You are here: I*M Europe / I*M Legal Issues / News / Europrix 11/05/99   
What's New?
Quick Links
What's New?
Legal Conference
Main Sections
Internet Action Plan
LAB (Legal Advisory Board)
Policy Library
EIIA's legal guide
Who's Who?
Legal Links
Access to Public Information 
Audiovisual Policy
Bonn Conference
Computer Crime
Consumer Protection
Data Protection
Digital Signatures
Domain Names
Electronic Commerce
Information Society
Intellectual property
Internet Action Plan
Legal Advisory Board (LAB)
Promoting Best Use
Web Sites - Cyberlaw
Web Sites - Law in general
Who's Who in the Legal Sector

Mirror Site

7. Data protection

7.1. EU - Draft US data protection "safe harbor" principles under consideration

The European Commission has started discussions with the EU member states on the latest version of data protection "safe harbor" principles, which was made available for public comment on 19 April by the US Department of Commerce ( Those principles represent the core of the regulatory package under discussion between the Commission and the US Government with a view to achieving both parties’ declared goal of concluding their dialogue on data privacy before the EU/US Summit on 21 June 1999. On the one hand the EU Data Protection Directive, which became effective on 25 October 1998, requires that transfers of personal data to non-EU countries should take place only to such countries as provide an “adequate” level of privacy protection. On the other hand the United States uses a sectoral approach that relies on a mix of legislation, regulation, and self regulation. The package ai ms at providing guidance to companies and other organisations in the US which want to meet ”adequate protection” standards, create legal certainty and simplify the administrative framework for secure data transfers to the US. On the European side, the principles would be met by a decision taken by qualified majority among the member states and recognising that those principles represent an "adequate protection" standard, as required by the Directive for transfers of personal data to third countries.

Press release available at

7.2. Council of Europe : Guidelines for the protection of privacy on the Internet adopted

On 23 February 1999, the Committee of Ministers of the Council of Europe adopted a set of guidelines for the protection of individuals in connection with the collection and processing of personal data on information highways. The guidelines were drawn up after a public consultation process in close co-operation with the European Union. They were framed in the wake of the Council of Europe Convention for the protection of individuals in relation to automatic processing of personal data (ETS 108) and could be viewed as a first step towards preparation of an international agreement.

Recommendation No. R (99) 5 is addressed to governments and refers to the rights and obligations of Internet users and service providers. Users are given practical advice on the implementation of principles of good conduct and data protection standards. They are encouraged to ask which personal information about them is collected, processed and stored, and for what purposes, and require this information to be altered or deleted where necessary. Privacy-protection measures to enhance anonymity such as public Internet kiosks, prepaid access cards, pseudonyms and legally available encryption are also recommended. Service providers, network operators, navigation software designers and bulletin board operators are equally reminded of their responsibility for using information lawfully and fairly, ensuring data integrity, confidentiality, network security and for abstaining from covert collection, recording or transborder transfer of personal data.

The Recommendation is available on the Council of Europe web site at or

7.3. USA -Consumer complaint filed against Intel for processor serial number threatening individual privacy

On 26 February 1999, US citizens and various consumer organisations lodged a complaint( before the Federal Trade Commission on the matter of the Intel Pentium III Processor Serial Number (PSN). The complainant argues that the PSN is a unique identifier embedded in computer processors which will erode individual privacy. Due to Intel's market dominance and the expansion of the Internet in society, the PSN has the potential to compromise the consumers’ right to browse the web and seek out information anonymously. Privacy advocates anticipate that the readable serial number will act as a "permanent cookie", exposing all surfers to permanent surveillance.

Once a unique identifier capable of identifying and tracking individuals in the online environment is created, it will be far more difficult to limit its use. The result will be increased information collection about individuals and increased compilation and sharing of personal information between entities. In order to limit the above risks, the FTC is requested to suspend the shipment of processors equipped with a unique PSN and commence an investigation into the privacy issues raised by its use. Intel has already offered to change the chip's identifier from "normally on" to "normally off" but according to privacy activists the company did not change the chip at all but merely changed its recommendations to PC manufacturers on how the chip is configured by software.

Further details are available at

Table of contents ] [ Previous ] [ Next ]

Home - Gate - Back - Top - Chapter7 - Relevant
Back to Top
EC Home Page
Personalised I*M Europe
DGXIII Home Page
Site map
About this site