|
|
|
|
Privacy
is a fundamental human right. It underpins human
dignity and other values such as freedom of
association and freedom of speech. It has become
one of the most important human rights issues of
the modern age.
Privacy is recognized around the world in
diverse regions and cultures. It is protected in
the Universal Declaration of Human Rights, the
International Covenant on Civil and Political
Rights, and in many other international and
regional human rights treaties. Nearly every
country in the world includes a right of privacy in
its constitution. At a minimum, these provisions
include rights of inviolability of the home and
secrecy of communications. Most recently written
constitutions include specific rights to access and
control one’s personal information. In many
of the countries where privacy is not explicitly
recognized in the constitution, the courts have
found that right in other provisions. In many
countries, international agreements that recognize
privacy rights such as the International Covenant
on Civil and Political Rights or the European
Convention on Human Rights have been adopted into
law.
|
|
Defining
Privacy
|
|
Of all the human rights in the international
catalogue, privacy is perhaps the most difficult to
define.[1]
Definitions of privacy vary widely according to
context and environment. In many countries, the
concept has been fused with data protection, which
interprets privacy in terms of management of
personal information. Outside this rather strict
context, privacy protection is frequently seen as a
way of drawing the line at how far society can
intrude into a person’s affairs.[2]
The lack of a single definition should not imply
that the issue lacks importance. As one writer
observed, “in one sense, all human rights are
aspects of the right to privacy.”[3]
Some viewpoints on privacy:
In the 1890s, future U.S. Supreme Court
Justice Louis Brandeis articulated a concept of
privacy that urged that it was the individual's “right
to be left alone.” Brandeis argued that
privacy was the most cherished of freedoms in a
democracy, and he was concerned that it should
be reflected in the Constitution.[4]
Alan Westin, author of the seminal 1967 work “Privacy
and Freedom,” defined privacy as the
desire of people to choose freely under what
circumstances and to what extent they will
expose themselves, their attitudes and their
behavior to others.[5]
According to Edward Bloustein, privacy is an
interest of the human personality. It protects
the inviolate personality, the individual’s
independence, dignity and integrity.[6]
According to Ruth Gavison, there are three
elements in privacy: secrecy, anonymity and
solitude. It is a state which can be lost,
whether through the choice of the person in that
state or through the action of another
person.[7]
The Calcutt Committee in the UK said that, “nowhere
have we found a wholly satisfactory statutory
definition of privacy.” But the committee
was satisfied that it would be possible to
define it legally and adopted this definition in
its first report on privacy:
The right of the individual to be protected
against intrusion into his personal life or
affairs, or those of his family, by direct
physical means or by publication of
information.[8]
The Preamble to the Australian Privacy Charter
provides that, “A free and democratic
society requires respect for the autonomy of
individuals, and limits on the power of both
state and private organizations to intrude on
that autonomy . . . Privacy is a key value which
underpins human dignity and other key values
such as freedom of association and freedom of
speech. . . . Privacy is a basic human right and
the reasonable expectation of every person.”[9]
|
|
Aspects
of Privacy
|
|
Privacy can be divided into the following separate
but related concepts:
Information privacy, which
involves the establishment of rules governing
the collection and handling of personal data
such as credit information, and medical and
government records. It is also known as “data
protection”;
Bodily privacy, which concerns the
protection of people’s physical selves
against invasive procedures such as genetic
tests, drug testing and cavity searches;
Privacy of communications, which covers
the security and privacy of mail, telephones,
e-mail and other forms of communication; and
Territorial privacy, which concerns the
setting of limits on intrusion into the domestic
and other environments such as the workplace or
public space. This includes searches, video
surveillance and ID checks.
|
|
Models
of Privacy Protection
|
|
There are four major models for privacy protection.
Depending on their application, these models can be
complimentary or contradictory. In most countries
reviewed in the survey, several are used
simultaneously. In the countries that protect
privacy most effectively, all of the models work
together to ensure privacy
protection.
