Germany strives to be leader in data privacy in Europe and beyond

Germany should become a leader in international data protection standards, the country's justice minister said Friday, and she praised WikiLeaks for helping raise awareness of the issue in the United States.

Sabine Leutheusser-Schnarrenberger, who has clashed with U.S. internet giants such as Google and Facebook over privacy issues, announced the establishment of a new German foundation that would explore data security issues, such as how a high security standard could be used to competitive advantage and develop technology to protect user privacy.

The minister also urged the European Union to include agreements on data protection standards with the United States as it moves to revamp its 15-year-old data protection laws. Legislation is expected to be proposed midyear.

She underlined the importance of increased dialogue with the U.S. to better understand the "different legal cultures" of data protection on opposite banks of the Atlantic.

"For this reason, I believe it is important that we strive to achieve basic ground rules of what constitutes data security," Leutheusser-Schnarrenberger said.

She further noted that since thousands of classified U.S. documents have landed in the public sphere through WikiLeaks publishing them on the internet that there has been an increased push for regulation in Washington.

"Thanks to WikiLeaks, there has been in increased effort in the United States to reach improved data security standards," Leutheusser-Schnarrenberger said.

Germany has some of the strictest data protection regulations in Europe, and the minister expressed concern that the European law not force Berlin to water them down.

Law Enforcement Asks for ISP Retention Law

The U.S. Department of Justice law enforcement officials from around the country
have renewed calls for legislation mandating that Internet service providers
(ISPs) retain certain customer usage data for up to two years, Computerworld reports.
Those calls came at a House Judiciary Committee hearing Tuesday, where members indicated self-regulation would be their preferred path.

From a privacy perspective, John Morris of the Center for Democracy and Technology cautioned that law enforcement would have a "massive amount of information" on presumably innocent Internet users. While privacy advocates are sounding an alarm over what one expert described as "dragnet surveillance by the government," a justice official said "any privacy concerns about data retention should be balanced against the needs of law enforcement to keep the public safe."


DuckDuckGo Challenges Google on Privacy (With a Billboard)

DuckDuckGo, a one-man-band search engine based out of Valley Forge, Pennsylvania, is aiming at Google’s privacy practices with an unusual tactic: a billboard in San Francisco that proclaims “Google Tracks You. We Don’t.”

The ad, which cost DuckDuckGo founder and coder Gabriel Weinberg $7000 for four weeks, went up Thursday in San Francisco’s tech-heavy SOMA district, along the highway dumping cars off the Bay Bridge into San Francisco. While the billboard is far from Google’s Mountain View HQ, San Francisco is a Google-town, where many residents who work at the search giant board Wi-Fi enable, black executive shuttles for the daily commute to the Valley proper.

At issue is Google’s habit of sending along a searcher’s query to the site they are visiting, according to DuckDuckGo’s founder and sole employee Gabriel Weinberg. So if you search on “athlete’s foot” on Google, then click on a link, that site gets told that you searched on “athlete’s foot.” That’s something that not many people know, Weinberg says, and something his search engine doesn’t do.

Moreover, third-party ad tracking networks can also grab that info and add it to the store of information the companies store on users, Weinberg adds. It’s not clear if any ad tracking networks actually do grab this information, since those companies are notoriously unforthcoming about what data they collect.

When talking about the idea, Weinberg built a quick website,, at the suggestion of friends, which took off earlier this month, and it’s privacy message seemed to resonate with users. In fact, DuckDuckGo’s traffic doubled after the site got attention on Hacker News and Stumbleupon and is now up to about 160,000 queries a day, which equates to about 5 million queries a month.

Weinberg chalks that success up to people not knowing that their search terms were available to marketers on search result pages.

“People know that Google is storing searches and they know about the employee snooping,” Wienberg said. “The part many don’t realize is that the serach term is being sent when the search is in the Google link.”

Google takes issue with the claims made by, pointing out it is the only major search engine to offer HTTPS search, which hides referrer data.

“It’s unfortunate that DuckDuckGo is preying on people’s fears and offering incomplete information in order to garner attention,” a company spokeswoman said in an e-mailed statement.
“For example, it is inaccurate to say that Google uses sensitive health-related terms to target ads on affiliated web pages.

