Impact of Technology on Organizational Development Essay

Introduction Technology has left its magical touch everywhere. Business organizations are not out of that magical touch. Organization development and technology are very closely related. Every organization leverages technology to support their overall strategy. Different organizations are using technology to a various extent. By using technology, organizations have become more efficient than organizations before them. Technology allows the organization to achieve their goals. Technological developments enable productivity allowing reorganization of organizational structure, activities and culture. In return, it greatly improves the effectiveness of the organization. However, for this to last and stay a reality, the use of technology should be leveraged at its fullest extent to maximize results. Indeed, the rise in productivity could be a result of organizations having the ability to grasp, appreciate and absorb current technological advances into their structure, creation and culture. Efficient business processes enable business ventures to save money and time. To hold market share, organizations also try to incorporate the latest technologies as much as possible. Organizations should continue to strive to use modern systems that are concurrent with the latest technological advancement. Therefore, regulating modern systems confirms that organizations consistently use up-to-date technological systems to improve business procedures, as well as ensures that those systems and procedures are consistent within the entire organization. If productivity increases, it will be a result of an increase in the efficiency of the business process and decrease in expense which is the indication of an increase in overall income. The scope of technology that a corporation can adopt is immense; starting from buying a personal laptop with an application program, to investment within the latest progressive computer-aided production machinery. No matter the quality of the system or the dimensions of the organization, one factor is for certain – the incorporation of technology or information systems can result in change. Implementation of technological systems will act as a catalyst for change. Literature review Technological use has been widely recognized now. It is very important for an organization’s survival and growth. Among the use of different types of  technology it has been seen that the use of Information Technology (IT) is more frequent. According to Crichton & Edgar (1995), in dealing with the market complexity IT helps an organization to a great extent (Farhanghi, Abbaspour & Ghassemi, 2013). For instance, it has become difficult to run a business in the hotel industry without the help of IT. In the past, the check-in process at a hotel was manual, but now the check-in is performed with the use of software programs. The use of software has made the check-in process easy and time efficient. To evaluate the performance of the employees, hotel businesses are using different software programs such as Small Improvements, TribeHr or HRM Direcct With the help of IT, organizations are able to offer better product offering. Many organizations offer customized products or services to their customers and it is possible only because of technology. Customization in the banking sector can be the best example of customized service offerings. Citibank improved its Internet site in 2002 to provide easy navigation and access for customers, which is the adoption of latest technology in their organization (Mininni, n.d.). This adoption allows the customers of Citibank to set up a customized home page catered to their individual needs and preferences. On the home page, customers can keep the content in a layout that work in the best way for them. Technology plays a vital role in shaping organizational structure. Whisler (1970) argued that increasing vertical information results in centralization of information, and IT impacts the structure of the organization (Farhanghi, Abbaspour & Ghassemi, 2013). According to Church & Waclawski (1998, 2001), people are now in the era of information (Church, Gilbert, Oliver, Paqu et & Surface, 2002). For instance, if an individual wants some information about a specific hotel, he can use a laptop to find information about the hotel. He can reserve a room through online reservation. Hronec (1993), illustrated the role of information as â€Å"vital signs† to drive and evaluate initiatives related to organizational development (OD) and human resource development (HRD) which are more significant now than before (Church, Gilbert, Oliver, Paquet & Surface, 2002). For instance, most organizations are using performance appraisal software such as Trackstar Performance Appraisal, Wingspan, or Empxtrack for the performance appraisal of their employees. Most businesses are now operating either with computers or communication devices. These devices allow the organization to organize information such as data base, personal schedule and so on (McGrath, 2008). In the view of Waclawski & Church (2002), technology has showed a different way to look at OD as a truly data-driven process (Church, Gilbert, Oliver, Paquet & Surface, 2002). Consistent with the view of Tippins (2002), to achieve the advancement in the field of OD, technology has brought more opportunities (Church, Gilbert, Oliver, Paquet & Surface, 2002). Impacts of Technology on Organizational Development Technology has various impacts, both positive and negative, on the development of the organization. Technology definitely has its place among the key parts that form a corporation. The formal structure or arrangements inside a corporation may be plagued by the arrival of recent technology; this does not need to be the case in every circumstances. A change may also occur when businesses change the way they operate. One futurist plan whose views are being validated is that the notion of the virtual geographical point (Kerman, 1995). The basic idea of this concept is that employees are able to work independently and will have accesses to information. The concept of not having a group workplace area definitely would be a modification from the standard routine of being physically present at the workplace from nine to five (ideally) and working. Such a concept would clearly be obsessed on the duty to be accomplished. In the case of virtual work spaces, employees have the autonomy of doing their assigned jobs. Tasks would be more focused, target oriented and the performance evaluation would not be on the basis of face to face interactions rather on the basis of how employees are performing their appointed tasks. Computer networks permit people to react quickly, share ideas, and transfer information regardless of physical locations. This is how technology allows supervisors to monitor the activities of their subordinates without requiring subordinates reporting them physically. Technology provides additional profit to organization, though it has some cost as well. However, in terms of return, it brings more than the cost to the organization. For