Comprehensive laws
In many countries around the
world, there is a general law that governs the
collection, use and dissemination of personal
information by both the public and private sectors.
An oversight body then ensures compliance. This is
the preferred model for most countries adopting
data protection laws and was adopted by the EU to
ensure compliance with its data protection regime.
A variation of these laws, which is described as a
co-regulatory model, was adopted in Canada
and is pending in Australia. Under this approach,
industry develops rules for the protection of
privacy which are enforced by the industry and
overseen by the privacy
agency.
Sectoral Laws
Some countries, such as the
United States, have avoided enacting general data
protection rules in favor of specific sectoral laws
governing, for example, video rental records and
financial privacy. In such cases, enforcement is
achieved through a range of mechanisms. A major
drawback with this approach is that it requires
that new legislation be introduced with each new
technology so protections frequently lag behind.
The lack of legal protections for medical and
genetic information in the U.S. is a striking
example of its limitations. There is also the
problem of a lack of an oversight agency. In many
countries, sectoral laws are used to complement
comprehensive legislation by providing more
detailed protections for certain categories of
information, such as telecommunications, police
files or consumer credit records.
Self- Regulation
Data protection can also be
achieved - at least in theory - through various
forms of self-regulation, in which companies and
industry bodies establish codes of practice and
engage in self-policing. However, in many
countries, especially the U.S., these efforts have
been disappointing, with little evidence that the
aims of the codes are regularly fulfilled. Adequacy
and enforcement are the major problem with these
approaches. Industry codes in many countries have
tended to provide only weak protections and lack
enforcement. This is currently the policy promoted
by the governments of the United States, Japan, and
Singapore.
Technologies of Privacy
With the recent development of
commercially available technology-based
systems, privacy protection has also moved
into the hands of individual users. Users of the
Internet and of some physical applications can
employ a range of programs and systems that provide
varying degrees of privacy and security of
communications. These include encryption, anonymous
remailers, proxy servers, digital cash and smart
cards. Questions remain about security and
trustworthiness of these systems.
|
|
The
Right to Privacy
|
|
The recognition of privacy is deeply rooted in
history. The Bible has numerous references to
privacy.[10]
Jewish law has long recognized the concept of being
free from being watched.[11]
There were also protections in Classical Greece and
ancient China.[12]
Western countries have had protections for
hundreds of years. In 1361, the Justices of the
Peace Act in England provided for the arrest of
peeping toms and eavesdroppers. [13]
In 1765, British Lord Camden, striking down a
warrant to enter a house and seize papers wrote, “We
can safely say there is no law in this country to
justify the defendants in what they have done; if
there was, it would destroy all the comforts of
society, for papers are often the dearest property
any man can have.” [14]
Parliamentarian William Pitt wrote, “The
poorest man may in his cottage bid defiance to all
the force of the Crown. It may be frail; its roof
may shake; the wind may blow though it; the storms
may enter; the rain may enter – but the King
of England cannot enter; all his forces dare not
cross the threshold of the ruined tenement.” [15]
Various countries developed specific
protections for privacy in the centuries that
followed. In 1776, the Swedish Parliament enacted
the Access to Public Records Act which required
that all government-held information be used for
legitimate purposes. France prohibited the
publication of private facts and set stiff fines
for violators in 1858. [16]
The Norwegian criminal code prohibited the
publication of information
relating to “personal or domestic
affairs” in 1889. [17]
In 1890, American lawyers Samuel Warren and
Louis Brandeis wrote a seminal piece on the right
to privacy as a tort action, describing privacy as “the
right to be left alone.” [18]
Following the publication, this concept of the
privacy tort was gradually picked up across the
U.S. as part of the common law.
