.............................. ,,,,.. ..... ...... i:i;iill !

THE FIFTEENTH ANNUAL CONFERENCE OF PRIVACY AND DATA PROTECTION COMMISSIONERS

September 28th-30th, Manchester UK This is the fifteenth occasion that the world's privacy and data protection commissioners have gathered for an annual meeting. From humble begin- nings, the conference is now a major event involving official delegates and observers from 28 countries. This year, the conference was held in Manchester, UK and involved official delegations from Australia, Austria, Belgium, Canada (including Ontario, Quebec and British Columbia), Den- mark, Finland, France, Germany, Guern- sey, Iceland, Ireland, Isle of Man, Israel, Jersey, Luxembourg, Netherlands, New Zealand, Norway, Sweden, Switzerland and the United Kingdom. Observers came from Greece, Hong Kong, Hun- gary, Japan, Russia, Spain and the United States, as well as from some previously listed countries. The Council of Europe, OECD, and Commission of European Communities were also represented. The conference is a forum for the exchange of ideas and information amongst commissioners. It also presents commissioners with the opportunity to announce domestic policy develop- ments. This particular conference focused no- tionally on the 'people' component of the privacy equation. Aspects addressed by speakers included freedom of expres- sion, identification and profiling of individuals, collection and disclosure of personal data, and surveillance.Two days of the three day conference are open to observers, the remaining day is a closed session for commissioners only. Neither the agenda nor the minutes of this session are made publicly available. The host of this year's conference was Eric Howe, the UK Data Protection Registrar. He chose a format for the conference which was based on the idea of panels of speakers representing a wide variety of views on particular themes. Thus, a panel on the use of personal data involved a spectrum of speakers with commercial representa- tives on the one end, and a relatively hard line privacy advocate on the other end.

Sadly, the quality of the papers and topics was sometimes mediocre. Twenty years after the start of the privacy protection era, none of the advocates or commissioners needed to hear speeches extolling the virtues of credit reporting, or arguing for a wider use of public data. Surely these elements were debated a generation ago. It should not have been necessary, for example, to sit through a paper which plodded through the basics of the Commissioner's press freedom argument, or a general policy delivery from a police authority. Unfortu- nately, this was all part of the pro- gramme. Such papers added little if anything to the knowledge or outlook of those present. However, not all the speeches from representatives of commerce, research or law enforcement were a waste of time. Dr Andy Hopper, director of corporate research with Olivetti Re- search, for example, gave a chilling and highly detailed description of current technologies for tracking and locating individuals, and then interfacing this information with computer and commu- nications installations. Representatives of Infolink and CACl argued the case for the wide use of personal data in the commercial field. Nevia McKiernan of the credit reporting organization Infolink Ltd UK, told the conference: "Whereas other countries enjoy the security of identification cards, Britain has long had to rely on other sources of information like the electoral register data to confirm name and occupancy. Hence the need for information sharing initiatives. So in some respects the UK has lect the way in which information about individuals is used and accessed for lending and lending related deci- sions, ii Professor Spiros Simitis, formerly Data Protection Commissioner of Hesse in Germany, had other views on commer- cial use of public and personal data. He told delegates he did not believe there should be such a category as public data (as opposed to private data) and said that such data should not be in the hands of commercial interests. Simitis

