Date of this Version
[Extract] The European Union's privacy directive' adopts high standards regarding the protection of personal data. Article 25 effectively requires its trading partners to do the same. With many countries unable to match these standards, there has been much speculation about how and when the EU will enforce these requirements.
At the close of 1998, the EU released an interesting final report. It received little publicity but indicates the EU is taking tentative steps towards enforcing the directive. It also highlights the difficulties involved.
The report is titled "Application of a Methodology Designed to Assess the Adequacy of the Level of Protection of Individuals with regard to Processing Personal Data: Test of the method on Several Categories of Transfer".' It was produced by the University of Edinburgh and compiled by four international experts in privacy law: Charles Raab, Colin Bennett, Robert Gellman and Nigel Waters.
Six countries were selected for the tests: Australia, Canada, China (Hong Kong), Japan, New Zealand and the United States of America. In each case, the transfer of five categories of personal data were studied and conclusions drawn, not only about the adequacy of the protection but also about the assessment methodology.
The authors appear to have based their review on actual or typical data transfers, supplemented with hilothetical facts. Confidentiality is respected by the use of fictitious names. This article will summarise each of the reviewed transfers to Australia.