instance, if a restaurant creates a website and start taking orders online, it would have some costs associated with creation of the website; however the restaurant will be able to tak e more orders than before creating the website. Technology helps to accumulate  ability and reduces duplication of resource. It also enhances career developments and eases the communication among employees of an organization. For example, many organizations use information systems within the organization to allow employees to communicate with leadership and subordinates. Information systems enable easier communication between employees. Technology provides structure making work easier. It increases the safety of recognized sources and interdependencies, allows diversification, and increases accountability between departmental managers. Technology can change the total operating model. For a quality work life, it is important to have a technological advanced setting which supports reduce absences, turnover, and accidents, through the use of prime quality digital computer (Hackman, 1977). Additionally, technology improves company’s sales and services. It improves division work by permitting staff to use personal electronic d evices to make sales displays, transmit orders and client information to the house from workplace. These electronic devices shorten the interval corporations spend receiving and delivering product or services, which can be a competitive advantage for the organization. Corporations can also send sales representatives to multiple markets at a shortest possible time, permitting them to penetrate multiple markets with negligible costs. Each business must use technology to achieve competitive advantage. In today’s environment, time and competence are essential factors in business growth. To survive in business, people should take advantages of technologies. Technology has changed the life of people; it has brought revolutionary changes in each operational sector. Through technological advancement, corporations are able to increase productivity, reduce costs, minimize time, etc. Technological advancement is equally necessary to OD practitioners. OD practitioners can use technology to gather knowledge, analyze actual state of affairs, and provide outcomes. The use of technology within the organization will bring the best result when employees of the organization are connected to the technology. Technological advancement increases competition, fosters rapid growth, and mitigates environmental changes imposing on the organization to reorganize themselves (Cummings & Worley, 2009). Technology dictates the pace of economic process within the space of information and communication technology (ICT) as this is often the main driver of processes. In the 21st century, developing countries are  concentrating on adopting technology as much as possible within organizations. Developing countries are viewing the application of technology in organizations as an economic development. Many organizations from developed countries are doing outsourcing from the developing countries [provide an example here]. These outsourcings are playing a vital role in the economic development of developing countries. Technology has changed the life of people; it has brought revolutionary changes in each operational sector. Through technological advancement, corporations are able to increase productivity, reduce costs, minimize time, etc. Technological advancement is equally necessary to OD practitioners. OD practitioners can use technology to gather knowledge, analyze actual state of affairs, and provide outcomes. The use of technology within the organization will bring the best result when employees of the organization are connected to the technology. Technological advancement increases competition, fosters rapid growth, and mitigates environmental changes imposing on the organization to reorganize themselves (Cummings & Worley, 2009). Technology dictates the pace of economic process within the space of information and communication technology (ICT) as this is often the main driver of processes. In the 21st century, developing countries are concentrating on adopting technology as much as possible within organizations. Developing countries are viewing the application of technology in organizations as an economic development. Many organizations from developed countries are doing outsourcing from the developing countries. These outsourcings are playing a vital role in the economic development of developing countries. Technology helps organizations achieve goals. However, technologies have some blockade. First, technologies are expensive. Second, individuals have to be capable to use advanced technical instruments. Individuals cannot work effectively until there is a free flow of sound data and technology. Proper work results in an increase in profit for the organization. Organizations typically pay a lot for the installation and maintenance of their own technology. Organizations want to keep information secret and safe about their technology. Output will be higher when employees have sound knowledge about the technology within their organization. Organizations have to take initiatives to teach their employees about technology. Once individuals have sound knowledge about technology then they have to know how to apply the application of their  earned knowledge. It is the responsibility of the OD practitioner to find out when individuals need training. OD practitioners try to reduce barriers and increase gains.. Organizations need to provide training about performance, competitions, elaborate program design, and many more. With proper training, employees will be able to make the best use of technology. Thus the organization will be able to achieve the goals. Conclusion In the end it can be said that the installation of a technology in the organization will not be enough to achieve organizational goals. The overall success depends on some other factors as well. Installation of a technology is only the beginning. Organizations have to provide proper training to employees to achieve the maximum advantage from the installation of the technology. Organizations have to have a close look on the performance of the organization as well. OD practitioners play a vital role to get the best result from the use of technology. When a change comes to the organization there will always be some resistant. Some employees may not accept the change. OD practitioners have to deal with these issues. They have to create the readiness for change and overcome the resistance. It is the responsibility of OD practitioners to ensure consistent training for all employees. If training is not consistent among the members of a same group then there could be a probability of conflic t among the group members. OD practitioners have to pay close attention to these issues as well. A combination of effort from all employees within the organization is needed to have the best result from the use of technology. To survive in the present competitive business world technological knowledge is must for any organization.

