Privacy law
Encyclopedia
Privacy law refers to the laws which deal with the regulation of personal information about individuals which can be collected by governments and other public as well as private organizations and its storage and use.
Privacy laws are considered in the context of an individual's privacy rights or reasonable expectation of privacy.
General privacy laws have an overall bearing on the personal information of individuals and affect the policies that govern many different areas of information.
, which was drafted and adopted by the Council of Europe
in 1950 and meanwhile covers the whole European continent except for Belarus
and Kosovo
, protects the right to respect for private life: "Everyone has the right to respect for his private and family life, his home and his correspondence." Through the huge case-law of the European Court of Human Rights
in Strasbourg
, privacy has been defined and its protection has been established as a positive right of everyone.
Article 17 of the International Covenant on Civil and Political Rights
of the United Nations
of 1966 also protects privacy: "No one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks."
, which states:
, the federal Personal Information Protection and Electronic Documents Act
(PIPEDA) governs the collection, use and disclosure of personal information in connection with commercial activities and personal information about employees of federal works, undertakings and businesses. It generally does not apply to non-commercial organizations or provincial governments. Personal information collected, used and disclosed by the federal government and many crown corporations is governed by the Privacy Act. Many provinces have enacted similar provincial legislation such as the Ontario Freedom of Information and Protection of Privacy Act which applies to public bodies in that province.
There remains some debate whether there exists a common law tort for breach of privacy. There have been a number of cases identifying a common law right to privacy but the requirements have not been articulated.
In Eastmond v. Canadian Pacific Railway & Privacy Commissioner of Canada Canada's Supreme Court found that CP could collect Eastmond's personal information without his knowledge or consent because it benefited from the exemption in paragraph 7(1)(b) of PIPEDA
, which provides that personal information can be collected without consent if "it is reasonable to expect that the collection with the knowledge or consent of the individual would compromise the availability or the accuracy of the information and the collection is reasonable for purposes related to investigating a breach of an agreement".
Previously, the Information Technology (Amendment) Act, 2008 made changes to the Information Technology Act, 2000
and added the following two sections relating to Privacy:
Section 43A, which deals with implementation of reasonable security practices for sensitive personal data or information and provides for the compensation of the person affected by wrongful loss or wrongful gain.
Section 72A, which provides for imprisonment for a period up to 3 years and/or a fine up to Rs. 5,00,000 for a person who causes wrongful loss or wrongful gain by disclosing personal information of another person while providing services under the terms of lawful contract.
yes
The introduction into the New Zealand common law of a tort covering invasion of personal privacy at least by public disclosure of private facts was at issue in Hosking v Runting.
Complaints about privacy are considered by the Privacy Commissioner
As a general rule consent of the individual is required for processing, i.e. obtaining, organizing, accumulating, holding, adjusting (updating, modifying), using, disclosing (including transfer), impersonating, blocking or destroying of his personal data. This rule doesn't apply where such processing is necessary for performance of the contract, to which an individual is a party.
, the United Kingdom
adheres to Article 8 ECHR
, which guarantees a "right to respect for privacy and family life", subject to restrictions as prescribed by law and necessary in a democratic society towards a legitimate aim.
However, there is no independent tort law doctrine which recognises a right to privacy. This has been confirmed on a number of occasions.
(later a Supreme Court justice) and another young lawyer, Samuel D. Warren
, published an article called 'The Right to Privacy' in the Harvard Law Review
in 1890 arguing that the constitution and the common law allowed for the deduction of a general "right to privacy". Their project was never entirely successful, and the renowned tort expert Dean Prosser
argued that "privacy" was composed of four separate torts, the only unifying element of which was a (vague) "right to be left alone." These elements were
Privacy laws are considered in the context of an individual's privacy rights or reasonable expectation of privacy.
Classification of privacy laws
Privacy laws can be broadly classified into:General privacy laws have an overall bearing on the personal information of individuals and affect the policies that govern many different areas of information.
