Argentine Republic

Articles 18 and 19 of the Argentine Constitution provide (in part), "The home is inviolable as is personal correspondence and private papers; the law will determine what cases and what justifications may be relevant to their search or confiscation. The private actions of men that in no way offend order nor public morals, nor prejudice a third party, are reserved only to Godís judgment, and are free from judicial authority. No inhabitant of the Nation will be obligated to do that which is not required by law, nor be deprived of what is not prohibited." Article 43, enacted in 1994, provides a right of habeus data: "Every person may file an action to obtain knowledge of the data about them and its purpose, whether contained in public or private registries or databases intended to provide information; and in the case of false data or discrimination, to suppress, rectify, make confidential, or update the data. The privacy of news information sources may not be affected."[fn 1]

In December 1996, the Congress approved a data protection law in conformance with Article 43 of the Constitution. The law provides, "full protection of personal information recorded in data files, registers, banks or other electronic or manual technical means of datatreatment, in order to guarantee the honor and privacy of persons, as well as the access to the information that may be recorded about such persons," and provides provisions for consent, notification, security, uses, scope, confidentiality, and international transfer of personal data.[fn 2] Sensitive data was given additional protections. A Bicameral Commission on Monitoring of Data Protection within the National Congress was to be established to enforce the law. However, upon request of the Central Bank, the law was subsequently vetoed by the President.[fn 3] Efforts to revive it are pending.

Under the Code of Penal Procedure, "A judge may arrange, for the purposes of building a case, the intervention of telephone communications or whatever other means of communication."[fn 4] The Civil Code does not mention electronic communications, nor does the Penal Code provide penalties for such privacy violations. Illegal wiretapping has been common since the transition to civilian rule. In 1990, the entire telephone switchboard of the Presidentís official residence was extensively bugged and a major government scandal ensued.[fn 5] In 1996, the telephones of the Archdiocese of Formosa were found to be wiretapped.[fn 6] Also that year, former Economy Minister Domingo Cavallo accused Interior Minister Carlos Corach of ordering the telephone bugging of a federal prosecutor.[fn 7] In 1998, the Mayor of Buenos Aires and 1999 presidential candidate Fernando de la Rua lodged a criminal complaint against two city councilors and another party member, accusing them of tapping his familyís telephone for years and recording 3000 hours of conversation.[fn 8] He also accused the secret police, known as SIDE, of complicity with the wiretaps.[fn 9]

The Civil Code prohibits "that which arbitrarily interferes in another personís life: publishing photos, divulging correspondence, mortifying anotherís customs or sentiments or disturbing his privacy by whatever means."[fn 10]

In 1996, the national government began a new crackdown on tax evaders. Measures included reviewing citizensí credit card, insurance, and tax records. One bill allowed citizens whose credit card records had been obtained to sue for invasion of privacy.[fn 11] The same year, the Argentina Passport and Federal Police Identification System, developed by Raytheon E-Systems, was inaugurated at the Buenos Aires airport. The system combines personal data, color photos and fingerprints.[fn 12]

Commonwealth of Australia

Neither the Australian Federal Constitution nor the Constitutions of the six States contain any express provisions relating to privacy. There is periodic debate about the value of a Bill of Rights but no current proposals. [fn 13]

The principal federal statute is the Privacy Act of 1988. [fn 14] It creates a set of eleven Information Privacy Principles (IPPs), based on those in the OECD Guidelines, that apply to the activities of most federal government agencies. A separate set of rules about the handling of consumer credit information, added to the law in 1989, applies to all private and public sector organizations. The third area of coverage is the use of the government issued Tax File Number (TFN), where the entire community is subject to Guidelines issued by the Privacy Commissioner, which take effect as subordinate legislation. The origins of the Privacy Act were the protests in the mid 1980's against the Australia Card scheme -- a proposal for a universal national identity card and number. The controversial proposal was dropped, but use of the tax file number was enhanced to match income from different sources with the Privacy Act providing safeguards.

There is currently a Privacy Amendment Bill [fn 15] in the Parliament which seeks to extend the operation of the IPPs to contractors providing services to the federal government (the so-called "outsourcing" amendments). As of August 1998, this Bill was the subject of a Senate Committee Inquiry, the scope of which was expanded to look more generally at the adequacy of privacy protection in the private sector. The conservative parties that came to power in May 1996 had pledged to introduce "world best practice" privacy protection in the private sector, and in September 1996, the Attorney-General's Department issued a consultation paper, in response to which more than one hundred submissions were received. But in April 1997, the Prime Minister unexpectedly announced that the government would not legislate, preferring instead to rely on self-regulatory initiatives.

The Office of Privacy Commissioner [fn 16] has a wide range of functions, including handling complaints, auditing compliance, promoting community awareness, and advising the government and others on privacy matters. The Commissioner's office, which was initially well resourced, suffered major budget cutbacks in 1997, at the same time as the Commissioner's range of responsibilities, under several laws and in response to government requests, was expanding.

The Telecommunications (Interception) Act of 1979 [fn 17] strictly regulates the interception of telecommunications. A warrant is required under the Act, which also provides for detailed monitoring and reporting. However, the Interception Act safeguards need to be read alongside Part 15 of the Telecommunications Act of 1997, which places obligations on telecommunications providers to provide an interception capability and to positively assist law enforcement agencies with interception. There were a total of 627 warrants issued between June 1996 and June 1997.[fn 18]

The Crimes Act [fn 19] also contains a range of other privacy related measures, such as offenses relating to unauthorized access to computers, unauthorized interception of mail and telecommunications and the unauthorized disclosure of Commonwealth government information. [fn 20] The Telecommunications Act of 1997 [fn 21] contains a detailed list of "exceptions" from a basic presumption of confidentiality of customer records. [fn 22]

The states have a varying degree of privacy laws. In Victoria, a Data Protection Advisory Committee reported to the State Government in 1996, and in June 1998 the Treasurer and Minister for Multimedia announced that a bill would be introduced before the end of 1998. A discussion paper, outlining the preferred approach, was issued in July for public comment. [fn 23] New South Wales, the most populous state, has had a Privacy Committee Act since 1975, but this only provides for a committee of part time members to advise government and to act as an "ombudsman." A small staff deals with inquiries from the public and seeks to resolve complaints, but has no determinative powers. The government announced a Data Protection Bill in September 1998 that will only cover government computers. [fn 24] All of the States and the Commonwealth have Freedom of Information laws which include rights for individuals to gain access to and to correct personal information about themselves. [fn 25] Specific privacy provisions are also found in many State laws dealing with such diverse matters as health, adoption, drug controls and registration of births, deaths and marriages. Most States and Territories also have laws relating to listening devices, although these are generally recognized as being badly in need of updating to cope with new technologies. [fn 26]

Victoria's proposal to implement the National Principles in state law changes the environment, and many organizations continue to press for federal legislation as the only way of ensuring national consistency and of ensuring that the rules are followed by all private sector data users. A recent report by the joint federal Public Accounts Committee on Internet Commerce recommended legislation. [fn 27] The Senate Committee considering the "outsourcing" amendments to the Privacy Act has been taking evidence about the "legislation versus self-regulation" debate and is due to report in late 1998. [fn 28]

Republic of Austria

The Austrian Constitution does not explicitly recognize the right of privacy. [fn 29] Some sections of the data protection law (Datenschutzgesetz ñ DSG) have constitutional rank. Most important of these is ¤ 1 Abs. 1 DSG, which reads: "(1) Everybody has the right of secrecy of his personal data, as far as he has an interest worthy of protection, particularly regarding respect for his private and family life." ¤ 1 Abs. 3 and ¤ 1 Abs. 4 DSG grant the fundamental constitutional rights of access to personal data processed with support of automation, as well as rights to have any incorrect data corrected, and illegally obtained or processed data deleted. These rights may only be restricted under the conditions of Article 8 (2) of the European Convention of Human Rights (ECHR). The entire ECHR has constitutional rank. Its Article 8 is often used by the constitutional court in privacy matters.

The data protection law [fn 30] concerns persons and legal entities. Anybody who processes personal data automatically has to notify or register at the Data Protection Commission (Datenverarbeitungsregister). Individual rights can be asserted in the courts if the processor is not a public authority, or at the commission in all other cases. Appeals against decisions of the data protection commission can be made at the administrative court (Verwaltungsgerichtshof) or the constitutional court (Verfassungsgerichtshof). The Federal Chancellery presented a draft for a new data protection in law in April 1998. As this draft was not brought to parliament before summer holidays, it is unlikely that it will be passed before the October deadline set by the EU directive.

Wiretapping, electronic eavesdropping and computer searches are regulated by the code of criminal procedure. [fn 31] Telephone wiretapping is permitted if it is needed for investigating a crime punishable by more than one year in prison. Electronic eavesdropping and computer searches are allowed if they are needed to investigate criminal organizations or crimes punishable by more than ten years in prison. The provision concerning electronic eavesdropping and computer searches became effective between October 1, 1997, and July 1, 1998. Due to long and intensive discussion, the provisions are in effect only until December 31, 2001. Criticism of the drafts for this law has led to a number of restrictions, but whether or not these restrictions can effectively prevent eavesdropping on innocent persons remains unresolved.

There are also a number of specific laws relating to privacy. The telecommunication law contains special data protection provisions for telecommunication systems, particularly problems like phone directories, unsolicited calls or ISDN calling line identification.[fn 32] The Genetic Engineering Act of 1994 requires prior written consent for information to be used for purposes other than the original purpose. The Auskunftspflichtgesetz is a Freedom of Information law that obliges federal authorities to answer questions regarding their areas of responsibility. [fn 33] The nine Austrian Provinces have laws that place similar obligations on their authorities.

Austria is a member of the Council of Europe and has signed and ratified the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (ETS No. 108). [fn 34] It has signed and ratified the European Convention for the Protection of Human Rights and Fundamental Freedoms. [fn 35] It is a member of the Organization for Economic Cooperation and Development and has adopted the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.

Kingdom of Belgium

The Belgian Constitution recognizes the right of privacy and private communications. [fn 36] Article 22 states, "(1) Everyone has the right to the respect of his private and family life, except in the cases and conditions determined by law. (2) The laws, decrees, and rulings alluded to in Article 134 guarantee the protection of this right." Article 29 states, "(1) The confidentiality of letters is inviolable. (2) The law determines which nominated representatives can violate the confidentiality of letters entrusted to the postal service." Article 22 was added to the Belgian Constitution in 1994. Prior to the constitutional amendment, the Cour de Cassation ruled that Article 8 of the European Convention applied directly to the law and prohibited government infringement on the private life of individuals. [fn 37]

The Data Protection Act [fn 38] applies to automatic processing of personal data and to manual files. It requires that government agencies and private entities register their databases. There are limits on use and disclosure. Individuals have a right to access and correct their data. Two amendments to make it consistent with the EU Directive are pending. [fn 39] In September 1998, the state security office announced that it was "cleaning" the files on 570,000 individuals that it had been collecting since 1944 to bring the files into compliance with the 1992 law. [fn 40] In 1995, the Belgian Government admitted spying on the peace and environmental movements. [fn 41]

The Commission de la Protection de la Vie Privée oversees the law. [fn 42] The Commission investigates complaints, issues opinions and maintains the registry of personal files. It had received 9,429 registrations by December 1996. [fn 43]

Surveillance of communications is regulated under a 1994 law. [fn 44] Prior to its enactment, there was no specific law. The law requires permission of a juge d' instruction before wiretapping can take place. Orders are limited to a length of one month. There were 114 orders issued in 1996. [fn 45] The law was amended in 1997 to remove restrictions on encryption. [fn 46] The Parliament is currently debating relaxation of some requirements of the law. [fn 47]

There are also laws relating to consumer credit, [fn 48] social security, [fn 49] electoral rolls, [fn 50] the national ID number, [fn 51] professional secrets, [fn 52] and employee rights. [fn 53]

Belgium is a member of the Council of Europe and has signed and ratified the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (ETS No. 108). [fn 54] It has signed and ratified the European Convention for the Protection of Human Rights and Fundamental Freedoms. [fn 55] It is a member of the Organization for Economic Cooperation and Development and has adopted the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.