The modern privacy benchmark at an
international level can be found in the 1948
Universal Declaration of Human Rights, which
specifically protects territorial and
communications privacy. Article 12 states:
No one should be subjected to arbitrary
interference with his privacy, family, home or
correspondence, nor to attacks on his honour or
reputation. Everyone has the right to the
protection of the law against such interferences
or attacks.[19]
Numerous international
human rights treaties specifically recognize
privacy as a right. The International Covenant on
Civil and Political Rights (ICCPR), the UN
Convention on Migrant Workers [20]
and the UN Convention on Protection of the
Child [21]
adopt the same language. [22]
On the regional level, various treaties make
these rights legally enforceable. Article 8 of the
1950 Convention for the Protection of Human Rights
and Fundamental Freedoms [23]
states:
(1) Everyone has the right to respect
for his private and family life, his home and
his correspondence. (2) There shall be no
interference by a public authority with the
exercise of this right except as in accordance
with the law and is necessary in a democratic
society in the interests of national security,
public safety or the economic well-being of the
country, for the prevention of disorder or
crime, for the protection of health of morals,
or for the protection of the rights and freedoms
of others.
The Convention created
the European Commission of Human Rights and the
European Court of Human Rights to oversee
enforcement. Both have been active in the
enforcement of privacy rights and have consistently
viewed Article 8’s protections expansively
and interpreted the restrictions narrowly. [24]
The Commission found in 1976:
For numerous Anglo-Saxon and French
authors, the right to respect “private
life” is the right to privacy, the right
to live, as far as one wishes, protected from
publicity . . . In the opinion of the
Commission, however, the right to respect for
private life does not end there. It comprises
also, to a certain degree, the right to
establish and develop relationships with other
human beings, especially in the emotional field
for the development and fulfillment of one’s
own personality.[25]
The Court has reviewed
member states’ laws and imposed sanctions on
numerous countries for failing to regulate
wiretapping by governments and private
individuals. [26]
It has also reviewed cases of individuals’
access to their personal information in government
files to ensure that adequate procedures
exist. [27]
It has expanded the protections of Article 8 beyond
government actions to those of private persons
where it appears that the government should have
prohibited those actions. [28]
Other regional treaties are also beginning
to be used to protect privacy. Article 11 of the
American Convention on Human Rights sets out the
right to privacy in terms similar to the Universal
Declaration. [29]
In 1965, the Organization of American States
proclaimed the American Declaration of the Rights
and Duties of Man, which called for the protection
of numerous human rights, including
privacy. [30]
The Inter-American Court of Human Rights has begun
to address privacy issues in its cases.
|
|
The
Evolution of Data Protection
|
|
Interest in the right of privacy increased in the
1960s and 1970s with the advent of information
technology. The surveillance potential of powerful
computer systems prompted demands for specific
rules governing the collection and handling of
personal information. The genesis of modern
legislation in this area can be traced to the first
data protection law in the world enacted in the
Land of Hesse in Germany in 1970. This was followed
by national laws in Sweden (1973), the United
States (1974), Germany (1977), and France
(1978).[31]
Two crucial
international instruments evolved from these laws.
The Council of Europe’s 1981 Convention for
the Protection of Individuals with regard to the
Automatic Processing of Personal Data [32]
and the Organization for Economic Cooperation and
Development’s (OECD) Guidelines Governing the
Protection of Privacy and Transborder Data Flows of
Personal Data [33]
set out specific rules covering the handling of
electronic data. These rules describe personal
information as data that are afforded protection at
every step from collection to storage and
dissemination.
The expression of data protection in various
declarations and laws varies. All require that
personal information must be:
- obtained fairly and lawfully;
- used only for the original specified
purpose;
- adequate, relevant and not excessive to
purpose;
- accurate and up to date;
- accessible to the subject;
- kept secure; and
- destroyed after its purpose is
completed.
These two agreements
have had a profound effect on the enactment of laws
around the world. Nearly thirty countries have
signed the COE convention and several others are
planning to do so shortly. [34]
The OECD guidelines have also been widely used in
national legislation, even outside the OECD member
countries.
|
|
Rationales
for Adopting Comprehensive Laws
|
|
There are three major reasons for the movement
towards comprehensive privacy and data protection
laws. Many countries are adopting these laws for
one or more reasons.