“A Day without Feminism” Response

After reading â€Å"A Day without Feminism†, I literally said aloud, â€Å"Wow, I’ve taken so many things for granted†. I’m pretty sure my roommate thinks I’m strange for this sudden outburst, but it really shocked me to see how far the women’s movement has taken our society in such a short amount time. In the last paragraph, the question is asked â€Å"Has feminism changed our lives? † The answer to that question is yes. I grew up attending a child-care center, playing in Little League, and taking the classes that everyone in my class took whether male or female. Nancy Drew and the Hardy Boys were what we liked to call â€Å"grandma† books. I won two softball State Championships on the varsity level. I took pre-calculus and calculus, while planning prom and decorating the gym. Girls and young women DO have sex while they’re unmarried (on a pretty frequent basis too). When I make a trip the gynecologist, she always tells me the side effects of my birth control choices. Rarely a day goes by without hearing of another girl who’s decided to explore the lesbian lifestyle. With this being said it’s clear the world I inhabit barely resembles the world these women were born into. Some of these situations that took place just under forty years ago seem completely outrageous. It’s really hard to believe women actually let things like this happen. Examples that stick out in my mind the most include women being â€Å"strapped down and lying down, made to have the child against gravity for the doctor’s convenience† and a woman going â€Å"under the knife to see if she has breast cancer† and â€Å"waking up to find that the choice (Halsted mastectomy) has been made for her†. The conditions of my childhood compared to things like this happening add an overall shock effect in this reading. Although there is such a large shock effect present, I do not feel as if Baumgardner and Richards wanted the shock to overwhelm the reader in a way that seemed outrageous, but they wanted make the reader realize that it would be unfair to consider these advancements as privileges. Privileges are advantages gained usually as a result of wealth or social status, not something fought hard to earn. It’s unfair that we (women) are constantly made to feel that we should be thankful for the social changes that have taken place over the last century. These rights should have never been an issue. They should’ve just been a part of our daily lives, as they were for males. Baumgardner and Richards ask the questions in the second paragraph â€Å"Is feminism dead? † and â€Å"Do we need new strategies? † I feel like the spirit of feminism isn’t dead at all. One milestone, which sticks out clearly in my mind as part of the feminist movement, took place just a short time ago. This milestone occurred around the time that Hilary Clinton entered herself into the race for presidency. It was one of those mountains a woman needed to climb and Hilary Clinton was the first do so. I’m definitely not trying to put Hilary Clinton on a high pedestal. I realize there are many other women who have done phenomenal things over the past thirty years, but it’s just one major example in the progress of feminism I have noticed in my short eighteen years on earth. To answer the second question, I don’t feel like the strategies need to be changed. With writings such as â€Å"A Day without Feminism† floating around and women running for presidency and vice-presidency, I have no doubt that feminism will remain alive until the ultimate goal has been reached. In conclusion, it is essential for us to see change is part of every history and culture. The feministic changes that have been made in the United States were necessary and there is still a lot left to do. After reading â€Å"A Day without Feminism† it’s clear to see our mothers and grandmothers worked hard to make sure we would we would someday reach an even plateau with men and it’s our job to make sure the same is true for future women raised in this country. We should celebrate our female foremothers who had the vision that we should have more. Women have fought for everything we have and we need to continue to the good fight so that one day women will no longer need to fight this fight.

A 3 page good reasons to explain or suggest to the men Duffy Cut why Essay

A 3 page good reasons to explain or suggest to the men Duffy Cut why it is not a good idea for them to come to the United States - Essay Example f other reasons, economic and social should have prevented the journey of fifty-seven Irish laborers to the United States of America to assist in the construction of a railroad by an American contractor named Philip Duffy. All of them succumbed to death by cholera; recent evidence indicates that many of them may have been murdered (O’ Carroll). Most of them were not granted proper funerals, an event which highlighted the low esteem in which people of Ireland and catholic nations in general were held, in the early nineteenth century. the subsequent decades, was reason enough for the laborers to not have gone to the United States of America. A lasting cure for this was found out later on (Thomas), but the condition of cheap labor in America would have been reason for anybody to be cautious. Proper medical facilities were not provided to these man and their lives were often at the risk of being taken by cholera. The condition of the Irish laborers in America was often worse than that of the slaves in America since their wages hardly sufficed for them to afford decent lodgings and good food (Watson, 32). This, along with the threat of disease, meant that the journey to the United States of America was fraught with danger for the Irishmen who worked for Duffy and they undertook it with great peril to their health and eventually, their lives. This alone, should have deterred them from their journey to America. The journey that was undertaken by these people should not have materialized, if they had considered the imm ense risks that it involved, to their lives. The socio-political concerns of the American state were not humanitarian enough to provide safety to these laborers. During this phase, the United States of America, along with other states in Europe, were engaged in improving the state of infrastructure in their countries. Therefore, the safety and well-being of their workers, poor catholic immigrants at that, was not of primary importance to the American

Criminal justice Assignment Example | Topics and Well Written Essays - 500 words - 9

Criminal justice - Assignment Example The result is strong bonding that sees them survive through their term in jail. Women and men who commit crimes are sent to prison according to sex. Serious offenses such as sexual assault prompted creation of separate prisons for males and females. Female prisoners are quite different from male prisoners as they are less violent and rarely fight prison wardens or there inmates as compared to men (Schmalleger, 2008). Furthermore, women easily form bonds as a way of helping each other to survive through the prison sentence. Men have concrete hierarchy basing on gang relations, connections, and physical superiority. It is because of this that women prison has a lesser number of prison officers compared to men. Though the prisons are heavily fortified, those of men require 24 hours surveillance while female prison is not heavily guarded. Female prisons have special units where they can report assault as they are they tend to be verbally expressed than men who tend to solve issues physically. Women are less involved in crimes than men are; therefore, not much study has been conducted. Prison staff is charged with the responsibility of curbing violence among the inmates (Schmalleger, 2008), surveillance to control prison breakouts, quelling riots and offering first aid services. Officers also write reports on overall prison condition, new cases of violence, deaths, and diseases. In addition, the prison staff deals with alcohol and drug dependent inmates. They deal handle sexual offenders within prison, facilitate religious beliefs activities and understanding of diverse backgrounds. Prison staff also deals with different patients including psychiatric cases, offering necessary treatment. Prison rioting is a way of complaining to the authority of the injustices and demanding certain services (Schmalleger, 2008). Inmates often agree

Engineer Science Banding Essay Example | Topics and Well Written Essays - 1500 words