Federative Republic of Brazil

Article 5 of the 1988 Constitution of Brazil provides, in part:

10. the privacy, private life, honor and image of persons are inviolable, and the right to compensation for property or moral damages resulting from the violation thereof is ensured; 11. the home is the inviolable asylum of the individual, and no one may enter it without the dweller's consent, save in the case of "in flagrante delicto" or disaster, or to give help, or, during the day, by court order; 12. the secrecy of correspondence and of telegraphic, data and telephone communications is inviolable, except, in the latter case, by court order, in the events and in the manner established by the law for purposes of criminal investigation or criminal procedural discovery; 14. access to information is ensured to everyone and confidentiality of the source is protected whenever necessary for the professional activity.[fn 56 ]

A bill promoting the privacy of personal data in conformance with the OECD guidelines, to affect both public and private sector databases, was proposed in the Senate in 1996 and has yet to be voted on by the Federal Senate. The Bill provides that, "No personal data nor information shall be disclosed, communicated, or transmitted for purposes different than those that led to structuring such data registry or database, without express authorization of the owner, except in case of a court order, and for purposes of a criminal investigation or legal proceedings . . It is forbidden to gather, register, archive, process, and transmit personal data referring to: ethnic origin, political or religious beliefs, physical or mental health, sexual life, police or penal records, family issues, except family relationship, civil status, and marriage system . . Every citizen is entitled to, without any charge; access his/her personal data, stored in data registries or databases, and correct, supplement, or eliminate such data, and be informed by data registry or database managers of the existence of data regarding his/her person."[fn 57]

The 1990 Code of Consumer Protection and Defense [fn 58] allows all consumers to "access any information derived from personal and consumer data stored in files, archives, registries, and databases, as well as to access their respective sources. Consumer files and data shall be objective, clear, true, and written in a manner easily understood, and shall not contain derogatory information for a period over five years. Whenever consumers find incorrect data and files concerning their person, they are entitled to require immediate correction, and the archivist shall communicate the due alterations to the incorrect information within five days. Consumer databases and registries, credit protection services, and similar institutions are considered entities of public nature. Once the consumer has settled his/her debts, Credit Protection Services shall not provide any information which may prevent or hinder further access to credit for this consumer." The Informatics Law of 1984 [fn 59] protects the confidentiality of stored, processed and disclosed data, and the privacy and security of physical, legal, public, and private entities. Citizens are entitled to access and correct their personal information in private or public databases.

In 1996, a law regulating wiretapping was enacted. [fn 60] Official wiretaps are permitted for 15 days, renewable on a judge's order for another 15 days, and can only be resorted to in cases where police suspect serious crimes punishable by imprisonment, such as drug smuggling, corruption, contraband smuggling, murder and kidnapping. The granting of judicial eavesdropping permits by judges was previously an ad hoc process without any legal basis. [fn 61] In 1992, amid a scandal which toppled President Fernando Collor de Mello, it was discovered that Vice President Itamar Francoís phones at his official residence in Brasilia and in a Rio de Janeiro hotel room had been tapped. [fn 62] In 1996, the Brazilian Intelligence Agency (Abin) was put under military control with the task of evaluating the background of people appointed to government posts. According to the new director, "every instrument authorized by the courts will be used to keep the president well informed, including wiretapping of phones, opening of personal mail, and infiltration of Abin agents into social movements such as the Landless Peasant's Movement (Movimento sem Terra)." Abin is the central body of an intelligence system that is spread out through federal, state, municipal and even private organizations. The intelligence system operates under the name of Sisbin (Brazilian Intelligence System). [fn 63] The Agencyís guidelines prevent it from performing police operations, and require it to obtain a judicial order to perform wiretaps. [fn 64]

A candidate for mayor of S‹o Paulo, Celso Pitta, discovered wiretaps on two of his telephone lines in 1996. [fn 65] A man with AIDS charged the city of Morretes, Paran‡ of discrimination and invasion of privacy after a city government proclamation identifying him and his HIV status was posted in public buildings. [fn 66]

Brazil signed the American Convention on Human Rights on 25 September 1992.

Republic of Bulgaria

The Bulgarian Constitution of 1991 recognizes rights of privacy, secrecy of communications and access to information. Article 32 states, "(1) The privacy of citizens shall be inviolable. Everyone shall be entitled to protection against any illegal interference in his private or family affairs and against encroachments on his honor, dignity and reputation. (2) No one shall be followed, photographed, filmed, recorded or subjected to any other similar activity without his knowledge or despite his express disapproval, except when such actions are permitted by law." Article 33 states, "(1) The home shall be inviolable. No one shall enter or stay inside a home without its occupant's consent, except in the cases expressly stipulated by law. (2) Entry into, or staying inside, a home without the consent of its occupant or without the judicial authorities' permission shall be allowed only for the purposes of preventing an immediately impending crime or a crime in progress, for the capture of a criminal, or in extreme necessity." Article 34 states, "(1) The freedom and confidentiality of correspondence and all other communications shall be inviolable. (2) Exceptions to this provision shall be allowed only with the permission of the judicial authorities for the purpose of discovering or preventing a grave crime." Article 41 states, "(1) Everyone shall be entitled to seek, obtain and disseminate information. This right shall not be exercised to the detriment of the rights and reputation of others, or to the detriment of national security, public order, public health and morality. (2) Citizens shall be entitled to obtain information from state bodies and agencies on any matter of legitimate interest to them which is not a state or other secret prescribed by law and does not affect the rights of others."[fn 67]

There are currently efforts to enact comprehensive data protection legislation in Bulgaria. In 1996, the government began developing data protection legislation in preparation for integration into the EU Internal Market under the Treaty for Association of Bulgaria to the EU. Data protection is also a key element of the information legislation which is a priority in the National Assembly's legislative activities. The draft Law on Protection of Citizens' Personal Data sets rules on the fair and responsible handling of personal information by the public and private sector. Entities collecting personal information must do the following: inform people why their personal information is being collected and what it is to be used for; allow people reasonable access to information about themselves and the right to correct it if it is wrong; ensure that the information is securely held and cannot be tampered with, stolen or improperly used; and limit the use of personal information, for purposes other than the original purpose, without the consent of the person affected, or in certain other circumstances. The draft law envisions a special supervising body with additional regional bodies to enforce the Act. The European Commission stated in 1997 that "considerable efforts are still needed to adopt and implement measures to meet Community requirements on data protection." [fn 68]

Electronic surveillance used in criminal investigations is regulated by the criminal code and requires a court order. [fn 69] The Telecommunications Law also requires that agencies must ensure the secrecy of communications. [fn 70] The 1997 Special Surveillance Means Act regulates the use of surveillance techniques by the Interior Ministry for investigating crime but also for loosely defined national security reasons. A court order is generally required but in cases of emergency, an order from the Interior Minister is sufficient. [fn 71] The head of the National Security Service, Col. Yuli Georgiev, resigned in February 1997 after allegations of wiretapping politicians. [fn 72] Bulgaria's military prosecutor filed a suit in December 1996 against an unidentified state official for illegally bugging telephones at the offices of the main opposition, Union of Democratic Forces (UDF), including those of president-elect Petar Stoyanov. [fn 73]

There are additional provisions relating to privacy in laws such as the Statistics Law, Tax Administration Law , Insurance Law, [fn 74] and Social Assistance Law. [fn 75] The Radio and Television Act sets limits [fn 76] on broadcasting of personal information. The 1997 Access to Documents of the Former State Security Service Act regulates the access, proceedings of disclosure and use of information kept in the documents of the former State Security Service. In conjunction with the preparation of the Law on Protection of Citizensí Personal Data, analyses of Bulgarian legal acts related to personal data of individuals are planned. Proposals of reforms and supplements in the relevant acts also can be made, if necessary. There are also efforts to enact Freedom of Information legislation. [fn 77]

Bulgaria is a member of the Council of Europe and has signed but not ratified the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (ETS No. 108). [fn 78] It has signed and ratified the European Convention for the Protection of Human Rights and Fundamental Freedoms. [fn 79]


There is no explicit right to privacy in Canada's Constitution and Charter of Rights and Freedoms. However, in interpreting Section 8 of the Charter which grants the right to be secure against unreasonable search or seizure, Canada's courts have recognized an individual's right to a reasonable expectation of privacy.[fn 80]

Since 1983, two federal statutes, the Access to Information Act [fn 81] and the Privacy Act, [fn 82] have provided individuals with a right of access to both non-personal and personal information held by the federal public sector. In addition, the Privacy Act contains provisions regulating the confidentiality, collection, correction, disclosure, retention and use of personal information. Individuals may request records directly from the institution which has the custody of the information. Accessible information includes written records, video and computer files. The Act establishes a code of fair information practices which apply to government handling of personal records. The Canadian Federal Court has ruled that government has an obligation to answer all access requests regardless of the perceived motives of the requesters. Similarly, the commissioner must investigate all complaints even if the government seeks to block him from so doing on the grounds that the complaints are made for an improper purpose.

The Privacy Act and the Access to Information Act are overseen by independent commissioners [fn 83] with the power to investigate, mediate and make recommendations, but with no ability to issue binding orders. However, a Commissioner can initiate a Federal Court review if he or she believes an individual has been improperly denied access. In the Fall of 1998, Canadian courts will hear a reference concerning the matching of the Customs declarations of returning travelers against the Employment Insurance database. The Federal Privacy Commissioner will be asking the courts to decide whether the Customs Act overrides the government's obligation in the Privacy Act to use personal information only for the purpose for which it is collected unless the individual consents. The courts will also examine whether searching every returning traveler on suspicions of defrauding the Employment Insurance offends the "reasonable search and seizure" provision of the Charter of Rights and Freedoms. [fn 84]

The Federal government has announced plans to enact a privacy law that will cover the private sector by 2000. The proposal is based on adopting the Canadian Standards Association's privacy standard into law for areas that are under federal regulation, such as banks, telecommunications and transportation. The bill is scheduled to be introduced in October 1998 and has the support of the Prime Minister. [fn 85] There are also provincial efforts to adopt new laws to cover sectors that are not federally regulated.

Provincial access and privacy legislation covering government bodies exists in almost all provinces and territories. [fn 86] Also, since 1994, Quebec law has granted individuals a right of access to personal information held by private sector businesses operating in the province of Quebec. [fn 87] This law also regulates the collection, confidentiality, correction, disclosure, retention and use of personal information by these businesses. Quebec holds the distinction of being the only North American jurisdiction to regulate personal information in the private sector. Nearly every province also has some sort of oversight body but their powers vary.

Part VI of Canada's Criminal Code makes the unlawful interception of private communications a criminal offense. [fn 88] Police are required to obtain a warrant. Amendments to the Radiocommunication Act [fn 89] also forbid the divulgence of intercepted radio-based telephone communications. A federal court in Ottawa ruled in 1997 that the Canadian Security Intelligence Service was required to obtain a warrant in all cases. [fn 90] In 1994, there were 231 orders for warrants. [fn 91]

Other federal legislation also has provisions related to privacy. The Telecommunications Act [fn 92] has provisions to protect the privacy of individuals, including the regulation of unsolicited communications. Also, the Bank Act, [fn 93] Insurance Companies Act, [fn 94] and Trust and Loan Companies Act [fn 95] permit regulations to be made governing the use of information provided by customers. There are sectoral laws for pensions, [fn 96] video surveillance, [fn 97] immigration, [fn 98] and Social Security. [fn 99] The Young Offenders Act [fn 100] regulates what information can be disclosed about offenders under the age of eighteen while the Corrections and Conditional Release Act [fn 101] speaks to what information can be disclosed to victims and victims' families. In addition, most provinces have some form of legislation protecting consumer credit information. However, the vast majority of information collected by the private sector is on the provincial level and is not currently protected by any provincial laws.

Republic of Chile

Article 19 of Chileís Constitution secures for all persons: "Respect and protection for public and private life, the honor of a person and his family. The inviolability of the home and of all forms of private communication. The home may be invaded and private communications and documents intercepted, opened, or inspected only in cases and manners determined by law." [fn 102]

Chileís transition to democratic rule in 1990 did not eliminate personal privacy violations. The Investigations Police -- a plainclothes civilian agency which functions in close collaboration with the International Criminal Police Organization (Interpol) and with the intelligence services of the army, navy, and air force -- keeps records of all adult citizens and foreign residents and issues identification cards that must be carried at all times. [fn 103 ] The personal data compiled during military rule was never destroyed. In January 1998, former dictator Gen. Augusto Pinochet threatened to use "compromising information" from secret military intelligence files against those who were trying to keep him from becoming a Senator for Life, a position which would provide immunity from civil suits and public accountability for crimes which took place during his dictatorship. [fn 104]

A comprehensive privacy bill was introduced in the House of Deputies in 1996. [fn 105] The bill covers both the public and private sectors. Information can only be collected if it is authorized by law or with the express consent of the person, who must be told of its purpose. Individuals have a right of access and can demand corrections or removal of information once a year. Information can only be used for the purposes for which the information was provided. Information collected for journalistic purposes is exempt. Violators can be imprisoned.

A 1995 law bars obtaining information by undisclosed taping, telephone intercepts, and other surreptitious means, and bars the dissemination of such information, except by judicial order in narcotics-related cases. In August 1996, the head of the Direccion de Inteligencia Policial (Dipolcar), the police intelligence service, was charged with authorizing a surveillance operation against the defense ministry official responsible for Carabineros, the militarized national police force. His resignation in disgrace allowed a greater role for the civilian security police, Investigaciones, in anti-drug operations. [fn 106] In 1992, a surveillance center with 24-hour scanning devices was uncovered in downtown Santiago. It was run by an active army intelligence unit (DINE, incorporating former members of the secret police, the CNI) and, among other incidents, was found to have tapped into presidential candidate Sebastian Pineraís cellular phone [fn 107] and taped the calls of President Patricio Aylwin.[fn 108] The Army admitted to tapping telephones in order to comply with its mission, but reaffirmed that it "does not tap phones in an attempt to interfere with peoples' privacy."[fn 109] The scandal provoked the retirement of General Ricardo Contreras, head of the Army Telecommunications Command.[fn 110]

Chile signed the American Convention on Human Rights on 20 August 1990.

