Computer and Telecommunications Law Review

Opinion DS Touma op mee a ee aa Articles ye ANN oe mace NON ayaa RuePr Magee oy Nom Ly yA cu SOE Nar ema AR eMedia aera) Leah eum eee oa Ms RO SC The Electronic Transactions Bill 1999 Book Reviews Eve ae ea Digital Media—Contracts, Rights and Licensin fe eS a Renee nr (ED) News Section ‘An international review of recent cases and legislation £.C. Measures Table ee a eeu eure ACen etd Volume 6: Issue 4 ISSN 1357 3128\ orga A CONTENTS: (2000) CTLR. 5 June COMPUTER. AND TELECOMMUNICATIONS LAW REVIEW VOLUME 6 : ISSUE 4 : 2000 : ISSN 1357 3128 Opinion CASPAR BOWDEN Regulation of Investigatory Powers Bill—“RIP it up” Confidence in U.K. e-commerce could be wrecked by the measures contained in the U.K. Government's proposed Regulation of Inves- tigatory Powers Bill. Caspar Bowden argues that the Home Office's Tequirement that a failure to decrypt data on demand will not only be a criminal offence, but will carry a presumption of guilt and is likely to violate Article é—the right to a fair trial—and Artide eee for privacy—of the European Convention on Human ts. Articles DAWN OSBORNE Domain Names—Fair or Foul? ‘This article examines the “cybersquetting” phenomenon, and the varying approaches of countries trying to control it. It gives a brief history, details relevant cases and looks at newly introduced legislation. The article also addresses whether the balance of treatment is correct between domain name registrants and trade mark owners in these cases. ROBYN DURIE An Overview of the Data Protection Act 1998 ‘The Data Protection Act 1998 will have a significant impact on most businesses in the United Kingdom. This article explains the scope of the Act, highlights the obligations the Act creates for all those businesses which control automated personal data, and details data subject rights. There are also tips for companies on how fo ensure practical compliance with the new rules. BRUCE LEGORBURU Doing Business between the E.U. and New Zealand: What do you Have to do to Protect Personal Information These Days? This article provides a comparative analysis of the data privacy laws of the European Union and New Zealand. It intends to provide data protection guidance to businesses in either of those territories on business (or simply personal information processing activities) in, or receiving personal information from 1¢ other. DAVID TOOK Privatisation of Telecommunications in Thailand: An Update Thailand has embarked upon an ambitious programme of struc- tural reform, not least of which is the reform of its state enterprise sector. Within this sector, corporatisation and privatisation of the ‘Telephone Organisation of Thailand and the Communications jority of Thailand is a very high priority. Whilst some of the present focus on reform by government draws its impetus from the 1997 regional financial crisis, that reform process was in progress prior to 1997. PETER KNIGHT The Electronic Transactions Bill 1999 The Australian Electronic Transactions Bill establishes “the basic rule that a transaction is not invalid because it took place by means of an electronic communication”. This analysis of the Bi sets out its provisions in detail, and contrasts it with the approaches advocated in the UN's Model Law on Electronic (B00) CLR SSUE 48 SWEET & MAXWELL LMITED [ANO CONTHBUTORS, 83 94CONTENTS + [2000] TLR. Book Reviews News Section E.C. Measures ‘Table Commerce and Electronic Commerce: Building the Legal Frame- work, the report presented to the Australian Attomey General by the Electronic Commerce Expert Group. usiness, the Internet and the Law ital Media—Contracts, Rights and Licensing Copinger and Skone James on Copyright (14" ed.} An international review of recent eases and legislation ‘Computing, Telecommunications and Related Measures [PME CLA SUE 4 @ SWEET & MAXWYEL UMITED [AND CONTRIBUTORS] u3 4 nS N-45 N59EDITORIAL BOARD AND COUNTRY CORRESPONDENTS : [200] CLR. Wi Eoiror ‘M. T, MICHELE RENNIE conputaiaw Sabureh EpiToria Apvisory BoarRD HENRY CARR ‘oamis paRKER Barister 0 Co Linited = me ROBYN DURE PAUL TAYLOR Lnnkaters 6 alliance Oretaré London Tonon uve oRINoRAS Tondo Country CorRESPONDENTS Austraua Gnesce ‘ANNE FITZGERALD TEONTDAS KaweL Los Geta canet KoklasKazellos & Assocates susvala ens Ree Mone Kons ‘ler & Tobiz TOMHORE Sie Linkter & Panes Hong Kong, MARK SNEDDON University of Melbourne KH, PUN Melbourne Department of Computer Seence Daler of Hong Kong Austria MARTIN BRODEY PETER WATERS bods regan & ers ‘MICHAEL REDE ‘Vienna ae Ge Gilbert & Tobin sxeoey Bricium Geant ctas Inpia eoe ae Verbeke PRAVIN ANAND Brassls Aasee sand New Debi Baazi ANTONIO CARLOS C.MAZZUCOraty ecu SO ea ‘Aston Glare Ler, acto vat Canapa PAOLO CERNA BARRY B, SOOKMAN Necuiy'@ Tess Broo Cette Asocat ‘xn met, Bahn PER HARON seus Fee OT asda Daiversiyy Plesner & Lane ‘Tokyo Expenieges Luxemsourc Franet STERHAN LE GOUERF FREDERIQUEDUFUIS-TOUROL Le Goueff Law Office Jeantec et Asoo Uoenbeug Pacis NETHERLANDS ye a ‘age TACK Daves of Laden ‘Siméon & Associés Lalden Bae Drivers of Tibusg mie Germany ANNE oTTOW PETER CHROCZTEL WoNNe scHERS Brocihaus Westick Stegemann Joon Pankfuream Ma Bestia RICHARD LEITERMANN ‘Wilkinson, Baker Koauer and Quinn Nw ZEALAND ‘Rankfuream Main, KEN MOON, AT Park & Son XARL H, PILNY ‘Auckland outer odes (CONOR WARD ‘Lovell White Durrant Landes ALAN WHITFIELD London Norway [EIR JENSEN luge Advolatia ans Odio Repusutc oF IRELAND JARLETH BURKE sat Telecom Dablia Stcapors ALBAN KANG ‘Atban Tay Mahan’ & De Siva Singapore ‘Sours Arnica, ‘CHARLES 3, BERMAN ‘Adams & Adams Johannestieg [MARCO VAN DER MERWE ‘Spoor and Fisher Pretoria ‘Span ‘ALMUDENA AREON DE MENDIVE, Gomez-Acebo & Pombo madrid ‘SWEDEN MAGDALENA HAcG. yin & Carsten Steckholin ‘Swirzertanp MARTIN LANZ Sebollenbetg & Ueisly setters {© SVEET& MAXWELL FETED [AND CONTRIBUTORS] News Section Epiror SIMON STOKES: ‘aslo Lyons enton SIMON JONES Nabarro Nathanson, London HEATHER ROWE, ‘CONOR WARD Lovell White Dorant Lenton NIGEL STAMP Baker & Mckenzie Loncon usa RICHARD H. STERN Ablondl, Foster, Sobin & Davidow ‘Washington DC IUSTIN'T. BOOKEY ‘Wildinson, Barker, Knaver & Quinn Washington DC (CHARLES B, COHLER, Lasig, Haas & Cohler ‘San Brancisco JOHN R.ENG [Knobbe, Martens, Olson & Bear Beach ener Joun swivsox Mallesons Stephen Jaques Brisbane EW ANDREAS BARTOSCH Geiss Hoot Lutz & Hizsch Brussels J. MARK NAFTEL Bird & Bird Brussels ELIZABETH ANN STATON Freshfields London SIMON M. TAYLOR, Norton Rose Brussels ROGER TUCKETT Hermes Europe Railel BV Brusselsly EDITORIAL BOARD AND COUNTRY CORRESPONDENTS : (2000} C:TLR. PUBLISHING edr@eweetandmavell.couk This journal should be cited as [2000] C.TLR. 000 ISSN 1357 3128 Published by Sweet & Maxwell Ld ‘Typeset by Interactive Sciences Led, Gloucester Printed and bound in Great Britain by The Headway Press, Reading CONTRIBUTIONS ‘The Editorial Board welcomes contributions to the Law Review All material should be submitted ‘typescript form, on Aé papar in double line spacing, together with a disk if available, and sent to: ‘Anand Shukla, TLR. Sweet & Mesowell Lid 100 Avenue Road London NW3 3°F United Kingdom “Telephone: 020 7393 7000 International: +44 20 7393 7000 Fax: 020 7393 7333 International: +44 20 7393 7333 SUBSCRIPTIONS AND ORDERS Annual subscription £325 (USS578) plus £15 airmail postage outside Europe for 8 issues plus index. Bound Volume Service fs £99 (US$168) extra Sweet & Maxwell Led Subscriptions Department FREEPOST Andover Hants SP10 SBR United Kingdom DX 120950 Andover 5 Telephone: 01264 342766 International: +44 1264 342766 Fax: 01264 342723 International: +44 1264 342761 © Sweet & Maxwell Led 2000, All rights reserved, U.K. statutory material in this publication is acknowledged as Crown copyright. No part of this publication may be reproduced or transmitted in any form or by any means, or stored in any retrieval system of any nature without prior wriceen permission, except for permitted fair dealing under the Copyright, Designs and Patents Act 1988, or in accordance with the terms of a licence issued by the Copyright Licensing Agency in respect of photocopying and/or reprographic reproduction. Application for permission for other use of copyright material including permission to reproduce extracts in other published works shall bbe made to the publishers. Full acknowledgement of auther, publisher and source must be given. (8 SWEET a MAXWELL UMETED (AND CONTRALITORSOPINION : [2000] CTLR. 83 Regulation of investigatory Powers Bill—“‘RIP it up” ‘The measures contained in the govemmment’s proposed Regulation of investigatory Powers Bill’ could wreck confidence in U.K. e-commerce. Have you ever lost or forgotten the PIN number for your bank card? Suppose that the police had the power to demand that you disclose it to them, How could you convince them that you really do not have or remember it? Would i be fair to be imprisoned if you could not prove that you did not have or remember it? A PIN is an example of a key which protects access to computer data, ‘Cryptography—the science of codes ard ciphers—is routinely used to keep credit- card numbers safe in transit to a website, orto encrypt confidential e-mails so only the intended receiver can read them. Encryption is a basic tool for keeping messages and data secure. However, the need for e-commerce security on the intemet has forced radical cchanges to a Cold War-era policy. After two years of controversy, the Electronic ‘Communications Bill finally arrived in parliament without key-escrow—the mandatory requirement to deposit spare keys to all stored or transmitted data with an offically authorised third party. It appears that Whitehall had finally heeded wamings that unilateral controls would drive e-business offshore, But the new regulation of investigatory powers bill may contain a booby-trap that could wreck confidence in British e-commerce. ‘The Home Office says that merely failing to decrypt data on demand should not only be a criminal offence, but would cay a presumption of guilt chat the key was being wilfully withheld, with obvious dangers that innocent persons could be framed of intimidated. The defence must somehow prove they do not have 2 y. ‘How can this be done? Nobody hes so far suggested a convincing solution to the problem of keys which are imeplaceably lost oF forgotten. Indeed, there is no analogy in existing laws that require production of for example, a DNA sample or a driving licence. Even a person not suspected of any crime could go to jail for two years if they could not decrypt data required. Even more chilling, a discretionary gagging order could prevent their complaining publicly with a penalty of five years imprisonment. But surely an accused person is presumed innocent until proven guilty? Last year, the Foundation for Information Policy Research published the detailed legal opinion of two experts on the European Convention on Human Rights. They said the proposed decryption powers would have the inevitable consequence of compromising the affected individuals’ whole security and privacy apparatus and were likely 10 contravene Article 8 of the convention on respect for privacy. The opinion also found a likely violation of article 6, on the right to a fair tral. The Home Office have disregarded this advice according to a new version of the Opinion updated for the RIP Bill (available from the FIPR website} and the overwhelming opposition from indusuy, Moreover, after taking two years to abandon its key-escrow policy, the govemment says it must now legislate hastily, ‘without further consukation, to comply with the Human Rights Act's ennry into force in October. This richly ironic excuse is itself questionable—indeed the Opinion argues that the RIP Bill isso far from compliance in so many areas, that it would benefit not only from slow and detailed scrutiny, but from wholesale redrafting, The RIP Bill will also require ISPs to install costly tapping equipment, but they will be unable to unscramble messages encrypted under the control of their customers, Law-enforcement will have to resort to sophisticated bugging and bburgiing operations (under warrant), to covertly capture keys. The Home Secretary personally scrutinises an average of seven tapping warrants each day, but it is Judges or the police who issue search warrants, and bugging is self-authorised by senior police officers. Senior judges appointed as Commissioners make spot checks con the bugging and tapping paperwork but have no technical staff to query information, Subjects of surveillance are not informed after an investigation, and consequently few complaints out of thousands of warrants have ever been investigated and none upheld. This may be because the law considers surveillance 1 Theil eetwilbe eviewedina fire isueof 10 be properly authorised, even if based on erroneous intelligence, provided the CTLR information was believed correct at the time, (0005 CTL. SUE 4 @ SWEET & MAXWGU, UNITED [AND CONTRRLTORS)84 OPINION : [2000] CTLA. The efficacy of current safeguards is already dubious, but can they possibly suffice for the bewildering complexity and entirely new dangers of Internet surveillance? Powerful data-mining techniques will be used to analyse data intercepts automatically and fag suspicious associations in traffic logs that record theactivity of the innocent and guilty alike, The solution is to replace the Byzantine oversight and patchwork authorisation of bugging, tapping and secret searches with a rigorous and consistent system of judicial wamrants. But the Home Office says its has run out of time—time that they themselves ‘have squandered. Most of the oversight and redress framework is not even defined in the Bill, but left to Codes or secondary powers under negative resolutions, but ‘what is there to be seen is plainly inadequate. It looks as though the statutory framework for the next 15 years wil have been cobbled together from uncoordi- nated plans drafted in ignorance of the technology. With the effective dismantling of U.S. export controls, Windows 2000 will ship with unfettered strong encryption and tens of thousands of ordinary computer users and professional IT managers will begin to use encryption. It cannot be long before the first test case challenges decryption powers under the Human Rights Act. Caspar Bowden Director, Foundation for Policy Research (rm) CL SUE 4 SWEET & AXWELL UMTTED (AND CONTRILTORSA \ ‘OSBORNE : DOMAIN NAMES—FAIR OR FOUL? : [2000] CLR. 85 Domain Names—Fair or Fou? DAWN OSBORNE WILLOUGHBY & PARTNERS, WWW.IPRIGHTS.COM Developments in the domain name field have been many and rapid recently, This article seeks to cover the recent history and to assess whether the balance between trade mark owners and domain name owners is now correct, Cybersquatting—The Early Days Almost everyone except cybersquatters agrees that stock- piling Internet domain names comprising famous brands, purely for the purposes of selling them on should not be tolerated. As if to emphasize this point, almost as soon as the phenomena was highlighted there were very strong policy orientated court decisions designed to “Ay squat” the squai- ters, ‘At the risk of criticism for going too far the Court af ‘Appeal in the much publicised One & @ Million case held that mete registration of a domain name even without use could be restrainable in passing off and trade mark proceedings and that the trade mark owner could recover the name. This - pattern was mirrored by decisions in the USA, France, Germany, laly,, Denmark, India, Korea, New Zealand and Brazil. Further Network Solutions Inc., the .com Registry had a very trade mark-owner friendly Dispute Resolution Policy. It was possible in certain circumstances to put a domain name registration on hold by producing a trade mark certiicase from any country in respect of any goods or services. Certain hard decisions led to howis of protest from some quarters that the policy did not take sufficient notice of the geographical nature of trade matk rights or trade mark rights established by use rather than registration. Such protests and the oppor- rinity over time for Courts and regulators to consider the problems through dealing with real life siuations has led to a more balanced approach, Legitimate Users Courts have recognised that certain domain names identical or similar to trade marks can be used in a non-infringing way, Uk, @ In the U.K, case conceming avnet.co.uk,? the plaintft ‘used the trade mark “Avnet” to provide advertising services and the defendant was using “avnet.co.uk" to Provide Intemet services to the aviation industry. The ‘Court held that the two parties were in completely 1 artish Telecommanicaions Pl. One ina ain Led (£998) FSR. 265. 