Engineer Science Banding - Essay Example S = 453.33 V (avg) = 3.33 rev/sec Where, V is angular speed S is the number of revolutions Q. no 4 (Solution) (A) Work done = Force * height Torque = force * radius W = 357.14 * 28 250 = force * 700/1000 W = 12.755 Joule 250 = force * 0.7 250 / 0.7 = force Force = 357.14 N (B) 2as = v (final)2 - v (initial)2 As we know that in motion under gravity a is replaced by g Where,a = accelerationg = gravity now, 2gs = v (final)2 - v (initial)2 2 * 9.8 * 28 = v ( final)2 - 0 192.08 = v (final)2Taking square root on both sides V (final) = Linear velocity = 13.85 m/s (C) V (final) = v (initial) + g * t 13.85 = 0 + 9.8 * t 13.85 / 9.8 = t t = 1.41 sec Q. no 2 (solution) (a) V (final) = v (initial) + a * t Force = mass * acceleration 480 = 0 + a * 240 F = 1400 * 2 480 / 240 = a F = 2800 N a = 2 Now,Torque = Force * radius Torque = 2800 * 0.75 Torque = 2100 N-m (B) Whenever a machine carries out a sharing operation, which uses some of... (B) Whenever a machine carries out a sharing operation, which uses some of the energy of cascaded initial system, there is a definitely change in speed (rev/min) occur. Now, we can estimate this with the help of the given table.

Trend in Architecture in the Past Research Paper

Trend in Architecture in the Past - Research Paper Example The research paper "Trend in Architecture in the Past" focuses on a detail discussion about four distinct structure of the ancient time, these are Arch, Dome, vault, and Roof. In this paper, the main discussion is about the structure and method of development of the above four construction in Greece, Egypt, and Mesopotamia. Some of the key structures of ancient Egypt were arch, vault, roof etc. All these three structures were closely related to one another as there is a number of great architectural work in Egypt based on the above three elements. A vault is associated with the architecture of an arch. There is a pair of the arch at both ends of the structure. Between both the arches, there is a long arched tunnel which is generally made up of concrete. To overcome this issue people in Greece, Egypt used to build a vault in. In order to provide support to one part or the finished part people used to take help of the process of centering, the support was at the place until the other sections were finished. In order to ensure strong support to the finished side people also took help of Buttresses which were known for providing all the heavy concrete vaults some extra support. â€Å"Architects would lay layers of light tiles directly on the centering. When the tiles were finished, it gave the centering ex tra support until they laid the final layer of concrete. When all of the concrete was dry and the tiles were laid, the Roman architects would pour concrete onto the vaults until they reached the desired thickness†.

Supply and Demand II Assignment Example | Topics and Well Written Essays - 500 words

Supply and Demand II - Assignment Example Draw this on your graph above. a. (Figure: Supply and Demand with Subsidy) Refer to the figure. Suppose a subsidy allows sellers to receive their product at the price of $8 with a quantity of 400 units. What is the dollar amount of the subsidy per unit of the good? 7. True, False, or Uncertain: A starving farmer accepting a loan from a moneylender at a 25% interest rate is an example of mutually beneficial exchange. Give a one-sentence explanation of your answer. b. If the elasticity of demand for spring break packages to Ibiza is -5, and if you notice that this year in Ibiza the quantity of packages demanded increased by 10%, then what happened to the price of Ibiza vacation packages? c. London real estate developers are building thousands of new student-friendly apartments close to the Strand campus. If you want to pay the lowest rent possible, should you hope that demand for apartments is elastic or inelastic? d. The town council degrees that thousands of apartments close to the Strand campus are uninhabitable and must be torn down next semester. If you want to pay the lowest rent possible, should you hope that demand for apartments is elastic or

Low-Cost Leadership Training Program Essay Example | Topics and Well Written Essays - 500 words

Low-Cost Leadership Training Program - Essay Example Developing an efficient leadership development program is crucial to the performance of an organization. The paper will analyze the best approach to developing a leadership development program outlining the pros and cons associated with it. The development of a leadership training program should be based on three stages. The first stage is where the company plans for the development of a leadership development program (Fairley, 2015). The organization has to examine what it currently has in place so that they can gauge the efforts needed to train their employees. At this point, the organization needs to analyze the benefits of training their employees and the costs to be incurred. The organizational leadership training program should produce benefits that exceed the costs. The benefits should not be determined at the inception stage as the training achieves both short-term and long-term benefits. The next step in developing a low-cost leadership training program is the identification of employee characteristics. Since not all employees can make great leaders, the organization should provide the employees an opportunity to form teams and through these groups employees with the potential to become leaders get identified (Johnson, 2013). Once the groups are formed, the organization should provide them with adequate infrastructural support to ensure the objectives they seek get accomplished. The employee morale is increased through achieving goals and objectives, and leadership qualities improved (Johnson, 2013). Once the outline has been achieved, the next stage in developing a low-cost leadership training is practicing leadership development (Fairley, 2015). The training should include elements such as providing the leader with opportunities to achieve effective communication, conflict resolution, and time management (Fairley, 2015). Development of leadership abilities can be through

God Orginial Food Plan Thesis Example | Topics and Well Written Essays - 15000 words