Czech Republic

The 1993 Charter of Fundamental Rights and Freedoms provides for extensive privacy rights. Article 7(1) states, "Inviolability of the person and of privacy is guaranteed. It may be limited only in cases specified by law." Article 10 states, "(1) Everybody is entitled to protection of his or her human dignity, personal integrity, good reputation, and his or her name. (2) Everybody is entitled to protection against unauthorized interference in his or her personal and family life. (3) Everybody is entitled to protection against unauthorized gathering, publication or other misuse of his or her personal data." Article 13 states, "Nobody may violate secrecy of letters and other papers and records whether privately kept or sent by post or in another manner, except in cases and in a manner specified by law. Similar protection is extended to messages communicated by telephone, telegraph or other such facilities." [fn 111]

The Act on Protection of Personal Data in Information Systems was adopted in 1992. [fn 112] The Act regulates the protection of personal data for both government and private databases which is contained in an information system. The Act covers systems which contain personal information relating to race, nationality, political attitudes and membership, criminal records, health, sexuality and property. The Act requires that there be legal authority to collect information and limits use to the purpose for which it was established (unless another law provides otherwise.) Operators of systems must register.

The bill is considered weak and there have been a number of high profile scandals involving abuse of personal information. In 1992, the Interior Ministry sold the addresses of all children under the age of two and all women between 15 and 35 -- a total of two million people -- to Procter & Gamble. The company used the information for a direct marketing campaign for Pampers diapers and Always brands. One official was charged with violating the law. In 1995, Prague City Police Chief Rudolf Blazek admitted his men had access to information about criminal suspects that is by law available only to the Czech Republic Police.[fn 113] In 1996, a black-market CD-ROM that listed all telephone numbers in the Czech Republic, including President Vaclav Havel's home number, appeared on the market. Also in 1996, Internet service providers handed over data about their users in response to a police investigation of a bomb found inside a ketchup bottle. Police believe the information was obtained from the Internet and were attempting to determine who accessed it. [fn 114] A poll conducted in January 1997 found that seventy-nine percent of Czechs cite undisturbed privacy as a top personal priority. [fn 115]

There is no independent oversight agency to enforce the Act. The Council of Ministers rejected a proposal by the Ministry of Economy to create an independent body in 1996, opting for a small office under the Council of Ministers. In February 1998, the European Commission set as a "medium term goal" for the Czech Republic to join the European Union the establishment of an independent body for supervision of data protection. [fn 116] In July 1998, the government proposed the creation of a new agency [fn 117]. The government asked the chairman of the State Information System Office to submit principles by July 1998.

Wiretapping is regulated under the criminal process law. [fn 118] Police must obtain permission from a judge to conduct a wiretap. The judge can approve an initial order for up to six months. There are special rules for intelligence services. In 1996, the Czech secret service (BIS) was accused of monitoring politicians, civic and environmental groups such as Greenpeace, including the use of illegal wiretaps. [fn 119] In 1993, Justice Minister Jiri Novak's telephone was reportedly tapped. A secret service employee found a bugging device in the ministry's central telephone switchboard in the middle of September 1993.

The Penal Code covers the infringement of the right to privacy in the definitions of criminal acts of infringement of the home [fn 120], slander [fn 121] and infringement of the confidentiality of mail. [fn 122] There are also sectoral acts concerning statistics, medical personal data, banking law, taxation, social security and police data. Unauthorized use of personal data systems is considered a crime. [fn 123]

The Czech Republic is a member of the Council of Europe but has not signed the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (ETS No. 108). [fn 124] It has signed and ratified the European Convention for the Protection of Human Rights and Fundamental Freedoms. [fn 125] It is a member of the Organization for Economic Cooperation and Development and has adopted the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.

Kingdom of Denmark

The Danish Constitution of 1953 contains two provisions that have some relevance for privacy and data protection. Section 71 provides for the inviolability of personal liberty. Section 72 states, "The dwelling shall be inviolable. House searching, seizure, and examination of letters and other papers as well as any breach of the secrecy to be observed in postal, telegraph, and telephone matters shall take place only under a judicial order unless particular exception is warranted by Statute." [fn 126] The European Convention on Human Rights was formally incorporated into Danish law in 1992.

The central rules on data protection in Denmark are found in two Acts. The Private Registers Act of 1978 governs the private sector. [fn 127] The Public Authoritiesí Registers Act of 1978 governs the public sector. [fn 128] The Private Registers Act not only regulates the registration and further processing of data on natural/physical persons, but also data on legal persons, such as private corporations. A bill for a new Data Protection Act to replace the above two Acts is being debated by the Parliament, [fn 129] and is expected to be approved by the end of 1998. The main purpose of the new legislation is to implement the requirements of the EC Directive on data protection. Accordingly, the new legislation follows closely the Directive.

An independent agency, the Data Protection Agency (Registertilsynet), enforces both Acts. [fn 130] The agency supervises registries established by public authorities and private enterprises in Denmark. It ensures that the conditions for registration, disclosure and storage of data on individuals -- and to a certain extent also on private enterprises -- are complied with. It mainly deals with specific cases on the basis of inquiries from public authorities or private individuals, or cases taken up by the agency on its own initiative.

Wiretapping is regulated by the Penal Code. [fn 131] Other pieces of legislation with rules relating to privacy and data protection include the Criminal Code of 1930, [fn 132] Act on Video Surveillance, [fn 133] the Administrative Procedures Act of 1985, [fn 134] the Freedom of Information Act of 1985, [fn 135] the Payment Cards Act of 1994, [fn 136] and the Access to Health Information Act of 1993. [fn 137]

Denmark is a member of the Council of Europe and has signed the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (ETS No. 108). [fn 138] It has signed and ratified the European Convention for the Protection of Human Rights and Fundamental Freedoms. [fn 139] It is a member of the Organization for Economic Cooperation and Development and has adopted the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.

- Greenland

The original unamended Danish Public and Private Registers Acts of 1979 continue to apply within Greenland, a self-governing territory. The 1988 amendments that brought Denmark into compliance with the Council of Europe's Convention 108 do not apply to Greenland. Greenland is not part of the European Union and therefore has not adopted the EU Privacy Directive. Greenland's data protection requirements are much less stringent than those of Denmark and the other nations of the EU.

Republic of Estonia

The 1992 Estonia Constitution recognizes the right of privacy, secrecy of communications, and data protection. Article 42 states, "No state or local government authority or their officials may collect or store information on the persuasions of any Estonian citizen against his or her free will." Article 43 states, "Everyone shall be entitled to secrecy of messages transmitted by him or to him by post, telegram, telephone or other generally used means. Exceptions may be made on authorization by a court, in cases and in accordance with procedures determined by law in order to prevent a criminal act or for the purpose of establishing facts in a criminal investigation." Article 44 (3) states, "Estonian citizens shall have the right to become acquainted with information about themselves held by state and local government authorities and in state and local government archives, in accordance with procedures determined by law. This right may be restricted by law in order to protect the rights and liberties of other persons, and the secrecy of children's ancestry, as well as to prevent a crime, or in the interests of apprehending a criminal or to clarify the truth for a court case."[fn 140]

The Riigikogu, Estonia's Parliament, enacted the Personal Data Protection Act in June 1996. [fn 141] The Act protects the fundamental rights and freedoms of persons with respect to the processing of personal data and in accordance with the right of individuals to obtain freely any information which is disseminated for public use. The Personal Data Protection Act divides personal data into two groups -- non-sensitive and sensitive personal data. Sensitive personal data are data which reveal political opinions, religious or philosophical beliefs, ethnic or racial origin, health, sexual life, criminal convictions, legal punishments and involvement in criminal proceedings. Processing of non-sensitive personal data is permitted without the consent of the respective individual if it occurs under the terms which are set out in the Personal Data Protection Act. Processed personal data are protected by organizational and technical measures which must be documented. Chief processors must register the processing of sensitive personal data with the data protection supervision authority.

In April 1997, the Riigikogu passed the Databases Act. The Databases Act is a procedural law for the establishment of national databases The law sets out the general principles for the maintenance of databases, prescribes requirements and protection measures for data processing, and unifies the terminology to be used in the maintenance of databases. Pursuant to the Databases Act, the statutes of state registers or databases which were created before the law took effect must be brought into line with the Act within two years. The Databases Act also mandates the establishment of a state register of databases which registers state and local government databases, as well as databases containing sensitive personal data which are maintained by persons in private law. The chief processor of the register has the right to make proposals to the government, to the chief processors of various databases, and to the state information systems. He or she would also be responsible for coordinating authority with respect to the expansion, merger or liquidation of databases, interbase cross-usage, or the organization of data processing or data acquisition in a manner aimed at avoiding duplication of effort or substantially repetitive databases.

The Data Protection Department of the Ministry of Internal Affairs is the supervisory authority for the Personal Data Protection Act and the Databases Act. Currently there are only four staff members in the department -- head of department, IT technology specialist, organizational specialist, and legal specialist. [fn 142] The Legal Committee of Parliament exercises supervision over the Data Protection Supervision Authority. The Data Protection Department is currently developing legislation that would make it independent and bring the law in line with the EU Directive. [fn 143]

According to Estonian press reports in November 1996, databases of the financial and police records of thousands of Estonians are easily available on the black market. The records were available on CD-ROM and sold for 4000 dollars each, and included details of individualís bank loans and police files. [fn 144]

On February 22, 1994, the Riigikogu adopted a law on electronic eavesdropping. The punishment for such activity is a fine and three years imprisonment for general surveillance activity, and five years imprisonment for special measures like opening correspondence or telephone bugging. [fn 145] In May 16, 1996, the Estonian Intelligence Service started an inquiry on the involvement of former Vice Prime Minister Edgar Saavisar in a politically motivated wiretapping scandal. It eventually led to a change of government. [fn 146] At the end of 1997, the intelligence service and parliament were continuing to investigate the Savisaar case. [fn 147] There is a telecommunications bill which will adopt the EU telecommunications privacy directive and will take effect at the beginning of next year. A Digital Signature Law is also being drafted which will be introduced in the spring of 1999.

Estonia is a member of the Council of Europe but has not signed the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (ETS No. 108). [fn 148] Estonia has signed and ratified the European Convention for the Protection of Human Rights and Fundamental Freedoms. [fn 149]

Republic of Finland

Section 8 of The Constitution Act of Finland states, "The private life, honor and home of every person shall be secured. More detailed provisions on the protection of personal data shall be prescribed by Act of Parliament. The secrecy of correspondence and of telephone and other confidential communications shall be inviolable. Measures impinging on the sphere of the home which are necessary for the protection of fundamental rights or the detection of crime may be prescribed by Act of Parliament. Necessary restrictions on the secrecy of communications may also be provided by Act of Parliament in the investigation of offenses which endanger the security of society or of the individual or which disturb domestic peace, in legal proceedings and security checks as well as during deprivation of liberty." [fn 150]

Finland enacted its Personal Data File Act in 1987 and it became law in 1988.[fn 151] Finland is a country that has traditionally adhered to the Nordic tradition of open access to government files. In fact, the world's first data protection act dates back as far as 1776 and the Riksdag's (Swedish Parliament) "Access to Public Records Act." This Act also applied to Finland, then a Swedish-governed territory. Although the 1776 Act was more of a "freedom of information act" in that the public was allowed to scrutinize public records for accuracy, it also served the purpose of ensuring that all government-held information was, in fact, required for legitimate purposes. [fn 152]

The Personal Data File Act applies to the public and private sectors as well as manual and automated files. There is a registration requirement for systems containing personal data. The data user must notify the Data Protection Ombudsman (DPO) of the establishment of the personal data file. The requirements and detail of this notification are dependent on the sensitivity of the data. If the information is not very sensitive, only basic information must be provided to the DPO. For more sensitive information such as credit data and data used and manipulated by third party data service organizations, the rules for notification are stricter. A bill pending in the Parliament to amend the law to make it consistent with the EU Data Protection Directive is expected to be approved and in force by October 1998.