2 Avnet incorporated y.Icact Limited [1998] ESR. 16. In certain cases the data subject may also object to the deation ting based solely on automatic procesing of Compensation individuals who suffer damage and in certain cases even distress may require compensation from the data controller*# In the case of data controllers violating one of the protection principles it will be in addition to the enforcement power of the Commissioner, In other cases it will be the only sanction against the data controllet, Erasure of data In certain cases such as when the personal data are inac- ‘curate the data subject may ask the court to order the data controller to rectify, block, erase or destroy the data.2° 21 Section 7, 22 Section 10. 23 Section £1, 24 Section 12. 25 Section £3, 26 Section 12. Notification Generally personal data may not be processed by a data controller that hes not submitted notification to the Commis- sioner?” Maintaining public registers is exempt and the Secretary of State has provided other exemptions, set out in the Data Protection (Notification and Notification Fees) Reg- ulations 2000. The notification must specify the so-called registrable particulars* that include the data controllers name and address, any representative's details, description of processed data and category of the data subjects, purpose of processing, any recipient of the data, countries outside EEA where the data would be transfered and whether any data that do not requlze notification will be processed and a description of measures to be taken to comply with the seventh data protection principle regarding data security. ‘Voluntary notificarion may be made in the categories exempt fiom notification, ‘The Commissioner shall maintain a register ofthe regis- table particulars and some other information and supply extracts from the register to the public? The Notification Regulations 2000 deal with the form, content and fees for notifications, and forms of processing. exempted fiom the notification requirements. ‘Types of processing to which the notification requirements do not apply are: (@) Staff administration—for the purposes of appoint- ments of removals, pay, discipline and other personnel ‘matters in relation to staff. (®) Advertsing, marketing and public relations, and data in respect of a past, existing or prospective cus- tomer/suppliet (©) Accounts and records of the data controller or their customers/suppliet. (@) Certain processing relating > non-profit making organisations, eis important to note that under the new Act, even though a type of processing may be exempt fiom having to notify, the Commissioner wil still be able to enforce the data protection principles against the data controller. Data controllers will therefore need to consider how they will comply with the new Act even if they ate exerapt ftom the requirement to notify. Enforcement ‘The enforcement power of the registrar under.the Old Act has now been extended. The Commissioner will enforce the data protection principles through enforcement notices sent to data controllers. Such notices must specify the principle that has been violated and details as to the appeal procedure, ‘The Commissioner may require the data controller to take ot refrain from taking certain steps and/or refrain from process- ‘ing certain data. The Commissioner will also have a right to require the data controllers to furnish certain information by information notices and special information notices. Data controllers will be able to appeal against a notice to the Data Protection ‘tribunal. ‘The following are examples of acts that constitute offences under the Act: 27 Section 17, 28 See Section 16(1). 29 Section 19, 30 Section 40, [BOD] CLA ISSUE 4 @ SWEET a MAXWELL UMTTED AND CONTHIEUTORS)‘92 DURIE : AN OVERVIEW OF THE DATA PROTECTION ACT 1998 : [2000] C-TLR. «© processing personal data without a prior notice; © failure to comply with a notice; © providing knowingly or recklessly false information in response t0 a (special) information notice; @ selling or offering to sell personal data obtained ‘unlawfully; Where an offence is committed by a company with the consent of or is to be attributable to neglect on the part of an, officer of the company or someone purporting to actin that capacity, that person as well as the company will be guilty of an offence. ‘The convicted person is lable to a fine. Exemptions ‘The Actprovides for a great number of exemptions for a wide range of activities including processing for the purposes of national security, prevention of crime, assessment of any wax, health, education and social work, research, history and statistics, domestic purposes, management forecasts and corporate Finance services. In particular, the conporate finance exemption is required for the purpose of safeguarding important economic or financial interests of the U.K. It exempts data for which the Act's “subject information” requirements could affect decisions whether to deal in, subscribe for or issue instruments, ot decisions which are likely to affect any business activity. The legal professional privilege exemption is also of particular relevance—the effect is chat any personal data consisting of information in respect of which legal professional privilege atiaches, are exempt from the “subject information” provisions (ie. the requirements to provide certain information to the data subject, and the subject’ right, of access). ‘Transitional Provisions First transitional period ‘The provisions of the Act should be implemented in several ‘twansitional periods. The first one finishes on October 24, 200i and until then the following data if processing was already underway before October 24, 1998 will be exempted from the new provisions**: (a) data processed by reference to a data subject (fe if regulated by the Old Act). (0) data within the payroll and accounts exemption in Section 32 of the Old Act. {c) data within the exception relating to unincorporated members’ clubs and mailing lists. (@) data processed for back-up purposes will no longer Deubjcto the rights of aa subjects under Seaton 7 of e Act, {e) other automatically processed data will be exempt from most of the provisions ofthe Act that difer from the Old Act's regime. Consequently, with respect to data that were processed up fo October 24, 2001 the consent of the data subject or fulfilment of another condition referred to above in paragraph 3.1 will 31 Seation 61 32 See Section 60. 133 Part of Schedule notbe required during the first transitional period. Mandatory writen form of contracts with data processors and the restrictions on wrans-border data wansfers will not apply either during this period, Rights of data subjects under the Act will be considerably restricted during the period too (the individual has a right to be informed whether the daca controller processes any data concerning the subject but the dara controller does not have to furnish a description of the ‘processed data or the purpose of their processing, individuals ae not entitled to prevent the processing under the Act and automatic decision making needs to be specifically addressed in subject information requests), The regime of the data which are subject to processing already underway by October 24, 1998 will be therefore ‘much lighter than that of newly processed data. It is thus important to properly distinguish these two categories of processing, According to a written answer in the House of Commons en May 14, 1999, the former category should cover even amendments to existing personal data, additional information on existing data subjects, the addition of per sonal data on new data subjects and essential program and software changes to allow such processing to continue. Second transitional period During the second transitional period ending on October 24, 2007 manval data that were held immediately before October, 24, 1998 will not be subject to the requirement of the firs to fifth protection principles (with the exception of the first principle obligation to provide the data subject with informa- fion as to the identity of the data controller and processor and the purposes of processing). Recent developments: “The reason for the long period beoween the enactment of the ‘Act and its entry into effect was the necessity to prepare a number of implementing regulations. Sixteen regulations have now been made and are published on the Home Office's web page www.homeoflice.gov.uk. They include staratory instruments concerning: {@) fees for notifications to the Commissioner, maximum fees for subject access; (©) disclosure to consumers of information about their financial standing held by credit reference agencies; (©) conditions when the iisfermation requizement towards the data subject can be disregarded in cases ‘where data were obtained from someone other than the data subject; (@) exemptions from the obligation to provide data subject with access, (e) processing sensitive personal data; (8) the Data Protection Tribunal; (@ corporate finance exemption; {) designated codes of practice for various media organisations: (i) intemational co-operation, etc. ‘The Data Protection Registrar has also published at its web ‘page (www.dataprotection.gov.uk) several guidelines to the provisions of the Act including an analysis of the restrictions, con trans-border data flows contained in the eight principles, 34 Part I of Schedule 8 [eo] CTLR ISU 4@ S0VEET & MAXWELL LMTTED [AND CONTRIBUTORS]DURIE : AN OVERVIEW OF THE DATA PROTECTION ACT 1998 : [2000] CTL. 93 suggesting the “good practice approach” to the assessment of adequacy of data protection in nion-BEA counties, The Telecommunications (Data Protection and Privacy) Regulations 1999 implementing the telecoms data protection ditective came into force om the same day as the Act—March 1, 2000, These Regulations®* deal with unsolicited faxes, telephone calls and automated calling systems, processing of traffic and billing dara, itemised billing and caer line identification and enties in directories. Data Protection and the Internet ‘The E.U. is currently in the process of adopting a proposal for a directive on certain legal aspects of e-commerce. Since the daca protection legislation fully applies to e-commerce, the e-commerce directive will be completely in line with data ‘protection principles. The Data Protection Working Party has been highlighting data protection issues raised by e-commerce, in various opinions and recommendations (available at _http://europa.eu.ntcomm/dgi S/en/media/ index.btm,) For example, in relation to commercial e-mails, the use of hyperlinks, browser software and cookies, data subjects need to be informed about the data that are being collected, stored, or transmitted, and the of such processing; ‘and should be allowed to freely decide about the processing of their personal data by the offering of tools to reject or modify these processes. Practical Compliance ‘Any company should take the following steps to ensure its compliance with the Act. Data Protection Audit ‘The audit should focus on the identification of the following issues: ‘© what personal data it processes or has a control over Processing (noting wide definition of processing which ‘will cover more than computers); © which of the identified personal data can he considered sensitive; ‘© what persons/entities process personal data for the company: ¢ the content of the current Data Protection Act regis- trations; « any existing privacy policies and procedures ensuring the security of the data inchuding provisions of employ- ‘ment contracts; ‘38 The above regulations have been amended by the Telecommuni- cations (Dara Protection and Privacy) Regulations 2000. © state of the security technology used compared to that available in the market. ‘The outcome of the audit should include in addition to the Identification of the above issues an assessment of the extent of the personal data that are used by the company and their importance in the business, Notification If necessary the company should update its entry with the Commissioner to reflect the data actually processed and establish a mechanism for timely notification of future changes in the register. Compliance Principles ‘The company should establish procedures for ensuring that: © data subjects are provided with the required information; © the data subject's consent is obtained before the processing of the data, and that the consent is explicit in case of data that could be possibly classified as sensitive (or that atleast one of the other conditions for processing is met); ® the data are processed only for the stated purposes; © no unnecessary data are kept or stored, and data are updated when necessary; + lawful requirements for the data subject to access the data or prevent their processing are met; © security procedures are updated in fine with technological developments; ‘* employees having access to the personal data are sufficiently reliable; agreements with all data processors provessing data for the company are evidenced in waiting; and © data subjects give consent to the data transfers to any countries in which the data protection could be considered inad-quate (at first probably all non-EEA countries), Conclusion ‘The provisions of the Act are complex, as are exemptions to those provisions. This paper deals only with the most important changes at a general level. Each data controller will however be responsible for meeting all the requirements in derail, All businesses that fall within the definition of the data controller under the Act (and that wil encompass almost any business in the U.K.) With respect to any personal data should establish procedures for compliance with the Act and have them reviewed by outside specialised counsel as necessary. (Boe) CTL SUE 4m SWEET x MAXWELL LMTED [AND CONTRIBUTORS]194 LEGORBURU : DOING BUSINESS BETWEEN THE EU. AND NEW ZEALAND : [2000] CLLR. Doinc Business BETWEEN THE E.U. AND New ZEALAND: Wuar Do you HAvE To Do To Protect PERSONAL BRUCE LEGORBURU SOLICITOR (ENGLAND & WALES) RUSSELL MCVEAGH, AUCKLAND Introduction Every