About ILPFTo Join ILPFWorking Groups and PublicationsMember ResourcesEventsHome

  Electronic Authentication
  Self Regulation
  Content Liability


Previous | Next
Table of Contents

C. Improper Use Or Disclosure Of Private Information.


According to the report by the Australia Broadcasting Authority, in terms of laws relating to privacy, a service provider may be prohibited from disclosing or using the contents or substance of communications carried by it under Section 88 - Telecommunications Act 1991. The privacy of personal communications may also be regulated by other laws - for example The Telecommunications (Interception) Act 1979.


The European Union last year adopted a Directive, due to come into force on January 1 1998, which is largely modelled on the most restrictive data protection laws currently in existence in the EU, namely those of France and Germany. When the Directive comes into force, any information collected about a consumer=s activities on the Internet (to the extent that it constitutes "personal data") can only be stored and processed in accordance with a "clear unambiguous consent" of the data subject, a phrase which seems to go much further than the "opt out" language used in much direct marketing and many web-based submission forms. Organisations are required to obtain the approval of the local data registrar in order to export data to countries which do not have "equivalent protection" and the US, for example, would certainly be considered not to have equivalent legislation.


It was announced on January 24 1997 by a Ministry of International Trade and Industry Official, that Japan planned to institute a comprehensive privacy protection guideline on the collection of personal information. The draft guidelines proposes that no personal data can be collected without the subject's consent.

These guidelines appear to attempt to come into line with the EU Directive, thus preserving the trade of information in the EU in 1998.


According to an Inter-Departmental Working Party of the Federal Office of Justice Report, it is possible to commit the following crimes: unauthorised data procurement, unauthorised access to a data-processing system, damage to data and fraudulent abuse of a data-processing system or the obtaining of a service under false pretences by using the Internet or another network (Arts 143 and 150, Penal Code). At the date of the report, there had been no reported cases specific to the Internet which would enable assessment. The Working Party felt that there was no need for legislative action in this area at that time.

United States

Interestingly, even in the US, where a high value is placed upon first amendment free speech ideals, calls for greater data privacy are increasing and the current limited protection given to data relating to credit transactions, cable television subscriptions and electronic funds transfers may well be broadened.

Part of the recently enacted Telecommunications Reform Act of 1995 provides protection for personal privacy. There are provisions which limit the use and disclosure of customer proprietary network information ("CPNI") ie quantity, type, destination and amount of use of a telecommunication service by a customer, information available to the carrier by virtue of their relationship with the customer and to that which is necessary in providing that service to the customer.

The Health Insurance Portability and Accountability Act of 1996 includes a mandate that privacy rules must be enacted by Congress or by the Executive branch within the next four years, in order to govern the privacy of health information in electronic form.

Congress has also requested a Federal Reserve Board study to examine the risk of fraud raised by the disclosure of personal information, after the outcry over the sale of personal information by Lexis-Nexis P-Trak service.

A consortium of Internet companies launched a programme called "Privacy Assured" in October 1996, established to design rules to make the Internet "safe" for personal and commercial use. A logo on a company=s web page will show that the organisation has agreed to not knowingly list information on individual users without prior consent; block reverse searches which can be used to retrieve user names, addresses, email and phone numbers; and issue only aggregated-use statistics which cannot identify individuals. There would also be a link to the consortium=s web page. Also in October 1996, eTrust was formed by a partnership between the Electronic Frontier Foundation (the "EFF") and CommerceNet. Trust is a global initiative to establish consumer trust and confidence in electronic transactions. The key principles are: informed consent - the right of consumers to be informed about the privacy and security consequences of an online transaction before entering into one; no privacy exists without appropriate security - they are inexorably linked in an online transaction; and privacy standards vary according to the context of use - no single privacy standard covers all situations or all participants.

Many more privacy initiatives are predicted for the year ahead. Two bills have recently been introduced, one by Bruce Vento on Jan 7 1997 which would prohibit interactive computer services from disclosing or selling personally identifiable information about their subscribers, without the subscribers' prior written consent. The other is by Edward Markey, which plans to introduce legislation to protect consumer's privacy over electronic networks, which should be introduced over the next few months (from January 1997). It will address online consumer privacy issues and direct the Federal Trade Commission and The Federal Communications Commission ("FCC") to regulate marketeers' use of personal information, including those marketeers using the Internet as an advertising medium.

Bob Franks plans to introduce the "Children's Privacy Protection and Parental Empowerment Act" in February 1997, making it a crime for list brokers to sell information about children without parental consent, the information tending to enable the child to be contacted. This is due to the fact that WWW browsing leaves "mouse droppings" revealing where a child has visited and where they are from and that children are seen as more vulnerable to solicitation either by marketeers or even paedophiles.

It remains to be seen if any of these bills become law, as marketeers feel that these bills will have the effect of crippling the direct marketing industry. But the US Government issued a report in January 1997 stating that consumers should be informed about the information gathering practices on the Internet and be given the right for the information to be used only with their consent.

There are also arguments that there is a right to corporate privacy, although there is only one case, a Californian case, where a corporation was granted a corporate tort privacy right. There is protection of corporate privacy in terms of commercial information, for example, the prevention of economic harm by the disclosure of sensitive commercial information usually in discovery or related judicial proceedings. There are doubts as to whether this should in fact be extended to a corporate privacy right since it is the corporations who cause the problems for consumers and which they could use to ensure that information is not made available to the public.

Previous | Next
Table of Contents

About ILPF | To Join ILPF | Working Groups & Publications
Member Resources | Events | Home