[Previous] [Next] - [Index] [Thread Index] - [Previous in Thread] [Next in Thread]


Subject: RE: UKNM: EU Privacy Resources for US sites?
From: Elizabeth Van Couvering
Date: Thu, 12 Aug 1999 09:11:15 +0100

Hi Clay,

I did a lot of research on this while I was an analyst at Jupiter, and here
are key points and conclusions:

Find out if they have operations in the EU. Where 'operations' is probably
defined as 'an office' but might possibly be defined as 'a server'.

Sites with operations in the EU that are collecting 'personal data' (data
that allows for the identification of a natural person) need to abide by the
EU laws, which in brief are:

That the data is:
- used fairly and lawfully
- used for specific purposes which are legitimate and explicit
- adequate, relevant, and not excessive
- rectification or erasure of inaccurate data should be possible
- the data should be kept in individually identified format for no longer
than necessary

Personal data can be used IF
- unambiguous consent is given
- it is contractually necessary (ie an address for delivery) or necessary
for the purposes of entering into the contract (ie for credit checking)
- or other official stuff like it's required by law etc.

HOWEVER, certain data is classed as 'sensitive' and should only be collected
if EXPLICIT CONSENT is given (or possibly not even then), and that includes:
- racial/ethnic origin
- political opinions
- religious or philosophical beliefs
- trade union membership
- health
- sex life

Different countries may require holders of personal data to register with
the country authorities, ie the UK Data Protection Registrar. Laws across
Europe have been basically harmonised since October 98, although there is
minor variation they all should conform to the EU Directive.

(official EU info on all this at
http://europa.eu.int/comm/dg15/en/media/dataprot/backinfo/info.htm)

Particular concerns for the online world:

* The regulators I spoke to here and in Germany, as well as on the official
EU site info, classified IP numbers as likely being in a set of cases -- ie
fixed rather than dynamic -- 'personal data' -- which has implications all
over the place from ad serving networks to how long you hold your log files.

* The 'export' of data from EU operating countries to non-safe countries
(best example, the US) is also governed by the explicit consent rule and
warnings are required; probably best way around this is to bind partner
companies in non-safe countries by contracts requiring them to adhere to EU
data protection principles.

* Essentially, privacy policies and good data protection are good for
business, so sites should post them anyway.

* There aren't really any good 3rd party schemes such as TrustE here, TrustE
is in Europe but not recognised yet by consumers.

* Consumers basically care about whether you can tell if they're committing
illegal, immoral, or indecent acts which are their personal business, and
they also care about fraud/security issues. Reassure them.

* Basically, sites shouldn't be too afriad -- they can collect data if they
follow some simple rules, but there are upcoming battles probably over
jurisdiction and IP stuff that they should try to avoid. It's an issue of
consumer trust as much as an issue of the letter of the law.

Elizabeth Van Couvering
Client Partner
Organic Online London
70 Salusbury Road NW6 6NU
t +44 (0)20 7644 2617 | e evcatorganic [dot] com | w http://www.organic.com

[my views, not Organic's]


-----Original Message-----
From: owneratchinwag [dot] com [owneratchinwag [dot] com]On">mailto:owneratchinwag [dot] com]On Behalf Of Clay
Shirky
Sent: 11 August 1999 16:59
To: uk-netmarketingatchinwag [dot] com
Subject: UKNM: EU Privacy Resources for US sites?


Are there any resources for US companies who are taking registration
from EU users and want to stay on the right side of privacy law?

TIA,

-clay
********************
UKNM is sponsored by Excite UK, visit us at http://www.excite.co.uk.
Email Khalil Ibrahimi khalilatexcitecorp [dot] com (mailto:khalilatexcitecorp [dot] com) to advertise on Excite.
********************
Change your UKNM subscription use http://www.chinwag.com/uknm.html


********************
UKNM is sponsored by Excite UK, visit us at http://www.excite.co.uk.
Email Khalil Ibrahimi khalilatexcitecorp [dot] com (mailto:khalilatexcitecorp [dot] com) to advertise on Excite.
********************
Change your UKNM subscription use http://www.chinwag.com/uknm.html



[Previous] [Next] - [Index] [Thread Index] - [Next in Thread] [Previous in Thread]