company, except for the most dormant ones, processes some personal dara. At the very least, there are the names cf a company’s directors and their home addresses. Beyond that, the extent of personal data processing can be enormous, and its not just the businesses which specifically go seeking personal data (e.g. marketing) which do it. Viroually every business holds personal data about its employees, clients, suppliers, and other business contacts. In addition, personal data can come in many different forms. Under the New Zealand Privacy Act 1993 (NZ. Act") any data relating to a living individual are personal data and rust be collected, stored, processed and disclosed according to certain rules. Likewise, the European Union (“E.U.") Data Protection Directive 95/46 (“E.U. Directive”), defines personal data as any information relating to an identified or identifiable natu- tai person. Moreover, it is not enough these days for companies to be only concerned about the privacy laws of the country in which they are established. Both the N.Z, Act and the E.U. Directive contain provisions which affect the cany- ing on of business outside of their respective jurisdictions. In particulay, the £.U. Directive contains provisions that regulate the use of equipment located in the E.U. for personal data processing by companies outside of the E.U., and also seeks to restrict the export of personal data from the EU, In implementing these provisions the E.U. would have been concemed about ensuring that organisations did not seek to circumvent European Law by either incorporating a company overseas, while its processing finctions continue in the E.U., or simply moving processing functions outside of the E.U. altogether, while still processing personal data collected in the E.U. The consequences of these provisions, however, now mean that a New Zealand company will have to at least be aware, if not adhere to, European law if it is dependent upon transfers of personal data from the E.U., orif i uses equipment physically located in the territory of a member state of the E.U. (“member state"). While theN.Z, Act does not seek to regulate intemational ‘wansfers of personal information beyond any other kind of processing or disclosure, it does extend its application of some provisions to personal data held outside New Zealand, Even ifan E.U, company were to hold and process personal data in the E.U. exclusively, if the personal data were collected by that company’s operations in New Zealand, parts of the N.Z. ‘Act will continue to apply to the treatment of that data in the EU. 1 Divecrive 95/86, AN. 2(2). INFORMATION THESE Days? None of these possibilities are particularly remote when you consider that in an international group of companies or in Intemational business generally, it is quite possible for one ‘company to carry out the processing of data for others, ot to transfer persoral data between countries. It is feasible for a New Zealand company to have access though a database, or otherwise, to personal information that was collected in the E.U. and vice-versa, Intemational databases these days are often designed to facilitate muli-jurisdictional access like this. Likewise, the phenomenon of outsourcing has meant that many companies will use others to process their personal data and, in many instances, the service provider-used for this processing is not necessarily in the same country. With technology the way it is, there is no need for physical proximity to exchange and share data, and wansferring personal data internationally is no exception. The issues raised here are intended to be a rough guide to the principal differences between the N.Z. Act and the E.U. Directive from two distinct perspectives. The first is the point of view of an N.Z. company wishing to receive personal data from an E.U, company, or wishing to process personal data, through its operations in the E.U., or on equipment physically located in the E.U. The second is the point of view of an E.U, company which has business operations {perhaps a branch office) in New Zealand, but processes personal data in the EU. collected by these operations. In the fist case, the focus will be on additional obligations that the E.U. Directive will impose upon New Zealand companies over and above the provisions of the N.Z. Act while, in the second case, what will be relevant is che extent to which the obligations in the N.2Z. ‘Act exceed what E.U, companies are already expected to do under the E.0, Directive, The main reason why such a comparison can only be a rough one is that the E.U. Directive only offers a guide as to the minimum obligations that E.U. companies are expected to adhere to, The actual obligations of E.U. companies will be spelled out by the implementing legislation of each member state, European Union Data Protection Directive From A New Zealand Business’s Point of View On October 24, 1995, the European Council and Pariament adopted the E.U. Directive. While the E.U. Directive itself does not place obligations upon private sector organisations, it does require each member state to implement its own laws, if required, so as to give effect to its provisions in their respective jurisdictions by October 24, 1998. Implementation of the E.U Directive has not taken place according to the time frame set out, however, Spain, Greece, [lo CTL SUE 4 © SWEET & MAXWELL LINTED [AND CONTRIBUTORS,LEGORBURU : DOING BUSINESS BETWEEN THE EL AND NEW ZEALAND : [2000] CTL. 95. Italy, Austria, Portugal, the U-K., Sweden and Finland have already implemented the necessary provisions into their national laws. Belgium has enacted implementing legislation but it has no: come into force yer? There are two principle issues for New Zealand companies under the E.U. Directive. The first arises in situations where a New Zealand company relies upon the provision of| personal information from organisations in the E.U. to its operations in New Zealand. The other issue arises where a New Zealand company uses equipment in the tenitory of a Member state to process personal information. The_ first situation will be referred to as the “transborder dataflow" issue and the lawer issue is what wil be referred to as the “offshore E.U. processing” issue, Otherwise, ifyour company neither relies upon E.U. personal information processing facilites or personal information transferred fom the E.U, then you will not need to concer yourself with the E.U. Directive. Transborder Data Flows ‘The E,U. Directive starts from the position that the flee ttansfer of personal information is beneficial for the econc- mies of the member states. To this end, personal information can be exchanged freely between countries in the EU." Where a wansfer of personal infomation is to be made outside of the E.U., there must be an adequate level of protection.* What is adequate protection? When considering whether a country such as New Zealand affords an adequate level of protection, E.U, regulators may take into account a number of factors,® but ultimately all of the circumstances of the particular transfer will be taken into account, The factors specified are: 1. Nature of the data (e.: are the personal data particularly sensitive to the individual concemed (“Data Sub- Ject”) or are they fairly benign?); 2. Purpose and duration of the proposed processing operations (¢,g. will the personal data only be in New Zealand for a short period of time and will only be stored by the New Zealand organisation before being sent back to the E.U.?); 3. Country of origin and country of destination, Pre- sumably, this may mean that because, even within the E.U,, there are different standards of data protection, when comparing the standard of protection afforded in New Zealand, it will be the standard adopted in the country of origin that will be relevant (some Member States may prohibit the storing and processing of sensitive information as defined by the E.U. Directive (Le. information relating to an individual's, political, religious and philosophical beliefs, health or sexual life, ethnicity, trade union membership‘), whereas U.K. law allows for cerain circumstances where processing sensitive information is allowed (eg, with the consent of the Data Subject)’; 2 The Directorate Generel XV ofthe European Commission keeps up to date information about the current state of implementation of the EW, Ditecive in Member States, 3 Rectal 8 and Aricle 2, ap. ct, 4 Anicle 25(1), tid. 5 Amite 25(2). did. 6 Anicle 8(2)¢a), dia. 7 Dasa Protection Act 1998, Schedule 3 4, The general and sectoral rules of law in force in the recipient country. Regard will therefore be had to the fact that New Zealand has in place the N.Z, Act, Whether that itself will satisfy E.U, regulators tha! there is adequate protection is currently open to debate. The New Zealand Privacy Commissioner, Bruce Slane has published his views aboutthe differences between the N.Z. Act and the E.U, Directive? and although he feels that in most cases the N.Z. Actought to be assessed as adequate, there has yet tobe a determination by either alocal regulator in the E.,, or by the European Commission; 5. Professional rules and secutity measures complied with in chat country. This factor takes into account that in some industries (eg, banking and law) there may be stringent duties of confidentiality which will operate to protect personal information over and above any statutory obligations set out in laws such as the N.Z. Act. It may be that transfers outside of the E.U. in circum- stanoes where such rules and measures exist can encourage E.U. regulators to take the view that adequate protection is in place for the personal information to be ‘tansfered. ‘To provide some assistance to companies looking to make these transborder transfers of personal information the United Kingdom Data Protection Commissioner has published non-binding guidelines which provide a fuller discussion of the factors than may be taken into account when determining adequacy.® Although these guidelines are not legally enforce- able and are specific to the United Kingdom, they nevertheless iustrate how it is that in the first instance and on a practical level, it will be the organisation in the E.U. wanting to make the transfer of personal data that will have to decide for itself whether adequate protection exists for that personal data in the recipient country. Even though an E.U. regulator and the E.D. courts are the legal arbiters of whether adequacy exists, recipients of personal data outside the £.U, will have to convince the E.U. organisations first that they offer adequate protections. ‘The E.U. Directive requires that Member States prohibit transfers to jurisdictions outside of the E.U, where there is inadequate protection, Sanctions can, therefore, be imposed ‘upon_an organisation in a meraber state which makes uwansfers to counties like New Zealand if the local regulator determines that there is inadequate protection for the personal information transfered. Consequently, the transborder data flow provisions in the E.U. Directive do not have extra~ teritorial effect. 1t will not be the recipient New Zealand organisation that is liable, but the E.U. organisation which initiated the wansfer. Nevertheless, it may be the New Zealand organisation which is most concerned with the E.U. organisation's abiity to comply with the E.U. Directive, if the E.U. organisation decides that it would be easier fom its perspective to simply freeze all transfers of personal data to New Zealand, than to worry about the complexities of compliance. This could deprive the New Zealand organisation of information that it needs to operate its business. 8 Speech entitle, “Adequacy of Data Protection Measures: the N.Z. Case” mace by the New Zealand Privacy Commissioner on June 29, 1999 at the New Data Protection Law, Issues, Solutions, Action conference in Cambridge, United 9 A publication entited, “The Elghth Data Protection Principle ané Transborder Deflows” published by the UK. Date Provection Commissioner's Ofice [eo] C-TLR SUE 4 SWEET & MACWELLLMTED {AND CONTRIBUTORS96 LEGORURU : DOING BUSINESS BETWEEN THE EU, AND NEW ZEALAND : [2000] C.TLR, ‘What amounts to a transfer? ‘Transfer is not a defined term in the B.U. Directive and consequently, given the technological nature of business today, we should assume that a transfer of personal data will ‘occur in situations where there is a physical tansfer of the medium upon which the information is stored (e,g. paper, disk, video tape), but also where there is an intangible transfer by, for example, a telephone call, the inputting of personal data in a member state onto a computer database ‘where access to that database is granted to people and organisations in other countries. In this way, you can see that, the idea of having a global database in an intemational company or group of companies, where personal information is stored and all countties of operation have access, is particulacly problematic from a data protection point of view, Exceptions to the requirement of adequacy? ‘The E.U. Directive does set out a number of ways in which an E.U, organisation can transfer personal information outof the EU. even if the country to which the transfer is being made is not judged adequate by E.U. authorites.