Center for Democracy and Technology

Briefing Materials on the European Union Directive on Data Protection


EU Documents

  1. Directive 95/46/EC on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data
  2. News Release: Directive on Data Protection Enters Into Effect
  3. Transfers of personal data to third countries: Applying Articles 25 and 26 of the EU data protection directive [PDF]
  4. Working Document: [PDF] "Judging industry self-regulation: when does it make a meaningful contribution to the level of data protection in a third country?"
  5. Press Release: "Data protection: Microsoft agrees to change its .NET Passport system after discussions with EU watchdog"

Background

  1. A generic Code of Fair Information Principles
  2. OECD Guidelines
  3. Public Records: Access, Privacy, and Public Policy: A Discussion Paper Prepared by Robert Gellman

International Responses

Canada

  1. "The Protection of Personal Information," a joint report by the industry and justice ministries. PIPEDA (Personal Information Protection and Electronic Documents Act)
  2. "Canada's New Approach to Privacy Standards" by Robert Gellman [not available online]

United States

  1. Privacy Elements Paper," a proposal by the National Telecommunications and Information Administration of the Department of Commerce
  2. "Options for Promoting Privacy on the National Information Infrastructure," a report by the Information Policy Committee of the National Information Infrastructure Task Force
  3. Report to Congress: "Privacy Online," a report by the Federal Trade Commission, executive summary and introduction
  4. "Recycled Self-Regulation Stance of US May Only Irk Europeans" by Robert Gellman [not available online]
  5. FTC’s website regarding safe harbor provisions

United Kingdom

  1. "Implementing the EU Data Protection Directive," a discussion by the Data Protection Registrar

Interpretations

  1. "Paper 6: Individuals' Rights," a comparison of pre- and post-directive privacy regimes in the UK
  2. Irish "Consultation Paper," sections concerning data controllers' obligations individuals' rights under the directive

Documents Discussed at the Briefing

  1. CSA Standard CAN/CSA-Q830-96, Model Code or the Protection of Personal Information
  2. Council of Europe Convention for the Protection of Individuals with Regard for Automatic Processing of Personal Data (ETS No. 108)
  3. Discussion Paper 2: "Information Privacy Principles," part of the review of the (New Zealand) Privacy Act 1993 by the New Zealand Privacy Commissioner
  4. Fragmented, Incomplete, and Discontinuous: The Failure of Federal Privacy Regulatory Proposals and Institutions," by Robert Gellman. IV Software Law Journal 200 [not available online]

Other Links

  1. CDT comments to the Dept. of Commerce on the Safe Harbor principles
  2. Background Information on the European "Privacy" Directive
  3. European Commission (Directorate General XV) - Data Protection Working Party: Recommendation 3/97: Anonymity on the Internet (3 December 1997)
  4. Data protection applied to the telecommunications sector: Directive 97/66/EC of the European Parliament and of the Council of 15 December 1997 concerning the processing of personal data and the protection of privacy in the telecommunications sector
  5. European Commission (Directorate General XV) - Data Protection Working Party: Working Document: Preliminary views on the use of contractual provisions in the context of transfers of personal data to third countries (22 April 1998)
  6. European Commission (Directorate General XV) - Data Protection Working Party: Second Annual Report (30 November 1998)
  7. European Commission (Directorate General XV) - Data Protection Working Party: Opinion 1/99 concerning the level of data protection in the United States and the ongoing discussions between the European Commission and the United States Government (26 January 1999)
  8. European Commission (Directorate General XV) - Data Protection Working Party: Working Document: Processing of Personal Data on the Internet (23 February 1999)
  9. European Commission (Directorate General XV) - Data Protection Working Party: Recommendation 1/99 on Invisible and Automatic Processing of Personal Data on the Internet Performed by Software and Hardware (23 February 1999)
  10. European Commission (Directorate General XV) - Data Protection Working Party: Opinion 2/99 on the Adequacy of the "International Safe Harbor Principles" issued by the US Department of Commerce on 19th April 1999
  11. European Commission (Directorate General XV) - Data Protection Working Party: Opinion 4/99 on the Frequently Asked Questions to be issued by the US Department of Commerce in relation to the proposed "Safe Harbor Principles" on the Adequacy of the "International Safe Harbor Principles", (7 June 1999)
  12. European Commission (Directorate General XV) - Data Protection Working Party: Working document on the current state of play of the ongoing discussions between the European Commission and the United States Government concerning the "International Safe Harbor Principles" (7 July 1999)
  13. European Commission (Directorate General XV) - Data Protection Working Party: Opinion 7/99 on the Level of Data Protection provided by the "Safe Harbor" Principles as published together with the Frequently Asked Questions (FAQs) and other related documents on 15 and 16 November 1999 by the US Department of Commerce (3 December 1999)
  14. European Commission (Directorate General XV) - Status of implementation of Directive 95/46 in the 15 countries of the European Union