| |
|
Privacy problems exist wherever uniquely identifiable data relating to a person or persons is collected and stored, in digital form or otherwise. Improper or non-existent disclosure control can be the root cause for privacy issues. The most common sources of data that are affected by data privacy issues are:
The legal protection of the right to privacy in general and of data privacy in particular varies greatly around the world.
The Universal Declaration of Human Rights states in it's article 12 that:
| Table of contents |
|
2 Europe 3 External links 4 Resources |
North-America
Data privacy is not a highly developed area of law in the U.S. Although partial regulations exist, for instance the Children's Online Privacy Protection Act, there is no all-encompassing legislation on the protection of personal data.
Very few states recognize an individual's right to privacy, a notable exception being California.
In Canada, the Personal Information Protection and Electronic Documents Act was implemented in 2001 (as of the time of writing, the final phase of this Act will be implemented on January 1, 2004). For more information, visit the website of the Privacy Commissioner of Canada
Europe
The right to data privacy is a highly developed area of law in Europe. Article 8 of the European Convention on Human Rights(ECHR) provides a right to respect for one's "private and family life, his home and his correspondence", subject to certain restrictions. The European Court of Human Rights has given this article a very broad interpretation in it's jurisprudence. According to the Court's case law the collection of information by officials of the state about an individual without his consent always falls within the scope or article 8. Thus, gathering information for the official census, recording fingerprints and photographs in a police register, collecting medical data or details of personal expenditures and implementing a system of personal identification have been judged to raise data privacy issues. Any state interference with a person's privacy is only acceptable for the Court if three conditions are fulfilled: 1) the interference is in accordance with the law, 2) pursues a legitimate goal and 3) is necessary in a democratic society. For more information, please refer to Human Rights Handbook no. 1 (PDF) or the Council of Europe data protection page.
The government isn't the only one who might pose a threat to data privacy, far from it. Other citizens, and private companies most importantly, engage in far more threatening activities, especially since the automated processing of data became widespread. To address this problem, the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data was concluded within the Council of Europe in 1981. This convention obliges the signatories to enact legislation concerning the automatic processing of personal data, which many duly did.
As all the member states of the European Union are also signatories of the European Convention on Human Rights and the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, the European Commission was concerned that diverging data protection legislation would emerge and impede the free flow of data within the EU zone. Therefor the European Commission decided to harmonize data protection regulation and proposed the Directive on the protection of personal data.
The directive contains a number of key principles which must be complied with. Anyone processing personal data must comply with the eight enforceable principles of good practice.
They say that data must be:
All EU member states adopted legislation pursuant this directive or adapted their existing laws. Each country also has it's own supervisory authority to monitor the level of protection.