*° Such a transfer can be made in a nuraber of circumstances, but for a private sector business the rain exceptions to be concemed about are: 1, The Data Subject has unambiguously consented to the transfer. In order for consent to be unambiguous it ‘would not be enough to imply it from silence of the Data Subject. Sometimes companies will send a form to a Data Subject saying that if they do not respond to the form, they will be deemed to have consented to any processing described on the form, This approach would almost certainly not amount to unambiguous consent. Best practice is to get an express consent where the Data ‘Subject actually signs and retums a form to you on which you explain where you may transfer the personal data to and for what purpose. If its not possible to obtain consent from all relevant Data Subjects, you will need to rely upon another exception; 2. The tansfer is necessary for the performance or conclusion ofa contract either with the Data Subject or in the Data Subject’s interest. It is important not to exagger- ate the scope of this exception. It can be tempting to ‘assume that the steps lakeu Ly an international organisation or organisations to organise the personal data that it holds are required for the performance of client and employment contracts. It may well be that some processing legitimately is necessary for the performance of those contracts, but itis not sufficient if the steps taken simply make processing that personal information more con- venient. A typical example would be the centralisation of all personal information held by an organisation into one database sitting in one country. It can be quite common, for international companies based in the U.S. to ty and centralise processing services in that country. Likewise, a New Zealand based organisation may attempt to do the same by having its central database located in New Zealand, Centralising and making your business more efficient is not necessary for the performance of the contracts that you enter into with or on behalf of your clients and emplayees. Unfortunately, many companies 10 Direceive 95/46, Art. 26. will find it difficult to ty and separate these transfers which are necessary from those which are merely con- ‘venient. As a result, a different exception is often sought to cover all wansfers; 3, The E.U. Directive allows Member States to authorise tmansfers that would othenvise be prohibited, where the organisation making the transfer can show that chere are appropriate contractual provisions in place which will impose adequate safeguards for the personal information, The European Commission also has the power to approve standard contractual clauses for use in all Memn- ber States. Implementing an E.U. Standard in New Zealand (the principal differences) ‘Many international organisations will decide that rather than risk a breach of the E.U. Directive, and to allow for the intemational flow of dara connected with its bust- ness, they will ask their non-£.U. offices to sign up to or ‘adopta policy which imposes a regime at least as stringent as the provisions of the E.U. Directive. In the absence of any indicacion from an E.U. regulator or the European Commis- sion as to New Zealand's adequacy, this may be the simplest ‘way to ensue adequate protection in New Zealand. After all, it would be suange if an E.U. regulator were to hold that a business which adopts the E.U. Directive standard is not, providing adequate protection for the personal data that it controls, Furthermore, it may not be possible for an organisation to be able to always identify which exemption to the ade~ quacy requireraent covers which type of transfer of personal data, if indeed it is even possible to cover al of the transfers, that that orgarisation wishes to make. This is another reason, why the adoption of an adequate standard of data protection by the recipient organisation can act as a blanket protection, against arguments that individual transfers out of the E.U. ‘ought to be prohibited. In order to adopt an BU. Directive standard, New Zealand organisations will want to know what additional ‘obligations they will be expected to perform over and above ‘what is already required of them under the N.Z. Act, These relevant differences can be summarised as follows: Subject access and rectification rights to be afforded to all Data Subjects (not just New Zealand Citizens and residents) ‘The N.Z. Act grants the right to access and rectify personal data only to those Data Subjects who are New Zealand citizens, residents, or are physically located in New Zealand at the time that they make the request for access or rectification.” A German national, therefore, who has given personal information to a New Zealand company has no rights 10 access that information if he is outside of New Zealand. If a New Zealand company were to adopt an E.U. policy on Data ‘Subject access and rectification rights, it would have to allow all Data Subjects, regardless of nationality or country of residence, to be able to access and ask for corrections to be made, if necessary, to personal data held about them. The New Zealand Privacy Commissioner has picked up on this point and is of the opinion that the N.Z. Act should be 11 Privacy Act 1995, 5.34. {ovE] ELA. SUE 4 © SWEET & MAXWELL UNITED AND CONTRIUTERS)LEGORBURU : DOING BUSINESS BETWEEN THE EU. AND NEW ZEALAND : [2000] C.TLR. 97 changed to allow subject access and rectification rights to all. Data Subjects. Restrictions on transferring personal information outside of New Zealand similar to the E.U. Directive transborder data flow provisions Although certain provisions of the N.Z. Act will extend to personal data held outside New Zealand, it is generally ‘assumed that that will only be the case where the organisa tion which holds the personal data is a New Zealand organisation (¢g. New Zealand company sends personal information to its Australian branch or processing agent). The N.Z. Actis not thought to apply to an organisation Which hhas no presence in New Zealand.’* This is in contrast with the EW, Directive transborder data flow provisions which restrict the transfer out of the E.U. regardless of the nature of the organisation co which the personal data are being transferred, ‘The New Zealand Privacy Commissioner has proposed the view that in spite of this apparent discrepancy between the laws of New Zealand and the E.U., the N.Z. Act contains provisions which have, if not the same, perhaps similar effects. He points to the obligation under the N.Z. Act not to disclose personal data unless it is one of the purposes in connection with which the data were originally obtained ot, at least, is directly related to such a purpose." It should be noted, however, that while this will prevent disclosures which are contrary to the purpose of collection, like in a situation were an organisation is trying to circumvent E.U, and New Zealand data protection laws, it will not do much to protect personal data ifthe wansfer to New Zealand and the on-transfer from New Zealand to some other country are both made innocently and the transfers are directly related to the original purpose of collection, For example, personal data may have been collected for matketing purposes in the E,U. and are sent to New Zealand on the assumption that New Zealand can provide adequate data protection. The New Zealand organisation could legitimately and innocently send ‘the personal data to Australia or the United States for the purpose of having an organisetion in those countries cay ‘out the marketing that was originally intended. Once released into an unregulated country, the best of intentions on the part of the EU. and New Zealand organisations making the ‘transfers don’t matter Personal data in Australia ot the United States could be used for all sorts of purposes, other than marketing, with impunity if the organisations in those countries decide to do so. This would not be possible if New Zealand had equivalent transborder data flow restrictions to the E.U, Directive, because the New Zealand organisation ‘would need the consent of the Data Subject to the on-transfer in the absence of another exemption under Article 26 of the E.U, Directive applying (e.g. necessary to perform contract entered into with the Data Subject. 412 spoech ented, “Adequacy of Data Protecion Measures: the NZ. Case” made bythe New Zealand Privacy Comassioner on jane 29, 1999 a the New Data Protection Law issues, Solutions, Acton conference in Cambridge, United Kingdom, 13 Although the N.Z. Act does not coneai language resufcing is application to New Zealand organisations, the Pavacy Camls- sloner has suggested thatthe provisions ofthe NZ. Aet which apply te personal data held overseas, do so only if iti a New Zealand organisation which retains contol ofthe personal dara, cid 14 Privacy Ac 1995, 6, Pancple 11 If a New Zealand organisation is looking to. protect transfers of personal data from E.U. organisations, the E.U. organisations will either have to apply one or more of the exemptions discussed above under Amtidle 26 of the E.U. Directive, or, if not all of the personal data to be transferred will be covered by such exemptions, will need to adopt a policy which bas the same effect as the E.U. Directive transborder datafiow provisions. This will mean restricting wansfers of personal information, received from the E.U., outside of New Zealand unless “adequate safeguards” are in place. Again, in the absence of further guidance, the E.U. Directive will provide the principal reference when determining what adequate safeguards are. Right to Object to Automated Decision-making Automated decision-making is the practice of using computers to evaluate an individual's personal data and identify characteristics of that data which would automatically result in a decision being made in respect of that individual. The E.U, Directive stiptlates that a Data Subject must have the right to object to automated decision-making about them ‘where that automated decision making is going to be the sole determining factor in producing a legal effect concerning him or which significantly affects him.'* This protection wil not apply where the automated decision-making is taken in order to perform or enter into a contract requested by the Data Subject, or where the automated decision-making is required by some other law." ‘The N.Z. Act contains no such protection for Data ‘Subjects. New Zealand organisations engaged in automated decision-making wil need to reflect on whether they process EWU. personal data and if they have a procedure in place to cease automated decision-making if requested by an E.U. Data Subject. Right to Object to Direct Marketing ‘The E.U. Directive requires that Data Subjects have the right to object to direct marketing (e.g. telemarketing, leaflets, advertising e-mails, etc... ). No such right exists under the N.Z. Act As is the case with automated decision-making, New Zealand organisations receiving personal data from the .U, will want to review their policies on how they respond to requests from E.U. Data Subjects objecting to direct marketing, To avoid any transborder dataflow issues, the best approach would be to cease direct markering if such an objection is made, Process “Sensitive” Personal Data on Explicit Consent of the Data Subject In accordance with the E.U, Directive, some Member States have prohibited the processing of “sensitive” data, which are defined as “personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, wade union membership, and the processing of data concerning health or sex life”* There are some limited exceptions where processing of this type of data is allowed. The principal ‘exception arises where a Member State decides to allow 15 Directive s5v46/ec, Anise 15(1). ‘Arid 15(2), ‘Arid 14(), 18 Wid. Amide 8(3), [RO] CLR, SSUE 4 @ SWEET & AXWELL LEHTED [AND CONTRIBUTORS,98 LEGORBURU : DOING BUSINESS BETWEEN THE EU. AND NEW ZEALAND : [2000] C.TLR. processing if the Data Subject has given “explicit consens”."? Alternatively, other Member States allow for Data Subject consent to authorise processing of sensitive data. If a New Zealand organisation receives sensitive data from one of these countries, an E.U. regulator could require that New Zealand law ensures the processing will be in respect only of the purposes to which the Data Subject has explicitly consented, So long as the New Zealand organisation processes for the purposes that the Data Subject explicitly consented to in the E.U., there shouldn't be a problem. What happens if the New Zealand organisation decides to depart from the explicitly authorised purposes and considers other processing pur poses? The N.Z. Act petmits processing for & purpose other than the purpose that the personal data were collected for, if there is reasonable grounds to believe that the other processing is authorised By the Data Subject.*° This is a lower standard than the absolute requirement of “explicit” consent. opens the door to speculation as to whether implied consent is possible. The Privacy Commissioner has himself published a discussion paper which asks the question about what the nature of consent ought to be. In it, he argues that some positive step ought to be necessary and that implied consent isnot sufficient.” Whatever the New Zealand position is, it’s, the kind of discussion that E.U. regulators would be wary of entering into in respect of processing sensitive personal data, originating ftom the E.U. The E.U. Directive requires explicit consent and recipient counties outside the £.U. may be expected to provide for the same. New Zealand organisations ‘mindful of providing adequate safeguards should ensure that only the purposes explicidy consented to by the £.U. Data Subject are pursued. Offshore E.U. Processing You might be a New Zealand organisation, but where do you process the personal data that you collect? Many inter national group companies like to centralise their data provessing functions through the use of a single database. Group ‘members collect personal data on their clients, employees, suppliers and other business contacts and often send these data to another country to be stored and used. In the case of New Zealand companies it is quize common for personal information to be transferred to their Australian branch or related company where operations are centralised, Other New Zealand organisations may use another group company ot even.a third party service provider located in the E.U. to carry ‘ut the processing of its personal data. ‘The E.U. Directive requires member states to make sure that if an organisation with no establishment in the EU. nevertheless uses equipment located in that member state's territory to process personal data {other than for mere transit, through the E.U.) then that member state's implemented version of the E.U. Directive will apply. Furthermore, the zelevant organisation must designate a representative in that member state. These provisions will only apply if the non-E.U. organisation remains the dara controller even though the personal data may be out of its physical possession. A data controller, 18 id, Anicle 6.2), 20 Privacy Act 1996, 5.6, Principle 10(. 21 Privacy Act Review 1826, Discussion Paper 2, published by the New Zealand Privacy Commissioner, See the tesporse 1 question 4 122 Directive 95/46/80, Aticle 4(1)(0) 25 bid. Atle 4(1)(6) as defined by the E.U. Directive, is the petson or organisation which alone or jointly determines the purposes and means of processing.** If you are a New Zealand organisation which uses the laclities of a processing agent or a group company located in a member state, but you retain control over what ‘happens to the personal data, you will be expected to ensure that the personal data are collected, stored, processed and generally treated in accordance with the E.U. Directive as enacted in that member state. This can be a significant obligation as it requires full compliance with that member state's law not only in respect of storing and processing but also in the collection of personal data. ‘As you might expect, ifa New Zealand organisation does more than use equipment, and acuually swans to conduct its business activites ina member state that that member state's Implernenting legislation will apply. The E.U. Directive provides that the activities of an “establishment” in a member state of an organisation which controls the processing of personal data, mustbe regulated by the implementing legisia- tion of that member state, How “establishment” is defined may vary amorg member states but, as an example, section 5(3) of the United Kingdom's Data Protection Act 1998 defines it to indde a company incorporated in the United Kingdom or a foreign organisation which has an office, branch or agency in the United Kingdom, ot which carries on a regular practice in the United Kingdom. In these circumstances, a New Zealand company (or its United Kingdom subsidiary, as the case may be) will need to adhere to the member state's data protection laws, but only in respect of activites carried on in chat member state. In addition to the discrepancies identified above, between the NZ. Act and the E.U. Directive, New Zealand organisations in this situation will need to have regard to the following EU. Directive collection requirements which go beyond the NZ. Act. It is also important to realise that the E.U. Directive represents the minimum standard required in memiber states. Each member state may enact more restric tive regimes, but it is beyond the scope of this article o deal with the individual laws of member states. Justification to Process Personal Data ‘The main requirement when collecting and processing personal data under the N.Z. Act is to process for a lawful purpose in connection with your organisations business or activities.