“All search engines and websites use referrer terms as part of the architecture of the web, but we recognize our responsibility to protect the data that users entrust to us and we give them meaningful choices to protect their privacy.”

While that’s a pittance compared to the billions served daily by Google, but many of DuckDuckGo’s users are alpha geeks, much as Google was adopted by the tech set back in the late 1990s. Weinberg powers his search engine using his own web crawler, results from Bing, and APIs from a number of companies, including the mathematical answer engine WolframAlpha.

DuckDuckGo, along with the new, well-funded start-up Blekko, have also been challenging Google on relevance, focusing on removing many spam and low-quality content farms from their results. That approach is resonating, as tech observers have begun to turn on Google for the number of low-quality sites that show up in search results. That’s thanks to search optimization methods used by sites to lure searchers, even if a webpage lacks any quality content.

Weinberg’s search engine avoids the problem of referrers — the habit of web browsers telling a new webpage what page you just came from — by doing a quick redirect any time you click on a link in DuckDuckGo. Like Google, DuckDuckGo also offers an HTTPS version of its search engine, which naturally only passes the top-level domain you are coming from (e.g., instead of passing the entire url along (e.g.’m+searching+for).

Weinberg’s not the first to raise the question. Christopher Soghoian, an independent privacy activist who has worked at the FTC and been a Google intern Fellow, filed an FTC complaint in October last year, alleging Google is violating its privacy promises to users by passing along the queries.

Google itself briefly turned off referrers when it moved to AJAX search, and its HTTPS site, but faced a backlash from online marketers who live and breathe by where they rank in Google searches.

Matt Cutts, Google’s public face for webmasters, defended Google’s policy in a thread on Hacker News, saying the company cares about privacy and users can always try their HTTPS search. As for why the search giant won’t stop sending referrers, Cutts explained, “When Google switched to AJAX-based search, that temporarily stopped sending referrers, and lots of people screamed bloody murder.”

But Weinberg counters that there are other ways for websites to get the data they want without being able to tie it to a particular user using Google’s Webmaster tools, rather than relying on analytics tracking scripts installed on their own website.

“It will tell which terms you are getting traffic from, and how you rank for that term,” Weinberg says. “You can get that info if you need it, so you almost don’t need them to send it.”

Supreme Court hesitant to extend 'personal privacy' restrictions to corporations

It might be an understatement to say the Supreme Court on Wednesday seemed skeptical that corporations have "personal privacy" rights that would prevent the government from releasing documents about them.

The Washington Post reports that it "might be an understatement to say the Supreme
Court on Wednesday seemed skeptical" as it began reviewing a case asking whether corporations have personal privacy rights. The case came after AT&T convinced the U.S. Court of Appeals that an exception in the federal Freedom of Information Act for "personal privacy" extended to the corporation itself, the report states, pointing to a provision in the law where the U.S. Congress defined "person" to include "an individual, partnership, corporation, association or public or private organization." Chief Justice John G. Roberts Jr.,however, said he disagrees with the argument that because "person" includes corporation in one part of the statute, "personal" must include corporations in another part, while Justice Ruth Bader Ginsburg pointed out that the law contains many exceptions, including for medical records, trade secrets and financial records.


19 Ocak 2011 ÇARŞAMBA
Resmî Gazete
Sayı : 27820




Kanun No. 6099 Kabul Tarihi: 11/1/2011

MADDE 1 – 11/2/1959 tarihli ve 7201 sayılı Tebligat Kanununun 1 inci maddesi aşağıdaki şekilde değiştirilmiştir.

“MADDE 1 - Kazaî merciler, 10/12/2003 tarihli ve 5018 sayılı Kamu Malî Yönetimi ve Kontrol Kanununa ekli (I) sayılı cetvelde yer alan genel bütçe kapsamındaki kamu idareleri, (II) sayılı cetvelde yer alan özel bütçeli idareler, (III) sayılı cetvelde yer alan düzenleyici ve denetleyici kurumlar, (IV) sayılı cetvelde yer alan sosyal güvenlik kurumları ile il özel idareleri, belediyeler, köy hükmî şahsiyetleri, barolar ve noterler tarafından yapılacak elektronik ortam da dâhil tüm tebligat, bu Kanun hükümlerine göre Posta ve Telgraf Teşkilatı Genel Müdürlüğü veya memur vasıtasıyla yapılır.”