Specific privacy laws
These laws are designed to regulate specific types of information. Some examples include:- Health privacy laws
- Financial privacy laws
- Online privacy laws
- Communication privacy laws
- Information privacy laws
- Privacy in one's home
International Legal Standards on Privacy
Article 8 of the European Convention on Human RightsEuropean Convention on Human Rights
The Convention for the Protection of Human Rights and Fundamental Freedoms is an international treaty to protect human rights and fundamental freedoms in Europe. Drafted in 1950 by the then newly formed Council of Europe, the convention entered into force on 3 September 1953...
, which was drafted and adopted by the Council of Europe
Council of Europe
The Council of Europe is an international organisation promoting co-operation between all countries of Europe in the areas of legal standards, human rights, democratic development, the rule of law and cultural co-operation...
in 1950 and meanwhile covers the whole European continent except for Belarus
Belarus
Belarus , officially the Republic of Belarus, is a landlocked country in Eastern Europe, bordered clockwise by Russia to the northeast, Ukraine to the south, Poland to the west, and Lithuania and Latvia to the northwest. Its capital is Minsk; other major cities include Brest, Grodno , Gomel ,...
and Kosovo
Kosovo
Kosovo is a region in southeastern Europe. Part of the Ottoman Empire for more than five centuries, later the Autonomous Province of Kosovo and Metohija within Serbia...
, protects the right to respect for private life: "Everyone has the right to respect for his private and family life, his home and his correspondence." Through the huge case-law of the European Court of Human Rights
European Court of Human Rights
The European Court of Human Rights in Strasbourg is a supra-national court established by the European Convention on Human Rights and hears complaints that a contracting state has violated the human rights enshrined in the Convention and its protocols. Complaints can be brought by individuals or...
in Strasbourg
Strasbourg
Strasbourg is the capital and principal city of the Alsace region in eastern France and is the official seat of the European Parliament. Located close to the border with Germany, it is the capital of the Bas-Rhin département. The city and the region of Alsace are historically German-speaking,...
, privacy has been defined and its protection has been established as a positive right of everyone.
Article 17 of the International Covenant on Civil and Political Rights
International Covenant on Civil and Political Rights
The International Covenant on Civil and Political Rights is a multilateral treaty adopted by the United Nations General Assembly on December 16, 1966, and in force from March 23, 1976...
of the United Nations
United Nations
The United Nations is an international organization whose stated aims are facilitating cooperation in international law, international security, economic development, social progress, human rights, and achievement of world peace...
of 1966 also protects privacy: "No one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks."
Australia
The current state of privacy law in Australia includes Federal and state information privacy legislation, some sector-specific privacy legislation at state level, regulation of the media and some criminal sanctions. The current position concerning civil causes of action for invasion of privacy is unclear: some courts have indicated that a tort of invasion of privacy may exist in Australia; in 2008, the Australian Law Reform Commission recommended the enactment of a statutory cause of action for invasion of privacy.Brazil
A Brazilian citizen's privacy is protected by the country's constitutionConstitution
A constitution is a set of fundamental principles or established precedents according to which a state or other organization is governed. These rules together make up, i.e. constitute, what the entity is...
, which states:
- The intimacy, private life, honor and image of the people are inviolable, with assured right to indenization by material or moral damage resulting from its violation
Canada
In CanadaCanada
Canada is a North American country consisting of ten provinces and three territories. Located in the northern part of the continent, it extends from the Atlantic Ocean in the east to the Pacific Ocean in the west, and northward into the Arctic Ocean...
, the federal Personal Information Protection and Electronic Documents Act
Personal Information Protection and Electronic Documents Act
The Personal Information Protection and Electronic Documents Act is a Canadian law relating to data privacy. It governs how private sector organizations collect, use and disclose personal information in the course of commercial business. In addition, the Act contains various provisions to...
(PIPEDA) governs the collection, use and disclosure of personal information in connection with commercial activities and personal information about employees of federal works, undertakings and businesses. It generally does not apply to non-commercial organizations or provincial governments. Personal information collected, used and disclosed by the federal government and many crown corporations is governed by the Privacy Act. Many provinces have enacted similar provincial legislation such as the Ontario Freedom of Information and Protection of Privacy Act which applies to public bodies in that province.
