The role of legislation in computer ethics


Pedro Z. Caldeira (Lisbon)


Rogerson (2001) pointed out that legislation could exert a positive mid to long-term impact in computer ethics. In this paper are presented the impact of Occupational Health and Safety Acts and regulations and Data Protection and Freedom of Information Laws on organizational behavior and computer ethics.

This paper analysis occupational health and safety legislation across Europe (e.g., European Union, United Kingdom, Portugal, Austria and Holland) and North America (United States and Canada) relevant to organizational behaviour and computer ethics.

For instance, this paper analysis and discuss the contribution to organizational behaviour and computer ethics of the British Health and Safety at Work Act 1974, Management of Health and Safety at Work Regulations 1992 (that require employers to carry out risk assessments, make arrangements to implement necessary measures, appoint competent people and arrange for appropriate information and training). Workplace (Health, Safety and Welfare) Regulations 1992 (which covers a wide range of basic health, safety and welfare issues such as ventilation, heating, lighting, workstations, seating and welfare facilities) and Health and Safety (Display Screen Equipment) Regulations 1992 (which set out requirements for work with Visual Display Units – VDUs).

This paper also analysis Data Protection, Data Privacy and Freedom of Information Laws that rules employer/employee relationships, product-service vendor/client relationships, and marketing and opinion research both in Europe (e.g., European Commission’s 1995 data directive, United Kingdom Data Protection and Freedom of Information Laws, Portuguese Data Base Protection Law) and United States (Data Protection and Data Privacy Laws e.g.).

But this second set of Acts and Laws in Europe, according to the Application Service Provider Industry Consortium (ASPIC), are not accommodating the fast changing realities of computers and telecommunications (ab)use on organizations.

ASPIC is an international advocacy group with more than 700 member companies, including 200 active company members in Europe. ASPIC commissioned a research project to address international data protection laws and the impact they can have on the marketplace. It concludes that there is an urgent need for ASPs to operate a highest standard data protection compliance programme in order to comply with relevant legislation in countries where they operate (ASP, 2002).

The ASPIC is leading a call for the European Commission to review urgently the data protection laws across Europe following a major Europe-wide research study published in March 2001. “The report from the ASP Industry Consortium (ASP IC) warns that laws driven by the EC’s 1995 data directive are implemented inconsistently across countries, leaving businesses at risk from prosecution due to uncertainty over compliance procedures, as well as an erosion in individuals’ protections” (ASP, 2002).

The European Chairman of the ASP Industry Consortium said, “The Internet and web-based technology have fundamentally changed the way in which people work and how data is processed and transmitted…. Online businesses such as ASPs want to be able to conduct operations effectively while protecting the rights of individuals. However, current data protection laws, which were written during an era when data was relatively static, need to be changed to catch up with the realities of an online, mobile world.” (ASP, 2002)

ASPIC (2002) is calling on the EC to consider a variety of changes, including:

  • Uniform personal data protection laws throughout the European Union, with an exclusion of corporate data
  • Establishment of a central European data protection authority to act in partnership with countries to implement a common registration and notification process and to monitor and adapt rules as technology changes
  • Redefinition of the roles performed by service providers such as data processor and data controller to reflect technological realities
  • Application of the European Union risk assessment approach to determine the adequacy of the data protection laws in non-European Economic Area countries

Is well known that technology could be used to subvert the intent of data protection laws, but even experts do not expect to find a wide latitude in the interpretation of the 1995 directive, including for instance the extension of the law to corporate data (ASP, 2002). London-based law firm D.J. Freeman conducted a research on behalf of ASP IC in 15 European countries and found that almost every region was operating its own regime in terms of data laws.

Alexander Carter-Silk, of DJ Freeman, commented: “While European Community data legislation is not perfect, it does provide a solid foundation for a standardised compliancy framework for the future. In terms of ASPs, the situation in Europe is one where the economy has accelerated past the law and an update is required – not only for the growth of the business model in Europe, but also because the rest of the world is looking to the EU to set the example in achieving cross-border data compliance standards” (ASP, 2002).