Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sdd.hp.com!usc!snorkelwacker.mit.edu!bloom-beacon!eru!hagbard!sunic!nuug!ifi!hhe From: hhe@ifi.uio.no (Hans Henrik Eriksen) Newsgroups: comp.org.eff.talk Subject: Re: Lotus Market Place Message-ID: Date: 21 Nov 90 16:56:09 GMT References: Sender: hhe@ifi.uio.no (Hans Henrik Eriksen) Distribution: comp Organization: University in Oslo, Department of Informatics Lines: 51 In-Reply-To: jmc@Gang-of-Four.stanford.edu (John McCarthy)'s message of 20 Nov 90 23:01:20 GMT Cc: gordon@sneaky.lonestar.org In article jmc@Gang-of-Four.stanford.edu (John McCarthy) writes: > I think the Swedish and Norwegian laws on the subject have been > harmful and are subject to further abuse, especially if adopted here. > Suppose we assign the task of preventing illegal database > entries to the Secret Service. You can expect search warrants > and subpoenas of your files checking to see if you might have > someone's phone number without proper consent. Besides the > possibility that the Secret Service would go mad again, you > are providing an opportunity for all kinds of busybodies. I have recenty read the Norwegian law (again) regarding databases with personal information. It seems that I overstated its restrictiveness. First of all, PRIVATE registers are EXCEPTED. You can keep private databases containing anything you want, e.g. close friends with funny diseases. Next, organizations can keep registers containing relevant information on their members. Funny diseases information is not relevant for most organizations to run their business, but phone numbers and adresses are. The law explicitly mentions some data which should NOT be recorded if there is not a special reason for it: unique personal number (social security eqiv.), info about race, political or religious beliefs, health, drug abuse, sexual relationships and the like. The law does NOT discuss the question of public attribute databases, simply because it is of 1978, and the issue wasn't up then. I would guess one could (commercially) have such databases contain anything the user put in, and that any company legally could use the information as long as they did not build their own version of the database. I would think that you'd have to get a permit to run such a database. You state that the Norwegian law is harmful, setting up a worst case scenario involving the (now infamous?) Secret Service. The Norwegian law has been around for over 12 years now, without any serious complaint from the public. I think this because almost everybody find it quite reasonable, and most people are afraid of what their personal data is being used for without their knowledge, so most WANT the restrctive line. As of the penalty side of the law, nobody has gone to jail for breaking it as long at it has existed. A small number has been fined for flagrant breaches, but I don't have any case information about it. As for applying or adopting the Norwegian law in USA, I agree with you. It is designed for the Norwegian society, which is different in many ways from the American, e.g. in law enforcement. Hans Henrik Eriksen hhe@ifi.uio.no PS: Did you now that law (lagu) is a word of Scandinavian origin? :-)