To remedy past injustices. Many
countries, especially in Central Europe, South
America and South Africa, are adopting laws to
remedy privacy violations that occurred under
previous authoritarian regimes.
To promote electronic commerce. Many
countries, especially in Asia, have developed or
are currently developing laws in an effort to
promote electronic commerce. These countries
recognize consumers are uneasy with their
personal information being sent worldwide.
Privacy laws are being introduced as part of a
package of laws intended to facilitate
electronic commerce by setting up uniform
rules.
To ensure laws are consistent with
Pan-European laws. Most countries in Central
and Eastern Europe are adopting new laws based
on the Council of Europe Convention and the
European Union Data Protection Directive. Many
of these countries hope to join the European
Union in the near future. Countries in other
regions, such as Canada, are adopting new laws
to ensure that trade will not be affected by the
requirements of the EU Directive.
|
|
The
European Union Data Protection
Directives
|
|
In 1995 and 1997, the European Union enacted two
directives to harmonize laws throughout the EU to
ensure consistent levels of protections for
citizens and to allow for the free flow of personal
information throughout the EU.
The Directives set
a baseline common level of privacy which not only
reinforces current data protection law, but
extended it to establish a range of new rights. The
1995 Data Protection Directive sets a benchmark for
national law for processing personal information in
electronic and manual files. [35]
The 1997 Telecommunications Directive [36]
establishes specific protections covering
telephone, digital television, mobile networks and
other telecommunications systems. Each EU member
country was required to enact implementing
legislation by October 1998, though as of the
Summer of 2000, several are still pending.
Several principles
of data protection are strengthened under the
Directives: the right to know where the data
originated, the right to have inaccurate data
rectified, a right of recourse in the event of
unlawful processing and the right to withhold
permission to use data in some circumstances. For
example, individuals have the right to opt-out free
of charge from being sent direct marketing
material. The Data Protection Directive contains
strengthened protections over the use of sensitive
personal data relating, for example, to health or
finances. In the future, the commercial and
government use of such information will generally
require “explicit and unambiguous”
consent of the data subject.
A key concept in the European model is “enforceability.”
The European Union is concerned that data subjects
have rights that are enshrined in explicit rules,
and that they can go to a person or an authority
empowered to act on their behalf. Every EU country
has a Data Protection Commissioner or agency that
enforces the rules. It is expected that the
countries with which Europe does business will need
to provide a similar level of oversight.
The Directive imposes an obligation on
member States to ensure that the personal
information relating to European citizens has the
same level of protection when it is exported to,
and processed in, countries outside the EU. This
requirement has resulted in growing pressure
outside Europe for the passage of privacy laws.
Those countries that refuse to adopt meaningful
privacy laws may find themselves unable to conduct
certain types of information flows with Europe,
particularly if they involve sensitive data. (See
below)
The Telecommunications Directive imposes
wide-ranging obligations on carriers and service
providers to ensure the privacy of users’
communications, including Internet-related
activities. The new rules will cover areas that
until now have fallen between the cracks of data
protection laws. Access to billing data will be
severely restricted, as will marketing activity.
Caller ID technology must incorporate an option for
per-line blocking of number transmission.
Information collected in the delivery of a
communication must be purged once the call is
completed.
In July 2000, the European Commission,
issued a proposal for a new directive on “the
processing of personal data and the protection of
privacy in the electronic communications sector.” [37]
The proposed directive was introduced as a part of
a larger package aimed at strengthening competition
within the European electronic communications
markets. It will replace the existing 1997
Telecommunications Directive by extending the
existing protections for an individual’s “telecommunications”
to a broader, more technology neutral category of “electronic
communications.” The proposed directive
replaces existing definitions of telecommunications
services and networks with new definitions of “electronic
communications services and networks.” In
addition, it adds new definitions and protections
for “calls,” “communications,”
“traffic data” and “location data” in order
to enhance the consumer’s right to privacy
and control in all kinds of data processing. These
new provisions would, for example, ensure the
protection of all information (“traffic”)
transmitted across the Internet, prohibit
unsolicited commercial marketing by e-mail (spam)
without opt-in consent, and protect mobile phone
users from precise location tracking and
surveillance. The directive also gives subscribers
to all electronic communications services (such as
GSM and e-mail) the right to chose whether they are
listed in a public directory. As before, member
states could restrict provisions of the Directive
in the interests of law enforcement and public
security.
