European data protection law establishes certain basic minimum requirements for the collection and processing of personal data. Although data protection laws apply to information without regard to its form, some of the most sensitive issues related to data protection law arise in the context of personal information stored in digital form within computer systems. When individual computer systems form part of information and communications technology (ICT) networks, then data protection issues may be even more challenging. The 1995 Data Protection Directive, which provides for the free flow of information within the EU within a harmonized framework of national data protection laws and blocks cross-border data flows to jurisdictions that lack adequate protections, creates a legal framework to protect the privacy of personal information within global ICT networks.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Ayres, I. & Braithwaite, J. (1992). Responsive regulation: Transcending the deregulation debate. New York: Oxford University Press.
Baldwin, R. & Black, J. (2008). Really responsive regulation. Modern Law Review, 71(1), 59– 94.
Belson, J. (2002). Certification marks. London: Sweet & Maxwell.
Braithwaite, J. (1985). To punish or persuade: Enforcement of coal mine safety. Albany, NY: State University of New York.
Cargill, C. (2001). The informal versus the formal standards development process: Myth and reality. In S. M. Spivak & F. C. Brenner (Eds.), Standardisation essentials: Principles and practice (pp. 257– 265). New York: Marcel Dekker.
Egan, M. (2001). Constructing a European market: Standards, regulation and governance. New York: Oxford University Press.
Egyedi, T. M. (2003). Consortium problem redefined: Negotiating ‘democracy’ in the actor network on standardisation. Journal of IT Standards & Standardisation Research, 1(2), 22– 38.
Electronic Privacy Information Center & Junkbusters (2000). Pretty poor privacy: An assessment of P3P and internet privacy. Report. http://epic.org/reports/prettypoorprivacy.html. Accessed March 27, 2008).
European Commission (EC) (2000). Challenges for enterprise policy in the knowledge-driven economy. COM 256. Brussels: European Commission.
European Commission (EC) (2006a). A strategic review of better regulation in the European Union. COM 689. Brussels: European Commission.
European Commission (EC) (2006b). Report on the operation of Directive 1999/93/EC on a community framework for electronic signatures. COM 120 Final. Brussels: European Commission.
European Commission (EC) (2007a). European ICT standardisation policy at a crossroads: A new direction for global success. Discussion document for 2008 open meeting. Brussels: European Commission. http://ec.europa.eu/enterprise/ict/policy/standards/cf2008/080206-dispaper.pdf. Accessed March 27, 2008.
European Commission (EC) (2007b). The study on the standardisation aspects of eSignatures. http://www.esstandardisation.eu/study.php. Accessed March 27, 2008.
European Committee for Standardisation (CEN) (2005). Analysis of privacy protection technologies, privacy-enhancing technologies (PET), privacy management systems (PMS) and identity management systems (IMS), the drivers thereof and the need for standardisation. CWA 15263. Brussels: CEN.http://ftp://ftp.cenorm.be/PUBLIC/CWAs/e-Europe/DPP/CWA15263-00-2005-Apr.pdf Accessed March 27, 2008.
European Committee for Standardisation (CEN). Data protection and privacy. http://www.cen.eu/cenorm/sectors/sectors/isss/cwa/dppcwa.asp Accessed March 27, 2008.
European Committee for Standardisation (CEN). ICT standards consortia. Updated list of standards consortia. http://www.cen.eu/cenorm/businessdomains/businessdomains/isss/consortia/index.asp Accessed March 27, 2008.
European Committee for Standardisation (CEN) & Information Society Standardisation System (ISSS) (2002). Initiative on privacy standardisation in Europe. Final report. Brussels: CEN/ ISSS. http://www.cen.eu/cenorm/sectors/sectors/isss/activity/ipsefinalreportwebversion.pdf. Accessed March 27, 2008.
Falke, J. (1997). Achievements and unresolved problems of european standardisation: The ingenuity of practice and the queries of lawyers. In C. Joerges, K.-H. Ladeur, E. Vos (Eds.), Integrating scientific expertise into regulatory decision-making: National traditions and European innovations (pp. 187– 224). Baden-Baden, Germany: Nomos Verlagsgesellschaft.
Festa, P. (2002). Promise of P3P stalls as backers regroup. CNET News.com. http://www.news.com/2100-1023-963632.html Accessed March 27, 2008.
Gunningham, N. & Sinclair, D. (1999). Regulatory pluralism: Designing policy mixes for environmental protection. Law & Policy, 21(1), 49– 76.
Hacker, S. (2002). P3P in IE6: Frustrating failure. O’Reilly Mac Devcenter.com. www.oreillynet.com/mac/blog/2002/06/p3p_in_ie6_frustrating_failure.html Accessed March 27, 2008.