The Data Protection Ombudsman (DPO) enforces the Act and receives complaints. Approximately 800-900 written complaints or queries are received by the Ombudsman each year. [fn 153] A Data Protection Board resolves disputes and hears appeals of decisions rendered by the DPO. [fn 154]

The Finnish government has enacted special ordinances that apply to particular personal data systems. These include those operated by the police such as criminal information systems, the national health service, passport systems, population registers, farm registers, and the agency responsible for motor vehicle registration. [fn 155]

Electronic surveillance and telephone tapping are governed by the Criminal Law. A judge can give permission to tap the telephone lines of a suspect if the suspect is liable for a jail sentence for crimes that are exhaustively listed in the Coercive Criminal Investigations Means Act. Transactional data of a suspect's telecommunications activity can be obtained if the suspect faces at least four months of jail. Electronic surveillance is possible, with the permission of the judge, if the suspect is accused of a drug related crime or a crime that can be punished with more than four years in jail. A bill pending in the Parliament to amend the law to make it consistent with the EU Telecommunications Privacy Directive is expected to be approved and in force by October 1998. [fn 156] Although cases of political telecommunications eavesdropping are rare in Finland, there have been published reports that the Finnish military has either supported Western signals intelligence operations (via its large base at Santahamina on the outskirts of Helsinki), or acquiesced to a Swedish/U.S. eavesdropping collaborative effort from the Swedish embassy in downtown Helsinki.[fn 157] In 1996, the PENET anonymous remailer was forced to shut down after Scientologists demanded that the identity of the users posting critical messages be revealed to the Church. The court order was later enjoined by the Court of Appeals. [fn 158]

Finland is a member of the Council of Europe and has signed and ratified the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (ETS No. 108). [fn 159] Finland has signed and ratified the European Convention for the Protection of Human Rights and Fundamental Freedoms. [fn 160] Finland is a member of the Organization for Economic Cooperation and Development and has adopted the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.

The Parliament of the self-governing Aland Islands (Landsting) passed its own Data Protection Act in 1991 and independently ratified the Council of Europe's Convention 108. [fn 161] Although the Aland Act makes reference to the Finnish Data Protection Act, there has always been some resistance by the Aland Swedish-speaking majority to following orders from Helsinki. Constitutionally, the Aland Parliament may nullify Finnish laws on its territory. [fn 162]

French Republic

The right of privacy is not explicitly protected in the French Constitution of 1792. The tort of privacy was first recognized in France as far back as 1858. [fn 163] The Constitutional Court ruled in 1994 that the right of privacy was implicit in the Constitution. [fn 164]

The Data Protection Act was enacted in 1978 and covers personal information held by government agencies and private entities.[fn 165] Anyone wishing to process personal data must register and obtain permission in many cases relating to processing by public bodies and for medical research. Individuals must be informed of the reasons for collection of information and may object to its processing. Individuals have rights to access and to demand corrections. Fines and imprisonment can be imposed for violations. The law is currently being amended to make it consistent with the EU Directive. A report was issued in February 1998 by M. Guy Braibank setting out the plan for the changes. [fn 166]

The Commission Nationale de L'informatique et des Liberté (CNIL) is an independent agency which enforces the Data Protection Act and other related laws.[fn 167] The Commission takes complaints, issues rulings, sets rules, conducts audits and issues reports. It reported in its 1997 annual report that it had registered 580,000 data processings since 1978. [fn 168] It received 4,452 complaints and requests for access in 1997. [fn 169]

Electronic surveillance is regulated by a 1991 law which requires permission of an investigating judge before a wiretap is installed. [fn 170] The law created the Commission National de Contôl des Interceptions de Sécurité, which sets rules and reviews wiretaps each year. There were 4713 orders for national security taps in 1997, including 1803 renewals. [fn 171] The European Court of Human Rights has ruled against France a number of times for violations of Article 8 of the Convention. The Court's 1990 decision in Kruslin v. France resulted in the enactment of the 1991 law.[fn 172] Most recently, the court fined France FF 25,000 for wiretap law violations. [fn 173] There have been many cases of illegal wiretapping, including most notably a long running scandal over an anti-terrorist group in the office of President Mitterand monitoring the calls of journalists and opposition politicians. [fn 174] The CNCIS estimated that there were over 100,000 illegal taps conducted by private companies and individuals in 1996, many on the behalf of government agencies. A decree was issued in 1997 to limit the dissemination of tapping equipment. [fn 175]

There are additional specific laws on administrative documents, [fn 176] archives, [fn 177] video surveillance [fn 178] and employment. [fn 179] There are also protections incorporated in the Civil Code [fn 180] and Penal Code. [fn 181]

France is a member of the Council of Europe and has signed and ratified the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (ETS No. 108).[fn 182] It has signed and ratified the European Convention for the Protection of Human Rights and Fundamental Freedoms.[fn 183] It is a member of the Organization for Economic Cooperation and Development and has adopted the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.

Federal Republic of Germany

There is no data-related "right of privacy" in Germany's constitution. Attempts to introduce such a right were discussed after reunification when the constitution was revised and were successfully opposed by the then-conservative political majority. In 1983, the Federal Constitutional Court, in a case against a government census law, acknowledged formally an individualís "right of informational self-determination" which is limited by the "predominant public interest." The central part of the verdict stated, "Who can not certainly overlook which information related to him or her is known to certain segments of his social environment, and who is not able to assess to a certain degree the knowledge of his potential communication partners, can be essentially hindered in his capability to plan and to decide. The right of informational self-determination stands against a societal order and its underlying legal order in which citizens could not know any longer who what and when in what situations knows about them." [fn 184] Although there is no constitutional right of privacy or data-protection, this landmark court decision derived the "right of informational self-determination" directly from Article 2 of the German Constitution which declares protective personal rights (Persönlichkeitsrechte).

In Germany, the first Data Protection Law was passed in the Land of Hessen in 1970. It was the first data protection law worldwide. In 1977, a Federal Data Protection Law followed, which was reviewed in 1990. [fn 185] The general purpose of this law is "to protect the individual against violations of his personal right (Persönlichkeitsrecht) by handling person-related data." The law covers collection, processing and use of personal data collected by public federal and state authorities (as long as there is no state-regulation), and of non-public offices, as long as they process and use data for commercial or professional aims. Changes to the law to make it consistent with the EU Directive are currently being debated and will likely be enacted following the election. All of the 16 LŠnder have their own specific data-protection regulations that cover the public sector of the Lander administrations.

The Federal Data Protection Commission (Bundesbeauftragter für den Datenschutz) is responsible for supervision of the Data Protection Act. [fn 186] There are also commissions in each of the Landers who enforce the Lander data protection acts. [fn 187] Supervision, however, is carried out for the private sector by the Land authority designated by the Land data protection law (usually the Land Data Protection Commissioner). In 1996, the Berlin Data Protection Commissioner reached an agreement with Citibank on the use of RailwayCards as Visa cards. The agreement may be an important precursor for transborder dataflows to the U.S. and other countries without privacy laws when the EU Directive goes into effect in October 1998. [fn 188]

Wiretapping is regulated by the "G10-Law" -- which relates to ¤ 10 of the Constitution and requires a court order for criminal cases. [fn 189] In 1997, the Supreme Court issued a preliminary order limiting warrantless automated wiretaps (screening method) by the intelligence service (BND). [fn 190] After a fiercely fought six-year political debate, a two-third majority of the German parliament eventually approved a change to Section 13 of the Constitution, which makes it legal for police authorities to place bugging devices even in private homes (provided there is a court order). The change from April 1, 1998, was the provision for the "Law for the enhancement of the fight against organized crime," which became effective on May 9.

In addition, wherever they deal with the handling of personal information on natural persons either directly or by amendments, nearly all German laws contain references to the respective data protection law or carry special sections on the handling of personal data that reflect the right to privacy. Most recently there have been a number of laws relating to communications privacy. The Telecommunications Carriers Data Protection Ordinance of 1996 protects privacy of telecommunications information. [fn 191] The Information and Communication Services (Multimedia) Act of 1997 sets protections for information used in computer networks. [fn 192] The Act also sets out the legal requirements for digital signatures. In April 1998, a law was passed that allows the Bundeskrimalamt to run a nationwide databank of genetic profiles related to criminal investigations and convicted offenders. One month later, the "Bundesgrenzschutz," originally a para-military border police force, and now responsible among other tasks for railways and stations, received permission to check persons' identities and baggage without any concrete suspicion.

Germany is a member of the Council of Europe and has signed and ratified the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (ETS No. 108). [fn 193] It has signed and ratified the European Convention for the Protection of Human Rights and Fundamental Freedoms.[fn 194] It is a member of the Organization for Economic Cooperation and Development and has adopted the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.

Hellenic Republic (Greece)

The Constitution of Greece recognizes the rights of privacy and secrecy of communications. Article 9 states, "(1) Each man's home is inviolable. A person's personal and family life is inviolable. No house searches shall be made except when and as the law directs, and always in the presence of representatives of the judicial authorities. (2) Offenders against the foregoing provision shall be punished for forced entry into a private house and abuse of power, and shall be obliged to indemnify in full the injured party as the law provides." Article 19 states, "The privacy of correspondence and any other form of communication is absolutely inviolable. The law shall determine the guarantees under which the judicial authority is released from the obligation to observe the above-mentioned right, for reasons of national security or for the investigation of particularly serious crimes." [fn 195]

The Law on the Protection of Individuals with regard to the Processing of Personal Data was approved in 1997. [fn 196] Greece was the last member of the European Union to adopt a data protection law and its law was written to apply the EU Directive into Greek law.

The Protection of Personal Data Authority is an independent public authority set up under the law. Its mission is to supervise the implementation of the law and the other rulings pertaining to the protection of individuals against the processing of personal data. It also exercises other powers delegated to it from time to time.

There were major protests during the ratification of the Schengen Agreement for border controls and information sharing. According to news reports, police used tear gas to disperse a group of about 1000 protesters, including Orthodox priests, when they tried to push their way into Parliament as the pact was being debated. [fn 197] The European Parliament passed a resolution in 1993 calling on the Greek government not to place religion on tits national ID cards. [fn 198]

The law requires that police wishing to conduct telephone taps must obtain court permission. However, there are continuing reports of government surveillance of human rights groups, Orthodox religious groups, and activist members of minority groups by government agents who are conducting illegal wiretapping and interception of mail. [fn 199] In June 1994, a parliamentary investigation committee recommended the indictment of former Prime Minister Mitsotakis and 30 persons from his administration on charges of wiretapping political opponents from 1989 to 1991. In January 1995, the Parliament voted to drop all charges against Mitsotakis, and the Supreme Court ordered the dismissal of other charges in April 1995. The late Greek prime Minister Andreas Papandreou was also investigated for illegally wiretapping his political opponents. [fn 200]

Greece is a member of the Council of Europe and has signed and ratified the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (ETS No. 108). [fn 201] Greece has signed and ratified the European Convention for the Protection of Human Rights and Fundamental Freedoms. [fn 202] Greece is a member of the Organization for Economic Cooperation and Development and has adopted the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.

Special Administrative Region of Hong Kong

Following the Peoplesí Republic of Chinaís resumption of sovereignty over Hong Kong on July 1, 1997, the constitutional protections of privacy are contained in the Basic Law of the Hong Kong Special Administrative Region of the Peopleís Republic of China. Article 29 provides "The homes and other premises of Hong Kong residents shall be inviolable. Arbitrary or unlawful search of, or intrusion into, a residentís home or other premises shall be prohibited." Article 30 provides "The freedom and privacy of communications of Hong Kong residents shall be protected by law. No department or individual may, on any grounds, infringe upon the freedom and privacy of communications of residents except that the relevant authorities may inspect communications in accordance with legal procedures to meet the needs of public security or of investigation into criminal offenses." Also relevant is Article 17 of the International Covenant on Civil and Political Rights, which was incorporated into Hong Kongís domestic law with the enactment of the Bill of Rights Ordinance. [fn 203] Article 39 of the Basic Law provides that the Covenant as applied to Hong Kong shall remain in force and implemented through the laws of Hong Kong.

In 1995, Hong Kong enacted its Personal Data (Privacy) Ordinance [fn 204] and most of its provisions took effect in December 1996. The legislation enacts most of the recommendations made by the Hong Kong Law Reform Commission following its six year comparative study. [fn 205]

The statutory provisions adopt features of a variety of existing data protection laws and the draft version of the EU Directive is also reflected in several provisions. The Ordinance does not differentiate between the public and private sectors, although many of the exemptions will more readily apply to the former. A broad definition of "personal data" is adopted so as to encompass all readily retrievable data recorded in all media which relates to an identifiable individual. The Ordinance does not attempt to differentiate personal data according to its sensitivity. The processing of personal data must conform to data protection principles based on those of the OECD. The six principles regulate the collection, accuracy, use and security of personal data as well as requiring data users to be open about data processing and conferring on data subjects the right to be provided a copy of their personal data and to effect corrections. The Ordinance imposes additional restrictions on certain processing, namely data matching, transborder data transfers, and direct marketing. Data matching requires the prior approval of the Privacy Commissioner. The transfer of data to other jurisdictions is subject to restrictions that mirror those of the EU Directive. Also based on the directive is the requirement that upon first use of personal data for direct marketing purposes, a data user must inform the data subject of the opportunity to opt-out from further approaches.

