Short Summary of
the EU Data Directive
specifies that any storage (on a computer, or even by pen and pencil)
about any directly or indirectly identifiable person is "personal
data". Such registration is only permitted for specified, explicit
and legitimate purposes, in adequate ways, kept up to date, kept in
an identifiable format. It is also only permitted with permission from
the person identified, or for legally required needs without such permission.
Personal data may not be exported outside EU without permission from
the person identified.
Exceptions: Registration by the public defense, purely private registration
within a household, registration done by authors, writers and artists
solely as part of their professional work.
Short Summary of the Concerns
Interpreted literally, the EU directive means that almost all freedom
of speech on the Internet is illegal. Only publication where no person
is identified in any way is not covered by the directive. Since publication
on the Internet is a very important part of freedom of speech, this
directive severely restricts the freedom of speech.
The directive is so generally worded, that it actually applies to almost
all human activity, since almost all human activity to some extent involves
personal data in computers or on paper. Thus, the directive makes freedom
of speech illegal in almost all human activity illegal, unless it is
done according to the restrictive rules of the directive.
The exceptions for authors, journalists and artists are not enough,
since freedom of speech is not a right restricted to only people of
these special vocations.
Examples of Activities which are Illegal According
to the Act:
- Search engines like Alta Vista. And such engines are central to
the usage of the Internet as a vast area for freedom of speech!
- Any criticism of a person without permission from the criticized
person, like for example criticism of a public official. And the right
to criticize public officals is central to freedom of speech!
Examples of how the Act has been Applied in Sweden
The Swedish Data Inspection Board has in general interpreted the law
in such a way that it allows all activities which it likes, but disallows
activities which it dislike. Examples of web pages which have been forbidden
by the board are:
- A list of fur producers kept by an animal-rights organization.
- A list of bank directors, criticized for misuse of their rights
by an organization for bank customers. He was convicted in the primary
court and the appelate court, but freed
by the Swedish Supreme Court.
Freedom of speech is thus only provided when you write things which
the Data Inspection Board likes.
How should the Directive be Changed
The general view in Sweden is that it is not enough to make slight
changes in the directive. The whole directive should be rewritten with
freedom of speech in mind. Instead of making almost all human activity
illegal, the directive should specify a list of special types of data
bases, to which it applies, and only be applied to those. A law should
only be written to cover things which the legislators understand! Especially
in case of a law which causes serious freedom-of-speech issues.
Examples of items in such a list might be:
- Personnel data bases
- Medical patient data bases
- Customer data bases
- Police data bases
- Direct marketing data bases
There should also be a procedure for extending this list, when needed.
Because of the risk of conflict with freedom of speech, the directive
should be restricted and not general-purpose.