Hes, R. & Borking, J. (1998). Privacy enhancing technologies: The path to anonymity. Revised edition. Dutch Data Protection Authority. http://www.dutchdpa.nl/documenten/EN_av_11_Privacy-enhancing_technologies.shtml Accessed March 27, 2008.
Hodges, C. (2007). Encouraging enterprise and rebalancing risk: implications of economic policy for regulation, enforcement and compensation. European Business Law Review, 18(6), 1231– 1266.
Institute for Prospective Technological Studies (ITPS) (1999). Data protection: Devising a framework for standardisation. Report on the Workshop. https://cybersecurity.jrc.ec.europa.eu/docs/data20protection20standardisation/DataProt991025final.doc. Accessed March 27, 2008.
Kaply, M. (2004). Bug 225287 – Remove p3p from the default build, Comment #12. https://bugzilla.mozilla.org/show_bug.cgi?id=225287c12 Accessed March 27, 2008.
Kennedy, S. (2006). The political economy of standards coalitions: Explaining China’s involvement in high-tech standards wars. Asia Policy, 2, 41– 62.
KPMG, et al. (2004). Privacy-enhancing technologies: White paper for decision makers. Ministry of the Interior and Kingdom Relations, The Netherlands. http://www.dutchdpa.nl/downloads_overig/PET_whitebook.pdf Accessed March 27, 2008.
Krislov, S. (1997). How nations choose product standards and standards change nations. Pittsburgh, PA: University of Pittsburgh Press.
Miller, A. S. (1995). Environmental regulation, technological innovation and technology-forcing. Natural Resources & Environment, Fall, 64– 69.
National Research Council (1995). Standards, conformity assessment and trade into the 21st century. Washington, DC: National Academy Press.
Organization for Economic Co-operation and Development (OECD) (1997). The OECD report on regulatory reform: Synthesis. Paris: OECD. www.oecd.org/dataoecd/17/25/2391768.pdf. Accessed March 27, 2008.
Parker, C. & Braithwaite, J. (2005). Regulation. In P. Cane & M. Tushnet (Eds.), Oxford Handbook of Legal Studies (pp. 119– 145). New York: Oxford University Press.
Pelkmans, J. (2001). The GSM standard: Explaining a success story. Journal of European Public Policy, 8(3), 432– 453.
Platform for Privacy Preferences. 1.0 (P3P1.0) Specification. www.w3c.org/p3p/. Accessed March 27, 2008.
Reay, I. K., Beatty, P., Dick, S., & Miller, J. (2007). A survey and analysis of the P3P protocol’s agents, adoptions, maintenance, and future. IEEE Transactions on Dependable and Secure Computing, 4(2), 151– 164.
Schepel, H. (2005). The constitution of private governance: Product standards in the regulation of integrating markets. Portland: Hart Publishing.
Shapiro, C. & Varian, H. R. (1999). Information rules: A strategic guide to the network economy. Cambridge, MA: Harvard Business School.
Spivak, S. M. & Brenner, F. C. (2001). Standardisation essentials: Principles and practice. New York: Marcel Dekker.
The ConsortiumInfo.org. Standard setting organization and standards list. Updated list of organizations that create or promote standards. http://www.consortiuminfo.org/links/. Accessed March 27, 2008.
United Kingdom Gambling Commission (2007). Remote and gambling software technical standards, Annex C. http://www.gamblingcommission.gov.uk/Client/mediadetail.asp?mediaid=130. Accessed March 27, 2008.
Van Eecke, P., Pinto Fonseca, P., Egyedi, T. (2007). EU Study on the specific policy needs for ICT standardisation: Final report. Brussels: European Commission. http://ec.europa.eu/enterprise/ict/policy/standards/piper/full_report.pdfa Accessed March 27, 2008.
Winn, J. K. (2007). US and EU regulatory competition and authentication standards in electronic commerce. Journal of IT Standards and Standardisation Research, 5(1), 84– 102.
WTO Committee on TechnicalBarriers to Trade (WTO TBT Committee) (1995). Decisions andRecommendations adopted by the Committee since 1 January 1995,G/TBT/1/Rev.8, 23 May 2002, Section IX.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer Science+Business Media B.V.
About this paper
Cite this paper
Winn, J.K. (2009). Technical Standards as Data Protection Regulation. In: Gutwirth, S., Poullet, Y., De Hert, P., de Terwangne, C., Nouwt, S. (eds) Reinventing Data Protection?. Springer, Dordrecht. https://doi.org/10.1007/978-1-4020-9498-9_11
Download citation
DOI: https://doi.org/10.1007/978-1-4020-9498-9_11
Publisher Name: Springer, Dordrecht
Print ISBN: 978-1-4020-9497-2
Online ISBN: 978-1-4020-9498-9
eBook Packages: Humanities, Social Sciences and LawLaw and Criminology (R0)