Syllabus revised! LW656

LW656: Data Protection
Background Sources
Week 1: Reading week.
Week 2: Introduction: Defining Data Protection in the Context of Privacy
Lloyd Chapter 3
Week 3: The European Directive 95/46/EC and its Origins
Lloyd Chapter 4
Week 4: UK Identity Cards Bill and UK law
Lloyd Chapter 5
Report and 3rd Reading of the Identity Cards Bill in the House of Commons will be webcast live and we should be able to comment on the Bill and discuss it in our seminar that evening. Week 5: Transposing the 1995 EU Directive
Lloyd Chap 4, pp76-81.
See further Bergfeld (1996) The impact of the EC Data Protection Directive on Dutch Data Protection Law
Report on the implementation as it happened.
Bennet, Colin J, Regulating Privacy: Data Protection and Public Policy in Europe and the United States, Cornell University Press – or Google for ‘colin bennet data protection’ – excellent source.
Week 6: Information Commissions
Lloyd Chapter 6 (background Chapter 7)
In terms of studies on general compliance with Data Protection law in an EU state, see Study of Compliance with the Data Protection Act 1998 by UK Based Websites UMIST/Information Commissioner’s Office. There is a summary at http://www.out-law.com/php/page.php?page_id=ofukwebsites1023451385&area=news . In general the report showed very poor compliance from a sample-picked selection of sites, especially in areas such as security , and also a low level of privacy policies and an even lower level of intelligible ones (5%!). This acted as a trigger for the incoming Information Commissioner, Richard Thomas, to announce that website compliance would be a major enforcement target for his period in office as DP supremo.
Week 7: 2002 Electronic Communications Directive and telecoms data
Lloyd Chapter 8 & Chapter 9 pp214-234
Hosein et al (2004) Questioning lawful access to traffic data
Privacy International (October 2003) Memorandum Of Laws Concerning The Legality Of Data Retention With Regard To
The Rights Guaranteed By The European Convention On Human Rights
Week 8: Safe Harbours and US law
Lloyd Chapter 10
Reindenberg, Joel. R. Resolving Conflicting International Privacy Rules in Cyberspace, 52 Stanford Law Review, 1315 (2000)
Jan Dhont, María Verónica Pérez Asinari, Yves Poullet, Joel R. Reidenberg & Lee Bygrave, Safe Harbor Decision Implementation Study (Apr. 19, 2004)
Week 9: CCTV Case Study and Technologies of Control
Lessig, Code and Other Laws of Cyberspace (New York: Basic Books, 1999), chapter 11; Lessig, “The Law of the Horse: What Cyberlaw might Teach”, Harvard Law Review, 1999, volume 113, pp. 501; "Reading the Constitution in Cyberspace", Emory Law Journal, volume 45, number 3, Summer (1996) pages 869-910
Week 10: Concluding session: International Trade and Data Protection.
Is the EU taking a large risk in not terminating the Safe Harbour? GATS Article XIV(c)(ii) specifically authorizes the European privacy regulations to restrict cross-border services provided that the measures are not used to discriminate between trading partner countries and provided that the measures are not used as a disguised restriction on trade in services. (http://www.wto.org/english/docs_e/legal_e/26-gats_01_e.htm) Internal EU compliance problems are not relevant because the GATS obligation, known as MFN, relates to favoring one non-EU country over another non-EU country. Since the 2004 EC study and the 2001 study each showed important compliance deficiencies, third countries such as Australia have a very strong argument that the EU is impermissibly favoring the US in that the EU appears to be holding third countries to a higher standard of "adequacy." WTO Appellate Body Decision in the EC-Bananas III case specifically said that de facto discrimination was as valid a basis for an MFN claim as de jure discrimination. Even with respect to disguised restrictions, I think the US would have a very difficult case since European data protection agencies do enforce national data privacy laws, even if the level of enforcement is weak. EU would have serious trade issues if EU data protection agencies were to take enforcement actions only against US companies transferring data from Europe. This form of discrimination is an entirely different type of trade problem -- a violation of the GATS national treatment obligation-- that is independent of the Safe Harbour. The issue is differential treatment of companies within Europe based on their nationality rather than differential treatment of destinations.