*¥ By comparison, the E.U. Directive requires orga- nisacions wo have a justification for processing personal information, There are six justifications that an organisation can use, but it must be able to use at least one before it is petmnitted to process personal data.** Of the six justifications, the principal ones that a business would be concemed with are: {@) Dara Subject has unambiguously consented to the processing, (b) The processing is necessary for performance of a contract which the Data Subject is a party to, or such processing as may be requested by the Data Subject prior to entering into a contract; (© The processing is necessary for compliance with a legal obligation; or 24 ibid, Anicle 2(0). 25 Privacy Act 1995, 3.6, Principle 1. 26 Amick 7, op at (Rte CL. SUE ® SWEET & HARWELL UNITED [AND CONTREUTORS,LEGORBURU + DOING BUSINESS BETWEEN THE EU. AND NEW ZEALAND : [2000] ILA. 99 {@) The processing is necessary to fulfil the legitimate ‘erste of she organisation ules such intress are overridden by the fundamental rights of the Data Sub- ject. (is not clear what situations this justification wil apply to. Under che relevant legislation which has been enacted in the United Kingdom, itis possible for chere to be subordinate legislation enacted in order to clarify situations where this justification will, or will not apply. At this time, no such subordinate legislation has been enacted”) No Exclusion for Unsolicited Personal Data ‘The principles relating to collection of personal data under the N.Z. Act do not apply to unsolicited data. This is because the receipt of unsolicited data is specifically excluded from the definition of “collect”* No such exclusion exists in the E.U. Directive, so New Zealand organisations wich use equip- ‘ment in the E.U. to process personal data will need to treat, personal data which are unsolicited (¢.g. unsolicited job applications) in the same way as they would treat personal data that they positively cellect Notifications to be Made to Data Subjects Upon Indirect Collection Although the N.Z. Act generally requires personal data to be collected from the Data Subject, there are circumstances where that will not be the case (e.g. if direct collection is not reasonably practicable**). Where personal data are collected from someone other than the Data Subject, there is no obligation expressed in the N.Z. Act for the collector to notify the Data Subject of such things as, the identify of the collector, any non-obvious processing purposes, that Data Subjects right of access, etc. If an organisation needs to adhere to the E.U. Directive, it will need to make these notifications to Data Subjects even where the personal data are collected from someone else, New Zealand Privacy Act From An £.U. Business’s Point of View if an E.U. business carries out business activities in New Zealand it will need to comply with at least some, if not all, of the N.Z. Act. There are two primary situations relevant here. The first situation arises where the E.U. company incorpo- rates a New Zealand subsidiary or opens a branch office in which case the activities ofits New Zealand operations will need to comply with the N.Z, Actin its entirety. The second situation arises where either a branch office or agency of the E.U. company in New Zealand collects personal data in New Zealand and sends it to the E.U. company, or where the B.U, ‘company receives personal data ftom a New Zealand com. pany and holds chat personal data solely as an agent for the New Zealand company, in which case the E,U. company, although holding personal data in the E.U., will nevertheless be asked (or should be asked) by the New Zealand company or branch to hold that personal data in accordance with some of the provisions of the N.Z. Act. Activities Of A New Zealand Subsidiary Or Branch ‘The N.Z. Act will apply in full to the collection, storing, processing and disclosure of personal data in New Zealand. 27 Data Protection Act 1996, Sched. 2, $.6(2). 28 Piivacy Act 1995, 5.2. 29 bid. 3.6, Principle 2(2). ‘These are the main additional obligations over and above the E.U, Digective that the N.Z. Act imposes: Application Of the New Zealand Privacy Act Although the NZ. Act and the E.U. Directive both define personal data bmadly, the E.U. Directive restricts itself to processing of personal data by automatic means (ag. by computer) or by other means as long as the personal data forms part of a fling system.*° No such restriction exists in the N.Z. Act and the Complaints Review Titbunal has taken the view that personal data held by an organisation can include personal data held in the mind of an officer of that organisation where an individual's file contained a note referring inquirers to speak to a particular officer, whereupon personal data about that individual known by the officer Would be disclosed verbally, but noc in wilting' It is probably going too far to stay that all personal data relating to yout business held in the memories of your employees are going to be govemed by the N.Z, Act, but you may need to consider that some of it might if it can be accessed readily Decause there isa wnitten reference to it in a file somewhere. Consequently, E.U. organisations will need to recognise that structured and unstructured personal data in many forms can be covered by the provisions of the N.Z. Act, Collection Direct From The Data Subject Unlike the £.U, Ditective, the N.Z, Act requires organisations to make reasonable efforts to collect personal data directly from the Data Subject.®? The instances where you do not hhave to do this are where: (@) the perscnal data is publicly available; {b) the Data Subject authorises collection from someone else; {6) collecting from someone else will not prejudice the Data Subject; (d) collecing direct from the Data Subject will prejudice the purpose of collection; or {@) collecting from someone else is necessary for the enforcement of law, the protection of the public revenue, or the conduct of cour or tribunal proceedings. Unique Identifiers A unique identifier is a reference number or code which can be used in order to access information about an individual, For example, the tax authorities allocate numbers to individuals that they deal with, These numbers are unigue identifiers. The NZ. Act prohibits the use of unigue identifiers unless it is necessary for your business activities. Fur- thermore, you must notallecate a unique identifier which you know is used by another organisation for the same individual Referring tothe tax example, you would not be allowed to base your fling system on your employees by using their New Zealand Inland Revenue Department numbers. Holding Personal Data Received From A New Zealand Branch Or As An Agent For A New Zealand Company you hold personal data in the E.U. which was collected in New Zealand and you are holding it solely as an agent for the 3 Directive 95146, Anticle 5(2) 51 Lv N, 14/4/97, Complai’s Review Tibunal, Wellington Deci= sion 11/97, CRT 27/96. 32 Privagy Act 1995, 5.6, Privacy Principle 2. 35 Privacy Act 1995, 5.6, Privacy Principle 12. [ito] CLLR SUE 4® SWEET & MAXWELL UNITED [AND CONTHBLTORS,100 LEGORBURU : DOING BUSINESS BETWEEN THE EU. AND NEW ZEALAND = [2000] CLR. New Zealand company you received it from, or you received it from your own New Zealand operations, the New Zealand organisation which disclosed that information to you will remain responsible under the N.Z. Act for ensuring that that, personal data is treated by you in accordance with the security, access, rectification, accurate and secure storage, retention, limits on use, and limits on disclosure provisions.** ‘These provisions are substantially the same as what you will be expected to do under che E.U. Directive, but you should be aware that personal data received in this way fom New Zealand, as stated above, will cover more than just personal data processed automatically or stored in a fling system. In ‘order to protect the liability of the New Zealand organisation disclosing the personal data, you will also need to protect personal data held in an unstructured fashion, Conclusion vis worth mentioning again that although the discussion about transtorder dataflows is treated here as an issue for the 1N.Z. organisation receiving personal data from the EU. Decause it will be the organisation that will be expected to handle the personal data in accordance with the E.U, Direc- tive, its, in fact, equally an issue for the E.U. organisation sending the data to be aware of, This is because it will be the EW. company that wil incur lability if it transfers personal, data where adequate protections are not in place. In that sense, the transborder dataflow issue is a concern for N.Z. ~ companies and £.U. companies alike, 34 Privacy Act 1995, 6.19. The aspects of the E,U. Directive raised above descrfbe only the main differences between the provisions of the £.U. Directive and the N.Z. Act. A New Zealand organisation must already be complying generally with the N.Z. Act. Likewise, the situation isin the reverse for an E.U. organisation affected by the N.Z. Act. A description of the full obligations of the E.U, Directive is not set out here, Furthermore, in respect of the use of processing equipment or the camying out of ‘business in a member state, it will be the laws of the paricular member state chat will be applied. The E.U, Direc- live is only used as a guide as to the extra obligations that a New Zealand organisation would expect to have regard to, ‘Without taking account of any Member State specific require- ‘ments, the provisions of the E.U, Directive ough« to at least be reflected in the laws of all Memaber States. Lastly, che European Commission has not yet made a decision about whether New Zealand law offets adequate protection forthe purposes of transfers of personal data from the E.U. In theory, if is possible that, at some point, New Zealand will be assessed as adequate. If this happens, it may be possible to disregard the points made above about any extra requirements regulating the storage and processing of personal data received from the E.U., unless the European Commission places conditions upon transfers to New Zea- land, Such coaditions could have the effec of imposing some, if not all, of those extra reguirements. Unsl such time, organisations in the E.U. will need to make judgements for themselves as to whether the conditions that they impose upon themselves will satisfy E.U. regulators when the personal data that they control are sent to New Zealand. The points raised above are intended to help in reducing the risks involved in making such a judgement. [200] CLR ISSUE 46 SWEET & HADOVELL LIMITED [AND CONTRIBUTORS)\ PRIVATISATION OF ‘TOOK : PRIVATISATION OF TELECOMMUNICATIONS IN THAILAND: AN UPDATE : [2000] C:TLR. 101 ‘TELECOMMUNICATIONS IN THAILAND: An Uppare aH DAVID TOOK ‘COUNSEL, BANGKOK ‘This author reviewed the strucrure and regulation of the telecommunications sector in Thailand in Tedecommunica- tions Regulation in Thailand ([1996] 2 C.TLR. 61) and reviewed progress in privatising that sector in Privatisation of Telecommunications ir Thailand ({1996] 6 C.TLR. 237). Accordingly, this paper will focus primarily on developments, and progress in privatising the telecommunications sector since then. State enterprises in Thailand had thetr origins in pre- constitutional monarchy royal monopolies of trade, and these origins and the influence of the militry discouraged or, in the case of the telecommunications sector, excluded direct competition by the private sector. Nevertheless, the Thai Govern- ment's first National Economic and Social Development Plan in 1961 gave a commitment not wo establish new state ‘enterprises in competition with the private sector and every five-yearly National Economic and Social Development Plan since then has confirmed that commitment, That commit- ‘ment has also been confirmed by the reduction in the number of state enterprises from over 100 in 1961 to the 59 which. are subject to the Govemment's present privatisation program’ and by the new Constitution which sees the primary role ofthe state being that of policy maker and regulator, not an operator in commercial sectors.? The Master Pian for State Enterprise Sector Reform ‘The Thai Government's present state enterprise privatisation program has as its basis the Master Plan for State Enterprise Sector Reform (the “Afaster Plan") which was approved by Cabinet on September 1, 1998. The Master Plan updated and expanded the Privatisation Master Plan approved by the State Enterprise Policy Commission in January 1998. ‘The pumpose of the Master Plan is to provide the framework and guidelines for the govemment, ministries, enter- ptises, investors, employees and the general public to proposed privatisation plans, and related legal, regulatory and institutional reforms.* 1 There are 67 sate enterprises recorded By the Comperoller General's Department, Ministry of Finance but, of these, three have czased operations, four have been dissolved and oneis under review {Royal Thai Government, Ministry of Finance, 1998, Master Plan for State Enterprise Sector Reform, Bangkok, p.2)- 2 The Constition, promulgated on Cctcber 11, 1997, section 87: the stare.“ must noe engage in business operations t9 compexe ‘with the private sector unless its necessary 10 do so in the intereses of mainraining the security of the state, maineaining the incerests of the common good or the provision of pubic utes". ‘3 The Master Flan wes prepared by the Thai Minisuy of Finance ‘with assistance from the World Bank under the World Bank's ‘economic management assistance projet. 4 The Master Plan, section 1. ‘The present program has been given strong impetus by the flotation of the Thai Baht in 1997 and the resultant domestic and regional financial crisis, and the assistance package from the International Monetary Fund (IMF) in response to that crisis. That package requires the government to raise capital by selling state enterprises or their assets to Tepay the U.S,$17.2 billion in loans to the IMF and which, under the fifth letter of intent with the IMF, requires the Government to provide full details of its privatisation plans. ‘The program has been given additional impemus as it applies to the telecommunications sector as under the Fourth Protocol to the World Trade Organisation, Thailand has Committed to full liberalisation of the sector by 2006 with significant domestic liberalisation during 2000, The privatisation program, especialy in relation to the telecommunications sector, thus has the broad objective of strengthening the Thai economy. There are six key aspects to implementation of the program by the Government: 1, revision of laws to enable the private sector to compete in sectors formerly dominated by state enterprises; 2. establishment, where necessary, of independent reg ulatory bodies to ensure fair and open competition, limit the power of monopolies, enforce transparency in public sector operations, and be more accountable to the public for their actions; 3. transparent sale, lease or other means, divest itself of State enterptise assets which can be more efficiently ‘managed by the private sector; 4. allowance of new private sector entrants to participate in sectors of the economy now dominated by the ‘government; 5. introduction of international best practice standards ‘to those state enterprises in which the government retains ownership; and 6. monitoring and measuring the privatisation program for state enterprises and newly privatised state enter prises.