The first thing to know is that the European directive, 1995/46/EC, is according to Marc one of the better ones on this planet. Each European country made it part of its law but some countries like Germany and Italy are more severe than others. Another interesting fact is that the directive applies to the EEA, the European Economic Area.
I asked Marc the question how to handle these differences as an organization. The best way to handle this is creating a baseline valid for all members of the EEA and make sure that you add the specific requirements for the more severe states.
An interesting fact is that if you for instance visit a website in South-Africa, it is the South-African law that applies to the personal data. The reasoning is that the law applies where the company owning the website is located. This creates very interesting situations, Google is a global company with sites all over the EEA but if you log in over their web servers in the USA, it would be the American law that applies.
One of the nice remarks that the presentor made was that personal information and sensitive data are not the same thing.
Since we were talking about dealing with international privacy we discussed the US safe harbor frameworks.
