| Re-posted here for the convenience of SCANDIA respondents:
<<< CLT::ULTRIX$:[NOTES$LIBRARY]VAXNOTES.NOTE;1 >>>
-< Notes on VAX Notes >-
================================================================================
Note 164.0 Data Privacy Legislation 2 replies
REX::MINOW "Martin Minow, DECtalk Engineering" 123 lines 5-FEB-1986 11:14
--------------------------------------------------------------------------------
Several notes in this conference have discussed (a) who should be able
to read/reply/join conferences, (b) what should and should not be said
in a notesfile, and (c) whether or not "noteing" is more or less
emotional than face-to-face communication.
�
The following is taken from the COM concise manual, October 1979. COM
is the ancestor of NOTES and has almost identical functionality.
"According to the Swedish Data Act as interpreted by the Data
Inspection Board, the following rules apply to messages
containing information about one or more persons:
LEGAL RESTRICTIONS ON MESSAGES
"The information about an individual should be relevant to
his/her professional function.
Information on illness, crime, social welfare aid, political
or religious views, etc. may not be given.
If you express some opinion about a person, the person referred
to must be able to read your message. Exception: persons responsible
for hiring and supervising personnel.
Lists of persons are only permitted in the form of lists of authors,
participants in working groups, etc.
If you give some information about a person, you must give the
full name with capital initial letters."
OTHER LEGAL RESTRICTIONS
"Guard your COM password carefully.
COM was developed as an aid in solving the problems of communication
engendered by the relocation of the Swedish National Defense Research
Institute to several geographically spread locations in Sweden, and to
make the organization work more efficiently.
COM can be used to collect and disseminate information, prepare
decisions, and [for] research on computer conferencing. COM can
also be used by societies and unions for people employed by
organizations using COM.
COM can, in Sweden, be used by an organization with permission
from the Data Inspection Board to use COM, or by people cooperating
with such an organization.
While this is written [in 1979], FOA [the Swedish National Defense
Research Institute] and QZ [the Stockholm University Computer Center]
(for the universities in Stockholm) have such permission.
When COM is used by an official of a Swedish government agency, he/she
must ensure that information pertaining to official business is taken
out on paper for archiving. The *archive* command of COM can be used.
A user of COM must participate under his/her own name, and must input
his/her business address into the COM system."
�
The following is taken from the COM Advanced Manual, November 1980.
SUNSHINE ACT
"The legal requirements on a computerized conferencing system may
vary from country to country.
In Sweden, there is a "sunshine act" [Freedom of Information Act]
causing many messages in conference systems run by government agencies
to be open for inspection to anyone. It is an advantage if the
organizer of a closed [private] COM meeting [conference] in Sweden
notes in the presentation of the meeting its status in relation to
this act, e.g., if it is expected to contain secret information.
[In COM, a restricted conference may have a publically-visible
introduction.]
Meetings where all participants belong to the same government agency
can also contain memory notes, which are not publicly available.
[The Swedish Sunshine Act does not generally permit public access
to working drafts or notes �pro-memoria�.]
Meetings organized by other than a government agency, e.g., a
meeting organized by a union, are also generally not public, and
this should also be noted in the presentation of such a meeting.
The organizer of a meeting can, if neccessary, change the name and
the presentation of the meeting with the commands *change name*
and *change presentation*."
...
"You should exert your [meeting organizer] privileges with discretion.
If personal information about an individual is erroneous, correction
is required by the Swedish Data Act. Such a correction is best done
by a correcting notice, sometimes in combination with deleting
the erroneous notice."
�
Some notes and recommendations:
1. The above was written over five years ago, and may not accurately
reflect the current situation in Sweden.
2. As I understand the current wording of the Data Privacy Act, the
conference organizer would be responsible for the contents of
a conference. In most cases, special registration of a conference
would not be necessary.
3. The Swedish Data Inspection Board is generally willing to help
develop or adapt computer database systems to the Swedish Data
Privacy Act. I would suspect that they would require the existance
of certain commands (such as the "archive" command to print a
paper copy of a note or conference) and of sufficient warning
messages in the user documentation. I would recommend that
consultation with the Swedish Data Inspection Board be made
a part of the V2 project plan (unless, of course, the Swedish
Branch office says it isn't necessary).
4. May I kindly ask respondants to refer general comments about the
Swedish Data Privacy Act to the SCANDIA notesfile, and confine
their remarks in this file to the consequences of this law
(and other national Data Privacy legislation) for VAX NOTES.
