IP: Re: CFP98 Conference Report

[Dave Farber <farber () cis upenn edu>]

From: reidenberg () sprynet com
Date: Tue, 3 Mar 1998 20:43:43 -0800 (PST)


For the IP list--


I enjoyed Danielle Gallo's CFP98 Conference report, but the paragraph on my 
panel "Privacy and Encryption Law in France" leaves some misconceptions.  


French law for 20 years has permitted the French data protection agency, the 
CNIL, to  prohibit transborder data flows to countries lacking sufficient 
privacy protection.  The CNIL was not created to restrict international data 
flows, but rather was established to assure the protection of citizen's
rights 
in the face of computerization of French society.  For years, many other 
European countries have had similar laws (e.g. the U.K., Netherlands,
Germany, 
etc.)  


The conflict suggested Gallo's review of Brian Kahin's talk is with the
entire 
European Union and increasingly with the rest of the world's democratic 
countries concerned about privacy, not just with France.  The EU Directive on 
data privacy mandates that all 15 European states prohibit transfers of
personal 
information to countries that do not assure an "adequate" level of privacy.  
These provisions must be enacted into the 15 national laws by October 1998.  
> From Australia to Canada, privacy legislation is under consideration to
meet EU 
standards.  The US is the exception trying to avoid legal standards for the 
protection of privacy.  As a result, data flows to the US will have real 
problems once the Directive is implemented.  I did also point out that within 
France, as well as elsewhere in Europe, there are some important compliance 
issues and problems.  The application of data protection laws to on-line 
services will be particularly difficult.  A colleague and I have just
completed 
an extensive report "Data Protection Law and On-line Services: Regulatory 
Responses" studying Belgium, France, Germany and the United Kingdom for the 
European Commission that we hope will be released by the European Commission 
later this month.  I will send an announcement once it is released.


Joel Reidenberg






On Tue, 03 Mar 1998, Dave Farber <farber () cis upenn edu> wrote:
> Danielle Gallo's CFP98 Conference Report


> Although many ideas and issues were raised in the panel on 'Privacy
> and Encryption Law in France', there are only a few I would like to
> touch on. Professor Joel Reidenberg of the Fordham University School
> of Law (http://www.fordham.edu/law/faculty/reidenberg/main.htm) cited
> the territorial impact of data protection. He suggested trans-border
> data flows enable data passing to places with inferior
> protection. This is of utmost concern to the French, who hold strong
> views on privacy. The French position on data protection issues
> prevents sensitive data such as political or religious beliefs to be
> transmitted without consent. Reidenberg concedes that there is not
> full respect for data privacy laws; therefore, organizations have been
> created to supervise enforcement -- for example, the CNIL (Commission
> Nationale Informatique et Libertes) in France. This part of the


> discussion relates to Brian Kahin's keynote address, which cited the
> need for international agreements and well-defined principles. I think
> that compromise on these issues will be difficult because the French
> are very stringent on privacy issues and may not agree with the rest
> of the world.


******************************************************************


Joel R. Reidenberg
Professor of Law
Fordham University School of Law
140 West 62nd Street
New York, NY 10023
Tel: 212-636-6843 direct
        212-636-6890 secretariat
Fax: 212-636-6899


Email: reidenberg () sprynet com
Home page: <home.sprynet.com/sprynet/reidenberg>


*******************************************************************




********************************
See you at INET'98, Geneva 21-24, July 98   <http://www.isoc.org/inet98/>