There remains some debate whether there exists a common law tort for breach of privacy. There have been a number of cases identifying a common law right to privacy but the requirements have not been articulated.
In Eastmond v. Canadian Pacific Railway & Privacy Commissioner of Canada Canada's Supreme Court found that CP could collect Eastmond's personal information without his knowledge or consent because it benefited from the exemption in paragraph 7(1)(b) of PIPEDA
Personal Information Protection and Electronic Documents Act
The Personal Information Protection and Electronic Documents Act is a Canadian law relating to data privacy. It governs how private sector organizations collect, use and disclose personal information in the course of commercial business. In addition, the Act contains various provisions to...
, which provides that personal information can be collected without consent if "it is reasonable to expect that the collection with the knowledge or consent of the individual would compromise the availability or the accuracy of the information and the collection is reasonable for purposes related to investigating a breach of an agreement".
India
In June, 2011, India passed a new privacy package that included various new rules that apply to companies and consumers. A key aspect of the new rules requires that any organization that processes personal information must obtain written consent from the data subjects before undertaking certain activities. Application of the rule is still uncertain.Previously, the Information Technology (Amendment) Act, 2008 made changes to the Information Technology Act, 2000
Information Technology Act
The Information Technology Act 2000 is an Act of the Indian Parliament notified on October 17, 2000.-History of the Act:...
and added the following two sections relating to Privacy:
Section 43A, which deals with implementation of reasonable security practices for sensitive personal data or information and provides for the compensation of the person affected by wrongful loss or wrongful gain.
Section 72A, which provides for imprisonment for a period up to 3 years and/or a fine up to Rs. 5,00,000 for a person who causes wrongful loss or wrongful gain by disclosing personal information of another person while providing services under the terms of lawful contract.
yes
New Zealand
In New Zealand, the Privacy Act 1993 sets out principles in relation to the collection, use, disclosure, security and access to personal information.The introduction into the New Zealand common law of a tort covering invasion of personal privacy at least by public disclosure of private facts was at issue in Hosking v Runting.
Complaints about privacy are considered by the Privacy Commissioner
Republic of China (Taiwan)
Computer Processed Personal Information Protection Act was enacted in 1995 in order to protect personal information processed by computers. The general provision specified the purpose of the law, defined crucial terms, prohibited individuals from waiving certain rights.Russia
Applicable legislation:- Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, signed and ratified by the Russian Federation on December 19.2005;
- the Law of the Russian Federation “On Personal Data” as of 27.07.2006 No. 152-FZ, regulating the processing of personal data by means of automation equipment. It is the operator who is required to comply with that Act.
As a general rule consent of the individual is required for processing, i.e. obtaining, organizing, accumulating, holding, adjusting (updating, modifying), using, disclosing (including transfer), impersonating, blocking or destroying of his personal data. This rule doesn't apply where such processing is necessary for performance of the contract, to which an individual is a party.
- Data protection principles and legislation in the Russian Federation (in English)
- On-line database of the Russian laws (in Russian)
- Federal Service on supervising in the sphere of communications, information technology and mass media (in Russian)
United Kingdom
As a member of the European Convention on Human RightsEuropean Convention on Human Rights
The Convention for the Protection of Human Rights and Fundamental Freedoms is an international treaty to protect human rights and fundamental freedoms in Europe. Drafted in 1950 by the then newly formed Council of Europe, the convention entered into force on 3 September 1953...
, the United Kingdom
United Kingdom
The United Kingdom of Great Britain and Northern IrelandIn the United Kingdom and Dependencies, other languages have been officially recognised as legitimate autochthonous languages under the European Charter for Regional or Minority Languages...
adheres to Article 8 ECHR
Article 8 ECHR
Article 8 of the European Convention on Human Rights provides a right to respect for one's "private and family life, his home and his correspondence", subject to certain restrictions that are "in accordance with law" and "necessary in a democratic society"....
, which guarantees a "right to respect for privacy and family life", subject to restrictions as prescribed by law and necessary in a democratic society towards a legitimate aim.