cited the example of the credit industry which first established a credit offer, and then demanded the extension of access to data after that time. Simitis also believes that the use of public data conflicts with essential privacy principles. "Under the Finality Principle, the use of public registers would be, in my view, unconstitutional in Germany" Another problem in having public regis- ters, says Simitis, is that governments are constantly tempted to sell them off to the highest bidder. He explained that his motto is "Don't give the market what the market wants." Simitis also argued that the commis- sioners present should strive continu- ously to preserve the context of stored data, and to reduce the amount of data collected. "Be aware of the misuse of data, reduce the data, and support technologies that protect and reduce the data." Simitis' call for technological solutions to privacy problems was also reflected in the talk by Anitha Bondestam, director general and head of the data Inspection Board of Sweden. She argued that the famous Swedish PIN numbering system had, in many respects, failed. People, she said, had been reduced to a number. In some ways, the number was more credible than the person. Ms Bondestam explained that software designers now designed systems to use the PIN as the primary identifier. Thus, Sweden was developing a situation where the national register was the basis for many commercial operations. Unfortunately, because reporting an- other person's PIN by word of mouth is not an offence in Sweden, there have been many occasions where the num- bers have been abused. Individuals have found that others have been using their PIN for a range of criminal purposes. She explained that "black marks" against these individuals "spread like wildfire through the data systems of banks and credit ratings firms". The Data Inspection Board has recently moved to tighten up the use of numbers in an attempt to limit the merging of files from different organizations.

36

iiil;iiii ?:- i:ii!iiii! il .................... i ................................................. ...................................................................................... 'ii•iiiiiii!!¸:!i!i!!:iiiiii¸!iil .............

"1 don' t rely on laws", she said. "We need more technological solutions - shut in, lock out". One of the more extraordinary papers at the conference was the one delivered by Philip Redfern, former deputy director of the Office of Population Censuses and Surveys, UK. His paper was t i t led "Precise identification through a multi- purpose personal number protects priv- acy". It was a brave but polemical delivery: "Up to now the debate on multi- purpose personal numbers - or as I would put it, precise identification - has been dominated by the privacy lobby, supported by anti-authority groups of the kind that damaged the German census of 1983-1987. They have exploited the weapon of fear and painted lurid pictures of the machina- tions of government characterized by words like 'dossiers' and 'surveillance'. These pictures are, I suggest, fantasy rather than reality for Western democ- racies .... I end by issuing a challenge to the conference to produce evidence from the countries that have adopted precise ident i f icat ion to show that privacy has been violated as a resu l t - hard evidence rather than vague gen- eralizations or reports of paranoia." He was fo l lowed by the Swedish Commissioner, who, as discussed earlier in this report, proceeded to provide such evidence. In a generously restrained response,

iii!!iii

Professor David Flaherty, the newly appointed Privacy and Information Com- missioner of British Columbia, chal- lenged Redfern's belief that privacy is a smokescreen for "cheaters" and a facade behind which they can promote anarchy. Indeed, argued Flaherty, privacy is a legitimate human need which is based on reality rather than illusion. "Because of the unique character of statistical work, I have no quarrel with the search for precise identification in that domain. But I am unwil l ing to sponsor a system of unique PINs, never mind a population register, in order to produce better statistics, just as I cannot change the fact that some people do not want to appear in population censuses, whatever the promises of confidentiality, because they do not trust governments. In sum, neither of us can readily change the fact that Mmore and more people are f louting the registration disciplines im- posed by government M The conference suffered several short- comings. There was widespread criticism of the lack of opportunity for discussion and debate. Delegates were spectators for 98% per cent of the time. If the standard of all papers and the overall level of expertise of speakers was some- what higher, this might be an acceptable state of affairs. As things stood, many government and non-government parti- cipants alike felt a little frustrated: Once again, the United States was not officially involved as a delegate nation.

M u s i c a n d V i d e o Pr iva te C o p y i n g S u r v e y o f t h e P r o b l e m a n d t h e L a w , by G i l l i an D a v i e s a n d M i c h e l e E H u n g , 1993 , h a r d - c o v e r , 2 8 0 p, £ 3 8 . 0 0 , ISBN 0 4 2 148 4 5 0 0 This book arises in part from a 1982 request to one of the authors - Gillian Davies - by the European Commission, to undertake a comparative study of the private copying of sound and audio-visual recordings in the EU. The study addressed

:: itself primarily to the situation in the Member States of the : European Union and was completed and published in 1983. :::: Since then, the issue of private copying has continued to be

debated and the impact of new technology, and in particular ::. digital recording techniques, has compounded the problem. A

number of governments, both within and beyond the .... European Union have legislated on the subject. Others have :: drafted or are contemplating legislation and, throughout the

interim period, there has been continual discussion of possible : legislative solutions at national and intergovernmental levels.