God Orginial Food Plan - Thesis Example imposed by the federal government in the United States obesity, food borne diseases and food contamination are not uncommon are often heard of in the United States. This study was undertaken to explore God’s original food plan and why human beings deviated from it. To evaluate God’s original food plan dietary laws under four major religions of the world were studied. While some religions permit animal meat restrictions on animal slaughter have been defined. However, all the religions believe in clean, hygienic, natural food and are against genetically engineered food as it amounts to interfering with nature’s (God’s) plan. Consumerism and materialism prompted the food manufacturers to seeker newer ways to lure consumers through offering enhanced nutritional value. This led to use of hormones in cattle, use of pesticides, dietary supplements and additives, in addition to genetic medications and hybrid systems in food production. In addition, long food suppl y chains resulted in food getting contaminated as residues of pesticides persisted. All of these led to increased toxicity and interference with nature’s plan. All the religious heads have expressed their resentment against such foods being supplied as it interferes with God’s original plan. They have insisted that genetically modified foods should be labeled which would enable consumers to take an informed decision. While the government did regulate the sector and framed laws, these laws and regulations were often politicized to suit the larger players in the sector. The study concludes that man has tried to interfere with nature’s bounty. Consumerism, desires and taste for newer varieties of food have taken man away from nature. The desire for more and more profits gave rise to unethical and immoral practices in the food industry where preferences was given to self-rewards and profits over concern for fellow human beings. Even children have not been spared. Th e study concludes by recommending how

Drug policy in Mexico and Colombia Research Paper

Drug policy in Mexico and Colombia - Research Paper Example South America, in stark contrast to its other counterpart North America or U.S.A, the world of riches as we know it, has long being plagued with the curse of poverty and deprivation coupled with alarmingly low levels of overall development. It is known that poverty, chronic unemployment and underemployment and illiteracy often give birth to crimes and Latin America has been no different. In Mexico, unemployment is around 20% while underdevelopment is just the double of unemployment (Gilbert 22). Drug trafficking, with all its vices in this context has been alleged as the prime concern spreading its â€Å"wings† with each passing day not only in Latin American nations but also in the U.S and the whole world. Countries like Mexico and Colombia have been the main architects of drug trafficking throughout the American sub-continent. In the early’80s Colombia used to be the main exporter of drugs and narcotics throughout the world, but with the Colombian government policy ge tting more stringent, Colombian drug-lords started using Mexico, mainly due to its suitable geographic locations to export drugs through Mexico to the U.S. (Rosin, 2). Mexico One prime social policy taken by the Mexican government towards curtailing the drug trafficking is to decrease violence in the Mexican drug market and reduce increasing crime frequency to controllable levels (Venda Felbeb-Brown,1). The ongoing drug war in Mexico is mainly an armed conflict among the several drug cartels fighting each other for market control and also with the Government armed forces installed to fight drug trafficking. Mexico is the main supplier of heroin in U.S. ... ijuana DTO, the Gulf DTO and the Juarez DTO, the smaller organizations being the La Familia(Venda Felbeb-Brown, 5).Further actions taken by the Presidents Vicente Fox and Felipe Calderon pitted the DTOs against the government as well as raised the competition in the market thereby destabilizing it even more. According to the Government data, this drug related violence has till date resulted in the death of more than 34,000 people in the last four years since President Felipe Calderon took charge. The president has used his army troops to combat the drug cartels. Mexican government said that the figures are proofs of desperation of the mafia getting pressurized by the security forces (â€Å"Mexico's drug war: Number of dead passes 30,000†, Dec 16, 2010). Now, the policy taken by the Government to reduce drug trafficking should be constitutional in a way that it should try to bring in some organization in the drug market which is otherwise very unorganized with high transaction costs that undermines the drug market itself. The illegal Mexican drug market really needs an intermediary or regulator to control the frailties of the market. The form of the stabilizer will depend on several factors, one of which is the state itself. There are various possibilities that can be discussed: With the surfacing of one or more DTOs having sufficient control over their territories so as to be able to secure their domains if need be. They should be having adequate control and can impose regulations to carry on their businesses, decrease transaction costs and reach a point of common agreement with newly acquired controls and new-formed boundaries so as to reduce violence. Such territorial division was predominant in Mexico prior to the early 2000s.Such an aspect of evolution is missing