The Ordinance establishes the Office of the Privacy Commissioner to promote and enforce compliance with statutory requirements. [fn 206] The Commissioner is given strong enforcement powers based on those contained in the UK Data Protection Act. In addition to investigating complaints, the commissioner may initiate his own investigations of reasonably suspected contraventions. He may also conduct audits of selected data users. A contravention of any provision other than a data protection principle is a criminal offense. [fn 207] A contravention causing the data subject damage (including injured feelings) is a basis for claiming compensation. The Commissioner is empowered to designate classes of data users required to publicly register the main features of their data processing. The Commissioner may issue codes of conduct to provide guidance on compliance with the Ordinanceís necessarily general provisions. The provisions of a code are legally subordinate but have evidential relevance in determining whether a contravention of the Ordinance has occurred. To date the Commissioner has issued two codes: The code on the use of personal identifiers [fn 208] and of credit information. [fn 209]

The interception of communications is presently regulated by the Telecommunications Ordinance [fn 210] and the Post Office Ordinance. [fn 211] These enactments provide sweeping powers of interception upon public interest grounds. The vagueness of the powers and the lack of procedural safeguards are inconsistent with the International Covenant of Civil and Political Rights and the Basic Law. No official figures are released on the number of intercepts, which are believed to be widespread. A detailed set of reform proposals released by the Hong Kong Law Reform Commission [fn 212] in 1996 resulted in two legislative initiatives. In early 1997, the government released a draft bill for public consultation regulating the interception of communications. When that initiative stalled, James To, an independent legislator, introduced a private members bill, the last enactment to be passed by the colonial legislature prior to July 1, 1997. That enactment has never been brought into force and to date the government has declined to indicate when any legislation regulating the interception of communications will take effect.

Hong Kong is an associate member of the Organization for Economic Cooperation and Development.

Republic of Hungary

Article 59 of the Constitution of the Republic of Hungary reads, "Everyone in the Republic of Hungary shall have the right to good reputation, the inviolability of the privacy of his home and correspondence, and the protection of his personal data." [fn 213] In 1991, the Supreme Court ruled that a law creating a multi-use personal identification number violated the constitutional right of privacy. [fn 214]

Act No. LXIII of 1992 on the Protection of Personal Data and Disclosure of Data of Public Interest covers the collection and use of personal information in both the public sector and private sector. It is a combined Data Protection and Freedom of Information Act. Its basic principle is informational self-determination. [fn 215] Hungary is an applicant for EU membership and it is anticipated that only minor changes are required to make the Act compliant with the EU Directive.

The Parliamentary Commissioner for Data Protection and Freedom of Information oversees the 1992 Act. Besides acting as an ombudsman for both data protection and freedom of information, the Commissioner's tasks include: maintaining the Data Protection Register, and providing opinions on DP and FOI-related draft legislation as well as each category of official secrets. Under the Secrecy Act of 1995, the Commissioner is entitled to change the classification of state and official secrets as well. The Commissioner (along with the two other Parliamentary Commissioners -- one for human rights in general, the other for the ethnic minorities) was elected for the first time on June 30, 1995, for a six year term.

The Commission has been very active reviewing cases involving personal information. [fn 216] When reviewing unlawful national security controls in 1995, in 797 cases, unlawful information gathering practices were found and files had to be destroyed. In 1995, the names and addresses of the winners of the largest lottery jackpot were broadcast on television against the will of the individuals. In a case involving unlawful gathering of personal data of patients of voluntary drug treatment institutions in 1997, the police had to return the lists to the hospital.

Surveillance by police requires a court order and is limited to cases investigating crimes punishable by more than five years imprisonment. [fn 217] Surveillance by national security services requires the permission of a specially appointed judge or the Minister of Justice who can authorize surveillance for up to 90 days. [fn 218] There have been a number of scandals involving secret service spying on political opponents, environmental activists and ethnic minorities. The Parliamentary National Security Committee is currently investigating the illegal surveillance of members of the political party Fidesz, after documents were found by the government. Prime Minister Viktor Orb‡n said the surveillance was conducted by former members of the secret service now employed by private companies. [fn 219]

Many laws contain rules for handling personal data including addresses, [fn 220] marketing records, [fn 221] universal identifiers, [fn 222] medical information, [fn 223] police information, [fn 224] public records, [fn 225] employment, [fn 226] telecommunications, [fn 227] and national security services. [fn 228] The Criminal Code also has provisions on privacy. [fn 229]

Hungary is a member of the Council of Europe and has signed and ratified the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (ETS No. 108). [fn 230] It has signed and ratified the European Convention for the Protection of Human Rights and Fundamental Freedoms.[fn 231] It is a member of the Organization for Economic Cooperation and Development and has adopted the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.

Republic of Iceland

Section 72 of the Constitution states, "The dwelling shall be inviolable. House searching, seizure, and examination of letters and other papers as well as any breach of the secrecy to be observed in postal, telegraph, and telephone matters shall take place only under a judicial order unless particular exception is warranted by Statute." [fn 232]

The Act on the Registration and Handling on Personal Data applies to government agencies and the private sector for physical and electronic files. [fn 233] All persons wishing to process personal data must register. There are limitations on processing sensitive data, disclosing information and linking databases. Individuals have a right to access and correct information. There are additional rules for credit information and marketing. Video surveillance and recording is also covered under the act. A government commission headed by the Minister of Industry and Commerce released a report in 1997 calling for an update of the current legislation to make it consistent with the EU Directive. The report also suggested that the legislation should address issues raised by digital identity cards and sharing of government information. [fn 234] The new law is expected to enter into force next year.

The Act is enforced by the Icelandic Data Protection Commission. The Commission maintains the registry of databases and can investigate and issue rulings.

There is currently a plan by Swiss drug manufacturer Roche Holding to create a nationwide genetic database of the entire Icelandic population. The company is spending $200 million over the next five years for research. The Privacy Commission is maintaining the keys to identify individuals.[fn 235] The other Data Protection Commissioners recommended that the Icelandic authorities reconsider the project in light of the fundamental principles laid down in the European Convention on Human Rights, the Council of Europe Convention and Recommendation (97)5 on medical data, and the EC Directive at their annual meeting in Santiago de Compostela, Spain in September 1998.

Under the law, wiretapping requires a court order. There were 42 wiretaps between 1992 and February 1996. [fn 236]

Iceland is a member of the Council of Europe and has signed and ratified the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (ETS No. 108).[fn 237] It has signed and ratified the European Convention for the Protection of Human Rights and Fundamental Freedoms.[fn 238] It is a member of the Organization for Economic Cooperation and Development and has adopted the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. Iceland is not a EU member state but has been granted associate status.

Republic of India

The Constitution of 1950 does not expressly recognize the right to privacy. [fn 239] However, the Supreme Court has ruled in a number of cases that there is a right of privacy implicit in the Constitution. The Court ruled in 1996 that wiretaps are a "serious invasion of an individual's privacy" under Article 21 of the Constitution which states, "No person shall be deprived of his life or personal liberty except according to procedure established by law." [fn 240] The Court held in 1992 that any information which required disclosure of private matters of a woman's life cannot be requested. [fn 241]

There is no general privacy law in India. The National Task Force on IT and Software Development, set up by the Prime Minster's Office in May 1998, submitted an "IT Action Plan" to Prime Minister Vajpayee in July 1998 calling for the creation of a "National Policy on Information Security, Privacy and Data Protection Act for handling of computerized data." It examined the UK Data Protection Act as a model and recommended a number of cyber laws including ones on privacy and encryption. [fn 242] The Act is expected to be drafted by the end of 1998. [fn 243]

There is also a right of privacy guaranteed by Indian laws. Unlawful attacks on the honor and reputation of a person can invite an action in tort and/or criminal law. [fn 244] The Public Financial Institutions Act of 1993 codifies India's tradition of maintaining confidentiality in bank transactions. A draft Freedom of Information Bill is expected to be introduced in the Fall session of Parliament. [fn 245]

Wiretapping is regulated under the Indian Telegraph Act of 1885. An order for a tap can be issued only by the Union home secretary or his counterparts in the states. A copy of the order must be sent to a review committee directed to be set up by the high court. Tapped phone calls are not accepted as primary evidence in India's courts. There have been numerous phone tap scandals in India, resulting in the 1996 decision by the Supreme Court which required the government to promulgate rules regulating taps. [fn 246] However, illegal wiretapping by government agencies appears to be continuing. According to prominent Non-Government Organizations, the mail of many NGOs in Delhi and in strife-torn areas continues to be subjected to interception and censorship. [fn 247]


The Constitution of Ireland does not explicitly protect the right to privacy. [fn 248] The High and Supreme Courts have ruled that privacy is protected under Article 40.3.1 ("The State guarantees in its laws to respect, and, as far as practicable, by its laws to defend and vindicate the personal rights of the citizen.") and other provisions. [fn 249] The Supreme Court ruled in 1987 that the warrantless wiretapping of two journalists was a violation of the Constitution, finding "The right to privacy is one of the fundamental personal rights of the citizen which flow from the Christian and democratic nature of the State . . The nature of the right to privacy is such that it must ensure the dignity and freedom of the individual in a democratic society. This cannot be insured if his private communications, whether written or telephonic, are deliberately and unjustifiably interfered with." [fn 250]

The Data Protection Act of 1988 covers both the private and public sectors. It regulates the collection, processing, keeping, use and disclosure of personal information that is processed automatically. Individuals have a right to access and correct incorrect information. Information can only be used for specified and lawful purposes and cannot be used or disclosed. Additional protections can be ordered for sensitive data. Criminal penalties can be imposed for violations. There are broad exemptions for national security, tax, and criminal purposes. A draft bill is currently being reviewed by the Attorney General that would revise the Act to make it consistent with the EU Directive.

The Act is enforced by the Data Protection Commissioner. The Commission can investigate complaints, prosecute offenders, sponsor codes of practice, and supervise the registration process. The Commission generally receives about 1700 inquiries each year and reviews between 20 and 30 complaints. [fn 251] In 1996, the Commissioner criticized a proposal to introduce a social services card to all citizens that could become a national ID card. [fn 252]

Wiretapping and electronic surveillance is regulated under the Interception of Postal Packets and Telecommunications Messages (Regulation) Act. [fn 253] The Act followed a 1987 decision of the Supreme Court ruling that wiretaps of journalists violated the constitution (see above). In April 1998, the Garda investigated allegations that several journalists who had uncovered a scandal at the National Irish Bank had their cellular phone conversations intercepted. [fn 254] The Law Reform Commission recommended a new bill in July 1998 that would make illegal the invasion of a person's privacy through secret filming, taping and eavesdropping and the publication of information received from the surveillance.[fn 255]

The Freedom of Information Act took effect in April 1998. [fn 256] The Act creates an Information Commissioner to enforce it. Misuse of data is also criminalized by the Criminal Damage Act 1991.[fn 257]

Ireland is a member of the Council of Europe and has signed and ratified the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (ETS No. 108).[fn 258] It has signed and ratified the European Convention for the Protection of Human Rights and Fundamental Freedoms.[fn 259] It is also a member of the Organization for Economic Cooperation and Development and has adopted the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.

State of Israel

Section 7 of The Basic Law: Human Dignity and Freedom (1992) states, "(a) All persons have the right to privacy and to intimacy. (b) There shall be no entry into the private premises of a person who has not consented thereto. (c) No search shall be conducted on the private premises or body of a person, nor in the body or belongings of a person. (d) There shall be no violation of the secrecy of the spoken utterances, writings or records of a person." [fn 260] According to Supreme Court Justice Mishael Cheshin, this elevates the right of privacy to the level of a basic right. [fn 261]

The Protection of Privacy Law of 1981 regulates the processing of personal information in computer data banks. [fn 262] Holders of data banks must register. Information in the database is limited to purposes for which it was intended. There are broad exceptions for police and security services. It also sets up basic privacy laws relating to spying, publication of photographs and other traditional privacy features. The law was amended in 1996 to broaden the databases covered and increase penalties. [fn 263]

The Act is enforced by the Registrar of Databases within the Ministry of Justice. The Registrar maintains the register of data bases and can deny registration if he believes that it is a cover for illegal activities. The registrar can also investigate and enforce the Act. [fn 264] At the initiative of the Justice Minister, a public council for the protection of privacy has been set up. The Council advises the Minister on legislative matters related to the Protection of Privacy Law and its subsidiary regulations and orders, sets guidelines for the protection of computerized databases, and guides the Registrar of Databases in his work. Under the 1996 amendments, a more independent supervisory authority will be created.

