content and the ISP refuses to divulge such information, the ISP itself becomes liable for the infringement.
Similarly, the Tort Law lays the foundations of a legal regime for the protection of data of medical patients. Medical institutions and medical staff have an obligation to keep records of hospital admission logs, medical treatment order slips, test reports, etc. to constitute a medical file on their patients, and keep such file private and confidential. Patients have a right to consult and copy such files. The Tort Law also establishes a right for injured patients to sue a medical institution if any privacy data of a patient is disclosed or any of the medical history data of a patient is open to the public without prior consent.
Consequences for PRC courts
As a result of the Tort Law, PRC courts may very well see an increase in the number of claims for privacy infringement. As many aspects of the Tort Law still need to clarified - and in particular the way it relates with other PRC regulations dealing with personal information protection - it will be particularly interesting to monitor decisions rendered by PRC courts in this field of law and how they balance public interest and right to privacy.
China - Crackdown on anonymous opinions on the internet
Following a series of scandals generated by anonymous webposts on the Chinese internet, the Chinese State Council Information Office officially acknowledged on 2 May 2010 that China is considering strengthening its control over the internet 2.0. As such, if the new policy is adopted, anonymity on discussion forums, BBS, blogs, etc. will no longer be possible. Chinese bloggers would have to register their real identity with the owners of websites. Further, Chinese internet users may not be able to publish any comments on forums or BBS anonymously, since registration with real name and identity number would be required before anything could be posted on major news portal websites and commercial websites.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.