Book Report - Middle School Series Essay Example for Free

Book Report Middle School Series Essay ? Rafe Khatchadorian has enough issues around his family life, without throwing his first year of middle school into the mix. Luckily, hes got an incredible plan for the best year ever, if only he can pull it off. With his best friend Leonardo the Silent awarding him points, Rafe tries to break every rule in his schools Code of Conduct. Having gum in class scores him 5,000 points, running through the hallways, another 10,000 points and pulling the fire alarm, 50,000 points! But not everyone thinks that Rafe’s game is a good idea, especially the teachers, parents and other students at the school, so hell have to decide if winning is all that matters, or if hes finally ready to face the rules, bullies, and truths hes been avoiding. http://www. jamespatterson. com/books_middleSchool. php#. UWY9FFdstN4 Middle School the Worst Years of My Life is written by James Patterson and is a realistic fiction book that takes you through the journey of Rafe’s first year at middle school, dealing with the awkwardness of crushes, bullies, and family issues as he tries to break every rule in the school’s Code of Conduct. The book features many different pictures that tell you what’s going on as well, and is considered a graphic novel. Middle School the Worst Years of my Life received a critical acclaim from the most reviewers, it won the YALSA 2012’s Top Ten Quick Picks for Reluctant Young Readers award and James Patterson got nominated for the Children’s Book Council’s Author of the Year award. James has written well over 50 books, a lot of them being in series, and has won many awards. Middle School the Worst Years of My Life is the first book in the Middle School series. The setting of the Middle School series is in middle school. There is no specific day or time that this book is set in, other than it being during middle school. A lot of the time the rules that are broken are broken within the school timing, but there are one or two rules that get broken out of school times. I think the setting has been chosen well, and believed it suited the book well. The novel starts with Rafe entering sixth grade at Hills Village Middle School. Beginning the new school year with a negative mindset means that Rafe starts the year bored and believes that ‘it was a prison Pilgrims back then, but not too much has changed. Now it’s a prison for sixth, seventh and eighth graders. ’ Rafe quickly understands that he will be stuck in middle school for 3 years, and invents â€Å"Operation R. A. F. E. † with his best friend Leonardo the Silent. The plan was to break every single rule in the schools handbook. He also has to put up with the issues in his home life. His mum is always working double shifts at a diner and never gets time with her children, Rafe, and Rafe’s younger sister, Georgia. He has a verbally abusive stepfather (Bear) who looks after him when his mother is away. Then, there’s Jeanne Galletta, who Rafe is madly in love with. Jeanne is a doubtful of Rafe’s plan and wishes he would spend more time on school work then his games. Operation R. A. F. E’s consequences consists of many detentions with his English teacher, Ms. Donatello. This creates tension between Rafe’s family, and after having a fight with Bear about Leonardo and how he is a bad influence on Rafe, we discover that Leonardo is Rafe’s imaginary friend. Rafe’s actions eventually lead to bad grades, getting himself suspended, and then forced to be tutored by Jeanne, whom he had been trying to avoid because she doesn‘t like him. While the tension in the family gets stronger, Bear throws Rafe’s mother to the ground and moves out, Rafe gets expelled for spraying graffiti on the school walls, but Ms. Donatello see’s the potential artist within him and comes up with the idea to send him to art school. The final part of the book reveals that Leonardo is Rafe’s dead twin brother. An exciting part of the novel is when Rafe graffiti’s the school wall at four in the morning. ‘The next morning, I left a note for Mom saying that I had to go to school extra early to work on a project, which was basically true. I just left out the part about how early meant four in the morning and project meant highly illegal activity. â€Å"You’re not going to regret this,† Leo kept telling me. The way he saw it, the whole point of Operation R. A. F. E. was about breaking rules, so why should I let a little thing like losing the game stop me from doing the part I’d been looking forward to the most? Like I said before – genius†¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦I unpacked my new flat black marker, a big old camping flashlight, and some of my latest practice sketches. I’d drawn these ones on graph paper, which is kind of like a brick wall, to show me how big everything would need to be. But Leo was feeling impatient, â€Å"You don’t need those anymore,† he said. â€Å"The clock’s ticking. Stop thinking so much and just go. † So I did. I set up the flashlight on a rock so that it was shining right at the wall. Then I picked up my marker and started. It was king of slow-moving at the beginning. I wasn’t sure what to draw first, or what order to do things in. But the more I kept going, the more I got into it, and then somewhere along the way everything started to flow†¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦. After a while I was running around like crazy, working over here, working over there and getting up on an old trash can to reach the higher parts when I needed to. The whole thing started to get so big that I felt like I was inside it, even while I was still drawing. It was like Leo had said – I wasn’t thinking anymore. I was just doing it, like the marker was just another part of me, and the lines and shapes and pictures were coming right out of my hand. ’ After a while, the police show up, and are surprised that a kid had done all that work, but then again, it was illegal, so into the cop car went Rafe and Leo. I like this part of the novel because I felt as if I was in the actual scene. It was as if I was Leo and I was scared we’d get caught. This scene, although it’s short, it was intense. You didn’t want Rafe to get caught, but you wanted to know what would have happened when he got caught. I just believe that the way this chapter/scene has been written makes it believable and makes you feel like you’re there. The style of this novel is average pace. The novel begins out very slowly, and it doesn’t have much meaning, but once the novel gets a fair way into it, the drama begins, and the pace slowly picks up. At the end of the novel, things get more intense and more happens in a shorter amount of time, and by the end of the novel, so much has happened, that it takes a while to comprehend what has happened, but you realise that James wrote it that way for a reason, and to me, that reason was so that he could have a short book, that had a lot in it, and might eventually be able to make a movie, much like the Diary of a Wimpy Kid movies. The Worst Years of my Life uses a lot of slang humour, but not so much that it’s over powering, it’s just enough that it creates the characteristics of the book. A genre is the category of artistic composition, as in music or literature, characterized by similarities in form, style, or subject matter. There are several genre’s the feature in this novel, some more than others. The genres that feature heavily in Middle School the Worst Years of My Life are: Comedy Humour Drama The genre that is featured in the book, but not as heavily is romance. Have you ever had a crush on someone and had them not like you back? Romance is a feeling of excitement and mystery associated with love. Rafe Khatchadorian discovers his feelings for Jeanne Galletta on one of his first days at school. They were all sitting in the school gym and she was one of the candidates for the student council representatives and part way through or speech, she offers to buy Rafe fries later that day, and that’s when he knew he liked her. Towards the end of the novel, Rafe’s grades start to go downhill and the school as well as his Mum think it’s a good idea to get some extra help. Little did Rafe know that his dream girl Jeanne was going to be his tutor. Even though Rafe is a teenage boy who likes girls, middle school would not be any good without a sense of humor or a comedian mixed into the scene. The biggest class clown in the school is here, and his name? Rafe Khatchadorian. A class clown is the funniest person in the class who often gets in trouble. Rafe’s first year at middle school is spent trouble making and trying to make people laugh, but not everyone thinks that his plan to break every rule in the Code of Conduct. Miller the Killer was the school bully, and his new prey is Rafe. Throughout Rafe’s