Wiretapping is governed by the Secret Monitoring Law of 1979, which was amended in 1992. The police must receive permission from the district court in order to tap a phone or plant microphones. Intelligence agencies may wiretap people suspected of endangering national security, after receiving written permission from the Prime Minister or Defense Minister. In 1996, a Defense Forces employee was tried for misusing the phone records of a journalist. [fn 265] Several people, including Ma'ariv publisher Opher Nimrodi, were convicted in 1998 of ordering wiretaps on business people and media personalities, including Science Minister Silvan Shalom in 1994. [fn 266]

The Freedom of Information Law was approved unanimously by the Knesset in May 1998. [fn 267] Unauthorized access to computers is punished by the 1995 Computer Law. [fn 268] A Genetic Privacy Bill was approved for a first reading by the Knesset's subcommittee on science in March 1998. The bill would limit disclosure of private DNA information. The police are also demanding the creation of a national DNA data base. [fn 269]

Finance Minister Yaakov Ne'eman issued an authorization in March 1998 giving the director of the Bureau for Counterterrorism full access to the databases of all Israeli taxation authorities, including the Income Tax Authorities and Customs. It gives the Bureau access to the financial records of any citizen in Israel, including the status of their bank account "for urgent cases of preventing terrorist acts." [fn 270]

Italian Republic

The 1948 Constitution has several provisions relating to privacy. Article 14 states, "(1) Personal domicile is inviolable. (2) Inspection and search may not be carried out save in cases and in the manner laid down by law in conformity with guarantees prescribed for safeguarding personal freedom. (3) Special laws regulate verifications and inspections for reasons of public health and safety, or for economic and fiscal purposes." Article 15 states, "(1) The liberty and secrecy of correspondence and of every form of communication are inviolable. (2) Limitations upon them may only be enforced by decision, for which motives must be given, of the judicial authorities with the guarantees laid down by law." [fn 271]

The Italian Data Protection Act was enacted in 1996. [fn 272] The Act is intended to fully implement the EU Data Protection Directive. It covers both electronic and manual files for both government agencies and the private sector. Italy first attempted to enact data protection legislation in 1981.

The Act is enforced by the Supervisory Authority ["Garante"] for Personal Data Protection. The Garante maintains a register, conducts audits and enforces the laws and can also audit databanks not under its jurisdiction such as those relating to intelligence activities.

Wiretapping is regulated under the penal procedure code and penal code. [fn 273] It requires a court order which can last for 15 days in most cases. There are more lenient procedures for anti-Mafia cases. Some 44,000 orders were approved in 1996, up from 15,000 in 1992. [fn 274]

There are also sectoral laws relating to workplace surveillance, [fn 275] statistical information, and electronic files and digital signatures. [fn 276] The law on computer crime includes penalties on interception of electronic communications. [fn 277]

Italy is a member of the Council of Europe and has signed and ratified the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (ETS No. 108). [fn 278] It has signed and ratified the European Convention for the Protection of Human Rights and Fundamental Freedoms. [fn 279] It is a member of the Organization for Economic Cooperation and Development and has adopted the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.


Article 21 of the 1946 Constitution states, "Freedom of assembly and association as well as speech, press and all other forms of expression are guaranteed. 2) No censorship shall be maintained, nor shall the secrecy of any means of communication be violated. " Article 35 states, "The right of all persons to be secure in their homes, papers and effects against entries, searches and seizures shall not be impaired except upon warrant issued for adequate cause and particularly describing the place to be searched and things to be seized . . 2) Each search or seizure shall be made upon separate warrant issued by a competent judicial officer." [fn 280]

The 1988 Act for the Protection of Computer Processed Personal Data Held by Administrative Organs governs the use of personal information in computerized files held by government agencies. [fn 281] It is based on the OECD guidelines and imposes duties of security, access, and correction. Agencies must limit their collection to relevant information and publish a public notice listing their files systems. Information collected for one purpose cannot be used for a purpose "other than the file holding purpose." The Act is enforced by the Government Information Systems Planning Division of the Management and Coordination Agency. The Prefecture of Kanagawa also has legislation that protects privacy in both the public and private sectors. [fn 282]

In June 1998, then-Prime Minister Ryutaro Hashimoto announced that he had signed an agreement with U.S. President Clinton for self-regulation for privacy measures on the Internet except for certain sensitive data. "If data in a certain industry is highly confidential, legal methods can be considered for that industry." [fn 283] On March 4, 1997, the Ministry of International Trade and Industry (MITI) issued Guidelines Concerning the Protection of Computer Processed Personal Data in the Private Sector. In February 1998, MITI established a Supervisory Authority for the Protection of Personal Data to monitor a new system for the granting of "privacy marks" to businesses committing to the handling of the personal data in accordance with the MITI guidelines, and to promote awareness of privacy protection for consumers. The "privacy mark" system was introduced on April 1, and is administered by the Japan Information Processing Development Center (JIPDEC) -- a joint public/private agency. Companies that do not comply with the industry guidelines will be excluded from relevant industry bodies and not granted the

privacy-protection mark. It is assumed that they will then be penalized by market forces. However, in addition, the new Supervisory Authority will investigate violations and make suggestions as necessary to the relevant administrative authorities. [fn 284]

Wiretapping is considered a violation of the Constitution's right of privacy and has only been authorized a few times. An anti-crime bill that would legalize wiretapping (Tochoho) is currently pending in the Diet. [fn 285] The bill would give police the authority to tap telephone lines and eavesdrop on computer telecommunications, including e-mail. It is being opposed by the Federation of Bar Associations. [fn 286] In June 1997, the Tokyo High Court upheld a lower court's finding that the Kanagawa Prefectural Police had illegally wiretapped the telephone at the home of a senior member of the Japanese Communist Party. The court imposed a fine of four million yen. [fn 287]

There is also considerable activity on privacy in the Diet. A bill to amend the Residents Registry Law ("Jumin Kihon Taichoho") has been introduced into the Diet. This would allow centralized control by the Ministry of Home Affairs of information on residents currently held by local governments and the creation of a 10 digit number for all residents. [fn 288] A government committee recommended that a new law be enacted to protect credit reports in July 1998. [fn 289] Japan's Ministry of Posts and Telecommunications (MPT) announced plans in June 1998 to study privacy in telecommunications services, establishing a study group to look into the matter. [fn 290] There is also a controversial bill relating to medical records pending. [fn 291]

The National Police Agency has operated a comprehensive video surveillance system called the "N-system" with 400 locations on expressways and major highways throughout the country, which has been automatically recording the license plate number of every passing car for the last 11 years. Whenever a "wanted" car is detected, the system immediately issues a notice to police. [fn 292] Eleven motorists filed a lawsuit challenging the system in 1997.

Japan is a member of the Organization for Economic Cooperation and Development and a signatory to the OECD Guidelines on Privacy and Transborder Dataflows.

Republic of Korea (South Korea)

The Constitution provides for protection of privacy and secrecy of communications. Article 16 states, "All citizens are free from intrusion into their place of residence. In case of search or seizure in a residence, a warrant issued by a judge upon request of a prosecutor has to be presented." Article 17 states, "The privacy of no citizen may be infringed." Article 18 states, "The secrecy of correspondence of no citizen may be infringed." [fn 293]

The Act on the Protection of Personal Information Managed by Public Agencies of 1994 sets rules for the management of computer-based personal information held by government agencies and is based on the OECD privacy guidelines. Under the Act, government agencies must limit data collected, ensure their accuracy, keep a public register of files, ensure the security of the information, and limit its use to the purposes for which it was collected. The Act is enforced by the Minister of Government Administration. The Ministry of Commerce, Industry and Energy (MoCIE) is seeking the enactment of a "Basic Law for Electronic Commerce" in 1998. In May 1998, it proposed a set of guidelines for electronic commerce legislation, including protecting privacy in the digital trade environment. [fn 294]

Wiretapping is regulated by the Communications Privacy Act . [fn 295] Under previous administrations, there were widespread surveillance and wiretapping abuses by intelligence and police officials. In January 1997, a law was approved that granted new powers to the Agency for National Security Planning, also known as the Korean CIA. [fn 296] Amnesty International protested the increased powers, noting that the ANSP had "been responsible for the surveillance, arbitrary arrest, torture and ill-treatment of political suspects and it lacks accountability for its actions." [fn 297] The United Nations Human Rights Committee recommended in 1995 that the National Security Law [fn 298] be repealed. [fn 299]

Credit reports are protected by the Act Relating to Use and Protection of Credit Information of 1995. [fn 300] Postal privacy is protected by the Postal Services Act. [fn 301]

In 1997, the government announced the creation of an "Electronic National Identification Card Project." The card is based on a smart card system and according to a local human rights group will "include universal ID card, driver's license, medical insurance card, national pension card, proof of residence, and a scanned fingerprint, among other things." [fn 302] The government was scheduled to issue cards to all citizens by 1999. [fn 303] On November 17, a law on the ID card project passed the National Assembly. In December 1997, Kim Dae Jung won the Presidential election. He had publicly opposed the ID card project in his campaign and it appears to have stopped. However, activists believe that government agencies are continuing to push for the proposals quietly.

South Korea is a member of the Organization for Economic Cooperation and Development and has adopted the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.


1. Constitucion de la Nacion Argentina (1994) <>.

2. Law No. 24.745 of December 23, 1996. <>.

3. Decree No. 1616/96, Comment by Supreme Court of Argentina Comparative Law Research and Library Secretary.

4. Código Procesal Penal de la Nación, Art. 236.

5. Reuters News Service - Central and South America, January 29, 1990.

6. La Nacion, Buenos Aires, Sept. 8, 1996.

7. Cavallo lashes out against corruption, Latin American Weekly Report, October 31, 1996.

8. Argentine candidate says own party men bugged him, Reuters World Report, June 2, 1998.

9. Argentine security services accused over phone tap, Reuters World Report, June 2, 1998.

10. Código Civil, Art. 1071, incorporated by Law No. 21.173.

11. New York Times, June 10, 1996.

12. Business Wire, Sept. 12, 1996.

13. The Commonwealth of Australia Constitution Act.<>

14. Privacy Act 1988 (Cwth) <>

15. Privacy Amendment Bill 1998 (Cwth)

16. See

17. Telecommunications (Interception) Act 1979 <>

18. Attorney General's Department, Report on the Telecommunications (Interception) Act, 1997.

19. Crimes Act, 1989 <>

20. See

21. See

22. The Data-matching program (Assistance and Tax) Act 1990. <>

23. see

24. Australian Associated Press, September 22, 1998.

25. For an overview of FOI laws in Australia, and links to relevant government sites, see the University of Tasmania's FOI Review web pages at

26. See the NSW Law Reform Commission's Issues Paper at:

27. See

28. see footnote 3

29. <>

30. Datenschutzgesetz ñ DSG, BGBl 1978/565 changed by 1981/314, 1982/228, 1986/370, 1987/605, 1988/233, 1989/609, 1993/91, 1994/79, 1994/632. See

31. ¤ 149a to ¤ 149p Strafproze§ordnung ñ StPO

32. ¤ 87 to ¤ 101, Telekommunikationsgesetz ñ TKG, BGBl I 1997/100

33. BGBl 1987/287

34. Signed 28/01/81. Ratified 30/03/88. Entered into force 01/07/88. <>.

35. Signed 13/12/57. Ratified 03/09/58. Entered into force 03/09/58. <>.

36. Constitution of Belgium, <>.

37. Cour de Cassation, 26 September 1978.

38. Act concerning the protection of privacy with regard to the treatment of personal data files, December 8, 1992.

39. Projet de loi modifiant la loi du 8 décembre 1992 relative à la protection de la vie privée à l'égard du traitement des données à caractère personnel, n¡ 1586/1 (Rapporteur : M. Renaat Landuyt). Projet de loi transposant la Directive 95/46/CE du 24 octobre 1995 du Parlement européen et du Conseil relative à la protection des personnes physiques à l'égard du traitement des données à caractère personnel et à la libre circulation de ces données, n¡ 1566/1. (Rapporteur : M. Luc Willems).

40. La S&#158;reté de l'Etat trie 570.000 fiches individuelles, Le Soir, 19 Sept. 1998.

41. Statewatch Bulletin, Vol. 5 No 6, November-December 1995.

42. Commission de la protection de la vie privée <>

43. Commission de la protection de la vie privée, Rapport d'activité 1996.

44. loi de 30 juin 1994 relative à la protection de la vie privée contre les écoutes, la prise de connaissance et l'enregistrement de communications et de télécommunications privées.

45. Ecoutes : une pratique décevante et... flamande !Le résultat judiciaire des écoutes téléphoniques est médiocre. La Chambre va modifier la donne, Le Soir, 12 December 1997.

46. Chapitre 17, Loi modifiant la loi du 21 mars 1991 portant réforme de certaines entreprises publiques économiques afin d'adapter le cadre réglementaire aux obligations en matière de libre concurrence et d'harmonisation sur le marché des télécommunications découlant des décisions de l'Union européenne, 19 Decembre 1997.

47. Projet de loi modifiant la loi du 30 juin 1994 relative à la protection de la vie privée contre les écoutes, la prise de connaissance et l'enregistrement de communications et de télécommunications privées. <>. Le GSM en toute sécurité ? Pas s&#158;r..., Le Soir, 20 Feb. 1998.

