| Author (Person) | Schwartz, Ari |
|---|---|
| Series Title | European Voice |
| Series Details | Vol.11, No.28, 20.7.05 |
| Publication Date | 20/07/2005 |
| Content Type | News |
|
By Ari Schwartz Date: 20/07/05 The phenomenon of outsourcing back-office jobs to companies in Asia has put the EU's data protection rules under increased scrutiny. In April of this year 17 call-centre workers in Thailand were arrested on suspicion of siphoning funds from American bank accounts to fund lavish holidays. Last month a call-centre worker in India was arrested for the alleged sale of account details and credit card numbers to an undercover British journalist. Kieran Naidoo of the trade union Amicus (the UK's largest manufacturing, technical and skilled persons union) said: "Businesses have rushed to cheap destinations in pursuit of profit without installing proper safeguards and they therefore have risked consumer confidence. "Other countries simply do not have the robust legislation that Britain has." In theory, minimum standards have been set across the whole European Union. The EU's data protection directive has now been passed into law in all European nations and data is therefore permitted to travel, without hindrance, between all EU nations. Commission officials are looking at whether the directive needs revision and are to come forward with a statement by the end of the year. The directive allows the export of data to third countries that are deemed by the Commission to have an 'adequate' level of data protection legislation. Argentina, Canada, the US and Switzerland and the UK dependent territories of the Isle of Man and Guernsey have so far been approved. An application from Australia is being assessed. EU companies can automatically transfer data to the approved countries in the same fashion as within the EU. The development of the third country scheme followed a prolonged regulatory dispute with the US. With the adequacy finding, data can be exchanged with US organisations that have pledged to adhere to strict data protection principles, which are policed by the Federal Trade Commission. India has heeded calls from the West to introduce more stringent data protection laws and add significant amendments to its Information Technology Act of 2000. In the future, India's long-term interest is to be considered as an approved 'third country' so that firms can then locate data controllers in India and not be purely a service provider for the West. But Mike Pullen, a partner from international law firm DLA Piper Rudnick Gray Cary, said that this would be a "long way off" and would not even be considered until India instituted a fully comprehensive data protection law. In the absence of such a law, regulation becomes "very complicated", according to Hans Tischler, an official at Der Bundesbeauftragte für den Datenschutz (the German Data Protection Agency). But the export of data is still legally possible. First, unambiguous individual consent can be given by all parties to allow their personal data to be transferred to a foreign country. This is a rare method and normally happens in very small groups or companies. It is also unlikely that a bank would ask for the express consent of all of its customers to allow their data to be transferred abroad. A more common way to legalise transfer of data abroad, to take full advantage of the economic benefits, is to establish a contract whereby the originating company (the data controller) and its contractor (the data processor) both agree to adopt the standards of EU data protection law. The contracts therefore drag the data processors, often located in countries like India, into the legal framework of the EU. Indeed, the contracts are supposed to be policed by the national data protection authorities. In these contracts the parties are held joint and severally liable so parties can be sued in both the country of the controller and the country of the processor (with certain caveats). Despite a common perception that data was at a greater risk in a call-centre in India than in a call centre in Europe, both Pullen and Naidoo said such incidents could occur in any European country. There would, they said, always be a few 'bad apples' in any industry where personal data was concerned. Article reports that the phenomenon of outsourcing back-office jobs to companies in Asia has put the EU's data protection rules under increased scrutiny. After a number of incidents of fraud, the European Commission was looking at whether the Data protection Directive needed revision and were planning to come forward with a statement by the end of 2005. |
|
| Source Link | http://www.european-voice.com/ |
| Subject Categories | Business and Industry, Internal Markets |
| Countries / Regions | Europe |