middle school year, he comes into conflict with Miller many times. The biggest thing that happens to Rafe because of Miller the Killer is when he discovers Rafe’s notebook with all the Operation R. A. F. E. (Rules Aren’t For Everyone) and makes Rafe buy each page back off of him for a dollar a page, but Rafe discovers Miller’s plan with the notebook early on, and it isn’t pretty. Miller the Killer enjoys making Rafe’s first year at middle school hell, but Rafe enjoys the humorous side of school. School is tough on everyone, so what’s the best way to get through? Have fun! And that’s what Rafe intends to do by breaking all the rules in the Code of Conduct and earning himself points. The catch is, he only gets given three lives, and if he breaks all three, the games over. All the seriousness aside, Rafe gives himself, and Leo a good laugh. The funniest scene in the book to me was when Rafe decides to break the schools dress code, and he was given the best chance to do this with Halloween just around the corner. Leo knew that it would only be a matter of time before Rafe was caught by a teacher, so Leo was giving him 10,000 points for every 50 yards of the school he covered in his costume. Rafe ran, as fast as he could in all black, with a pocket full of Cheerios as throwing stars, and nunchucks made from paper towel roles with rope knotted at either end. Yep, you guessed it. Rafe was a ninja. ‘I came tearing out of that bathroom at full speed and just kept running – through the first floor (10,000! ), up the stairs (10,000! ), down the second floor hall past all the lockers (10,000! ), throwing Cheerios and swinging my nunchucks like crazy. ’ Right before he got caught, Miller the Killer was right in his aim. ‘I made sure my mask was pulled down tight over my face. Then I took a big windup as I went by, and beaned him upside the head with one of the chucks (10,000! ). â€Å"What the ? † Miller turned the wrong way, just as I passed him. By the time he’d figured out where I came from and where I was headed, I’d already left him in the dust. He was twice as big as me, but I was twice as fast. Eat it, Miller! ’ And then it happened. Caught right in the act. Yep, a teacher saw him†¦ Well, he ran into the teacher. Games over Rafe. ‘And then – splam! I ran right into Mrs. Stricker. Literally. Let’s just say, she wasn’t in the mood for wrestling. ’ But Rafe had another plan and it was going to earn him double points. ‘I went into the bathroom and came out a minute later without my ninja costume, running just as fast as before. Some kids got out of my way. Some even ran in the other direction. A few of the girls screamed when I cam2 through, but I dont think they meant it. And a few people even yelled stuff like â€Å"Go, Rafe, go! † and â€Å"Dont let ‘em get you! † Because, like I said, I wasn’t wearing my ninja costume anymore. In fact, I wasn’t wearing much of anything at all. ’ No, he wasn’t naked, but he wasn’t wearing much†¦ ‘Just sneakers, a pair of boxers, and a big old smile. Boy, did Rafe get in big trouble for that, but on the other hand, he did earn himself a lot of points! Rafe loves making people laugh, and I believe that the reason he does it isn’t for other people, but he does it to make himself feel good. I believe that the main theme in this novel is coming of age and growing up into a better person in a way. To me, I think this means that by using the resources that are around you (family, friends etc. ) to become the person you are supposed to be. For Rafe, this is trying to get over his prank, funny, humorous stage, and into the more serious schooling stage. This can be hard for some people, especially when they don’t get along with their family, and when their only friend is in their imagination, but by the end of the book, Rafe has realised that even though he isn’t academically smart, he does have a gift with art, which sees him going to art school. Love is also in the novel, as Rafe discovers Jeanne Galletta, but it doesn’t impact on the story as much as growing up does. The main characters in the book are: Rafael (Rafe) Khatchadorian – Rafe is the trouble maker in the story who is in his first year at Hills Village Middle School. Rafe is important because without him, there is no story. I like this character because he makes the book fun. Even though he isn’t an actual person, this character has a funny personality and a childish sense of humour. I believe that James Patterson has described this character well. Georgia Khatchadorian – Georgia is Rafe’s annoying little sister who likes to be in everyone’s business and know what’s going on in Rafe’s life, especially when he is in trouble. She is also the family tattletale and always dobs Rafe in when she catches him doing something wrong. Even though Georgia annoys Rafe a lot, he also protects her, which is like all siblings love-hate relationships. I like her because I think I can relate to her because I am the younger sister in my family, and I like to annoy my older brother, but I also know that he will always be there for me. I think that Georgia is a main character in this story because she is a part of Rafe’s home issues because she never leaves him alone and always wants to know what’s going on in his life. Carl AKA Bear – Bear is Georgia and Rafe’s, abusive, rude, obese stepdad who can be found on the couch. Bear is often yelling at Rafe after school. He also argues with Mrs. Khatchadorian, Rafe and Georgia’s mum, and one argument let Bear to accidently push her down the front steps, and when the police show up, it doesn’t look good for Carl. I don’t like him at all! He’s so rude and obnoxious, and I would hate to have a step parent as bad as him. Leonardo (Leo) the Silent – Leo is Rafe’s best friend, who we later discover is in his imagination. We also later find out that Leo was Rafe’s twin brother who died when he was still a baby. I think that Leo is the glue that holds everything together. He helps Rafe with school, with home, and he gives him the motivation to keep going when things get tough. I really like Leo the Silent because even though he isn’t real, he is the perfect best friend. Jeanne (Jay-Gee) Galletta – Jeanne is Rafe’s crush. He is madly in love with her, but she is also the goody-two-shoes of the school, and she hates Operation R. A. F. E. I like her but I don’t. I feel like she tries too hard to be a good student, and doesn’t give herself enough freedom, which is why I don’t like her. I think that being a teenager, or getting to that stage  means that you can manage school and social life, and to me, it’s like she has no social life. She’s important in the story because as we get older, we start to see people in different ways, and we start to like them, and I believe that Jeanne is important because without her, it’s not a real adolescent’s life. Ms. Donatello AKA the Dragon Lady – Ms. Donatello is Rafe’s English teacher, as well as his detention buddy. Even though she is strict and can get aggravated easily, she also has Rafe’s best interest at heart and wouldn’t help him if she didn’t believe he was better than what he shows. I like her because I have had plenty of teachers that are hard on me, but they do it because they want what’s best, and without that push, we wouldn’t grow and evolve as people. I understand why Rafe doesn’t particular like her, but teachers always want what’s best, and he will eventually see that. Miller AKA Miller the Killer – Miller is the school bully, hence the name ‘Miller the Killer. ’ He is constantly giving Rafe a hard time throughout his first year at middle school, and without the school bully, school wouldn’t be school. There is always that one person that puts people down to make themselves feel good, although not a lot of bullies take kids lunch money, but hurt them mentally, or even physically. I don’t like Miller because I believe that he hurts people because he can and he needs to get disciplined. Without Miller, or a bully in the book, it wouldn’t be like school life, so I can understand why James Patterson included him in it. I’m not much of a reader, but I really enjoyed this book, and I found it easy to understand and comprehend because of the little sketches throughout the book. This book is much like the Diary of a Wimpy Kid series, and I believe it is aimed at the same kind of age group. I think that I was too old to read this novel, but I didn’t find it so easy that I could just read it in a day, but not hard enough that it took me forever to read. It was a good balance, so I would suggest it for kids 13 years old and younger, somewhere between 9 and 13. To be honest, it was a good book, but it could have been made longer so not everything happened at once towards the end. In general, it was a good read, and I would recommend it to younger kids who enjoy having a good laugh and getting into trouble.