48. La loi du 12 juin 1991 relative au crédit à la consommation. l'arr&#144;té royal du 11 janvier 1993 modifiant l'arr&#144;té royal du 20 novembre 1992 relatif à l'enregistrement par la Banque Nationale de Belgique des défauts de paiement en matière de crédit à la consommation.

49. La loi du 15 janvier 1990 relative à l'institution et à l'organisation d'une banque-carrefour de la sécurité sociale. Modified by la loi du 29 avril 1996.

50. la loi du 30 juillet 1991.

51. La loi du 8 ao&#158;t 1993: le registre national.

52. Article 458 of the Penal Code.

53. See Roger Blanpain, Employee Privacy Issues: Belgian Report, 17 Comp. Lab. L. 38, Fall 1995.

54. Signed 07/05/82, Ratified 28/05/93, Entered into Force 01/09/93. <>


56. The Constitution of Brazil, 1988. <>.

57. Federal Senate Bill No. 61, 1996 (in English) <>

58. Law No. 8078, September 11, 1990.

59. Law No. 7.232, October 29, 1984.

60. LEI Nº; 9.296, DE 24 DE JULHO DE 1996, <{@1}/hit_headings/word=4/hits_only?>

61. Brazil makes police phone-taps legal, Reuters World Service, July 24, 1996.

62. Brazil vice-president claims his phone was tapped, Reuters North American Wire, September 9, 1992.

63. 'O Globo', Rio de Janeiro, in Portuguese 4 Aug 96, BBC Monitoring Service: Latin America, August 7, 1996.

64. President transfers control of new intelligence agency to military, Agencia Estado news agency, Sao Paulo, BBC Summary of World Broadcasts, April 11, 1996.

65. Reuters News Service, October 2, 1996.

66. SEJUP (Servico Brasileiro de Justica e Paz), Number 117, February 17, 1994.

67. Constitution of the Republic of Bulgaria of 13 July 1991. <>


69. Art. 170-171 (1) (As amended - SG, Nos. 28/1982, 10/1993)

70. Telecommunications Law, Art.5

71. Bulgarian Helsinki Committee, Human Rights in Bulgaria in 1997.

72. Security chief resigns: reportedly was to be dismissed, BBC Summary of World Broadcasts, February 7, 1997.

73. Reuters World Service, December 19, 1996.

74. Insurance Law, Art.7 par.1

75. Social Assistance Law, Art. 32 par.2

76. Radio and Television Act, Articles 10, 15.

77. See

78. Signed 02/06/98. <>.

79. Signed 107/05/92. Ratified 007/09/92. Entered into force 07/09/92. <>.

80. Hunter v. Southam, 2 Supreme Court Reports 2 (1984) 159-60.

81. Access to Information Act, C. A-1. <>.

82. Privacy Act, c. P-21. <>

83. Privacy Commissioner of Canada, <>. Information Commissioner of Canada, <>.

84. For more information, see the Privacy Commissioner of Canada's annual report at

85. For more information, see Industry Canada's website at

86. A list of state laws and commissions is available at

87. Online access to Quebec's civil code is available at <>.

88. Criminal Code, c. C-46. ss. 184, 184.5, 193, 193.1.

89. Radiocommunication Act, R.S.C. 1985, c. R-2, s. 9.

90. CSIS has wiretap green light, The Hamilton Spectator, October 1, 1997.

91. Solicitor General Canada, Annual Report on the Use of Electronic Surveillance , 1994.

92. Telecommunications Act, 1993, c. 38, s. 39, s. 41.

93. Bank Act, c. 46, ss. 242, 244, 459.

94. Insurance Companies Act, s. 489, s. 607.

95. Trust and Loan Companies Act, s. 444

96. Canada Pension Plan, R.S.C. 1985, c. C-8, s. 104.07

97. Criminal Code, c. C-46, s. 487.01

98. Immigration Act, S.C. 1985, c. I-2, s. 110

99. Old Age Security Act, c. O-9, s. 33.01

100. Young Offenders Act, C. Y-1, s. 38.

101. Corrections and Conditional Release Act, 1992, c. 20, s. 26, 142.

102. Constitution of Chile, 1980,

103. Chile: A Country Report, 1994: U.S. Library of Congress, <>

104. Chile's Ex-Dictator Tries to Dictate His Future Role, The New York Times, February 1, 1998.

105. Protection of Personal Data, House of Deputies, November 1996. <>.

106. Rows grow over security services, Southern Cone Report, September 12, 1996.

107. Television Nacional de Chile, BBC Summary of World Broadcasts, September 26, 1992.

108. Army's bugging centre uncovered, Latin America Weekly Report, October 8, 1992.

109. Navy, Air Force Deny Allegations of Telephone Tapping, BBC Summary of World Broadcasts, September 28, 1992.

110. Chile army to take action against servicemen involved in telephone-tapping case, BBC Summary of World Broadcasts, November 27, 1992.

111. Charter of Fundamental Rights and Freedoms, 1993. <>.

112. Act of April 29, 1992 on Protection of Personal Data in Information Systems (No. 256/92).

113. Information Protection Laws Must Be Passed Now, The Prague Post, January 11, 1995.

114. Ketchup-Bottle Bomb Sparks Internet Privacy Row, The Prague Post, September 25, 1996.

115. Undisturbed Privacy Top Priority -- Poll, CTK National News Wire, January 23, 1997.

116. EU Enlargement: What the Accession Agreements Contain, Country by Country, European Report, February 11, 1998.

117. Govt. Proposes Creation of Personal Data Protection Office, CTK National News Wire, July 1, 1998.

118. Article 88 of Criminal Process Law.

119. CTK National News Wire, November 8, 1996.

120. Penal Code, section 238.

121. Penal Code, section 206.

122. Penal Code, section 239.

123. Centre de Recherches Informatique et Droit , Legal Aspects of Information Services and Intellectual Property Rights in Central and Eastern Europe, Feb 1995.

124. <>.

125. Signed 21/02/91 , Ratified 18/03/92, Entered into Force 01/01/93. <>.

126. <>.

127. Private Registers Act of 1978 (Lov nr 293 af 8 juni 1978 om private registre mv), in force 1 January 1979.

128. Public Authoritiesí Registers Act of 1978 (Lov nr 294 af 8 juni 1978 om offentlige myndigheders registre), also in force 1 January 1979.

129. Behandling af personoplysninger [Processing of personal data], Bet. 1345, 1997.

130. Home Page: <>

131. Penal Code Section 263.

132. Borgerlig Straffelov.

133. Act No. 278 respecting the prohibiting against video surveillance by private persons, etc, 9 June 1982 (Lovtidende A, No. 44, 1982, p. 644).

134. lov nr 571 af 19 desember 1985 om forvaltning.

135. lov nr 572 af 19 desember 1985 om offentlighed i forvaltningen).

136. ovbekendtg¿relse nr 811 af 12 september 1994 om betalingskort mv.

137. lov nr 504 af 30 juni 1993 om aktindsigt i helbredsoplysninger.

138. Signed 28/01/81 , Ratified 23/10/89, Entered into Force 01/02/90. <>.

139. Signed 21/02/91 , Ratified 18/03/92, Entered into Force 01/01/93. <>.

140. Constitution of Estonia, <>.

141. Kaidi Oone, "Estonian IT Legislation," Baltic IT&T '98 Conference Proceedings, Riga, Latvia, April 15-18, 1998.

142. Home Page: <>.


144. The Baltics Worldwide, Spring 1997.

145. Estonian Radio, February 22, 1994, "Riigikogu adopts law on surveillance," BBC Summary of World Broadcasts, February 23, 1994.

146. Deutsche Presse-Agentur, ìEstonian intelligence begins probe into former premier Saavisar,î May 16, 1996.



149. Ratified 14/05/93, Enacted 16/04/96 , Entered into Force 16/04/96. <>

150. Constitution of Finland <>.

151. Personal Data Files Act (Law No. 471/87).

152. Wayne Madsen, Handbook of Personal Data Protection (London: Macmillan; New York: Stockton Press, 1992).

153. Home Page: <>.


155. Jorma Kuopus, ìData Protection Regulatory System,î Data Transmission and Privacy, D. Campbell and J. Fisher, eds., (Netherlands: Martinus Nijhoff Publishers, 1994).



158. See

159. Signed 10/04/91. Ratified 02/12/91. Entered into force 1/04/92. <>.

160. Signed 05/05/89. Ratified 10/05/90. Entered into force 10/05/90. <>.

161. Kuopus, ibid.

162. Madsen, op. cit.

163. The Rachel affaire. Judgment of June 16, 1858, Trib. pr. inst. de la Seine, 1858 D.P. III 62. See Jeanne M. Hauch, Protecting Private Facts in France: The Warren & Brandeis Tort is Alive and Well and Flourishing in Paris, 68 Tul. L. Rev. 1219 (May 1994 ).

164. 94.352 DC. Get Cite from Marie

165. Loi N¡ 78-17 du Janvier 1978 relative à l'informatique, aux fichiers et aux libertés. Journal officiel du 7 janvier 1978 et rectificatif au JO du 25 janvier 1978, modifiée par la loi n¡ 88-227 du 11 mars 1988, article 13 relative à la transparence financière de la vie politique (JO du 12 mars 1988), la loi n¡ 92-1336 du 16 décembre 1992 (JO du 23 décembre 1992) et la loi n¡ 94-548 du ler juillet 1994 (JO du 2 juillet 1994). <>

166. Guy Braibant, Donnees Personnelles et Societe De 'Information: Rapport au Premier Ministre sur la transposition en droit fran&#141;ais de la directive no 95/46, le 3 mars 1998 <>.

167. Home Page: <>. The web page contains extensive materials on the applications of the law and other international materials.

168. The CNIL's 18th Report 1997, Commission nationale de l'informatique, July 8, 1998.

169. ibid.

170. La loi n¡ 91-636 du 10 juillet 1991 relative au secret des correspondances émises par la voie des télécommunications.

171. 6e rapport d' activité 1997, Commission national de contr™l des interceptions de sécurité, May 1998.

172. Kruslin v. France, 176-A, Eur. Ct. H.R. (ser. A) (1990).

173. la France condamnée par la Cour européenne des droits de l'homme, Le Monde, 27 Ao&#158;t 1998.

174. see Capitaine Paul Barril, Guerres Secrètes à L'&#131;lysée, (Albin Michel, 1996), Francis Zamponi, Les RG à l'écoute de la France: Police et politique de 1981 à 1997, (La Découverte, 1998).

175. 5e rapport d' activité 1997, Commission national de contrôl des interceptions de sécurité, May 1998.

176. Loi n¡ 78-753 du 17 juillet 1978 portant diverses mesures d'amélioration des relations entre l'administration et le public et diverses dispositions d'ordre administratif, social et fiscal. (Journal officiel du 18 juillet 1978, page 2851). <>.

177. Loi n¡ 79-18 du 3 janvier 1979 sur les archives (Journal officiel du 5 janvier 1979, page 43, rectificatif au journal officiel du 6 janvier 1979, page 55). <>

178. Loi d'orientation et de programmation n¡ 95-73 du 21 janvier 1995 relative à la sécurité (Journal officiel du 24 janvier 1995, page 1249). <>.htm. Also see Décret n¡ 96-926 du 17 octobre 1996 relatif à la vidéo-surveillance pris pour l'application de l'article 10 de la loi n¡ 95-73 du 21 janvier 1995 d'orientation et de programmation relative à la sécurité (Journal officiel du 20 octobre 1996, page 15432). <>.htm and Circulaire du 22 octobre 1996 relative à l'application de l'article 10 de la loi n¡ 95-73 du 21 janvier 1995 d'orientation et de programmation relative à la sécurité (décret sur la vidéosurveillance) (Journal officiel du 7 décembre 1996, page 17835). <>.

179. Loi no 92-1446 du 31 décembre 1992 relative à l'emploi, au développement du travail à temps partiel et à l'assurance chomage. (Journal officiel du 1er janvier 1993, page 19). <>

180. Civil Code, Article 9, Statute No. 70-643 of July 17, 1970.

181. Penal Code, Article 368.

182. Signed 28/01/81, Ratified 24/03/83, Entered into Force 01/10/85. <>.

183. Signed 04/11/50, Ratified 03/05/74, Entered into Force 03/05/74. <>.

184. BverfGE 65,1

185. Federal Act on Data Protection, 27 January 1977 (Bundesgesetzblatt, Part I, No 7, 1 February 1977), Amended 1990. <>.

186. <>.

187. Links to the Landesbeauftragten für den Datenschutz are available at <>.

188. Dr.iur. Alexander Dix, Case Study: North America and the European Directive - The German RailwayCard: A model contractual solution of the "adequate level of protection" issue?, September 1996. <>.