* The Master Plan comprises two parts. Part | outlines the ‘general program guidelines and Part Il outlines the privatisation plans for each of the state enterprise sectors. Apart from the telecommunications sector, the Master Plan includes sectoral privatisation plans, for the key water, energy, and transport sectors. Telecommunications Sector This sector® comprises telecommunications postal, and broadcasting actives and the key state enterprises in each of 5 The Master Pn, secon 6 A more deaaied analysis ofthe sector appears in elecommunica- tions Regulation in Thailand (1995) 2 CTLR. 61 [co] CLLR SUE 4 © SWEET & MAXWELL LITTED [AND CONTRIBUTORS)1092 TOOK : PRIVATISATION OF TELECOMMUNICATIONS IN THAILAND: AN UPDATE : [2000] TLR. these sub-sectors are the Telephone Organisation of Thailand (TOT), the Communications Authority of Thailand (CAT), and the Mass Communications Organisation of Thailand (MCOT). This paper shall consider only the privatisation program. as it affects TOT and CAT. Broadly, TOT has responstbility for domestic telephone services including telephone services to neighbouring countries, CAT has responsibility for international telephone services and for all postal services, and MCOT has responsibility for radio and television. Each of these state enterprises undertake both operational and regulatory roles and respon sibilities. Whilst the separation of responsibilities of TOT and CAT appear quite clear, in practice each of these organisations thas some overlapping responsibilities. ‘Ac present the telecommunications sector is reserved for TOT and CAT and the only way the private sector has been able to participate is by way of concessions from or joint ventures with either of those organisations. As a result of high demand for telecoramunications services there has been considerable private sector participation by way of concessions and joint veneures. There are some 48 concessions and joint ventures encompassing basic telephone, public telephone, ong distance fixed-line, data communications, mobile telephone, paging, trunk mobile radio, satellite communication, satelite telephone, satelite operation and internet services.” OF these, the basic telephone concessions to ‘TelecomAsia Corp Public Co, Ltd and to Thai Telephone and TTelecommunication Public Co. Ltd for 2,600,000 lines in Bangkok and 1,500,000 in the provinces respectively are the ‘most significant. The concessions provide some difficulties for the privatisation program and are considered more specii- cally later in this paper. Telecommunications Master Plan The telecommunications sector is also subject to the Tele- communications Master Plan.* The Telecommunications Master Plan was approved about one year before the Master Plan after a very protracted process, and is effectively incorporated into the Master Plan. The Telecommunications Mas- ter Plan sets out an ambitious plan for reforming the market structure. It proposes privatisation of TOT and CAT and establishment of an independent regulator, the National Communications Committee (the NCC). it is proposed that the NCC would have responsibility for licensing, compliance monitoring and enforcement reviewing and setting tarills, regulating service quality, network access regulation competition regulation and adviser to government. The Tele- communications Master Plan also proposes a restructure of the telecommunications law, establishment of a universal service fund to subsidise basic and public telephone services, and implementation of a moratorium on further private sector concessions. ‘The Master Plan envisaged completing the sector's legal and regulatory reform program by December 1998, and completion of market restructuring and the introduction of competition by December 2000. The timetable for completing ptivatisation of TOT and CAT privatisations was criginally: ‘ conversion of concession arrangements by December 1998; 7 Tara Siam Business Information Lud, That Telecommunications Indusery, 1997, Bangkok, pp. 10-11. 8 Telecommunications Master Plan J097-2006, Ministry of Tans- por and Communications and the Thailand Development Research Tnsciute, 1997, © comporatisation of the Telephone Organisation of Thai- land and the Communications Authority of Thailand by December 1999; « separation of the postal business of the Communica- tions Authority of Thailand by December 1999; full market valuations of the Telephone Organisation of Thailand and the Communications Authority of Thai- land by December 199 « the search for strategic partners over the period July- December 1999; and « privatisation of both TO and CAT chrough a place- ment with strategic investors by December 2000. This timetable was ambitious but has been delayed by the protracted passage of the Corporatisation Act which is considered later in this paper. At this stage, the objective is to finalise conversion arrangements by late 2000 and to finalise corporatisation of TOT and CAT sometime in 2001. ‘The Telecommunications Master Plan also proposed that each of TOT and CAT be broken up into separate entities, whereby two will compete in local and value-added services and the other two would compete in long distance services. Alternatively, proposed that the two enterprises be merged into one through a holding company structure and then ‘broken up into two entities, one providing local and value added services and the other providing all the long distance services which will compete with at least one new operator. If this latter approach was implemented, the Master Plan ‘viewed the structure as transitory over a petiod of two to five years. At this stage these alternatives ate subject to further consideration. Legal and Regulatory Reform (i) Regulatory Commission Under the Master Plan the preferred model is a sector in which free and fair competition exists with a regulatory commission to protect the interests of consumers. Although there is mention of the creation of a regulator for the telecommunications sector under the new Thai Constitution? there is no reference under Thai law to the roles and functions of regulators. In March 1999, the State Enterprise Policy Commission (SEPC) reviewed proposals for guidelines to create regulators in Thailand and on April 5, 1999 a reg ulatory sub-committee was formed to prepare guidelines for the establishment of regulatory commissions. set of reg latory framework guidelines for regulatory commissions ‘were apptoved by the SEPC on August 9, 1999 and the guidelines provide for creation, composition and staffing, funding, appointnent of members, qualifications of members, tenure and conditions of appointment of members, duties, (promotion of competition, acting with regard to consumer interests, facilitating the financial viability of eff ciently nun regulated companies, collection and dissemination of information and advising Cabinet on sectoral policies and legislative matters), powers, dismissal criteria for members, consumer representation, dispute resolution (consumner- operator, operaor-operator and regulator-regulator), report- ing requirements, and budge: and audit. The intention was that the guidelines should provide a model to be followed by 9 The Constinrion, promulgated on October 11, 1997, Anicle 40: “there shall be an Independent state organisation co perform the utes of allocating the frequency bands... and regulating and supervising radio, selevision and telecommunications. business ‘operations: [20] CLR SSUE 46 SWEET & HAXQWELL UMTED [AND CONTRSUTORS]TOOK : PRIVATISATION OF TELECOMMUNICATIONS IN THAILAND; AN UPDATE ; [2000] CTLR. 103 legislators at the sectoral level in developing sector specific primary legislation. Because the Constinution refers to allocation of frequency bands and regulation and supervision of radio, television and telecommunications business operations, it was decided that ‘one Act would be used to establish one regulatory comimis- sion for broadcast and one regulatory commission for telecommunications, The Act’? providing for che establishment of each of the regulatory commissions came into operation on Match 8, 2000. Under that legislation ("Regulatory Act”) the National Telecommunications Committee (“NTC”) is the regulatory commission for the telecommunications sector and the selection and election of the members of the NTC must be completed within 120 parliamentary session days from the ate of operation of the Regulatory Act.’ This means that given the time to select and elect members, and the time to establish the NTC secretariat, the NTC should be operational by about April-May 2001, [note: Paragraph (ii) Corporatisation Act has been renum- bered (ii)] (i Telecommunications Act A Telecommunications Bill was approved by Cabinet on March 14, 2000 and is expected to be presented to Partia- ment in the parliamentary session commencing in June 2000 although it is not cerain that the bill will be passed during that session, The primary purpose of the ills to establish the broad policies and principles for the operation of businesse the telecommunications sector and to lay out the responsibilities and authoriy of the NTC. The bill has attracted some criticism in that it is said to give excessive Power to the NTC, that there are no penalties for malpractice by the NTC, and that it favours private telecommunications firms in that it allows existing private telecommunications firms to apply for new licences and to transfer their existing businesses to the ‘Rew ones.'? Mr Suthep Thaugsuban, Minister for Tlansport and Communications was eported*® as saying that Cabinet hhad concluded that the bill would need to be amended in several (unspecified) ways and that a parallel draft [aw prepared by the Ministry of Transport and Communications ‘would need to be considered. In spite of those comments there is some optimism that the bill will be passed and that the Telecommunications Act will be fully operational sometime in 2001. (iil) Corporatisation Act ‘The Corporatisation Act" is key legislation which provides for the manner in which state enterprises are to be corpora Used prior to privatisation, To corporatise each of the state enterprises would have required separate legislation for each state enterprise and the government decided that, to expedite the process, it would enact the Corporatisation Act to enable corporatisation (that is the conversion of state enterprises {nto limited liability companies) without the need for specific state enterprise legislation. The Act had a protracted passage 10-The Act Conceming Organisation of an. Enterprise Engaging in Allocation of Freguency Waves and Control of Broadcasting Activ- ‘ies for Radio, “elevision and Telecommunications 3.5, 2543 (2000), TS Reguletory Act, section 78, 12 The Nation, Marck 15, 2000, 18 Me Nation. March (5) 2000, 14 The Act Conceming Corporatisation of State Enterprise BLE. 2542 (1899). ‘through the padiamentary process but was passed by parliament on December 4, 1999 and became effective on Decem- ber 17, 1999, The process leading to corporatisation under the Act ‘includes the following: State enterprises must develop and propose plans for increased private sector participation and commercial Viability consistent with the sector's development strategy. ‘© The ministry responsible for the state enterprise must set the policy direction and oversee sectoral privatisation strategies, and review and approve state enterprise plans; The Stace Enterprise Reform Commission, formed by merger of the SEPC and the Corporatisation Commit- tee, will review state enterprise and ministry privatisation plans to ensure consistency with overall program objectives, approve or request amendments to plans, forward plans to Cabinet for approval, and oversee implementation."* The Secretariat to the State Enterprise Reform Com- mission, the Office of State Enterprises at the Ministry of Finance and the National Economic and Social Develop- ‘ment Board, will conduct technical reviews of all plans on behalf of the State Enterprise Reform Commission, co-ordinate all State Enterprise Reform Commission efforts and oversee plan implementation for State Enter- prise Reform Commission. © Cabinet wil review and approve or request amendments to plans proposed by the State Enterprise Refoom Commission,'* ‘® Investors may develop plans for investment in existing state enterprises or in new projects and may propose Plans to state enterprises, relevant ministries ot to the State Enterprise Reform Commission as appropriate. Despite the protracted passage of the legislation, many’ state enterprises were undertaking preparations for corporatisation in expecation thatthe legislation would be passed. In the telecommunications sector both TOT and CAT have been progressing plans for transforming those enterprises into corporatised entities. (iv) Other Laws ‘The Master Plan identified a number of laws which will need to be enacted ot amended in order to support the objective of increasing private sector participation in the economy the more significant of which are concessions.” Some 37 of the concessions referred to earlier pose major bank ayee/payee's bank), buta truly endorseable instrument of payment direct between payer and payee (ie, payer ~ payee — payee's bank — payer's bank)—and one furthermore which with digital signature/encryption will be incapable of fraud, ® the creation of the GOLD standard by the Integtion consorium (principally TBM and its bank customers), under which a platfonm-independent interfacing language (‘standard message exchange manager” or “SMEM" across a “message wanslation interface” of “MTI") willbe developed to enable the legacy systems of ‘most financial institutions (in which applications ar written in, say, COBOL, C or PL1) to camy transactions fom and to intemer (world wide web) transactions. the creation of “SET” by SETCo (Visa and. Mastercard), a certification and encryption standard for processing Credit card transactions on the internet, In addition, & group of world wide web technology vendors is creating “XML", a sub-set of Standard Graphical ‘Markup Language (SGML) incorporating financial tags/ele- ‘ments into the standard markup language used in the creation of web-sites, “OFX” is being advance by the Open Financial Exchange (Checkfree, Intuit and Microsoft) to create a common standard for exchanging financial information and BITS, a group of banks, is working on the Intemet Financial Exchange (“IFX") for a wide range of internet twansactions with and between them. In summary, the Bill seems of litle value. The suggestion that the current State and Federal legal framework does nct, adequately deal with any aspect of e-commerce appears almost absurd, even in light of the detailed observations within the Report of the current state of the law. Par from alleviating any imagined uncertainty, the volatile mix ofthis, generalised form of