the Legal Library
has become an essential resource in the international business environment.
As the world's economies move toward greater interdependence, sensitive
data in the form of financial transactions, human resource information
and electronic communications will continue to move between distant
locations and across national borders in greater volume, blurring the
traditional boundaries upon which data protection and other laws are
innovations have revolutionized the way personal information is collected
and used by businesses and government agencies. Around the world, developments
in information technology -- the Internet, online banking, electronic
commerce and other forms of computer networking -- are facilitating
the swift and easy transfer of data across great distances. As businesses
and government agencies have improved their information-gathering techniques,
law-makers have reacted with measures designed to ensure that sensitive
records and files will be used in a proper manner.
of laws, court cases and other materials you will find in the Legal
Library indicates that there is as yet no universally-accepted method
for protecting the privacy of consumer information. As one might expect,
countries have opted for protective measures that are consistent with
their own legal, economic and historical conventions. In Europe, adoption
of data protection laws has been a natural outgrowth of a widely-shared
perspective that considers privacy to be a fundamental human right.
In the United States, public distrust of government institutions, laissez-faire
economic traditions and respect for freedom of information have dictated
a sector-based approach, with the primary legislative activity occurring
at the state level.
Legal Library is a compilation of available legal materials related
to consumer privacy, electronic commerce and trans-border data flow.
In the near future, we hope to also provide you with tools and tips
for relating these documents to important items located in other departments
of the website. The Legal Library department is currently divided into
seven sections that follow the parameters outlined below:
contained in this section are labeled multi-national because they have
a jurisdiction that extends to two or more countries. In the area of
data protection, multi-national and other laws are grouped under two
categories: omnibus and sector laws. Omnibus
laws, like the EU Data Protection Directive, regulate the entire sphere
of private industry . Sector laws focus on a particular
industry or type of record. Currently, the only multi-national laws
in force are those passed in the last few years by the European Union.
laws are the traditional legal instruments enacted at the federal level
that supersede the activity of state governments. In this section are
the approximately 19 omnibus data protection laws passed by individual
countries to regulate private industry and many of the sector laws enacted
in place of or in addition to a single federal law. In order to distinguish
between those laws that apply to the entire sphere of private industry
and those that cover only government record-keeping systems (the public
sector), the latter have been grouped with other sector laws that focus
on particular industries and record-types.
and Provincial Laws
section, we will try to bring you the more important state and provincial
privacy and data protection laws. The power of these statutes extends
only as far as the limited boundaries of the particular state or province.
State law-makers have generally avoided the kind of omnibus data protection
laws that might create incentives for businesses to move operations
elsewhere. The majority of state privacy laws instead focus on a particular
industry or type of record. Quebec and Hong Kong (now a part of the
Republic of China) are the only two provinces with an omnibus data protection
law in place.
and Administrative Orders
agency will often issue an order or declaration that, in the absence
of specific legal authority, provides some basis for a particular action.
A regulation or administrative order is an effective clarification of
intentions: to study a problem, extend legal jurisdiction into a new
field or authorize immediate action. As the multifarious contents of
this section demonstrates, a variety of examples fall under this category.
Regulations issued by an agency as part of a legislative mandate qualify
as do presidential declarations that order subordinate administrative
bodies to develop solutions for national problems. Another important
example would be an opinion drafted by an inter-governmental group like
the OECD on how existing data protection laws should be extended to
cover new areas.
and Pending Legislation
on proposed and pending legislation will try to keep up with the quickening
pace of legislative activity related to privacy and data protection
worldwide. Initially, we will focus our efforts on the more important
proposals at the federal level and on areas of significant interest,
like Latin America, where law-makers introduced proposals for national
data protection laws in 1996. We will also offer a reasonable selection
from the thousands of privacy proposals introduced each year into state
legislatures around the world. Those interested in the most recent developments
should periodically check the reports in the Privacy Trends and Analysis
section of the News
contained in this section includes the guidelines, principles and recommendations
issued by government-related agencies that do not carry the force of
law. Existing laws are often unclear about the application of legal
principles or provisions to a broad range of areas. In the past, guidelines
from data protection commissioners and inter-governmental groups have
provided an essential background to global data protection activities
and influenced the content of subsequent legislative initiatives. Documents
in this section are grouped according to the authority of the agency
from which they originate -- multi-national for inter-governmental groups
like the OECD and CoE, national for federal data protection commissioners,
and state for bodies like California's Joint Task Force on Personal
Information and Privacy.
of omnibus data protection laws provide for an administrative authority
with power to force organizations to comply with enumerated principles
related to information practices. The European legal system in particular
prefers the administrative process of redress over prolonged, expensive
court battles. Only a few cases involving data protection laws have
actually been settled inside the courtroom. However, these cases have
been important in establishing the legitimacy of data protection laws
affecting international business. In this section, we have cases involving
trans-border data flow issues, including the ruling in Volkswagen v.
Valdez that observed and respected the rights of a data subject under
German data protection law, even though the legal challenge occurred
in the United States.
updated November 24, 1998
to Legal Library