david.turrell@f111.n125.z1.FIDONET.ORG (david turrell) (06/25/91)
The following two pieces by Martyn Thomas (mct@praxis.co.uk) appeared in Risks Digest 11.92, in the comp.risks newsgroup. Possible European Community legislation on Caller ID and privacy of personal information held in databases is described. If there, why not here? Begin excerpt from Risks 11.92. ------------------------------ Date: Fri, 14 Jun 91 10:34:13 BST From: Martyn Thomas <mct@praxis.co.uk> Subject: EC draft directive on telecomms privacy The European Commission (CEC) has issued a draft directive on privacy of telecommunications. The idea is to bring the EC natins' laws into harmony, so that the service and privacy are the same throughout the EC. The draft directive is COM(90) 314 final - SYN 288. Some parts may be interesting for comparison with US practices: Article 8: The telecommunications organisation [t.o.] must provide adequate, state-of-the-art protection of personal data against unauthorised access and use. In case of particular risk of a breach of the security of the network, for example in the field mobile radio telephony [sic], the t.o. must inform the subscribers concerning such risk and offer them an end-to-end encryption service. Article 12: [paraphrased]. callers must be able to disable CID per-call, and per-line. Called subscribers must be able to disable incoming display of IDs per call or per line, and must be able to restrict incoming calls to those which transmit IDs. Overrides must be available for tracing nuisance calls and for emergency services, and these must work community-wide. Article 17: [paraphrased] Subscribers must be able to request that unsolicited advertising calls are blocked, and the t.o. must take the necessary steps to prevent such calls. Article 19: "The provisions of this directive relating to the telephone service shall be applied to other public digital telecommunications services to the extent that these services present similar risks for the privacy of the user". Martyn Thomas, Praxis plc, 20 Manvers Street, Bath BA1 1PX UK. Tel: +44-225-444700. Email: mct@praxis.co.uk ------------------------------ Date: Fri, 14 Jun 91 11:15:37 BST From: Martyn Thomas <mct@praxis.co.uk> Subject: EC draft directive on data protection The Commission of the European Community (CEC) has issued a proposal for a Directive on data protection [COM(90) 314 final - SYN 287.] It is very detailed and prescriptive. The broad principles are similar to the UK Data Protection Act (which I assume is well-enough known to save me hours of typing!) with two notable extensions: The "data-subject" has to have given informed consent to any processing which goes beyond "correspondence purposes" (subject to exceptions for public authorities and other processing specifically authorised by law). The protection is NOT limited to computer files - it covers all manual files as well. Article 17 is interesting: "The Member States shall prohibit the automatic processing of data revealing ethnic or racial origin, political opinions, religious or philosophical beliefs or trade union membership, and of data concerning health or sexual life, without the express and written consent, freely given, of the data subject. [ ... ... ] Data concerning criminal convictions may only be held in public sector files." Martyn Thomas, Praxis plc, 20 Manvers Street, Bath BA1 1PX UK. Tel: +44-225-444700. Email: mct@praxis.co.uk ------------------------------ End excerpt from Risks 11.92. -David -- david turrell - via FidoNet node 1:125/777 UUCP: ...!uunet!hoptoad!fidogate!111!david.turrell INTERNET: david.turrell@f111.n125.z1.FIDONET.ORG