This present text is not a sequel to the original study but largely follows the structure of it and, where appropriate, includes elements from it. This new study, undertaken at the authors'

::: initiative, with the encouragement and assistance of the

Data protection law is on the point of being introduced in the US, but for the moment members of the US contingent are mere observers at this conference. In terms of the substance of the conference, my own feeling is that it was often an env i ronment of lost opportunity. Few commissioners were given the lat i tude to discuss their interaction with other agencies or with the public, how they assess privacy issues, or how they go about promoting privacy in their various societies. This dialogue took place informally during the coffee breaks. Finally, a brief survey of topics covered over the past few conferences indicates that scant attent ion is paid to the intricacies of the technologies of privacy invasion, or indeed - and more im- portant perhaps - the technologies of privacy protection. This, like previous conferences involv ing the commis- sioners, concentrated on effect rather than cause, and problem rather than solution. S i m o n D a v i e s Simon Davies is an Honorary Associate in the School of Law of the University of New South Wales, and Director General of the watchdog group Privacy Interna- tional. He is the author of Big Brother (Simon and Schuster, Sydney, 1992). The views expressed here are not necessarily those of Privacy International.

BOOK REVIEW H O M E C O P Y I N G

An Internat ional International Federation of the Phonographic Industry (IFPI), ~s not limited geographically. Its aim is to provide updated information with respect to all aslaects of tlqe private copying problem from a worldwide perspectwe. The state of egislation and case law, and the national and internationa developments described in the study, are based on information available to : the authors in November 1992. The book contains nine chapters - private copying: introduction and background; : market development; a comparative study of the incidence of private copying of sound and audio-visual recordings in the major markets; the international conventions relevant to private copying; international developments; national laws and :: legislative developments relating to private use and fair dealing i:. I in the Member States of the EU; legal developments outside the : EU; private copying remuneration and the principle of national : treatment; and a conclusion: guidelines for the introduction i:.: and implementation of private copying legislation. There are i also several annexes and appendices containing relevant i primary material. Available f r o m S w e e t & M a x w e l l Ltd, C h e r i t o n H o u s e , N o r t h W a y , A n c l o v e r , H a n t s , SP10 5BE, Te l : + 4 4 ( 0 ) 2 6 4 3 4 2 8 9 9 , Fax: + 4 4 ( 0 ) 2 6 4 3 4 2 7 2 3 .

i!!i!!iii!~:~i ~iiiiiiii~i~iiiii!iiiiiiiiiiiiiiiiiiiiiiiiiii!i! ili ~!~i~i! ¸ ~ i~i~!:i~i~ iii~ iii~i~iiiii!iiiiii!iii!!!ii i!i ~!~!~i~i~i ~ ~i~i~i~ii~:i~i~i~iii~i~iii~!iiiiii~iiiiiiiii:ii!i!i!i!i!ii!~!~;!~i!i!i!i!~!~!~iii~i~i~i~ii~i~iiiiiii ¸̧¸̧ ¸̧ ¸̧ ¸̧ ii~ii!!!~;i~i~!~ii!!i!!i!!i~ ~iiii~;ii~iiii!iiii!ii!i;i!ii~ii!i!i!!!~!ii~i~!!i!~!ii~ ~i~iiiii;ii~ili iiiii~!!!i~i~i~i i~!~!~!~i~!~ ~iiiiiii~i~ iiiili;ii! !~iii~!~!~i~ !~iii!~iii~i~i~ iiiiiii!ii~iil i~!~!~!~!~i ~i ii!~i!i~i~ ii iiiiiii;i!i iii!!~;~i~!: i ~ili~: iiiiii!i!~ i iiii!!i!!! i~ ~i~i~i~ii:~ii~iiiiiiiiiiiii!iiiil;ii!!!~ii ~iii~iiil iiiil ¸

37