|
|
Oversight
and Privacy and Data Protection
Commissioners
|
|
An essential aspect of any privacy protection
regime is oversight. In most countries with an
omnibus data protection or privacy act, there is
also an official or agency that oversees
enforcement of the act. The powers of these
officials - Commissioner, Ombudsman or Registrar -
vary widely by country. A number of
countries including Germany and Canada also have
officials or offices on a state or provincial
level.
Under Article 28 of
the EU Data Protection Directive, all EU countries
must have an independent enforcement body. Under
the Directive, these agencies are given
considerable power: governments must consult the
body when the government draws up legislation
relating to the processing of personal information;
the bodies also have the power to conduct
investigations and have a right to access
information relevant to their investigations;
impose remedies such as ordering the destruction of
information or ban processing, and start legal
proceedings, hear complaints and issue reports. The
official is also generally responsible for public
education and international liaison in data
protection and data transfer. Many authorities also
maintain the register of data controllers and data
bases. They must approve licensing for data
controllers.
A number of countries that do not have a
comprehensive act still have a commissioner. These
include Australia, Thailand and Canada. A major
power of these officials is to focus public
attention on problem areas, even when they do not
have any authority to fix the problem. They can do
this by promoting codes of practice and encouraging
industry associations to adopt them. They also can
use their annual reports to point out problems. For
example, in Canada, the Federal Privacy
Commissioner announced in his 2000 report the
existence of an extensive database maintained by
the federal government. Once the issue became
public, the Ministry disbanded the database.
In a number of countries, the official also
serves as the enforcer of the jurisdiction’s
Freedom of Information Act. These include Hungary
and Thailand. The pending U.K. Freedom of
Information Bill will make the Data Protection
Commissioner also the Information Commissioner. On
the sub-national level, many of the German Lund
Commissioners have recently been given the power of
information commissioner and most of the Canadian
provincial agencies handle both data protection and
freedom of information.
A major problem with many agencies around
the world is a lack of resources to adequately
conduct oversight and enforcement. Many are
burdened with licensing systems which use much of
their resources. Others have large backlogs of
complaints or are unable to conduct significant
number of investigations. Many that started out
with adequate funding find their budgets cut a few
years later. The Australian Privacy Commission had
its budget severely cut in 1997 even as it was
given more duties.
Independence is also a problem. In many
countries, the agency is under the control of the
political arm of the government or part of the
Ministry of Justice and lacks the power or will to
advance privacy or criticize privacy invasive
proposals. In the U.S., the Office of Management
and Budget is part of the Executive Office of the
President. In Japan and Thailand, the oversight
agency is under the control of the Prime Ministers
Office. In Thailand, the director was transferred
in 2000 after conflicts with the Prime Ministers’
Office.
Finally, in some countries that do not have
a separate office, the role of investigating and
enforcing the laws is done by a human rights
ombudsman or by a parliamentary official.
|
|
Transborder
Data Flows and Data Havens
|
|
The ease with which electronic data flows across
borders led to a concern that data protection laws
could be circumvented by simply transferring
personal information to a third countries, where
the law didn’t apply. This data could then be
processed in those countries, frequently called a “data
havens,” without any limitations.
For this reason,
most data protection laws include restrictions on
the transfer of information to third countries
unless the information is protected in the
destination country. For example, Article 12 of the
Council of Europe’s 1981 Convention places
restrictions on the transborder flows of personal
data. [38]
Similarly, Article 25 of the European Directive
imposes an obligation on member States to ensure
that any personal information relating to European
citizens is protected by law when it is exported
to, and processed in, countries outside Europe. It
states:
The Member States shall provide that the
transfer to a third country of personal data which
are undergoing processing or are intended for
processing after transfer may take place only if .