lawmaking with existing common law and State and Federal legislation would engender even greater uncertainty, and even more work for lawyers! In recent years, there has been a widespread review of the law of evidence, both Commonwealth and in each of the States of Australia, with a view to more adequately dealing with “electronic communications’, although no so called. In other areas, the law has dealt with computerisation admirably, seemingly without pause integrating new vechnol- cay into old legal theories. A very good example is EDI and the law of contract. In the past, the iaw of contract easily and quickly adapted to the new technologies of post, telegraph, telephone, telex and fax, and now the fundamental principles of the iaw being offer, acceptance and consideration are not in any way seriously challenged by ED] or e-commerce generally. ‘The problem has been, and remains, proving a transaction, but this is merely a matter of evidence. In other words, keeping a good audit trail and historical records of the twansactions which have taken place, as well as system security, will be the practical issues arising from this type of ‘wansaction, there being no fundamental legal issues. This is not to say that the law provides all the answers fot every e-commerce problem. For example, as the Report pointed out, parties to an e-commerce transaction may always improve the clarity of their sitation by express terms agreed in advance, adding to terms implied by statute or the general law (such as merchantability, mess for purpose and 50 on). There is ne doubt that such transactions could be improved in their clarity for the purpose of dealing with [io] CR SUE 4m SWEET & MARWELL LINTTED [AND CONTRIBUTORS112. KNIGHT : THE ELECTRONIC TRANSACTIONS BILL 1999 : [2000] C.T.LR. disputes which may arise, using an informed legal approach, but this does not alter the general proposition that the fundamental structure of the law has not been challenged by the new technology. kis by the development, and use by commerce and Government, of new technologies for electronic commerce, by initiaves such as those mentioned in the Introduction, above, that successful technologies will gain curency, and with them public confidence. There is litle or no regulatory bar to this oocurting—at least none which the legislation proposed by the Bil will address, These initiatives create the circumstances by which e-commerce is made available in a wide variety of commercial situations, easy-to-use, familiar and practicable for the majority of Australians, secure (inspire ing confidence) and effective. On the other hand, passing the Bill into law will intro- duce uncertainty of legal effects, especially between it and existing State and Federal laws which can only impede the development of these technologies and standart. E-commerce has become a plaything of politicians, and the bureaucracies they supposedly direct. Let us hope we do not pay too high a price for such political amusements, (ate) CTL SEUE 4 © SWEET & HAXWELL USTED [AND CONTRIBUTORS,\ BOOK DiS y, S. Singleton with S. Halberstam Business, the Internet and the Law TOLLEY’, 1999, XXVI AND 533 PACES. ISBN 0-7545-0107-8 (UNPRICED) Blectronic commerce (or “e-commerce”) will be to the eatly years of the 2ist century what the golden age of steam was 10 the ‘Victorians, a wealth of profit and eoums for those best placed to take advantage of the new technologies, Predicions of what ‘opportunites may be presented or of how existing methods for conducting business may be changed abound as enthusiasm for the novelties that are created knows no limit. ‘Speculation isthe watchword of these exhil- atating times. Ever. language itself muzates as ft leams to construct new terms and new words for things fommeny unknown and never before described. As often happens with new areas of human endeavour, law= makers sock to master # and subject it to regulation and, as equally often happens, those wanting wo lam the mules that may apply will experience difficulties in obtaining reliable infomation. Into this gap in knowledge, a few have ventured, notably Susan Singleton in this text, aptly ted, “Business, the Intemet and the Law" ‘he author herself runs a viral (net- based) law firm and it is clear that much of the matetial in the text has the benef of ‘belng wrinen from the standpoint of extensive practical experience, especially in the context of providing advice to cfents in aed of information as to their rights and obliga dons in a difficult area of law. In addition, there are a number of contributions and acknowledgements of matetial from difer- ext sources, most of which have been carefully selected so as to provide as cleat and concise a view of what is undoubredly a topic continually in the process of evolu- tion, The text begins with an overall assessment of the Issues confonting 2 busi ness desirous of expanding on to the net and what risks are involved in converting to new technologies. The question of how to identify and market the comporace name is tackled next in a chapter that locks at domain names and the topic of tade mark protection, There is a wealth of compar ative material in this and other chapters, citing case-law examples from a number of jurisdictions. Two chapters follow, which eal with the subject of copyright generally and in databases, as well as security and confidentiality issues. This is accompanied by a chapter dealing with contractual and other problems associated with the creation and maintenance of a website, ‘The three chapters at the heart of the ‘text deal with what will be the core activity of any business on the net: sale of goods ns, ade and payment. for Sesansenees Tse chapters deal with the relevant legsation fiom the U.K. stand- polnt and examine additionally interational measures designed to ensure harmonisation im these areas, Two related topics follow in the succeeding chapters which centre around BOOK REVIEWS : [2000] TLR. 113 the question of abuses of technology, The fist looks at the question of defamation on the net and examines employer liability for errantemployee behaviour. The second deals ‘with the all-too common problems of ensuring data protection and guarding against hacking and breaches of security. This chapter is partioularly complex, containing as it dees references to a number of European and Intemational initiatives in the Geld. The vexed question of jurisdiction, on which many cours have attempted 2 pronounce and assert authority, is dealt with in the Penultimate chapter, which also Mustares the inadequacy of much of present Iegsla- tion at coping with the speed of change of the vimual environment, Lasty, a considera tion which should not be omitted from any legal discourse i the topic of taxation, equally a jurisdictional problem and whichis dealt within the final chapter. ‘The text is rounded off by a clear index amangement and a number of appendices containing relevant source material. Overall, the text displays a concise and logical ar- rangement of material. The text has mach to ‘commend itself for and would be particularly Useful for the professional in the corporate sector, keen to enlence Knowledge of what is sil a edging area of practice. PAUL]. OMAR Gray's Inn. {Plt CTL SUE 4 SWEET & AXWELL TINTED HNN center ns4 BOOK REVIEWS : [2000] CTLR. Alan Williams, Duncan Calow and Nicholas Higham Digital Media—Contracts, Rights and Licensing SWEET & MAXWELL. 1998. soxvi + 414 PAGES £95.00 ISBN 075200 4204 (HARDBACK AND DISK) ‘As the preface of the book points out, this texts the second generation ofa publication that stamed life 2s “Multimedia—contract Tights and licensing”. The authors have done well in responding to the shift in emphasis thatthe emergence of digital technology has necessitated. The book addresses the legal consequences and role of digital media in the convergence of the information, entertain- ment, computer and communication indus tries ina comprehensive and easily digestible way. “The authors engage ina helpfal discussion of the ciffcalies faced in applying copyright law to the exploitation of digital media both in physical and on-line formats. These tssues and the topics discussed throughout the text are further explained and illustrated by practical examples that help the reader to come to grips with their implications in such areas 25 publishing, broadcasting and advertising. ‘The authors discuss and explain the UK and EU's approach to copyright protection (Pare2, Land), the enforcement: of rights in digital media (Par: 2, IN), the rights of authors (Part 2. V) and the acquisition, dis- ‘elbution and explotation of such rights (Part 3) in detail, The book also touches on issues. ‘such as content regulation and the implications of tax and competition law on the ‘exploitation of digital media. The text provides a very helpful summary of the U.K. bodies that regulate the exploitation of the various forms of digital media, To thei credit, the authors have tried to provide only an overview of what is essentially a very broad area of the law, making the tex: an ideal “jumping off point” for further researca. An extensive glossary and a detailed introduc tion on the legal and regulatory framework for digital media help put their commentary in context, An additonal and very useful fearure isthe reference guide in Part 1 that details the types of works that are subject. ‘copyright protection. ‘More value is added by the extensive appendices which provide such wsefu! features as lists of countries that are members of international conventions, Uists of organise- tions concerned with licensing and the ex forcement of copyright and surmmaries on such issues as framing, linking and the system for domain name registration, ‘These features, together with the prece- dent and sample clauses which are provided both at the end of some of the chapters and on disk, make this book an informative first reference point for investigating this area of the law. Of course, the rapid development of the law in this area will mean that readers will have to be especially proactive in Keep- Jng up with the repid growth in legislation and case law dealing wit this subject master If had to provide a criticism, tt would be that at times I found the numbering of the chapters confusing. 1 can, however, thor ‘oughly recommend this publication no: only for is comprehensive overview ofthe law in ‘this area but also for the way it relates this material in a practical and user ftiendly manner. MICHAEL CHISSICK Field Fisher Waterhouse, London [im] CLA ROUE4e SWEST & MAXWELL UMITED(ANO CONTRIBUTORS)Kevin Garnett et al (eds) Copinger and Skone james on Copyright (14th ed.) ‘SWEET & MAXWELL. 1998, Two volumes, £240.00. ISBN 0421 589108 (HARDBACK) “Copyright fs one ofthe three main branches of the faw of intellectual property along with patent law and trade mark law, Oveishad- ‘owed for much of tis history by the greater economic worth of patents and trade marks, atthe end ofthe twentieth century copyright ‘has overaken both in economic importance. ‘The law of copyright, originally conceived to provide protection against unauthorised re- Droduction of books, faces unprecedented challenges ftom the accelerating pace of ‘technological innovation. Since copyright sives the owner the exclusive right to authorise or prohibit cercain uses of his work by others, Iris central to providing right owners ‘with some element of contol over the ex- Ploitation of their works in the new gobal networks of the information age.” So begins the fist chapter of the latest caition of Copinger, sering copyright centre stage in the e-commerce revolution. Copiig- cris traditionally the leading U.K, copyiight text, dating back to Walter Copinger’ Law of ‘Copyright publisked in 1870. In recent years Copinger’s supremacy has been challenged by Ladle, Prescot: and Vitoria’s The Modern Law of Copyrightand Designs, a third edition of which i due out later this year, whose ‘idiosyncratic approach to, and stimulating analysis of, a traditionally dry subject have given practitioners much thought, not zo say Inspiration. Setting aside the debate over which text is now the leading one—practhioners will hhave both in their Yorary—it hes been eight _yeats since the previous edition of Copinger So the latest edition of Copinger is very welcome, It boasts a host of distinguished editors across the range of topics and in- dusuiee including Broadcasting, Pabiching, and Computer Software, of most interest to the readership ofthis journal. ‘The last decade has seen an enonmous owt in the law of copytighe and related Fights, Much of this is relevant to the information industries: European Directives dealing with matters as diverse as database Protection, the protection of computer pro- sams, satelive and cable broadcasting, rent- al and lending rights, and the daration of copyright have all had to be implementee within the structure of the Copyright Designs acd Patents Act 1988, Mores in the pipeline following the 1996 WIPO Copyright Treaty and WIPO Ferformances and Phonogrems Treaty, the aim of which Is to give right coumers a beter level of intemational protec tion in the digital age against piracy. So july 31, 1996, the cut off date for the work (although where possible subsequent devel- ‘opments have been included), represents & good date at which to take stock of almost a decade's frenetic legislative activity, Copinger’s value as the leading U.K. copyright text remains. The breadth and depth of the work make it required reading for eny copyright practioner or serious sm dent of the subject. The second velume ‘which contains stanutory and other legislative materials as well as some precedents is also essential A lotof new material has been added since the previous edition, in partic- ‘lar Chapter 27 which from a practical view- Point deals with che various industries which exploit and create copyright works and other similar rights. in these days of convergence, readers wanting to understand the content side of copyright (lm, music, publishing, tc.) will find the concise discussion of these specialist areas usefil, Readers nevr to com pater software copyright will also find the 10, ages specifically devoted to the computer software industry of value as wel. Readers of this joumal looking for a specific chapter on copyright and ts relation ship to e-commerce or the Intemet may ppethaps be disappointed, But there is much Aiscussion of digital and Intemet-elated BOOK REVIEWS ; [2000) C.TLR. 115 ‘avers in the text where the major aspects of copyright are discussed. Indeed the new chapter which deals with the important topic of Collecting Societies opens by stressing that the Intemet has made the need for the collective administation of rights more acute than ever, AAs Copinger primarily a pracitioner's ten, is discussion of copyright policy issues in the digital environment is concise but nevertheless perinent. The section on Com- munity Law also provides helpful back- ‘ground on the driving force for much recent copyright legislation. Indeed itis clear that the 1988 Act may be seen as the last copyright legislation to be passed in the U.K. free of the influence of the harmonisation programme of the European Commission. This Programme, as Copinger makes clear, is far reaching as elements ofthe civil law authors' Fights approach are now being introduced {nto the U.K. forthe frst time since