MADDE 2 – 7201 sayılı Kanuna 7 nci maddeden sonra gelmek üzere aşağıdaki madde eklenmiştir.

“Elektronik tebligat:

MADDE 7/a - Tebligata elverişli bir elektronik adres vererek bu adrese tebligat yapılmasını isteyen kişiye, elektronik yolla tebligat yapılabilir.

Anonim, limited ve sermayesi paylara bölünmüş komandit şirketlere elektronik yolla tebligat yapılması zorunludur.

Birinci ve ikinci fıkra hükümlerine göre elektronik yolla tebligatın zorunlu bir sebeple yapılamaması hâlinde bu Kanunda belirtilen diğer usullerle tebligat yapılır.

Elektronik yolla tebligat, muhatabın elektronik adresine ulaştığı tarihi izleyen beşinci günün sonunda yapılmış sayılır.

Bu maddenin uygulanmasına ilişkin usûl ve esaslar yönetmelikle belirlenir.”

MADDE 3 – 7201 sayılı Kanunun 10 uncu maddesine birinci fıkradan sonra gelmek üzere aşağıdaki fıkra eklenmiştir.

“Bilinen en son adresin tebligata elverişli olmadığının anlaşılması veya tebligat yapılamaması hâlinde, muhatabın adres kayıt sisteminde bulunan yerleşim yeri adresi, bilinen en son adresi olarak kabul edilir ve tebligat buraya yapılır.”

MADDE 4 – 7201 sayılı Kanunun 11 inci maddesine aşağıdaki fıkra, ikinci fıkra olarak eklenmiştir.

“Avukat tarafından takip edilen işlerde, avukatın bürosunda yapılacak tebligatlar, resmî çalışma gün ve saatleri içinde yapılır.”

MADDE 5 – 7201 sayılı Kanunun 21 inci maddesine birinci fıkradan sonra gelmek üzere aşağıdaki fıkra eklenmiş, mevcut ikinci fıkrada yer alan “fıkra” ibaresi “fıkralar” olarak değiştirilmiştir.

“Gösterilen adres muhatabın adres kayıt sistemindeki adresi olup, muhatap o adreste hiç oturmamış veya o adresten sürekli olarak ayrılmış olsa dahi, tebliğ memuru tebliğ olunacak evrakı, o yerin muhtar veya ihtiyar heyeti azasından birine veyahut zabıta amir veya memurlarına imza karşılığında teslim eder ve tesellüm edenin adresini ihtiva eden ihbarnameyi gösterilen adresteki binanın kapısına yapıştırır. İhbarnamenin kapıya yapıştırıldığı tarih, tebliğ tarihi sayılır.”

MADDE 6 – 7201 sayılı Kanunun 23 üncü maddesinin birinci fıkrasının (7) numaralı bendinde yer alan “yapıldığını” ibaresi “yapıldığını, adreste bulunmama” şeklinde değiştirilmiş, fıkraya aşağıdaki (8) numaralı bent eklenmiş ve diğer bent teselsül ettirilmiştir.

“8. Tebligatın adres kayıt sistemindeki adrese yapılması durumunda buna ilişkin kaydı,”

MADDE 7 – 7201 sayılı Kanunun 25/a maddesine aşağıdaki fıkra eklenmiştir.

“Bu maddeye göre kazaî merciler tarafından çıkarılacak tebligatta, tebliğ evrakı doğrudan o yerdeki Türkiye Büyükelçiliği veya Konsolosluğuna gönderilebilir.”

MADDE 8 – 7201 sayılı Kanunun 29 uncu maddesinin birinci fıkrasının (1) numaralı bendinde yer alan “ayrıca” ibaresi metinden çıkarılmış ve anılan bentte yer alan “gazetede” ibaresi “gazetede ve ayrıca elektronik ortamda” olarak değiştirilmiştir.

