In Europe data protection is an important issue. The European Union issued Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
In 1981 the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data was negotiated within the Council of Europe. This convention obliges member states to implement legislation concerning the automatic processing of personal data.
In the United Kingdom this convention is enshrined in the Data Protection Act 1998.
In contrast the United States has not implemented any overarching data protection legislation. Regulations do exist in specific areas such as HIPAA, which addresses the security and privacy of health data. As a result of this the safe harbor arrangement was developed by the US Department of Commerce in order to provide a means for US companies to demonstrate compliance with European Commission directives and thus to simplify relations between them and European businesses.
In Europe data protection and privacy rights are further enhanced by the European Convention on Human Rights, Article 8 of which provides a right to respect for one's "private and family life, his home and his correspondence,"
Privacy issues may arise wherever uniquely identifiable data relating to a person is collected and processed. The challenge in data privacy is to share data while protecting personally identifiable information. In many circumstances there is the legal right to, or public expectation of privacy in the collection and sharing of data.
Data privacy issues often arise with regard to the following types of information:-
- Health information.
- Criminal justice.
- Financial information.
- Genetic information.
- Location information.
Data Processing Principles
In Europe eight enforceable principles of good data processing practice have been developed. These principles are enshrined in the United Kingdom Data Protection Act 1998.
Data must be:-
- Fairly and lawfully processed .
- Processed for limited purposes.
- Adequate, relevant and not excessive.
- Not kept longer than necessary.
- Processed in accordance with the data subject's rights.
- Not transferred to countries without adequate protection.