the Beme Convention of 1886. Copinger also contains a very helpful discussion and tables dealing with international copyright. Whether itis determining, if software fst developed in south east asia benefits from copyright protectin in the UK, or the UK copyright position of a DVD containing a 1920s continental fim, which the author has had to consider recently, Copinger remains an invaluable guide for the practi- tone. It remains to be seen how copyright continues to develop in the face of the Inter. net and what balance of approaches to copyright, Angle-American or Continental-Euro- pean, prevalls. Copinger Is both a valuable ‘gulde to the current debate and the author- frative UK. copyright text—no mean achievernent. SIMON STOKES ‘Tarlo Lyons, London [Boo CLR BSUE 4. SWEET & MAXWELL UNITED ARO CoNTRINGTORSNEWS SECTION: CONTENTS : [2000] C.TLR. Nei \ Df June 2000 COMPUTER AND TELECOMMUNICATIONS LAW REVIEW VOLUME 6 : ISSUE 4 : 2000 : ISSN 1357 3128 COMPUTERS United Kingdom Supply of defective computer systems/ime bombs—Rubicon Computer ited v. United Paints Limited Systems Lim N-56 ELECTRONIC Belgium ‘COMMERCE Domain names—the misleading domain name wwwavocat be N-47 Dubai Legistation—Dubai technology, electronic commerce and media free zone law Nea7 Germany Online euctionscat purchase via online auctions—Decision of Minis, Regional Court, unpublished N-49 INTELLECTUAL India PROPERTY Trade Names—Rights to use “PC Magazine” and other marks of Ziff Davis in India N-50 Luxembourg Legistation—Draft law on copyrights, neighbouring rights and databases N-51 TELECOMMUNICATIONS Austria Reguiation—Proposed amendment to the Austrian Telecommunications Act Neas South Africa Fegulation—South Africa's pre- and post-isolation Telecommunications Taw and the award of a thitd national cellular licence N-sI Spain Regulation —Radio-electric spectrum N-53 :— Tariffs Nese ‘Regulation —Public tenders N-54 ‘Regulation—Other resolutions and court decisions N-55 Thailand Regulation—Privatisation of telecommunications sector No5S MEASURES TABLE European Community Computing, telecommunications and related measures N-59 [to] CLR SUE 4 SWEET & MAXWELL UMTED [AND CONTRELTORS]EDITORIAL BOARD AND COUNTRY CORRESPONDENTS: [2000] C:TLR. Ni News Section Epiror SDION STOKES “ae yeas ondon Epiror Epitortar Apvisory Boarp 4, T MICHLE RENOTE HENRY CARR carts PARKER Conpuralaw Barrister Digial Baipment co, Linked Edaburgh Tandon Reading ROBYN DURE PAUL TAYLOR ‘LinHaters & Atiance Orchard Londen {ondon ‘uve camvoras Olsvang Loudon CounTRY CorRESPONDENTS Austraua Gnesce New Zratanp ‘ANNE FITZGERALD LEOMIDAS KANELLOS XEN MOON oie coace Kokias-Kanelas & Associates ‘AJ Falk &'Son ‘ustala Athens ‘auckland PETER LEONARD Kone Ba sake Baer Bere Sibert Tobie iets @Paines Kluge Advokatinsa ans Syeey ong Kong Oslo Aa KEN sinenro aber Department of Compete Science RE ae ‘Unversity of Hong Korg ALBAN RANG “ ‘Austen ‘PETER WATERS Sagas aa & De Siva MARTIN BRODEY MICHAEL REEDE Dorda rugger& Joris Gibex e Thin Sourn Arnica Yienna syeney CHARLES H. BERMAN Adams & Adams Bractun Inpia fobennesburg Leoef haeye Verbeke PRAVIN ANAND yet ‘Anané & Anand [MARCO VAN DER MERWE New Dai Spoet and Fisher Brazi Pretoria Tray [ANTONIO CARLOS ¢, MAZZUCO 0 ¢ ‘ANDREA VALU Rerccasoe Gah Cerin. acu ett RU anne MEN. Seo Pano Rome Gomer-Acsho & Pombo Canapa PAOLO CERINA Madd BARRY 8, SOOKNAN Bros casa Assos Swtorn Mecanthy 8 Texan Man MAGDALENA HAG ‘Toronte Ineiano Ryn & case Denman JARLETH BURKE Stockh i Esat decor, PER HARON ScHAUDT ‘ akon a arr Dublin Swirzer.ann ene § Lange ANNA-MARIE CURRAN Scheinberg 6 aisiy Cepenhegea AGL Goodbedy Solctors Zurich FOSS or ors: ae Tarwan Jametcenasct PARAM HUBERT Hsu Pals FED DO ay ‘bert Hsu & Associates -BRlc MORGAN DE RIVERY Tokyo nee KATE THACKERAY Tuananp PASCAL CUCHE Luxempours yoo Eee es STEPH eee par? Pats Le Govetl Law Ote eee < Lexemboorg PETER CHROCZIEL NETHERLANDS Unarep Kincpom Bruckhaus Westick Stegemann GOREN PRINS ROBYN DURE Frankf 2m an Univesty of Ledea Pinks laden RICHARD LETTERMAN Ylkinson, Baer, Knacerand Quinn GRYeSHY of Mung “TI JOHNSON ‘rankfise am bala egUeENe ome KARL H.-W ASNETE crrow Unton Condertbreters Hn ae Houthoft Amsterdam, (© SWEET MACIVEL LMITED [AND CONTRIELTORS ‘CONOR WARD ‘Lovell White Darant London, ‘ALAN WHITHELD ‘Selicor ar London ‘sIox Jones ‘Nabarro Nathanson ‘London HEATHER ROWE ‘CONOR WARD ‘Lovell White Duran London WGEL StAME Baker & Mckenzie Londen usa RICHARD H. STERN Ablondl, Foster, Sobin & Davidow ‘Washington DC JUSTIN'T BOOKEY Wilkinson, Barker, Knauer 6 Qutnn ‘Washington DC CHARLES B, COHLER. ‘Lasky, Haas & cobler San Franco JORNR XING nobbe, Martens, Olson & Bear "Newpor Beach | caloria, JORX Swinson ‘Mallesons Stephen jaques Brisbane ru ANDREAS BARTOSCH SGieiss Hoot Lutz & Hirsch Brussels J. MARK NAFTEL Bid 6 Bird Brussels [ELIZABETH ANN STATON Freshtelae London, SIMON M. TAYLOR, Norton Rose Brussels ROGER TucKerT Hermes Europe Rael BV BrusselsNA EDITORIAL BOARD AND COUNTRY CORRESPONDENTS: [2000] : C:TLR. PUBLISHING . CONTRIBUTIONS SUBSCRIPTIONS AND ORDERS ‘The Editorial Board welcomes “Annual subscription £310 (USS533) plus tle @sweetandmecwel enn contributions to the Law Review. All £13 armall postage outside Europe for ‘material should be submicted in 8 issues plus index. Bound Volume Tos eeu ooo typescrint form, on Ad paper in double Service is £95 (USSI57) extra. line spating, together with a disk if ISSN 1357 3128 availble, and sent to: Sweet & Mawel Led , Subscriprions Department Published by Sweet & Maxwell Ld "Anand Shukla, CTL. Papers “Typeset by Interactive Selences Ltd, ‘Sweet & Maxwell Led Andover Gloucester et 100 Avenue Road Hanes SPIO SBR, Printed and bound in Great Britain by ea NWS aor Oped Kingdom ‘The Headway Press, Reading Uniced Kingdom DX 120950 Andover 5 Telephoie: 020 7393 7000 Telephone: 01264 342766 International: +44 20 7393 7000 International: +44 1264 342766 Fax: 020 7393 7333 Fax: 01264 342723 International: +44 20 7393 7333 International: +44 1264 342761 © Sweet & Maxwell Ltd 1999, All rights reserved. UK. statutory material inthis publication is acknowledged as Crown copyright. No part of this publication may be reproduced or transmitted in any form or by any means, or stored in any retrieval system of any nature ‘without prior written permission, except for permitted fair dealing under the Copyright, Designs and Patents Act 1988, or In accordance with the terms of a licence issued by the Copyright Licensing Agency in respect of photocopying and/or reprographie reproduction. Application for permission for other use of copyright material including permission to reproduce extracts in other published works shall bbe made to the publishers. Full acknowledgement of author. publisher and source must be given. (© SWEET A MAZCWELL LIED [AND CONTRIELTORS,NarionaL NEWS SECTION: NATIONAL REPORTS : [2000] C.T.LR, N— 45 REPORTS AUSTRIA TELECOMMUNICATIONS Regulation Introduction ‘The Austrian Telecommunications Act of 1997 (“TKG” or “the Act”) was originally dnenévente teAstiontiasnnnccym oesighed as the primary means of ensuring liberalisation in the area of tele- fa communications law in Austria based on the applicable European directives. Most of the significant developments in the Austrian telecommunications market, such as the award of licences, the institution of an independent regulatory authociy and the settlement of interconnection and unbundling disputes, occurred within the scope of application of the Act and its implementing ordinances issued by the ‘Minister of ‘Transport. Three years of its application have, however, also revealed certain short- comings of the Act, such as its failure to provide for an appellate authority to test ‘decisions rendered by the regulatory authority Telekom Control Kommission. This. defect was criticised by the Austrian Supreme Constitutional Court in its ruling of 24 February 1999 whereby decisions of the regulatory authority may be challenged by a complaint to the Supreme Administrative Court (based on the requirements of applicable European-law). in addition, lively competition in the Austrian market and the resulting disputes have strained the capacities of the regulatory authority. AAs a result, the time frames provided by the TKG for disputes are dificult to maintain in practice. Moreover, the TKG does not provide for timely limitations for ficence proceedings. Expectations of the market participants From the point of view of the incubent operator, Telekom Auta, the TK in its current form is perceived to regulate one enterprise (ce. the dominant operator) father than the market as such Inthe discussions ofthe plannedamendment othe ‘TKG, Telekom Austria consequently argued that asymmetrical regulation sho reduced given that competition has already taken shape on the Austrian tele- ommunicatons markt. Thus. the incumbent operators wish Is for an amendment to the TKG would have included a mn submitting all operators (not only dominant operators) to the principle of cost-orientation anda refined approach to market definition
Você também pode gostar
1 ST Grade
Documento2 páginas
1 ST Grade
Ale
Ainda não há avaliações
Extreme Sports Vocabulary Esl Picture Dictionary Worksheet For Kids PDF
Documento2 páginas
Ale
Britt Krause
Documento15 páginas
Britt Krause
Ale
Revistas
Podcasts
Partituras
Computer and Telecommunications Law Review
Ale
Documento2 páginas
Ale
Ale
Countable and Uncountable
Countable and Uncountable
Ale
JournalOfEnergy&NaturalResourcesLaw Vol12N1 February1994 PDF
JournalOfEnergy&NaturalResourcesLaw Vol12N1 February1994 PDF
Ale
Computer and Telecommunications Law Review February 2000
Computer and Telecommunications Law Review February 2000
Ale
Ale
Ale
Global Arbitration Review
Ale
Transport Vocabulary
Documento1 página
Transport Vocabulary
Ale
Ale
Ale
Ale
Ale
In The Past (Yesterday / Last Week Etc)
Documento2 páginas
In The Past (Yesterday / Last Week Etc)
Ale
The Clothes: Cinturón Blouse Blusa
The Clothes: Cinturón Blouse Blusa
Ale
Weather and Colors
Documento8 páginas
Weather and Colors
Ale
Hidden Figures: The American Dream and the Untold Story of the Black Women Mathematicians Who Helped Win the Space Race
No Everand
Hidden Figures: The American Dream and the Untold Story of the Black Women Mathematicians Who Helped Win the Space Race
Margot Lee Shetterly
Nota: 4 de 5 estrelas
4/5 (895)
The Subtle Art of Not Giving a F*ck: A Counterintuitive Approach to Living a Good Life
No Everand
The Subtle Art of Not Giving a F*ck: A Counterintuitive Approach to Living a Good Life
Mark Manson
4/5 (5794)
Shoe Dog: A Memoir by the Creator of Nike
No Everand
Shoe Dog: A Memoir by the Creator of Nike
Phil Knight
Nota: 4.5 de 5 estrelas
4.5/5 (537)
Grit: The Power of Passion and Perseverance
No Everand
Grit: The Power of Passion and Perseverance
Angela Duckworth
4/5 (588)
The Yellow House: A Memoir (2019 National Book Award Winner)
No Everand
The Yellow House: A Memoir (2019 National Book Award Winner)
Sarah M. Broom
4/5 (98)
Principles: Life and Work
No Everand
Principles: Life and Work
Ray Dalio
4/5 (599)
Yes Please
No Everand
Yes Please
Amy Poehler
4/5 (1891)
The Little Book of Hygge: Danish Secrets to Happy Living
No Everand
The Little Book of Hygge: Danish Secrets to Happy Living
Meik Wiking
3.5/5 (400)
Never Split the Difference: Negotiating As If Your Life Depended On It
No Everand
Never Split the Difference: Negotiating As If Your Life Depended On It
Chris Voss
4.5/5 (838)
Elon Musk: Tesla, SpaceX, and the Quest for a Fantastic Future
No Everand
Elon Musk: Tesla, SpaceX, and the Quest for a Fantastic Future
Ashlee Vance
4.5/5 (474)
A Heartbreaking Work Of Staggering Genius: A Memoir Based on a True Story
No Everand
A Heartbreaking Work Of Staggering Genius: A Memoir Based on a True Story
Dave Eggers
3.5/5 (231)
Rise of ISIS: A Threat We Can't Ignore
No Everand
Rise of ISIS: A Threat We Can't Ignore
Jay Sekulow
3.5/5 (137)
The Emperor of All Maladies: A Biography of Cancer
No Everand
The Emperor of All Maladies: A Biography of Cancer
Siddhartha Mukherjee
4.5/5 (271)
Fear: Trump in the White House
No Everand
Fear: Trump in the White House
Bob Woodward
3.5/5 (738)
Devil in the Grove: Thurgood Marshall, the Groveland Boys, and the Dawn of a New America
No Everand
Devil in the Grove: Thurgood Marshall, the Groveland Boys, and the Dawn of a New America
Gilbert King
4.5/5 (266)
The Hard Thing About Hard Things: Building a Business When There Are No Easy Answers
No Everand
The Hard Thing About Hard Things: Building a Business When There Are No Easy Answers
Ben Horowitz
4.5/5 (345)
On Fire: The (Burning) Case for a Green New Deal
No Everand
On Fire: The (Burning) Case for a Green New Deal
Naomi Klein
4/5 (74)
The World Is Flat 3.0: A Brief History of the Twenty-first Century
No Everand
The World Is Flat 3.0: A Brief History of the Twenty-first Century
Thomas L. Friedman
3.5/5 (2259)
Team of Rivals: The Political Genius of Abraham Lincoln
No Everand
Team of Rivals: The Political Genius of Abraham Lincoln
Doris Kearns Goodwin
4.5/5 (234)
The Unwinding: An Inner History of the New America
No Everand
The Unwinding: An Inner History of the New America
George Packer
4/5 (45)
The Gifts of Imperfection: Let Go of Who You Think You're Supposed to Be and Embrace Who You Are
No Everand
The Gifts of Imperfection: Let Go of Who You Think You're Supposed to Be and Embrace Who You Are
Brené Brown
4/5 (1090)
Angela's Ashes: A Memoir
No Everand
Angela's Ashes: A Memoir
Frank McCourt
4.5/5 (440)
Steve Jobs
No Everand
Steve Jobs
Walter Isaacson
4.5/5 (806)
Bad Feminist: Essays
No Everand
Bad Feminist: Essays
Roxane Gay
4/5 (1016)
The Glass Castle: A Memoir
No Everand
The Glass Castle: A Memoir
Jeannette Walls
4.5/5 (1713)
John Adams
No Everand
John Adams
David McCullough
4.5/5 (2409)
The Outsider: A Novel
No Everand
The Outsider: A Novel
Stephen King
4/5 (1839)
The Light Between Oceans: A Novel
No Everand
The Light Between Oceans: A Novel
M.L. Stedman
4.5/5 (789)
Brooklyn: A Novel
No Everand
Brooklyn: A Novel
Colm Tóibín
3.5/5 (1937)
The Sympathizer: A Novel (Pulitzer Prize for Fiction)
No Everand
The Sympathizer: A Novel (Pulitzer Prize for Fiction)
Viet Thanh Nguyen
4.5/5 (121)
The Woman in Cabin 10
No Everand
The Woman in Cabin 10
Ruth Ware
3.5/5 (2322)
Little Women
No Everand
Little Women
Louisa May Alcott
4/5 (104)
A Man Called Ove: A Novel
No Everand
A Man Called Ove: A Novel
Fredrik Backman
4.5/5 (4610)
Wolf Hall: A Novel
No Everand
Wolf Hall: A Novel
Hilary Mantel
4/5 (3811)
Manhattan Beach: A Novel
No Everand
Manhattan Beach: A Novel
Jennifer Egan
3.5/5 (792)
The Perks of Being a Wallflower
No Everand
The Perks of Being a Wallflower
Stephen Chbosky
4.5/5 (2104)
The Art of Racing in the Rain: A Novel
No Everand
The Art of Racing in the Rain: A Novel
Garth Stein
4/5 (4200)
The Constant Gardener: A Novel
No Everand
The Constant Gardener: A Novel
John le Carré
3.5/5 (104)
A Tree Grows in Brooklyn
No Everand
A Tree Grows in Brooklyn
Betty Smith
4.5/5 (1929)
Her Body and Other Parties: Stories
No Everand
Her Body and Other Parties: Stories
Carmen Maria Machado
4/5 (821)
Sing, Unburied, Sing: A Novel
No Everand
Sing, Unburied, Sing: A Novel
Jesmyn Ward
4/5 (1103)

Computer and Telecommunications Law Review

Enviado por

Dados do documento

Título original

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Computer and Telecommunications Law Review

Enviado por

Direitos autorais:

Formatos disponíveis

Você também pode gostar