At 19:00 2000-07-21 -0400, Tim May wrote: >As for Tom Vogt's claim that European privacy laws have exemptions >for the things cited in the discussion, this is false. Companies with >even small data bases are required to register. Sweden: Not just register but *ask* for and hopefully get permission from "Datainspektionen", a branch of the Government. The size of the database or it's keeping entity is irrelevant. Also other branches of the Government have to ask. Permissions are easy to get for business data on customers, clients, patients etc. What really makes the bureaucrats in the "Datainspektionen" annoyed is to get "new" data by cross-searching in separate databases - i.e. to find out which receivers of sickness allowances are falsely receiving unemployment benefits at the same time. "Datainspektionen" also set requirements for data security. A few years ago I met with some of the top bureaucrats of the "Datainspektionen" when they made a preadviced on the spot Grand Inspection of a Big Institution (the first such inspection of it's kind in this type of institution). The delegation was 75% kind ladies in their forties with no deep understanding of data security. They didn't inspect one single hard drive or security protocol but just talked to people. (Their main concern seemed to be that the subjects of database entries were told about the entries, at least by a small sign on the wall...). The latest privacy law in Sweden is called "PUL", short for "Personuppgiftslagen" (Law on Personal Information). It has been much criticized, and made apologies for by many of the politicians who voted for it, but it's still the Law. It says that you cannot really name any person on a public site, let alone a list of persons, without the permission of said person(s). Only very "public" persons are (barely) exempted. >Of course, many businesses are "exempt" in the sense that no >burrowcrat has yet bothered to hassle them. But the laws are on the >books, so the laws could be enforced tomorrow or next week. That they >haven't been applied yet to the smallest of businesses is little comfort. Yes, this is also the problem with "PUL" and the bureaucrats mentioned before. This law clearly has vast political consequences. The first and till now only person prosecuted under "PUL ", Borje Ramstedt, was sentenced (fined c:a $2000) for naming some top bankers (+ one picture, no addresses or anything else) on his web site. Mr Ramstedt feels these guys ruined his business in the economic crisis we had here in the early 1990's, that they committed economic crimes and should be prosecuted. The ruling is appealed to and accepted for processing at the Swedish Supreme Court. Mr Ramstedt possibly may be a litigious, dogmatic person but, nota bene: 1) The bankers did not seek due process for slander - which would have forced them to counter Mr Ramstedt's accusations - but complained to the "Datainspektionen". 2) The bankers basically worked for banks owned by the State of Sweden = the Swedish taxpayers. Obviously, Mr Ramstedt's web site is political speech and the decision (by "the kind ladies"?) in the "Datainspektionen" to prosecute him is state censorship by the use of a law that was written for other purposes, is rarely enforced but came in handy in this case - exactly the scenario Tim is warning for. Recently the Women's Club of the ruling Social Democrat Party named several (male) local Swedish cable television managers on their web site, accusing them of virtual pimping by broadcasting pornographic movies (usual Hollywood hardcore stuff). Mr Ramstedt or his followers complained to the "Datainspektionen" but in vain. This time the censors decided to allow the naming of names because it was part of an "unbiased contribution to a debate". //Mob