189. "Gesetz zur Beschraenkung des Brief-, Post- und Fernmeldegeheimnisses - Gesetz zu Artikel 10 des Grundgesetzes (GG10)" (Law on restriction of the right of secrecy of letters, mail and telecommunication - Law applying to article 10 of the constitution). 13. August 1968 (G10 BGBl. I, p. 949) and was changed the last time by the bill of 28.10. 1994 (BGBl. I, p.3186ff) "Verbrechensbekaempfungsgesetz" ('Crime-fighting law').

190. <>.

191. Telecommunications Carriers Data Protection Ordinance (TDSV) As of: 12 July 1996 (Federal Law Gazette I p 982). Federal Ministry of Posts and Telecommunications. <>.

192. Federal Act Establishing the General Conditions for Information and Communication Services - Information and Communication Services Act - (Informations- und Kommunikationsdienste-Gesetz - IuKDG) 13 June 1997 <>. Also see Resolution of the Conference of Data Protection Commissioners of the Federation and the Lander of 29 April 1996 on key points for the regulation in matters of data protection of online services. <>

193. <>.

194. <>.

195. Constitution of Greece, Adopted: 11 June 1975. <>.

196. Law no. 2472 on the Protection of Individuals with regard to the Processing of Personal Data.

197. The Reuters European Community Report, June 10, 1997.

198. The Reuters European Community Report, April 23, 1993.

199. U.S. Department of State Greece Country Report on Human Rights Practices for 1997, January 30, 1998. See also Greece Report, Human Rights Watch World Report, 1998.

200. Reuters World Service, November 20, 1996.

201. Signed 17/02/83, Enacted 11/08/95, Entered into Force 01/12/95. <>.

202. Signed 28/11/50, Enacted 28/11/74, Entered into Force 28/11/74. <>.

203. Chapter of Laws (Cap) 383: 288: <>.

204. Chapter of Laws (Cap) 486: See generally Berthold M & Wacks R, Data Privacy Law in Hong Kong (FT Law & Tax, 1997).

205. Hong Kong Law Reform Commission, 1994 Report on the Law Relating To The Protection Of Personal Data. Website information on the Hong Kong Law Reform Commission is available at

206. The Office of the Privacy Commissioner was established with a very small staff with only four officers investigating complaints and compliance issues under the direction of the assistant commissioner: see first Annual Report 1996-97. In the first 6 months of operation, the Commissioner received 52 complaints and had publicly expressed concern that his staff may be unable to cope: see South China Morning Post 15-1-1997.

207. The commissioner referred 8 cases to the Secretary for Justice for possible prosecution in February 1998, but no prosecutions resulted, raising public concern that the legislation would not be enforced. One of the cases arose from a complaint by Emily Lau against the New China News Agency for not responding to her access request. Ms Lau had chaired the Bills Committee that saw the Ordinance become law and she has subsequently resorted to private legal proceedings to pursue the matter.

208. The Code of Practice on the Identity Card Number and other Personal Identifiers was gazetted on 19 December 1997. With the exception of the requirement restricting the issue of a cards with and identity card number printed on it (which will take effect on 19 December 1998), the requirements of the code will take effect on 19 June 1998.

209. The Code of Practice on Consumer Credit Data was issued on 27 February 1998 and will take effect on 27 November 1998. A summary is available at the commissionerís website at

210. Section 33, Chapter of Laws (Cap) 106:

211. Section 13 Chapter of Laws (Cap) 98:

212. Hong Kong Law Reform Commission Hong Kong Law Reform Commissionís 1996 Report on Privacy: Regulating the Interception of Communications. Website information on the Hong Kong Law Reform Commission is available at

213. Constitution of the Republic of Hungary CITE

214. Constitutional Court Decision No. 15-AB of 13 April 1991. <>.

215. ACT LXIII OF 1992 on the Protection of Personal Data and the Publicity of Data of Public Interest. <>

216. See Hungarian Civil Liberties Union, Data Protection and Freedom of Information, 1997.

217. Act XXXIV of 1994 on Police.

218. Act LXXV of 1995 on the National Security Services.

219. Fidesz 'bugging' probe underway, The Budapest Sun, 3 September 1998.

220. Act No. LXVI of 1992 on the register of personal data and addresses of citizens.

221. Act No. CXIX of 1995 on the use of name and address information serving the purposes of research and direct marketing.

222. Act No. XX of 1996 on the identification methods replacing the universal personal identification number, and on the use of identification codes .

223. Act XLVII of 1997 on the use and protection of medical and related data.

224. Act No. XXXIV of 1994 on the Police (Chapter VIII: "Data handling by the Police").

225. Act No. LXVI of 1995 on public records, public archives, and the protection of private archives (restricting rules on the publicity of documents containing personal data).

226. Act No. IV of 1991 on furthering employment and provisions for the unemployed.

227. Act No. LXXII of 1992 on telecommunications.

228. Act No. CXXV of 1995 on the National Security Services etc.

229. Criminal Code, Sections 177-178. <>.

230. Signed 13/05/93, Enacted 08/10/97, Entered into Force 01/02/98. <>.

231. Signed 06/11/90, Enacted 05/11/92, Entered into Force 05/11/92. <>.

232. Constitution of the Kingdom of Iceland, Adopted: 5 June 1953. <>.

233. Act on the Registration and Handling on Personal Data, No. 121, 28 December 1989. The law was originally introduced in 1979 and renewed in 1984 and 1989 after the law automatically expired after five years because of the 'sunset' provisions attached to laws by Iceland's Parliament.

234. Icelandic Governmentís Vision of the Information Society, Feb 1997. <>.

235. Iceland's Blond Ambition: A Nordic country cashes in on its isolated gene pool, Mother Jones, May/June 1998. <>.


237. Signed 27/09/82, Enacted 125/03/91, Entered into Force 01/07/91. <>.

238. Signed 04/11/50, Enacted 29/06/53, Entered into Force 03/09/53.<>.

239. Constitution of India, November 1949. <>.

240. Peoples Union for Civil Liberties (PUCL) vs. The Union of India & Another, 18 December 1996, on Writ Petition (C) No.256 of 1991, <>.

241. Neera Mathur v. LIC AIR 1992 SC 392. See <>.

242. National Task Force on IT & SD, Basic Background Report, 9th June 1998. <>.

243. India: Taskforce suggests slew of measures, The Hindu, July 7, 1998.

244. United Nations, Human Rights Committee, Consideration of Reports Submitted by States Parties Under Article 40 of the Covenant, Third periodic reports of States parties due in 1992 Addendum -India /1, 17 June 1996.

245. The Times of India, Bill seeks to free flow of information, May 22 1997.

246. Peoples Union for Civil Liberties (PUCL) vs. The Union of India & Another, 18 December 1996, on Writ Petition (C) No.256 of 1991. See Madsen, India Seeks to Curb Wiretapping, International Privacy Bulletin, Vol. 5, No 2 (Spring 1997).

247. South Asia Human Rights Documentation Centre, Alternate Report and Commentary to the United Nations Human Rights Committee on India's Third Periodic Report under Article 40 of the International Covenant on Civil and Political Rights, July 1997. <>.

248. Constitution of Ireland, <>.

249. See The Law Reform Commission of Ireland, Consultation Paper on Privacy: Surveillance and the Interception of Communications, September 1996.

250. Kennedy and Arnold v. Ireland [1987] IR 587; 1988 ILRM 472.

251. The Irish Times, July 17, 1998.

252. Social services card opposed by data commissioner, The Irish Times, October 1, 1996.

253. Interception of Postal Packets and Telecommunications Messages (Regulation) Act.

254. Garda to investigate surveillance allegations, The Irish Times, April 18, 1998.

255. Report recommends outlawing secret filming and surveillance, The Irish Times, July 30, 1998.

256. Freedom of Information Act, 1997. <>.

257. The Criminal Damage Act, 1991.

258. Signed 18/12/86, Enacted 25/05/90, Entered into Force 01/08/90. <>.

259. Signed 04/11/50, Enacted 25/02/53, Entered into Force 03/09/53. <>.

260. The Basic Law: Human Dignity and Freedom (5752 - 1992). Passed by the Knesset on the 21st Adar, 5754 (9th March, 1994). <>.

261. Israeli Business Law An Essential Guide @ 30.01.

262. The Protection of Privacy Law 5741-1981 , 1011 Laws of the State of Israel 128. Amended by the Protection of Privacy Law (Amendment) 5745-1985.

263. Law of April 11, 1996.

264. See

265. The Jerusalem Post, IDF officer involved in phone record scandal accuses others of involvement, July 11, 1996.

266. Media wiretapper found guilty, The Jerusalem Post, September 4, 1998.

267. See The Coalition for Freedom of Information. <>.

268. The Computer Law (5755-1995), 1534 Laws of the State of Israel 366, See Miguel Deutch, Computer Legislation: Israel's New Codified Approach, 14 J. Marshall J. Computer & Info. L. 461 (Spring 1996).

269. Ha'aretz, Knesset panel debates 'genetic privacy' bill, March 15, 1998.

270. Anti-terror chief to see all tax files, Ha'aritz, May 29, 1998.

271. Constitution of the Republic of Italy, Adopted 22 Dec 1947. <>.

272. Legge `31 dicembre 1996 n. 675, Tutela delle persone e di altri soggetti rispetto al trattamento dei dati personali. Amended by Legislative Decree No. 123 of 09.05.97 and 255 of 28.07.97. <> (Unofficial translation). LEGGE 31 DICEMBRE 1996, N. 676, Delega al Governo in materia di tutela delle persone e di altri soggetti rispetto al trattamento dei dati personali. <>. See for list of decrees.

273. Intercettazioni di conversoni o comunicazioni, Art 266-271, Codice di Procedura Penale, and Art 614-623, Codice di Penale.

274. French Commission National de Control des Interceptions de securite, Annual Report 1996.

275. Legge 29 marzo 1983, n. 93 - Legge quadro sul pubblico, ITNTDI, p. 296, ¤ 1114.

276. Presidential Decree No. 513 of 10 November 1997, "Regulations establishing criteria and means for implementing Section 15(2)of Law No. 59 of 15 March 1997 concerning the creation, storage and transmission of documents by means of computer-based or telematic systems" <[2/pdecree51397.asp>.

277. Legge 23 dicembre 1993 n 547.

278. Signed 02/02/83, Ratified 29/03/97, Entered into force 01/07/97. <>.

279. <>.

280. Constitution of Japan, November 3, 1946. <>.

281. The Act for the Protection of Computer Processed Personal Data held by Administrative Organs, Act No. 95, 16 December 1988 (Kampoo, 16 December 1988). For the text, see Wayne Madsen, Handbook of Personal Data Protection, McMillian Publishers Ltd., 1992.

282. Kanagawa Prefecture Ordinance on the Protection of Personal Data, Ordinance No. 6, dated 30 March 1990.

283. US Japan Joint Statement on Electronic Commerce, May 15, 1998. <>.

284. Nigel Waters 'Reviewing the adequacy of privacy protection in the Asia Pacific Region' IIR Conference Information Privacy - Data Protection, 15 June 1998, Sydney; see also Ministry of International Trade and Industry (MITI) 'Japan's views on the protection of personal data' (April 1998).

285. See

286. Diet eyes allowing police to bug phones, Mainichi Daily News June 16, 1998.

287. Police wiretapping, Mainichi Daily News, June 29, 1997.

288. Gov't planning new ID system for all residents, Mainichi Daily News, January 5, 1998.

289. Jiji Press Ticker Service, June 12, 1998.

290. Newsbytes, June 1, 1998.

291. Confidentially Yours: No Guarantees of Privacy Under Proposed Law, The New Observer, July 1998. <>.

292. Christian Science Monitor, April 8, 1997.

293. Constitution of the Republic of Korea, Adopted: 17 July 1948. <>.

294. Nikkei BP AsiaBizTech - 29-Jun-98.

295. Communications Privacy Act, December 27, 1993., Revised December 13, 1997. A list of all telecommunications laws in Korea is available at: <>.

296. Critics Say New Spy Law Aimed At Quashing Political Dissent Critics Say New Spy Law Aimed At Quashing Political Dissent, Associated Press Writer Jan. 13, 1997.

297. Public Protests, National Security and Human Rights Violations: Open Letter from Amnesty International to President Kim Young-sam, January 1997. <>.

298. <> (Unofficial English translation).

299. Commission on Human Rights, Question of the Human Rights of All Persons Subjected to Any Form of Detention or Imprisonment, E/CN.4/1996/39/Add. 21 November 1995. <>.

300. Act Relating to Use and Protection of Credit Information, Law No. 4866, Jan. 5, 1995. <>. Enforcement Decree for the Act Relating to Use and Protection of Credit Information. <>.

301. Amended by Law No.2372, Dec.16,1972;Law No.3602, Dec.31,1982. <>.

302. <>.

303. Joohoan Kim, Ph.D., Digitized Personal Information and the Crisis of Privacy: The Problems of Electronic National Identification Card Project and Land Registry Project in South Korea <>.