Privacy Law and Policy Reporter
The Malaysian Ministry of Energy, Communications and Multimedia is in the process of drafting new legislation on personal data protection.
According to the Ministry’s website at <www.ktkm.gov.my/comm/pdp.html>, the aim of the proposed legislation is:
The Personal Data Protection Bill is intended to be world leading ‘cyberlaw’ which provides a high level of personal data protection. The objectives of this law are:
The rationale of the proposed law is to promote Malaysia as:
The Government has agreed to allow the draft Bill to be exhibited in the Ministry’s website for public access, scrutiny, comment and feedback. Public comment and feedback is invited and may be communicated to the Ministry through the Ministry Online Forum or to the following address:
Ministry of Energy,
Communications and Multimedia
Jalan Semantan 50668
Tel. No: 603-2575000
Fax No: 603-2575001.
A one day forum for officials from Asian countries was held in Hong Kong on 27 March 2001. The forum, hosted by the Hong Kong Privacy Commissioner for Personal Data, attracted repres-entation from Hong Kong SAR, Indonesia, Japan, Macau SAR, Malaysia, Singapore and Thailand. In addition to the host office and government officials from those countries, participants included a professor of the Department of Information Management, National Central University, Taipei and an observer from New Zealand.
A substantial part of the meeting was devoted to presenting status reports on information privacy issues and law in the various jurisdictions. Presentations by experts from Hong Kong, New Zealand and the US discussed the work of the US Federal Trade Commission, the EU Data Protection Directive, human resource management and cross-border data matching.
Participants found the meeting valuable and saw merit in repeating the exercise, particularly given several current initiatives for data protection law at national level and EU activity in assessing the adequacy of data protection laws of countries in Asia. Participants expressed interest in exploring regional issues such as co-operation in relation to cross-jurisdictional privacy seal programs.
Source: Blair Stewart, New Zealand.
The NZ Law Commission advises in a December 2000 report that NZ encryption policy is to be reviewed later in 2001 and will involve public consultation. While no public discussion paper has yet been issued, submissions can nonetheless be made to the Chairman, National Cryptography Policy Committee, Domestic and External Security Secretariat, Department of Prime Minister and Cabinet, Executive Wing, Parliament Buildings, Wellington.
Source: Law Commission, Electronic Commerce Part Three: Remaining Issues, NZLC R68 <www.lawcom.govt.nz>.
The ‘Article 29 Working Party’ of EU Privacy Commissioners consider that Australia’s private sector privacy law is not ‘adequate’ in terms of the EU Data Protection Directive. Their Opinion, issued in March, can be found at <europa.eu.int/comm/internal_market/en/media/dataprot/wpdocs/wp40en.htm>.
The Opinion identifies a number of deficiencies in the Australian law which would prevent in meeting the criteria for a finding of adequacy.
The Federal Attorney-General’s reaction to the report can be found at <law.gov.au/aghome/agnews/2001newsag/941_01.htm>.
The European Commission has just released a study which estimates that ‘junk’ emails or ‘spam’ costs internet users 10 billion euro a year worldwide.
The study, which provides detailed information on the phenomenon in both the US and the European Union, forms part of the Commission’s ongoing efforts to ensure that the development of the internet and e-commerce does not undermine Europe’s rules on internet privacy and data protection.
The study also compares the different approaches adopted by EU Member States in implementing the EU Directives on data protection into national law. The study will help the Commission’s work with Member States’ data protection experts on assessing the implementation of EU data protection Directives. The findings will also be taken into account by the Commission when proposing updates to EU data protection legislation.
Further detail is available at <europa.eu.int/comm/internal_market/en/media/dataprot/studies/spam.htm>.
Unfortunately the full text of the report appears to be only available in French at present.
Source: EU delegation, Canberra.
The Victorian Health Records Bill was passed on 3 April. It will come into effect from 1 July next year, with no phase-in period. It covers the handling of health information by the public and private sectors.
‘Health information’ means all personal information held by health service providers, plus information held by any organisation about a person’s health or disability at any time, information about the donation of body parts, organs or substances, and genetic information.
The legislation is a hybrid of the ACT Health Records (Access & Privacy) Act 1997 and the National Privacy Principles.
The text of the Bill is at <www.dms.dpc.vic.gov.au/>.
Source: Lindy Smith.
Contrary to assumptions made by many commentators, including Private Parts in 7(8) PLPR 168, the Privacy Amend- ment (Private Sector) Act 2000 (Cth) will commence on 21 December 2001, not 22 December.
Source: Attorney-General’s Department.