Ashley GreenSensitive Information in a Wired WorldProfessor Joan FeigenbaumYale UniversityDecember 12, 2003Over the past decade the world has gotten much smaller due to the electronic communication the Internet has fostered. While this promotes business and international relations, problems arise regarding the protection of individuals’ personal information. Many countries around the world have developed privacy policies and laws protect an individual's information in the realm of electronic communication. Universal enforcement gets complicated because the Internet is not restricted to one country; it’s worldwide. As a result, concerns arise regarding the compatibility of various countries' privacy policies. This paper will discuss the current legislation in place for various major countries1, the existing conflicts between these countries’ policies and the implications these conflicts hold for the protection of privacy on the Internet.To begin, consider how countries handle the privacy of individuals in general, not exclusively in the electronic environment. Most countries around the world protect an individual’s right to privacy in some respects, because “privacy is a fundamental human right that has become one of the most important human rights of the modern age”2. Definitions for privacy vary according to context and environment. For example, in the United States Justice Louis Brandeis defined privacy as the “right to be left alone”3. In the United Kingdom, privacy is “the right of an individual to be protected against 1 Note: I restricted the study of international privacy laws only to countries who had similar government and social standards to the United States. Therefore, this study excludes many countries in Asia and Africa.22 Privacy and Human Rights 2003: Overview. <http://www.privacyinternational. org/survey/phr2003/overview.html> page 1.3 Privacy and Human Rights 2003: Overview 1.intrusion into his personal life or affairs…by direct physical means or by publication of information”4. Australian legislation states that “privacy is a basic human right and the reasonable expectation of every person”5. Regardless of varying definitions of privacy, the importance of an individual’s privacy is recognized on some level. Every country in the world has a provision for privacy, even if it is as simple as the right to privacy in one’s home or the right to secrecy of communication. On a more global level, international agreements such as the International Covenant on Civil and Political Rights and the European Convention on Human Rights protect the privacy of individuals around the world. We see that in order to protect the fundamental privacy rights of individuals, laws have been established on both local and global scales. Therefore, it follows that laws are also necessary to protect the information of individualsin the electronic environment.Two types of laws are adopted by various countries to protect the sensitive information of individuals on the web. The first kind, comprehensive laws, are laws “that govern the collection, use and dissemination of personal information by both the public and private sectors”6. These general laws do not deal with individual areas like health care or educational systems. Instead, they establish standards for use of private information for all entities. Comprehensive laws are usually adopted for one of three reasons: to remedy past injustices, to promote electronic commerce or to ensure that laws are consistent with Pan-European laws7. In addition, comprehensive laws often require the establishment of an independent commissioner to oversee the enforcement of the law. Unfortunately, problems arise because either a lack of resources hinders enforcement or 4 Privacy and Human Rights 2003: Overview 2.5 Privacy and Human Rights 2003: Overview 2.6 Privacy and Human Rights 2003: Overview 2.7 Privacy and Human Rights 2003: Overview 5.the “independent” commissioner is under the control of the government8. The second set of laws are characterized as sectoral laws. These laws avoid broad, extensive legislation and instead target various sectors. The implied advantage of sectoral laws is their enforceability. Since they are so specific in nature, one would think that they would be easier to enforce than broad, comprehensive laws. On the other hand, introducing sectorallaws is a difficult because legislation has to be passed for each new sector9. While these two types of laws have their advantages and disadvantages, countries have formed a sharp divide by choosing one type of law or the other. Comprehensive laws remain the main choice of many countries around the world. All countries in the European Union, Canada, Australia and the United Kingdom have chosen to implement legislation that is not sector specific. For example, the European Union adopted the Privacy and Electronic Communications Directive to prohibit the secondary use of all data without the informed consent of the individual10. Some of the details of this directive include the requirement of opt-in personally-identifiable online profiles, upfront notice when data is collected from data collectors11 and the prohibition of data transference to any country that is not a member of the European Union. Althoughthese details hold promising potential for privacy protection, they could present problemsfor European business. Specifically, the prohibition of data-transfer to countries other than those in the European Union hold implications for international business. How will countries in the European Union be able to participate in international business with 8 Privacy and Human Rights 2003: Overview 7.9 Privacy and Human Rights 2003: Overview 3.10 Online Privacy: Promise or Peril. Lorrie Cranor. <http://lab.zoo.cs.yale.edu/cs156/lecture15.ppt> 28.11 Privacy and Human Rights 2003: Overview 6.companies outside the EU if they can’t transfer data? This question will be discussed lat Ithe paper. Canada and Australia adopted a “co-regulatory” model of comprehensive laws. These co-regulatory laws allow the industry to develop and enforce rules for the protection of privacy, but a privacy agency (commissioner) oversees this enforcement12. Power is given to sectors to create and enforce industry specific laws, but a global agencystill oversees the enforcement of these laws to ensure compliance. In addition, it is important to mention that both of these