Esther Dyson wrote
>Please note that some people (me included) consider the EU data directive
to
>be unnecessarily rigid and to represent government regulation in an area
>where individuals should be allowed to make their own choices. The US
>approach requires better citizen education than now exists, to be sure,
but
>things are improving as more and more Websites start posting their privacy
>policies and taking them seriously.
Unless she means individual businesses only, she has not gripped the basis
of the EU Directive. An individual can consent to any use of his/her
personal data. A private individual can use any personal data for their
private purposes unaffected by the directive. The limitations are on use
by businesses, government etc. of people's personal data without their
consent. In other words, it allows private individuals freedom of choice.
If you want to give your personal data to hotmail in exchange for free
e-mail, you can.
It has been argued (not least by her compatriots) that it can make life
unnecessarily difficult for businesses which use personal data without the
consent of the individuals concerned, and could be better drafted. That
may be so, and I and many others suggested improvements when it was
implemented into UK law. It is also argued that businesses (especially US
businesses of course) are all nice cuddly institutions that can be relied
upon to put in place good codes of practice and abide by them. I suppose
that it would be a nasty cynical European idea that this means that good
businesses comply, and bad at best pay lipservice, and there's nothing that
Joe Bloggs (or John Doe) can do about it either way.
Data Protection legislation of this kind has been in force in many
countries including European countries and Australia for many years, and it
really doesn't make life that difficult. It does lead to a lot more opt
out boxes ("we would like to send you details of special offers and
products and to pass your details to selected companies so that they can do
so, please tick the box if you do not wish this to happen"), and to
hotlines that you can telephone to opt out of getting direct mail of
particular kinds or at all, but I don't think that that is necessarily a
bad thing.
However, I do not think that any new global "law" whether it be on data
protection or a homogenised synthetic trade mark law, should be implemented
as part of the current work on internet governance if it can possibly be
avoided. If some countries don't want data protection or privacy laws, or
indeed any other kind of law, that is up to them.
Clare Wardle
My views are my own, and not necessarily those of my employer or
colleagues.
