About the Legal Library

Information has become an essential resource in the international business environment. As the world's economies move toward greater interdependence, sensitive data in the form of financial transactions, human resource information and electronic communications will continue to move between distant locations and across national borders in greater volume, blurring the traditional boundaries upon which data protection and other laws are based.

Technological innovations have revolutionized the way personal information is collected and used by businesses and government agencies. Around the world, developments in information technology -- the Internet, online banking, electronic commerce and other forms of computer networking -- are facilitating the swift and easy transfer of data across great distances. As businesses and government agencies have improved their information-gathering techniques, law-makers have reacted with measures designed to ensure that sensitive records and files will be used in a proper manner.

The diversity of laws, court cases and other materials you will find in the Legal Library indicates that there is as yet no universally-accepted method for protecting the privacy of consumer information. As one might expect, countries have opted for protective measures that are consistent with their own legal, economic and historical conventions. In Europe, adoption of data protection laws has been a natural outgrowth of a widely-shared perspective that considers privacy to be a fundamental human right. In the United States, public distrust of government institutions, laissez-faire economic traditions and respect for freedom of information have dictated a sector-based approach, with the primary legislative activity occurring at the state level.

The PrivacyExchange Legal Library is a compilation of available legal materials related to consumer privacy, electronic commerce and trans-border data flow. In the near future, we hope to also provide you with tools and tips for relating these documents to important items located in other departments of the website. The Legal Library department is currently divided into seven sections that follow the parameters outlined below:

Multi-national Laws

The laws contained in this section are labeled multi-national because they have a jurisdiction that extends to two or more countries. In the area of data protection, multi-national and other laws are grouped under two categories: “omnibus” and “sector” laws. Omnibus laws, like the EU Data Protection Directive, regulate the entire sphere of private industry . “Sector” laws focus on a particular industry or type of record. Currently, the only multi-national laws in force are those passed in the last few years by the European Union.

National Laws

National laws are the traditional legal instruments enacted at the federal level that supersede the activity of state governments. In this section are the approximately 19 omnibus data protection laws passed by individual countries to regulate private industry and many of the sector laws enacted in place of or in addition to a single federal law. In order to distinguish between those laws that apply to the entire sphere of private industry and those that cover only government record-keeping systems (the public sector), the latter have been grouped with other sector laws that focus on particular industries and record-types.

State and Provincial Laws

In this section, we will try to bring you the more important state and provincial privacy and data protection laws. The power of these statutes extends only as far as the limited boundaries of the particular state or province. State law-makers have generally avoided the kind of omnibus data protection laws that might create incentives for businesses to move operations elsewhere. The majority of state privacy laws instead focus on a particular industry or type of record. Quebec and Hong Kong (now a part of the Republic of China) are the only two provinces with an omnibus data protection law in place.

Regulations and Administrative Orders

A government-related agency will often issue an order or declaration that, in the absence of specific legal authority, provides some basis for a particular action. A regulation or administrative order is an effective clarification of intentions: to study a problem, extend legal jurisdiction into a new field or authorize immediate action. As the multifarious contents of this section demonstrates, a variety of examples fall under this category. Regulations issued by an agency as part of a legislative mandate qualify as do presidential declarations that order subordinate administrative bodies to develop solutions for national problems. Another important example would be an opinion drafted by an inter-governmental group like the OECD on how existing data protection laws should be extended to cover new areas.

Proposed and Pending Legislation

This section on proposed and pending legislation will try to keep up with the quickening pace of legislative activity related to privacy and data protection worldwide. Initially, we will focus our efforts on the more important proposals at the federal level and on areas of significant interest, like Latin America, where law-makers introduced proposals for national data protection laws in 1996. We will also offer a reasonable selection from the thousands of privacy proposals introduced each year into state legislatures around the world. Those interested in the most recent developments should periodically check the reports in the Privacy Trends and Analysis section of the News department.

Guidelines

The material contained in this section includes the guidelines, principles and recommendations issued by government-related agencies that do not carry the force of law. Existing laws are often unclear about the application of legal principles or provisions to a broad range of areas. In the past, guidelines from data protection commissioners and inter-governmental groups have provided an essential background to global data protection activities and influenced the content of subsequent legislative initiatives. Documents in this section are grouped according to the authority of the agency from which they originate -- multi-national for inter-governmental groups like the OECD and CoE, national for federal data protection commissioners, and state for bodies like California's Joint Task Force on Personal Information and Privacy.

Court Decisions

The majority of omnibus data protection laws provide for an administrative authority with power to force organizations to comply with enumerated principles related to information practices. The European legal system in particular prefers the administrative process of redress over prolonged, expensive court battles. Only a few cases involving data protection laws have actually been settled inside the courtroom. However, these cases have been important in establishing the legitimacy of data protection laws affecting international business. In this section, we have cases involving trans-border data flow issues, including the ruling in Volkswagen v. Valdez that observed and respected the rights of a data subject under German data protection law, even though the legal challenge occurred in the United States.

Page last updated November 24, 1998

Back to Legal Library