david.turrell@f111.n125.z1.FIDONET.ORG (david turrell) (06/25/91)
The following two pieces by Martyn Thomas (mct@praxis.co.uk) appeared
in Risks
Digest 11.92, in the comp.risks newsgroup. Possible European Community
legislation on Caller ID and privacy of personal information held in
databases
is described. If there, why not here?
Begin excerpt from Risks 11.92.
------------------------------
Date: Fri, 14 Jun 91 10:34:13 BST
From: Martyn Thomas <mct@praxis.co.uk>
Subject: EC draft directive on telecomms privacy
The European Commission (CEC) has issued a draft directive on privacy
of
telecommunications. The idea is to bring the EC natins' laws into
harmony,
so that the service and privacy are the same throughout the EC. The
draft
directive is COM(90) 314 final - SYN 288.
Some parts may be interesting for comparison with US practices:
Article 8: The telecommunications organisation [t.o.] must provide
adequate,
state-of-the-art protection of personal data against unauthorised
access and
use. In case of particular risk of a breach of the security of the
network, for
example in the field mobile radio telephony [sic], the t.o. must
inform the
subscribers concerning such risk and offer them an end-to-end
encryption
service.
Article 12: [paraphrased]. callers must be able to disable CID
per-call, and
per-line. Called subscribers must be able to disable incoming display
of IDs
per call or per line, and must be able to restrict incoming calls to
those
which transmit IDs. Overrides must be available for tracing nuisance
calls and
for emergency services, and these must work community-wide.
Article 17: [paraphrased] Subscribers must be able to request that
unsolicited advertising calls are blocked, and the t.o. must take the
necessary steps to prevent such calls.
Article 19: "The provisions of this directive relating to the telephone
service shall be applied to other public digital telecommunications
services
to the extent that these services present similar risks for the
privacy of
the user".
Martyn Thomas, Praxis plc, 20 Manvers Street, Bath BA1 1PX UK.
Tel: +44-225-444700. Email: mct@praxis.co.uk
------------------------------
Date: Fri, 14 Jun 91 11:15:37 BST
From: Martyn Thomas <mct@praxis.co.uk>
Subject: EC draft directive on data protection
The Commission of the European Community (CEC) has issued a proposal
for a
Directive on data protection [COM(90) 314 final - SYN 287.]
It is very detailed and prescriptive. The broad principles are similar
to
the UK Data Protection Act (which I assume is well-enough known to
save me
hours of typing!) with two notable extensions:
The "data-subject" has to have given informed consent to any processing
which goes beyond "correspondence purposes" (subject to exceptions for
public authorities and other processing specifically authorised by
law).
The protection is NOT limited to computer files - it covers all manual
files
as well.
Article 17 is interesting:
"The Member States shall prohibit the automatic processing of data
revealing
ethnic or racial origin, political opinions, religious or
philosophical beliefs
or trade union membership, and of data concerning health or sexual
life,
without the express and written consent, freely given, of the data
subject. [
... ... ] Data concerning criminal convictions may only be held in
public
sector files."
Martyn Thomas, Praxis plc, 20 Manvers Street, Bath BA1 1PX UK.
Tel: +44-225-444700. Email: mct@praxis.co.uk
------------------------------
End excerpt from Risks 11.92.
-David
--
david turrell - via FidoNet node 1:125/777
UUCP: ...!uunet!hoptoad!fidogate!111!david.turrell
INTERNET: david.turrell@f111.n125.z1.FIDONET.ORG