4 5 May 2007

News:

A prominent advisory body to the US government has called for the creation of a US national privacy commissioner as part of a number of recommendations in a report examining privacy in the digital information age.

The UK Information Commissioner's Office (ICO) has approved its second set of Binding Corporate Rules (BCRs) authorising electronics company Philips to share employees' and clients' personal information, held in the UK, with other Philips offices based outside of the European Economic Area (EEA).

The French Commission Nationale de l'Informatique et des Libertes (CNIL) has fined the French arm of global health care manufacturer, Tyco Healthcare, €30,000 following an investigation into its data processing policies.

Features:

The UK Information Commissioner has never hidden his game plan on the data protection front. Whilst relying on the temperate style he is internationally known for, he stresses the crucial importance of individuals' privacy and data protection rights at every opportunity. For the past few years, Richard Thomas has presided over a quiet revolution aimed at changing the way data protection compliance is explained, promoted and enforced. His strategy is clear: to encourage organisations to strive for good practice as a matter of self-interest, and to adopt a risk-based and targeted approach to enforcement. As a result, privacy and data security issues have the highest profile they have ever had in this country. And rightly so.

The recent Court of Appeal decision involving Johnson v MDU has generated controversy over what constitutes 'processing' under the DPA. In this article, Ruth Boardman and Siobhan McManus, of Bird & Bird, set out the findings of the leading judgment given by Buxton L.J.

The clash between the US demands for access to information and EU data protection compliance obligations presents an increasingly difficult challenge for international organisations. Eduardo Ustaran and Victoria Hordern of Field Fisher Waterhouse examine the problem and look for solutions.

A December 2006 decision, where the French data protection authority (Commission Nationale de l'Informatique et des Libertés) fined Tyco Healthcare France €30,000 for lack of cooperation and transparency in assisting with its investigations, has recently been published. Raphaël Dana, Avocat a la Cour, Soulier, explains the decision and the powers of the CNIL under the French Data Privacy Act.

In October 2006, a book was published by the Chinese Academy of Social Sciences containing a draft data protection statute, which could be used as the basis for a Chinese data protection law. In this article, Manuel E. Maisog, a partner in the Beijing office of Hunton & Williams LLP, looks at recent developments and the future prospects for a Chinese law.

In terms of privacy, Spain has one of the strictest regulatory regimes in Europe. Guadalupe Sampedro of Garrigues explains how this extends to Spain's approach to international data transfers, highlighting different approaches including the use of Binding Corporate Rules and gaining the consent of the Spanish Data Protection Agency.