However, there is no independent tort law doctrine which recognises a right to privacy. This has been confirmed on a number of occasions.
- Kaye v RobertsonKaye v RobertsonKaye v Robertson [1991] FSR 62 is a case in English law which is a notable case, expressing the view that there is no common law right to privacy in English law.-Facts:...
- Wainwright v Home Office
United States
The idea of a right to privacy was first addressed within a legal context in the United States. Louis BrandeisLouis Brandeis
Louis Dembitz Brandeis ; November 13, 1856 – October 5, 1941) was an Associate Justice on the Supreme Court of the United States from 1916 to 1939.He was born in Louisville, Kentucky, to Jewish immigrant parents who raised him in a secular mode...
(later a Supreme Court justice) and another young lawyer, Samuel D. Warren
Samuel D. Warren (US attorney)
Samuel Dennis Warren was a Boston attorney.Warren graduated from Harvard College in 1875 and graduated second in his class at Harvard Law School in 1877. The first-place student was his friend Louis Brandeis, later a justice of the United States Supreme Court...
, published an article called 'The Right to Privacy' in the Harvard Law Review
Harvard Law Review
The Harvard Law Review is a journal of legal scholarship published by an independent student group at Harvard Law School.-Overview:According to the 2008 Journal Citation Reports, the Review is the most cited law review and has the second-highest impact factor in the category "law" after the...
in 1890 arguing that the constitution and the common law allowed for the deduction of a general "right to privacy". Their project was never entirely successful, and the renowned tort expert Dean Prosser
William Prosser
William Lloyd Prosser was the Dean of the College of Law at UC Berkeley from 1948 to 1961. Prosser authored several editions of Prosser on Torts, universally recognized as the leading work on the subject of tort law for a generation. It is still widely used today, now known as Prosser and Keeton...
argued that "privacy" was composed of four separate torts, the only unifying element of which was a (vague) "right to be left alone." These elements were
- appropriating the plaintiff's identity for the defendant's benefit
- placing the plaintiff in a false light in the public eye
- publicly disclosing private facts about the plaintiff
- unreasonably intruding upon the seclusion or solitude of the plaintiff
- Health Information Privacy Accountability Act -- Office for Civil Rights U.S. Department of Health and Human Services
- Financial Services Modernization Act (GLB), 15 U.S. Code §§ 6801-6810
- Final Rule on Privacy of Consumer Financial Information, 16 Code of Federal Regulations, Part 313
- Fair Credit Reporting Act (FCRA), 15 U.S. Code §§ 1681-1681u
- Fair Debt Collections Practices Act (FDCPA), 15 U.S.C. §§ 1692-1692
- List of Privacy Laws
Legislation
- Privacy Act of 1974Privacy Act of 1974The Privacy Act of 1974, 5 U.S.C. § 552a, Public Law No. 93-579, establishes a Code of Fair Information Practice that governs the collection, maintenance, use, and dissemination of personally identifiable information about individuals that is maintained in systems of records by federal agencies...
(US) - Electronic Communications Privacy ActElectronic Communications Privacy ActThe Electronic Communications Privacy Act is a United States law.- Overview :The “electronic communication” means any transfer of signs, signals, writing, images, sounds, data, or intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnetic, photoelectronic or...
(US) - Privacy Act 1988Privacy Act 1988The Privacy Act 1988 is an Australian law dealing with the privacySection 14 of the Act stipulates a number of privacy rights known as the Information Privacy Principles. These principles apply to Australian Government and Australian Capital Territory agencies or private sector organisations...
(Aus) - Data Protection Directive (EU)
- Data Protection Act 1998 (UK)
- Personality rightsPersonality rights"Personality rights" is a common or casual reference to the proper term of art "Right of Publicity". The Right of Publicity can be defined simply as the right of an individual to control the commercial use of his or her name, image, likeness or other unequivocal aspects of one's identity...
- Data protection (privacy) laws in RussiaData protection (privacy) laws in RussiaData protection laws in Russia is a rapidly developing branch of the Russian legislation. All the basic legal acts in this field have been enacted most recently, mainly in the 2005-2006....