MADDE 9 – 7201 sayılı Kanunun 35 inci maddesinin ikinci ve dördüncü fıkraları aşağıdaki şekilde değiştirilmiş ve maddeye aşağıdaki fıkra eklenmiştir.

“Adresini değiştiren kimse yenisini bildirmediği ve adres kayıt sisteminde yerleşim yeri adresi de tespit edilemediği takdirde, tebliğ olunacak evrakın bir nüshası eski adrese ait binanın kapısına asılır ve asılma tarihi tebliğ tarihi sayılır.”

“Daha önce tebligat yapılmamış olsa bile, tüzel kişiler bakımından resmî kayıtlardaki adresleri esas alınır ve bu madde hükümleri uygulanır.”

“Daha önce yurt dışındaki adresine tebligat yapılmış Türk vatandaşı, yurt dışı adresini değiştirir ve bunu tebliğ çıkaran mercie bildirmez, adres kayıt sisteminden de yerleşim yeri adresi tespit edilemezse, bu kişinin yurt dışında daha önce tebligat yapılan adresine Türkiye Büyükelçiliği veya Konsolosluğunca 25/a maddesine göre gönderilen bildirimin adrese ulaştığının belgelendiği tarihten itibaren otuz gün sonra tebligat yapılmış sayılır.”

MADDE 10 – 7201 sayılı Kanunun 36 ncı maddesi başlığıyla birlikte aşağıdaki şekilde değiştirilmiştir.

“Celse esnasında veya kalemde tebligat:

MADDE 36 - Celse esnasında veya kalemde, soruşturmaya, davaya ya da takibe ait evrakın, taraflara, ilgili üçüncü kişilere, katılana veya vekillerine tutanağa geçirilmek suretiyle veya imza karşılığında, tebliğ konusu belirtilerek tevdii, tebliğ hükmündedir. Bu durumda ayrıca tebliğ mazbatası düzenlenmesi gerekmez ve masraf da alınmaz.”

MADDE 11 – 7201 sayılı Kanunun 49 uncu maddesi aşağıdaki şekilde değiştirilmiştir.

“MADDE 49 - Tapuda kayıtlı taşınmazların veya miras, istimlak, cebrî icra veya mahkeme ilâmı ile iktisapta bulunan hak sahipleri, adreslerini ve değiştirdikleri takdirde yenisini, bulundukları yerin tapu idaresine bildirmeye mecburdur. Davetiye veya tebliğ evrakı, bu suretle bilinen son adrese gönderilir. Hak sahiplerinin adres bildirmemeleri hâlinde adres kayıt sistemindeki adresleri tebligat adresleri olarak kabul edilir.”

MADDE 12 – 7201 sayılı Kanunun 60 ıncı maddesi başlığıyla birlikte aşağıdaki şekilde değiştirilmiştir.


MADDE 60 - Bu Kanunun uygulanmasına ilişkin usûl ve esaslar İçişleri, Maliye ve Ulaştırma bakanlıklarının görüşü alınmak suretiyle, Adalet Bakanlığı tarafından çıkarılacak yönetmelikle belirlenir.”

MADDE 13 – 7201 sayılı Kanuna aşağıdaki geçici madde eklenmiştir.

“Teknik altyapının kurulması, tüzük hükümlerinin uygulanması:

GEÇİCİ MADDE 1 - Posta ve Telgraf Teşkilatı Genel Müdürlüğü, elektronik ortamda yapılacak tebligatla ilgili her türlü teknik altyapıyı bu maddenin yürürlüğe girdiği tarihten itibaren en geç bir yıl içinde kurarak faaliyete geçirir.

60 ıncı maddede belirtilen yönetmelik, bu maddenin yürürlüğe girdiği tarihi izleyen altı ay içinde hazırlanır. Anılan yönetmelik yürürlüğe girene kadar Tebligat Tüzüğünün bu Kanuna aykırı olmayan hükümlerinin uygulanmasına devam edilir.

Mevzuatta, Tebligat Tüzüğüne yapılan atıflar 60 ıncı madde hükmü uyarınca çıkarılacak yönetmeliğe yapılmış sayılır.”

