WAP-W3C Mobile Web Privacy Workshop
7-8 December 2000
Henry Ryan, <email@example.com>
The "Initiative on Privacy Standardization in Europe" (IPSE) is compiling an official report on the role of standardization which will, where agreed necessary, prepare recommendations for relevant standardization actions to help business and other enterprises implement the relevant legislative acts. The project is being overseen by a Steering Group (SG) and carried out by a team of business, technology, communications, legal and consumer experts appointed by the SG. The expert team is being led by Stephanie Perrin (ZeroKnowledge, Canada) and includes Henry Ryan, (Lios Geal Consultants, Ireland), Freddie Dawson (DG-Media UK), Rosemary Jay (Masons, UK) and a Consumer Representative (to be appointed).
The Business Objective
With the correct, legal use of employee and customer personal data by business becoming more and more a "hot" issue in Europe and around the globe, CEN/ISSS - the Brussels-based European standardisation organisation - together with CENELEC and ETSI have approved a study on privacy standards relevant to European and international privacy policies and regulatory considerations. This work is being conducted under a mandate (Mandate M/289) issued by the European Commission's SOGITS (a high-level group of officials involved in policy-making for information technology issues). Its recommendations, after public review and if necessary adjustment, will be the basis of any deliberate standards development related actions. At minimum IPSE will clarify the role of standards in the assurance of privacy regulations. Where necessary and agreed in public review it can recommend specific actions to be undertaken, by whom and in what timeframe. As envisaged in the approved IPSE terms of Reference this deliverable could include a proposed business plan for a CEN/ISSS Workshop on Privacy and Data Protection.
The regulatory issues of privacy in electronic commerce (which includes mobile electronic commerce in this context) are stated in the preamble to the European Directive on Electronic Commerce (Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market ). This states that protection of individuals with regard to the processing of personal data is solely governed by Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and by Directive 97/66/EC concerning the processing of personal data and the protection of privacy in the telecommunications sector. In the same paragraph the Electronic Commerce Directive excludes it's use to prevent the anonymous use of open networks such as the Internet.
Outline for the Study
The IPSE study on the role of standards setting as a contribution to compliance within the European legal framework on data protection and privacy is in two parts:
The second part will provide recommendations for future actions for possible standards setting based on an understanding of the business needs and drivers. The proposed topics are likely to address three key areas:
Codes of conduct
It should be noted that this set of possible work areas is neither exhaustive nor definitive. By assigning this work to the IPSE SG and by making its stage deliverables widely and publicly available , the CEN/ISSS Secretariat intends to stimulate careful and balanced consideration of the key privacy issues and the scope of managerial/technical resolutions to the identified issues. In so doing a solid base will be established to support relevant agreed standards work programme where these are likely to meeet the essential requirements of the regulatory framework.
The IPSE SG welcomes inputs from all interested parties. Comments on any issue including technology and practical experiences should be addressed to the CEN Secretariat:
Georgia Skouma - Workshop Manager
CEN - European Committee for Standardization
Rue de Stassart 36, B-1050 Brussels
Tel.: +32 2 550 08 89
Fax: +32 2 550 09 66