An increase in the use of the Internet has motivated Portuguese and foreign legislators to adopt laws to protect the personal data circulating online and safeguard individual privacy. Portugal has specifically adopted laws 10/91 and 67/98 to protect personal data. The latter transposed into law Directive 95/46/CE of the European Parliament and the Council, of 24th October 1995, dealing with the treatment and circulation of personal data. Portuguese laws define the important concepts that should be taken into account when dealing with data protection.
European countries started worrying about data protection in the late 1970s and throughout the 1980s. As a result, in 1982, the European Council published Convention 108 for the protection of individuals, where it established the basic principles that are now part of laws regarding the automatic treatment of personal data. However, the laws in different European countries differed until the European Union published the aforementioned Data Protection Directive in 1995. Liechtenstein, Iceland and Norway also introduced new laws on data protection.
The European Directive was necessary to harmonise the laws in its member countries. It introduces the distinction between personal data and sensible data. It rules that personal data should be dealt with rigorous care and through legal means; it should be obtained for specific, explicit and legitimate purposes; it should be adequate, relevant and not excessive in relation to the aims it pursues. If we think about the diverse information that can be retained and forwarded about us, we will quickly agree on the importance of the European Directive and national laws on data protection. Personal data could include sensitive information about an individual, including health history, employment and economic status, sex, race, religion and political orientation.
The European Court has already decided on some infringement cases to data protection laws. It dealt for instance with the case of a Swedish citizen that published in her web site the names of the inhabitants of her village that attended the local church. Another case ruled against an individual that improperly used the British Horseracing Board's database. Other interesting cases will no doubt be decided, taking into account the sensitiveness of the matter and the ignorance around it.
Meanwhile, the United States treats data protection differently than EU authorities. The difference in treatment has been questioned when subsidiaries of U.S. companies have transferred data on European citizens to U.S. authorities. Authorities on both sides of the Atlantic have reached an agreement on the treatment of personal data. U.S. entities that apply EU rules are registered in a list published by the Federal Trade Commission. In these cases, personal data may be transferred to these entities indicated in the said list, known as "safe harbour". This balance was altered recently due to the implementation of new rules between the European Union and the United States. .
It's important to adopt and implement rules on the protection of personal data in a world where the circulation of individual information is increasing due to growing links between diverse economies. However, one must not go overboard. Data exchanges are a must to fight terrorism and other crimes, including prostitution, illegal drugs and arms trafficking, which benefit a few economically, while causing pain to a large number of people.
The Author's Name: Maria L. Lopes Dias
The Author's Law Firm: Lopes Dias & Associados
City: Lisbon
Country: Portugal
Phone: +351 213 920 290
Fax: +351 213 954 766
Email: interlawmlld@netcabo.pt
Web Site: www.ld-lawfirm.com