. . the third country in question ensures an
adequate level of protection.
This requirement has resulted in growing
pressure outside Europe for the passage of strong
data protection laws. Those countries that refuse
to adopt meaningful privacy laws may find
themselves unable to conduct certain types of
information flows with Europe, particularly if they
involve sensitive data. Determination of a third
country’s system for protecting privacy is
made by the European Commission. The overarching
principle in this determination process is that the
level of protection in the receiving country must
be “adequate” rather than “equivalent.”
Therefore, a reasonably high standard of protection
is expected from the third party, although the
precise dictates of the Directive need not be
followed.
On July 26, 2000 the European Commission
ruled that both Switzerland and Hungary provide “adequate”
protection for personal information and therefore
that all transfers of personal data to these
countries could continue. The Commission is
currently looking into the privacy protection
schemes in several other non-EU countries,
including New Zealand, Australia, Canada and
Japan. [39]
Another possible way to protect the privacy
of information transferred to countries that do not
provide “adequate protection” is to
rely on a private contract containing standard data
protection clauses. This kind of contract would
bind the data processor to respect fair information
practices such as the right to notice, consent,
access and legal remedies. In the case of data
transferred from the European Union, the contract
would have to meet the standard “adequacy”
test, in order to satisfy the Data Protection
Directive. [40]
A number of model clauses that could be included in
such a contract were outlined in a 1992 joint study
by the Council of Europe, the European Commission
and the International Chamber of Commerce. [41]
In a June 2000 report (see below), the European
Parliament accused the European Commission of a “serious
omission” in failing to draft standard
contractual clauses that European citizens could
invoke in the courts of third countries before the
Data Directive came into
force. [42]
It recommended that they do so before September 30,
2000.
|
|
EU-U.S.
“Safe Harbor” Negotiations
|
|
Although it was never formally ruled upon by the
Commission, there were serious doubts whether the
United States’ sectoral and self-regulatory
approach to privacy protection would pass the
adequacy test laid down by the Directive. The EU
commissioned two prominent U.S. law professors, who
wrote a detailed report on the state of U.S.
privacy protections and pointed out the many gaps
in U.S. protection.[44]
The U.S. strongly
lobbied the EU and members countries to find the
U.S. system adequate. In 1998, the U.S. began
negotiating a “Safe Harbor” agreement
with the EU in order to ensure the continued
transborder flows of personal data. The idea of the
“Safe Harbor” was that U.S. companies would voluntarily
self-certify to adhere to a set of privacy
principles worked out by the U.S. Department of
Commerce and the Internal Market Directorate of the
European Commission. These companies would then
have a presumption of adequacy and they could
continue to receive personal data from the European
Union. Negotiations on the drafting of the
principles lasted nearly two years and were the
subject of bitter criticism by privacy and consumer
advocates. [45]
In early July, the European Parliament approved a
forceful resolution that the agreement needed to be
re-negotiated in order to provide adequate
protection. [46]
On July 26, 2000, the Commission approved
the agreement. [47]
The Commission did, however, promise to re-open
negotiations on the arrangement if the remedies
available to European citizens prove inadequate. EU
member states were given 90 days to put the
Commission’s decision into effect and U.S.
companies may join Safe Harbor starting in
November. There is an open-ended grace period for
U.S. signatory companies to implement the
principles.
The principles require all signatory
organizations to provide individuals with “clear
and conspicuous” notice of the kind of
information they collect, the purposes for which it
may be used, and any third parties to whom it may
be disclosed. This notice must be given at the time
of the collection of any personal information or “as
soon thereafter as is practicable.”
Individuals must be given the ability to choose
(opt-out of) the collection of data where the
information is either going to be disclosed to a
third party or used for an incompatible purpose. In
the case of sensitive information, individuals must
expressly consent (opt-in) to the collection.