MADDE 14 – 13/10/1983 tarihli ve 2918 sayılı Karayolları Trafik Kanununun 110 uncu maddesi başlığı ile birlikte aşağıdaki şekilde değiştirilmiştir.

“Görevli ve Yetkili Mahkeme:

MADDE 110 - İşleteni veya sahibi Devlet ve diğer kamu kuruluşları olan araçların sebebiyet verdiği zararlara ilişkin olanları dâhil, bu Kanundan doğan sorumluluk davaları, adli yargıda görülür. Zarar görenin kamu görevlisi olması, bu fıkra hükmünün uygulanmasını önlemez. Hemzemin geçitte meydana gelen tren-trafik kazalarında da bu Kanun hükümleri uygulanır.

Motorlu araç kazalarından dolayı hukuki sorumluluğa ilişkin davalar, sigortacının merkez veya şubesinin veya sigorta sözleşmesini yapan acentenin bulunduğu yer mahkemelerinden birinde açılabileceği gibi kazanın vuku bulduğu yer mahkemesinde de açılabilir.”

MADDE 15 – 2918 sayılı Kanuna aşağıdaki geçici madde eklenmiştir.

“GEÇİCİ MADDE 21 - Bu Kanunun 110 uncu maddesinin birinci fıkrasının göreve ilişkin hükmü, yürürlüğe girdiği tarihten önce idari yargıda ve Askeri Yüksek İdare Mahkemesinde açılmış bulunan davalara uygulanmaz.”

MADDE 16 – 21/6/1987 tarihli ve 3402 sayılı Kadastro Kanununa 36 ncı maddeden sonra gelmek üzere aşağıdaki madde eklenmiştir.

“Kamu tarafından açılan davalarda yargılama giderleri:

MADDE 36/A - Kadastro işlemi ile oluşan tespit ve kayıtların iptali için Devlet veya diğer kamu kurum ve kuruluşları tarafından kayıt lehtarına karşı kadastro mahkemeleri ile genel mahkemelerde açılan davalarda davalı aleyhine vekâlet ücreti dâhil, yargılama giderine hükmolunmaz.”

MADDE 17 – 3402 sayılı Kanuna aşağıdaki geçici madde eklenmiştir.

“GEÇİCİ MADDE 11 - Bu Kanunun 36/A maddesi hükmü, henüz infaz edilmemiş yargı kararlarındaki vekâlet ücreti dâhil yargılama giderleri için de uygulanır.”

MADDE 18 – Bu Kanunun;

a) 1 inci maddesiyle değiştirilen 7201 sayılı Kanunun 1 inci maddesinde yer alan elektronik ortamda tebligata ilişkin hüküm yayımı tarihinden bir yıl sonra,

b) 2 nci maddesiyle 7201 sayılı Kanuna eklenen 7/a maddesinin sermaye şirketlerine elektronik yolla tebligat yapılması zorunluluğu getiren ikinci fıkrası yayımı tarihinden iki yıl sonra, maddenin diğer fıkraları yayımı tarihinden bir yıl sonra,

c) 8 inci maddesi yayımı tarihinden dokuz ay sonra,

ç) Diğer hükümleri yayımı tarihinde,

yürürlüğe girer.

MADDE 19 – Bu Kanun hükümlerini Bakanlar Kurulu yürütür.


German Regulator Breaks Off Google Talks: Using Analytics May Mean Legal Action

German data protection authorities have ended talkswith Google over its free metrics tool, warning that German companies using Google Analytics could face fines and legal action, The Wall Street Journal reports. The tool gathers data about how visitors use Web sites by tracking IP addresses, which regulators have argued could violate individuals' privacy. Google has said its service "complies with European data protection laws and is used by other European data protection authorities on their own Web sites."
Meanwhile, IAB Europe Vice President Kimon Zorbas told the Daily Dashboard, "Web
analytics tools were indispensible for the transformation of Web 1.0 to Web 2.0.
If you restrict a Web site's capacity to analyze which parts are successful and
which are not, you risk catapulting the Internet back to the 'Digital Stone Age.'
Companies would have to guess what's going on on their properties instead of focusing
on how to improve any shortcomings. Cookies-based Web analytics like Google and
many other companies offer are neither intrusive nor do they process personal data."

