Apply the higher standard in line with the thrust of the EU Directives
statements. (As per 10 below)
(7) Whereas the difference in levels of protection of the rights and
freedoms of individuals, notably the right to privacy, with regard to the
processing of personal data afforded in the Member States may prevent the
transmission of such data from the territory of one Member State to that of
another Member State; whereas this difference may therefore constitute an
obstacle to the pursuit of a number of economic activities at Community
level, distort competition and impede authorities in the discharge of their
responsibilities under Community law; whereas this difference in levels of
protection is due to the existence of a wide variety of national laws,
regulations and administrative provisions;
(8) Whereas, in order to remove the obstacles to flows of personal data, the
level of protection of the rights and freedoms of individuals with regard to
the processing of such data must be equivalent in all Member States; whereas
this objective is vital to the internal market but cannot be achieved by the
Member States alone, especially in view of the scale of the divergences
which currently exist between the relevant laws in the Member States and the
need to coordinate the laws of the Member States so as to ensure that the
cross-border flow of personal data is regulated in a consistent manner that
is in keeping with the objective of the internal market as provided for in
Article 7a of the Treaty; whereas Community action to approximate those laws
is therefore needed;
(10) Whereas the object of the national laws on the processing of personal
data is to protect fundamental rights and freedoms, notably the right to
privacy, which is recognized both in Article 8 of the European Convention
for the Protection of Human Rights and Fundamental Freedoms and in the
general principles of Community law; whereas, for that reason, the
approximation of those laws must not result in any lessening of the
protection they afford but must, on the contrary, seek to ensure a high
level of protection in the Community;
I wonder how tight these things will eventually get.
Ian W
> -----Original Message-----
> From: This list is for those interested in Data Protection
> issues [mailto:[log in to unmask]] On Behalf Of
> Antoinette Carter
> Sent: 30 November 2004 16:41
> To: [log in to unmask]
> Subject: Poland DPA
>
>
> I have been contacted by our office in Poland, who were one of the ten
> countries to join the EU this year. The Polish DPA appears
> to set much
> higher standards with regard to system user access/security than we do
> in the UK. For example, they insist that users' passwords are changed
> at least every 30 days. Our corporate policy is to apply the UK DPA
> globally unless local legislation is stronger, which appears to be the
> case here. But on reading the text of the Polish Act, Article 4 reads
> "The provisions of the Act shall apply, save where otherwise provided
> for by any international agreement to which the Republic of Poland is
> party." Would you construe from this that signing up to the
> EU is just
> such an international agreement, and that it is sufficient for us (as
> registered data controllers in the UK) to continue to apply the UK
> standards rather than the Polish. Any thoughts would be much
> appreciated....
>
> Antoinette Carter
> Data Protection Officer
> Tel: 0207 389 4970
>
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|