Martin Minow
================================================================================
Note 164.1 Data Privacy Legislation 1 of 2
TLE::WINALSKI "Paul S. Winalski" 9 lines 5-FEB-1986 13:38
--------------------------------------------------------------------------------
Does the Swedish Data Privacy Act apply only to data held by the Swedish
government (as does the Freedom of Information Act in the U.S.), or does
it apply to privately-held databases as well?
In any case, I don't see any relevance to the VAX NOTES product. We merely
provide the tools--the Swedish Data Privacy Act concerns how people use them,
not the tools themselves.
--PSW
|
| I believe the most recent revision of the Data Privacy Act excludes
1. Files maintained by religious or political organizations on their
own members. (Conflicts with Swedish constitutional guarantees
of freedom of religion and association.)
2. Files where "no conceivable damage to personal integrety" can
occur, such as private databases of names and addresses (i.e.,
Christmas card lists).
Furthermore, a proposed revision of the law would define a "licensed
maintainer" who would be responsible for a particular database.
"Simple" databases would require only such a maintainer -- no
registration or other intervention. This would include the vast
majority of business databases.
Databases which could contain some damaging information, such as
payroll or personnel files, would require registration and some
-- limited -- supervision by the Data Inspection Board. Generally,
this is pretty painless.
Databases with great potential for personal harm, such as those
containing medical information would require direct supervision.
The "licensed maintainer" would be expected to know what is what.
Note that my information may be out of date. If I go to Sweden
this summer, I might try to become a licensed maintainer.
I was working for Dec in Sweden when the law passed. One of the
RSTS systems we installed did scheduling and billing for an
auto repair center. Because the mechanic's premium pay was
calculated (and their personal ID number stored), the system
required a license. This was done by the customer, not by Dec.
Martin.
|
| Associated Press Tue 11-MAR-1986 10:07 Sweden-Surveillance
Swedish Uproar Over Computerized Study
By LARS FOYEN
Associated Press Writer
STOCKHOLM, Sweden (AP) - The Swedish government today scheduled
a March 20 meeting to discuss a controversial study in which social
scientists have used computers to trace the lives of 15,000 Swedes.
The government's Data Inspection Board last Wednesday ordered
the project Metropolit to alter its files so no names can be
connected to the personal information compiled on each individual.
"We have won the first round against `Big Brother,'" said
Manni Thofte, one of the Swedes who was part of the study.
However, many of those whose lives were documented from birth
and other critics have demanded that the records, which include
criminal and medical records, be destroyed.
The project, conducted by Professor Carl-Gunnar Jansson and
assistants at Stockholm University, profiled in great detail the
lives of 15,000 Stockholm residents born in 1953.
Among other things, the project compiled information on their
involvement in crime, school grades, tax payments, military
service, health and drinking habits.
The project was made public by the Stockholm newspaper Dagens
Nyheter in early February, provoking a public furor.
Many of the Swedes who were part of the study said neither they
nor their parents were told the purpose of in-depth interviews
undertaken by researchers over the years.
They said they also not been told that results of intelligence
tests, census reports and other official records were being
included in any such study.
Few nations collect more data on their citizens than Sweden,
where the Central Bureau of Statistics is a vast repository of
information on its 8.3 million residents.
The project headquarters was besieged by people who demanded to
see their files and wanted to be dropped from the project.
About a third of the people monitored were reported to have
requested a copy of their file. Most of those who wanted their
files also reportedly wanted out of the project.
The Data Inspection Board, a watchdog agency of the Social
Democrat government, was created 12 years ago to license private
individuals, organizations and businesses that want to keep
computerized personal files on citizens.
Thofte and other critics have demanded that records kept by the
project be destroyed.
In reaction, a government spokeswoman said today that
researchers and government officials would meet March 20 for
negotiations involving the Metropolit project, similar research and
personal privacy.
"If similar research is to be done in the future, people should
be told what they are being interviewed for, and what the research
is to be used for," Thofte was quoted as saying in the Stockholm
newspaper Aftonbladet.
Assistant Professor Marja Wallden, one of the Metropolit project
leaders, predicted there would be an appeal to the government
against ending the project.
"It is tragic that the Metropolit project has taken this
turn," she was quoted as saying in Aftonbladet. She described the
project as an important effort to learn more about the conditions
under which Swedes live.
The project Metropolit was started before the passage of the
Swedish law that governs the protection of privacy in data
processing.
|