Organizations wishing to transfer data to a third
party may do so if the third party subscribes to
Safe Harbor or if that third party signs an
agreement to protect the data. Organizations must
take reasonable precautions to protect the security
of information against loss, misuse and
unauthorized access, disclosure, alteration and
destruction. Organizations must provide individuals
with access to any personal information held about
them, and with the opportunity to correct, amend,
or delete that information where it is inaccurate.
This right is to be granted only if the burden or
expense of providing access would not be
disproportionate to the risks to the individual’s
privacy or where the rights of persons other than
the individual would not be violated. In terms of
enforcement, organizations must provide access to
readily available and affordable independent
recourse mechanisms which may investigate
complaints and award damages. They must issue
follow up compliance procedures and must adhere to
sanctions for failing to comply with the
Principles.
Privacy advocates and consumer groups both
in the U.S. and Europe are highly critical of the
European Commission’s decision to approve the
agreement, which they say will fail to provide
European citizens with adequate protection for
their personal data. [48]
The agreement rests on a self-regulatory system
whereby companies merely promise not to violate
their declared privacy practices. There is little
enforcement or systematic review of compliance. The
Safe Harbor status is granted at the time of
self-certification. There is no individual right to
appeal or right to compensation for privacy
infringements. There is an open ended grace period
for U.S. signatory companies to implement the
principles. The agreement will only apply to
companies overseen by the Federal Trade Commission
and Department of Transportation (excluding the
financial and telecommunications sectors) and there
are special exceptions granted for public records
information protected by EU law.
[1]
James Michael, Privacy and Human Rights (UNESCO
1994) p.1.
[2]
Simon Davies, Big Brother: Britain's web of
surveillance and the new technological order (Pan,
London, 1996) p. 23.
[3]
Volio, Fernando, “Legal personality, privacy
and the family” in Henkin (ed), The
International Bill of Rights,(New York: Columbia
University Press 1981).
[4]
Samuel Warren and Louis Brandeis, “The right
to privacy,” Harvard Law Review 4, 1890 pp
193 - 220.
[5]
Alan F Westin, Privacy and Freedom, (New York:
Atheneum: 1967) p. 7.
[6]
“Privacy as an Aspect of Human Dignity,” 39 New York
University Law Review, p. 971 (1964).
[7]
“Privacy and the Limits of Law,” 89 Yale Law Journal 421,
at 428 (1980).
[8]
Report of the Committee on Privacy and Related
Matters, Chairman David Calcutt QC, 1990, Cmnd.
1102, London: HMSO, page 7.
[9]
“The Australian Privacy Charter,” published by the
Australian Privacy Charter Group, Law School,
University of New South Wales, Sydney 1994.
[10]
Richard Hixson, Privacy in a Public Society: Human
Rights in Conflict, p. 3 (1987). See Barrington
Moore, Privacy: Studies in Social and Cultural
History (1984).
[11]
See Jeffrey Rosen, The Unwanted Gaze (Random House,
2000).
[13]
Infra James Michael, p. 15. Justices of the Peace
Act, 1361 (Eng.), 34 Edw. 3, c. 1.
[14]
Entick v. Carrington, 1558-1774 All E.R. Rep.
45.
[15]
Speech on the Excise Bill, 1763.
[16]
The Rachel affaire. Judgment of June 16, 1858,
Trib. pr. inst. de la Seine, 1858 D.P. III 62. See
Jeanne M. Hauch, Protecting Private Facts in
France: The Warren & Brandeis Tort is Alive and
Well and Flourishing in Paris, 68 Tul. L. Rev. 1219
(May 1994).
[17]
See prof. dr. juris Jon Bing, Data Protection in
Norway, 1996.
<http://www.jus.uio.no/iri/rettsinfo/lib/papers/dp_norway/dp_norway.html>.
[18]
Warren and Brandeis, The Right to Privacy, 4
Harvard Law Review 193 (1890).
[20]
A/RES/45/158 25 February 1991, Article
14.