ENISA: Data Breach Notifications in Europe - new EU Agency Report

The EU's 'cyber security' Agency ENISA, (the European Network and Information Security Agency) has today issued a report on Data Breach Notifications. The EU data breach notification (DBN) requirement for the electronic communications sector in the ePrivacy Directive (2002/58/EC) is vital to increase in the long term the level of data security in Europe. The Agency has reviewed the current situation and identified the key concerns of both the telecom operators and the Data Protection Authorities (DPA)s in its new report.

Recent high profile incidents of personal data loss in Europe have prompted wide discussion about the level of security applied to personal information shared, processed, stored and transmitted electronically.

The Executive Director of the Agency, Prof. Udo Helmbrecht, commented:

"Gaining and maintaining the trust of citizens of that their data is secure and protected is an important factor in the future development and take-up of innovative technologies and online services across Europe."

The introduction of an EU DBN requirement for the electronic communication sector in ePrivacy Directive (2002/58/EC) is important to increase data security in Europe and to reassure citizens that their data is protected by e-communications operators. The Agency has taken stock of the current situation by interviewing the national DPAs and a representative sample of companies. The telecommunications sector recognises that DBN have an important role for data protection and privacy. Yet, operators are seeking clarifications at both EU and local level as to comply with DBN requirements. The expectations of DPAs and operators in most cases overlap, but there are some discrepancies.

Key concerns raised by telecom operators and DPAs include:

- Risk Prioritisation - The seriousness of a breach should determine the
level of response. Breaches should be categorised according to risk
levels to avoid 'notification fatigue'.

- Communication Channels - Operators need assurances that notification
requirements will not impact their brands in a negative way.

- Resources - some regulatory authorities are already occupied with other

- Enforcement - DPAs indicated that sanctioning authority enables them to
better enforce regulations.

- Undue Delay in reporting-Regulators wants short deadlines for reporting
breaches. Service providers, however want to focus their resources on
solving the problem.

- Content of Notifications - Operators want to make sure the notification
content does not impact negatively on customer relations. Regulators
want all the necessary information.

In 2011 the Agency will develop guidelines for the technical
implementation measures and the procedures, as in Art. 4 of Directive
2002/58/EC (
) and analyse the possibility for extending the general obligation of DBN to
other sectors, e.g. the financial sector, health care, and small businesses.
This will be discussed at a workshop ( that ENISA
organises in Brussels on 24 January, 2011.

For full report:

Data Protection Authority Gives Green Light To Nation-Wide Deployment Of Electronic Health Records

On 2 December 2010, the French data protection authority (the Commission Nationale Informatique et Libertés - CNIL) authorised the computer applications which are necessary for the first phase of nation-wide implementation of Personal Health Files (Dossier Médical Personnel - DMP), France's future electronic health records.

First piloted in 2006, the DMPs will be gradually deployed throughout the territory under the jurisdiction of the Agency for Shared Health Information Systems ('ASIP Santé', in French). The DMPs are computerised records created for each beneficiary of the health insurance, if they wish so. These records will enable health professionals and institutions to share patient information that is needed for the coordination of care, provided the patients give their prior consent to the sharing.

The DMP was created by the Act of 13 August 2004 on health insurance, with the purpose of improving to coordination and quality of healthcare, and thus, its continuity. The DMP system will be hosted by a consortium of solidarity companies selected following a tender by ASIP Santé. The consortium was approved by decision of the Minister of Health dated 10 November 2010, after the CNIL and the Committee for the Approval of Hosts (Comité d'agrément des hébergeurs, in French) had delivered their opinions on 30 September 2010 and 1 October 2010 respectively.

DMPs have a number of features that differentiate them from other shared medical records:

They are intended to follow the patients throughout their lives and to enable, through the centralisation of information, the sharing of data that are relevant for the coordination of care between professionals and institutions that may have to provide care to the same patient, anywhere in the country. DMPs thus implement a new patient data sharing method.
They have been designed as the 'patient's file', in that patients control both the content and the access to their records. Patients can access directly, from their PCs, their DMPs and determine which health professionals they wish to give access rights to; likewise, patients have the ability to hide some of the data contained in their records.
The first phase of wide-spread deployment of the DMPs should last for three years. It will be devoted to the gradual implementation of a "basic" medical record which will be fueled in particular with the hospitalisation and consultation summaries. The aim is to place the healthcare professionals in a position to share documents, with the consent and under the control of their patients.

