Tag Archives: Privacy

Supreme Court of Argentina ordered the government to disclosed public data over social plans

The government has refused to give access to data related to social plans rejecting FOI request using the data protection act and the legal opinions of the DPA. The Supreme Court has ruled that FOI is a fundamental right and the the data should be provided to the applicant, an ONG called CIPPEC.

Case and comment available at CIJ website.

ECJ invalidates data retention directive

From PI website…

The ruling today from the European Court of Justice, invalidating the European Union’s 2006 Data Retention Directive policy, was strong and unequivocal: the right to privacy provides a fundamental barrier between the individual and powerful institutions, and laws allowing for indiscriminate, blanket retention on this scale are completely unacceptable.

As the Court states, it is not, and never was, proportionate to spy on the entire population of Europe. The types of data retained under this hastily-enacted Directive are incredibly revealing about our lives, including our daily activities and whom we have relationships with. It is right and overdue that this terrible directive was struck down…

Continue reading…

New regulation in Colombia

Prof. Nelson Remolina data protection blog informed us that the Presidency of Colombia has enacted the Regulation of the Data Protection Act (see Decree 1377 of 2013). The Regulation supplements the Colombian Data Protection Act, that was enacted on the year 2012 (Law n. 1581 of 2012). The Law followed closely the European regulatory model on data protection matters. With this Regulation, Colombia is ready to apply its data protection law. The main characteristics of this new Regulation are:

–       Databases only for internal or domestic use are exempted from the data protection act when they are created by natural persons (thus, this exception does not apply to corporations).

–       Privacy notice is defined. This is important because this is the document to inform the data subject of his/her rights and for companies to demonstrate compliance with the data protection law.

–       Public data is defined as data that is not data that is not sensitive, nor private, nor semiprivate. This may include data obtained from public registries, official bulletins or judicial decisions. The definition is important because the Authorization (consent) from the data subject is not required for public data under the Data Protection law.

–       A new definition of sensitive data, that includes biometric data.

–       Companies must preserve the evidence to prove that they have obtained Authorization from the data subject.

–       Data should be preserved according to the purpose of the collection and later erased unless there is a legal or contractual duty to preserve it.

–       A special provision when data of children is collected provides that the superior interest of the child should be taken into account. Under the Data Protection Act, personal data from children is considered together with sensitive data as a special kind of personal data.

–       The Regulation requires to have a Privacy Policy and to make it available to individuals. The document should contain the purpose of the collection, name and other information of the data controller, rights of the data subject, and explain how to request access and correction.

–       The Regulations clearly provides that no consent is necessary from the data subject if there is an international transfer agreement. The registration of international transfer agreements is not regulated yet, although they are a requirement to transfer personal data.

–       The Regulation clearly established that companies must be able to show the DPA that all requirements of the Data protection Act are in place.

In sum, one more country in Latin America completes its regulation on data protection issues and is ready to be part of the data protection club. With this regulation, Colombia is on board with Argentina, Mexico, Uruguay, Peru, Costa Rica and Nicaragua as countries that have been following closely the EU model.

 

Surveillance debate

From Privacy International web page…

In the wake of revelations that the UK Government is accessing wide-ranging intelligence information from the US and is conducting mass surveillance on citizens across the UK, PI commenced legal action against the UK Government, charging that the expansive spying regime is seemingly operated outside of the rule of law, lacks any accountability, and is neither necessary nor proportionate.

The claim, filed in the Investigatory Powers Tribunal (IPT), challenges the UK Government on two fronts. Firstly, for the failure to have a publicly accessible legal framework in which communications data of those located in the UK is accessed after obtained and passed on by the US National Security Agency through the Prism programme.  Secondly, for the indiscriminate interception and storing of huge amounts of data via tapping undersea fibre optic cables through the Tempora programme. Continue reading

New law in Argentina pits transparency against privacy

The law was enacted on May 23, 2013 by Congress (Law 26.856). The new law provides that the Judiciary must publish all decisions and court case status online and in an official journal in the web page of the Supreme Court.

It also provide that in some cases the privacy and rights of third parties (workers and minors) have to be protected. Most of what the law requires was already implemented by several decision of the Supreme Court. The aim of the law is to achieve transparency, but it does not contain precise exceptions. The law is not very clear in the privacy safeguards. The data protection act is not mentioned at all in the law. Furthermore, each court of appeals has its own regulation and the law does not differentiate each different situation (e.g. labor cases, bankruptcy cases, family law cases, adoption cases, etc).