[21]
UNGA Doc A/RES/44/25 (12 December 1989) with Annex,
Article 16.
[23]Convention
for the Protection of Human Rights and Fundamental
Freedoms Rome, 4.XI.1950.
<http://www.coe.fr/eng/legaltxt/5e.htm>.
[24]
Nadine Strossen, “Recent U.S. and Intl.
Judicial Protection of Individual Rights: A
comparative Legal Process Analysis and Proposed
Synthesis,” 41 Hastings Law Journal 805
(1990).
[25]
X v. Iceland, 5 Eur. Comm’n H.R. 86.87
(1976).
[26]
European Court of Human Rights, Case of Klass and
Others: Judgement of 6 September 1978, Series A No.
28 (1979). Malone v. Commissioner of Police, 2 All
E.R. 620 (1979). See Note, “Secret
Surveillance and the European Convention on Human
Rights,” 33 Stanford Law Review 1113, 1122
(1981).
[27]
Judgement of 26 March 1987 (Leander
Case).
[29]
Signed Nov. 22, 1969, entered into force July 18,
1978, O.A.S. Treaty Series No. 36, at 1, O.A.S.
Off. Rec. OEA/Ser. L/V/II.23 dec rev. 2.
[30]
O.A.S. Res XXX, adopted by the Ninth Conference of
American States, 1948 OEA/Ser/. L./V/I.4 Rev
(1965).
[31]
An excellent analysis of these laws is found in
David Flaherty, Protecting Privacy in Surveillance
Societies (University of North Carolina Press
1989).
[34]
Council of Europe
<http://conventions.coe.int/>.
[37]
European Commission, ‘Proposal for a
directive of the European Parliament and of the
Council concerning the processing of personal data
and the protection of privacy in the electronic
communications sector’
<http://europa.eu.int/comm/information_society/policy/framework/pdf/com2000385_en.pdf>.
[39]
See European Commission Press Release, ‘Data
protection: Commission adopts decisions recognising
adequacy of regimes in US, Switzerland and Hungary’,
July 27, 2000.
<http://europa.eu.int/comm/internal_market/en/media/dataprot/news/safeharbor.htm>.
[40]
See European Union, Internal Market Directorate,
Background Information: Transfer of data to non-EU
countries – FAQ.
<http://europa.eu.int/comm/internal_market/en/media/dataprot/backinfo/info.htm>.
[43]
The article 29 data protection working group
of the European Commission has issued documents
giving guidance on the role of contracts generally.
See ‘Transfers of personal data to third
countries: Applying Articles 25 and 26 of the EU
data protection directive’ 24 July 1998.
<http://europa.eu.int/comm/internal_market/en/media/dataprot/wpdocs/wp12en.htm>.
[44]
Paul M. Schwartz and Joel R. Reindenberg, Data
Privacy Law, (Michie) (1996).
[45]
See e.g., Public Comments Received by the US
Department of Commerce in Response to the Safe
Harbor Documents April 5, 2000,
<http://www.ita.doc.gov/td/ecom/Comments400/publiccomments0400.html>.
[46]
European Parliament resolution on the Draft
Commission Decision on the adequacy of the
protection provided by the Safe Harbour Privacy
Principles and related Frequently Asked Questions
issued by the US Department of Commerce.
<http://www.epic.org/privacy/intl/EP_SH_resolution_0700.html>.
[47]
Commission Decision on the adequacy of the
protection provided by theSafe Harbour Privacy
Principles and related Frequently Asked Questions
issued by the US Department of Commerce.
<http://europa.eu.int/comm/internal_market/en/media/dataprot/news/decision.pdf>.
[48]
See for example the earlier Statement of the
Transatlantic Consumer Protection Dialogue on U.S.
Department of Commerce Draft International Safe
Harbor Privacy Principles and FAQs
March 30, 2000,
<http://www.tacd.org/ecommercef.html#usdraft>.
<
back to Privacy & Human Rights
2000
|
|