It is worth noting that DMPs are not intended to substitute the paper or computer based records stored at the practice of private doctors or at health institutions; instead, they will add to the existing ones. Their gradual deployment will build on the converging of five regional projects that have already focused on data exchange devices. In contrast, the integration in the DMPs of the information contained in pharmaceutical records as provided by law has been postponed.

The CNIL acknowledged that the development of the DMPs' legal framework will depend on feedback and lessons learnt, but the authority recalled that the definition of such framework is essential to the management of the project. The second deployment phase will therefore have to be part of a regulatory framework defining the DMPs' content and access conditions, as well as the national health number and the conditions for its use. Moreover, the data protection authority indicated that it should be referred to regarding the assessments achieved during the first deployment phase of DMPs and at its end.

Once the update of the software of the professionals and health facilities has been performed according to the requirements defined by ASIP Santé, the existing information systems will be able to 'communicate' with the DMPs; this will save professionals the need to re-log their patients' information. As for professionals who have not yet adapted their software, they will access the DMPs from a website. Any health insurance recipient who has a personal health card (Vitale Card, in French) will be able to create their own DMPs at a health professional's office or at the reception of a health institution and then access them directly through their PCs.

The DMP's creation is voluntary and each patient has to give their consent to such creation. Likewise, patients have a right to close their DMP at any time; closed DMPs will first be archived for ten years and then deleted. During the aforementioned ten year period, DMPs may be reactivated upon the patient's request. A definitive deletion will be possible, without delay, at the patient's request.

Patients will have access to their DMPs and to the history of their records, and they will be able to ask the host for a copy. Last but not least, patients will have the possibility to hide some information contained in their records or to ask a professional to do so.


Uzun zamandır Meclis gündeminde bulunan temel yasalarımızdan olan Türk Ticaret Kanunu Tasarısı nihayet bugün (13.1.2011) yasalaştı.

Ülkemize hayırlı ve uğurlu olmasını diliyorum.

AUSTRALIANS will finally have a chance to shape the nation's $467 million electronic health record system

Federal Health Minister Nicola Roxon has agreed to release confidential plans for widespread debate.

The Labor government's "personally controlled" approach to a nationwide system of sharing patients' medical records has caused much confusion since it was announced a year ago.

But Roxon says a draft concept of operations will soon be issued for public consultation.

"I've said time and again that I'm committed to working with stakeholders to make sure we develop the right e-health system," she says. "Our e-health conference in November was seen as a great starting point for [broader] consultation.

"The next step will be a public discussion paper on the operating concepts for the personally controlled e-health record."

Roxon is referring to a draft framework developed to give registered bidders for a $55 million funding pot for new e-health initiatives some idea of how the thing will work. It was produced by the National E-Health Transition Authority after "behind closed doors" consultations with selected consumer, medical and industry representatives. Other community groups are frustrated by the lack of openness.

Australian Privacy Foundation chairman Roger Clarke has written to NEHTA and the Health Department complaining about the exclusion of "civil society" from deep-level design consultations conducted secretly under non-disclosure arrangements.

The peak privacy body warns of serious deficiencies in PCEHR proposals to date.

"While we are told there is to be rigorous governance and oversight to maintain privacy, the specifics are yet to be decided," Clarke wrote after a consumer roundtable in November.

"The slide-sets shown referred to a predecessor proposal and no documentation has been supplied.

"It is essential that explicit, written undertakings be provided in relation to the design requirements of a record that is 'at all times owned and controlled by the patient', as the minister states."

The APF board is concerned current privacy laws are inadequate for a national system linking individuals' medical and identity information, and that overarching governance arrangements have not been presented.

In fact, a key system design diagram leaked to The Australian in December suggests patients will have limited control of their medical information, as consumer access is confined to a web portal. While this would provide a window to some information, the portal is essentially tacked on top of existing public and private providers' shared systems, and there appears to be no mechanism for consumers to manage access.

