Charles Prescott on Tuesday, January 20, 2004 at 1:15 AM said:-

>    I know you are frustrated with what you have, but from 
> what I can see, the UK has taken the right path, focused 
> primarily on education,and you are building a constructive 
> data protection environment. 
>    Bankrupt a small company that fails to put an opt-out 
> notice in a mailing? Ridiculous. What's the damage that can't 
> be repaired otherwise?   

The national and organisational cultures will affect the method, and speed,
with which the courts implement the law, in the same way they do the money
invested in DP training. 

I would have found it unlikely that any court, without other significant
cause, would fine a small beginning entrepreneur an amount which would on
its own cause bankruptcy, it would, as you say, bring the legal sphere into
disrepute.  Of course, when considering cases similar to the one you
elaborate on involving small entrepreneurial companies, I would have thought
most courts would also consider the volume of harm done, balanced against
potential beneficiaries.  Perhaps the question is - When is (if at all)
example (not the correct legal term) sentencing useful?

When considering that any individual at reasonable cost can potentially
purchase a computer, harvest many millions of e-mail addresses and cause
considerable damage nationally and internationally, the argument put forward
begins to loose resilience.

> When sophisticated 
> companies with lots of lawyers have trouble complying with a 
> complex law, fining companies and bankrupting people doesn't 
> build respect, or even fear.

That is interesting as I have been considering that the DP regulatory
regimes in many countries is deliberately complex, which could indicate that
complexity was being adopted as a ploy, thereby making it very difficult for
individuals to engage the courts with privacy issues (A possible
protectionist stance for both organisations and the courts) whilst still
promoting commerce.  A regime which would seem from many perspectives most
destructive to confidence in the regulatory regime.

Ian W

> -----Original Message-----
> From: This list is for those interested in Data Protection 
> issues [mailto:[log in to unmask]] On Behalf Of 
> Charles Prescott
> Sent: Tuesday, January 20, 2004 1:15 AM
> To: [log in to unmask]
> Subject: Re: DP in Spain
> 
> 
> Sounds really good doesn't it?  BUT, one of the companies not 
> mentioned, which was fined for not having put in an opt-out 
> notice in its mailed promotion piece which was prepared 
> before the effective date of the law, but sent afterwards 
> through the error of the lettershop, is now bankrupt. It was 
> a small operation run by a beginning entrepeneur. Under 
> Spanish law, you have to pay the fine levied by the DPA and 
> THEN you can appeal. And, by the way, the DPA is prosecutor, 
> judge, and jury.  Legal appeals in court from decisions of 
> this nature usually take between 6 and 8 years. Justice? 
> Helpful? Useful? 
>   I don't think so. But very Spanish, of course. 
> Authoritarian, strict, draconian. When sophisticated 
> companies with lots of lawyers have trouble complying with a 
> complex law, fining companies and bankrupting people doesn't 
> build respect, or even fear. It builds resentment which at 
> some point will create a legal backlash. 
>    I know you are frustrated with what you have, but from 
> what I can see, the UK has taken the right path, focused 
> primarily on education,and you are building a constructive 
> data protection environment. 
>    Bankrupt a small company that fails to put an opt-out 
> notice in a mailing? Ridiculous. What's the damage that can't 
> be repaired otherwise?   
> 
> Charles A. Prescott
> Vice President, International Business Development & 
> Government Affairs Direct Marketing Association 1120 Avenue 
> of the Americas New York, NY  10036 U.S.A.
> 
> Tel. +1-212-790-1552
> Fax. +1-212-790-1499
> e-mail: [log in to unmask]
> website: www.the-dma.org
> 
> Helping businesses go direct worldwide. 
> >>> "Otter, Thomas" <[log in to unmask]> 01/17/04 08:11 AM >>>
> Hello thought this might interest some of you
> Interesting to compare with the OIC's actions
> The Agencia de Protección de Datos (APD) is charged with 
> enforcing the LOPD.[2491] The Agency maintains the registry 
> and can investigate violations of the law. The agency has 
> issued several decrees setting out in more detail the legal 
> requirements for different types of information. In December 
> 2000 it issued guidance on international transfers of 
> data.[2492] As of December 2001, the number of registered 
> databases was 271,875.[2493] In 2001, the agency conducted 
> 405 investigations most of which were carried out on the 
> basis of individual complaints. 363 complaints were received 
> regarding the refusal of data controllers to grant subjects 
> access to their files.[2494] In September of 2000, the agency 
> fined Telefónica, the Spanish telephone company, EUR 60,000 
> for a glitch in its computer systems that allowed improper 
> access to customer files.[2495] A ESP 180 million (EUR 1 
> million) fine was issued in January of 2001 to Zeppelin, the 
> television company producing the Spanish version of the show 
> "Big Brother," for releasing personal information on those 
> who tried out for the show.[2496] A 100,000 peseta fine was 
> issued to Caja Insular de Ahorros de Canarios in February 
> 2001, and Microsoft Iberica was fined 10 million pesetas in 
> April for improper use of client information.[2497] The 
> agency has recently opened an investigation against the 
> University of Zaragoza on allegations that the university 
> sold alumni information without permission.[2498] Appeals 
> against decisions of the APD may be brought before an 
> administrative court. In 2000, 54 such appeals were brought. 
> The court upheld the decisions of the Authority in the 
> majority of these cases.[2499] In 2002, the APD considered 
> the case of the company Inlander that was accused of storing 
> personal data of Spanish citizens on a US-based database and 
> failing to take security measures to protect private 
> data.[2500] 
> http://www.privacyinternational.org/survey/phr> 2003/countries/spain.htm
> 
> Regards
> Thomas
> 
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>        All archives of messages are stored permanently and are
>       available to the world wide web community at large at
>       http://www.jiscmail.ac.uk/lists/data-protection.html
>       If you wish to leave this list please send the command
>        leave data-protection to [log in to unmask]
>             All user commands can be found at : -
>         http://www.jiscmail.ac.uk/help/commandref.htm
>   (all commands go to [log in to unmask] not the list 
> please) 
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> 
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>        All archives of messages are stored permanently and are
>       available to the world wide web community at large at
>       http://www.jiscmail.ac.uk/lists/data-protection.html
>       If you wish to leave this list please send the command
>        leave data-protection to [log in to unmask]
>             All user commands can be found at : -
>         http://www.jiscmail.ac.uk/help/commandref.htm
>   (all commands go to [log in to unmask] not the list 
> please) 
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> 

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
      If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
        http://www.jiscmail.ac.uk/help/commandref.htm
  (all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^