It was conceived as a way of giving patients control over who sees their personal information, thus reducing the political heat generated whenever a centralised database is proposed; no other country has come up with a similar PCEHR scheme. It marries two approaches: the more usual shared e-health record system involving the routine workflow between GPs, specialists, pathologists and pharmacists, and the separate notion of a personal e-health record created and maintained by the patient, sometimes through a commercial record service provider.

Critics say the design and accompanying regulatory arrangements are therefore crucial to the system's success.

E-health analyst and AushealthIT blogger David More says that while the release of the draft PCEHR concept will be "a useful but sadly much delayed first step", there needs to be much more consultation and transparency.

"My view is that the PCEHR is really only achievable at the end of a long development journey, and there is a great deal of preliminary work still to be done," he says.

"We need health IT experts and academics who don't happen to work for NEHTA to develop a proper, open, technical dialogue with both healthcare providers and consumers so a useful PCEHR can be delivered."

The new Consumers e-Health Alliance's convener Peter Brown also believes a failure to bring relevant parties together is hampering progress, particularly around technical and regulatory concerns. But he is heartened by assurances given at the e-health conference of a more constructive approach in future.

"Our objectives for a national system would be realised through the creation of a governance advisory body comprising the four pillars: the government agencies, clinical service providers, medical software-makers and consumers," Brown says. "In effect this would, for the first time, provide all key players with a seat at the same table."

Priorities are to ensure that show-stopper issues, including technical standards, are being addressed across the entire health sector. He says consumers are concerned by the public commentary on standards issues raised in relation to the new project tendering processes, for example.

"This ongoing discussion, which is so vital to achieving interoperability, leaves us concerned that network planners are yet to establish a practical and acceptable set of standards for essential functions."

Bringing everyone to the table to resolve a comprehensive agenda of issues "would ensure the PCEHR program is not putting the cart before the horse", Brown says.

Meanwhile, a Health spokeswoman has confirmed the department's willingness to engage more directly with consumers on the PCEHR project.

"This year there will be an emphasis on giving members of the general public an opportunity to provide input on the operational concepts," she says.

"We intend to be very transparent with the release of a series of papers and documents for discussion.

"These will be available online for everyone to see, and engagement will take place via receipt of online feedback, face-to-face meetings and other mechanisms. The department will also engage with stakeholders via formal industry and consumer-led discussion groups."

Government plans FOI extension and greater independence for ICO

ENGLAND : The Government will extend the reach of freedom of information (FOI) laws to an increased number of bodies. It will also make the Information Commissioner's Office (ICO) independent of the Ministry of Justice, Deputy Prime Minister Nick Clegg has said.

Clegg has told the Daily Mail newspaper of the plans, which will ensure that FOI will apply to more publicly-funded and charitable organisations and that the ICO is more independent from Government than is currently the case.

School trusts, the financial ombudsman, the Association of Chief Police Officers (ACPO), the Universities and Colleges Admissions Service (UCAS) and Advertising Standards Association (ASA) will all have to release information, the Daily Mail reported.

Some of the bodies listed, including UCAS and ACPO, were included in a list produced by the last Government of bodies that should be covered by FOI laws.

"Recent years have seen some progress on transparency, most notably through the introduction of the Freedom of Information Act," Clegg said in his interview with the paper. "But that progress has stalled. The Freedom of Information Act was a good start, but it was only a start."

"Exceptions remain far too common and the available information is too often placed behind tedious bureaucratic hurdles," said Clegg. "Free citizens must be able to hold big institutions and powerful individuals to account, and not only the Government."

The extension of FOI laws has been debated in recent years, with the previous Labour Government ruling that some bodies should be brought within its reach, but that companies should not, even when they perform the functions of a public body.

The Scottish Government has said that it wants the Freedom of Information (Scotland) Act to cover companies that carry out the functions of public bodies, including trusts that operate local authority leisure or culture facilities or companies which run prisons and prison escort services.

"There are a whole range of organisations who benefit from public money and whose activities have a profound impact on the public good," said Clegg. "In order to do so, citizens must first know what goes on in these institutions, and they must be at liberty to speak out about the things they discover."