Development of Electronic Data Flows

Development of Electronic Data Flows 1. Introduction The current development on the flow of electronic data, especially those relating to personal data across nations is increasing daily. Most of the flows are related to business activities whereas services are provided to fulfill the needs of people. It also leads to the transformation of commerce, which becomes worldwide and increasingly international. The transfer of huge quantities of data, relating to customers and employees, are required and often occurred among entities that located in different countries. An example would be the system of outsourcing, a practice in which companies and governments hire an external service provider in another country to deliver a program or provide a service, such as managing database of human resources or customers. This can often result in improved efficiencies and levels of services. Further, the advancement of global networks, such as the internet, provides the possibilities to collect, process, and distribute personal data on an unprecedente d scale. However, the trans-border flow of personal data is not only performed by companies or governments but also conducted by individuals in everyday life as well. When the data is used by companies or government, this can represent a high volume of data, such as in the form of the transfer of databases. There will be a quite different volume of data when it is provided by individuals when they disclose their personal data while participating in particular activities, such as browsing the internet or registering on various websites to obtain certain services. Additionally, there is a strong possibility for individuals, who are engaging in data transfer activities to lack of full awareness concerning what could be done to their personal data. In some instances, they do not realize that they have disclosed their personal data and it is subject to transmission and processing within countries not offering the same level of protection as their own country. For example, a student physically located in the Netherlands may complete an online game registration form, containing several spaces soliciting his/her identities, not knowing that the actual service provider is registered in India. Another example, a social worker residing within the United Kingdom might disclose his/her personal data on a web application for an internet banking service provided by a bank based in the United States. From the short description above, the trans-border flow of personal data exists in everyday life on a daily basis and it becomes a vital need of every stakeholder, whether governments or private sectors, including individuals. Nevertheless, while the flow has led to greater efficiencies and economic benefits, on the other hand this kind of flow has also raised concerns that some information could end up in the hands of people for whom it was not intended. Worse even is the situation when no one has realized the flow has taken place, spawning a great opportunity for infringement upon ones privacy rights. Some rules concerning privacy and data protection have been set up at national, regional, and international levels to guarantee privacy as one of the human rights is not harmed by any activity, including data processing as the final purpose of trans-border flow. Consequently, the trans-border flow of personal data has to be conducted in a lawful manner. In this respect, a legal framework on trans-border flow of personal data has been enacted in Europe by the European Commission (EC) under two directives. The first one is Directive 95/46/EC concerning the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data. This Directive has been further equipped by the second directive, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications). In relation to the research objective of this thesis, Directive 95/46/EC is the most relevant and therefore, Directive 2002/58/EC will be referred to when necessary. It should be noted that whenever a term the Directive is being used in this thesis, the term shall refer to Directive 95/46/EC. Under the Directive, a main rule concerning the trans-border flow of personal data has been set up. These include the obligation of data controller to use personal data for specified, explicit, and legitimate purposes, to collect only relevant and necessary data, to guarantee the security of the data against accidental or unauthorized access or manipulation, and in specific cases to notify the competent independent supervisory body before carrying out all or certain types of data processing operations. On the other hand, there is a series of rights for individuals as data subject, such as the right to receive certain information whenever data is collected, to access and correct the data, and to object to certain types of data processing. Nevertheless, all of the practice of these rights and obligations present a significant problem when the trans-border flow of personal data takes place from the European Union/European Economic Area (the EU/EEA) Member States to countries outside the EU/EEA, for the reason that the Directive requires an adequate level of protection in the destination countries. The transfer of personal data to a third country is prohibited when the third country does not have an adequate level of protection to ensure that the processing of personal data will not cause any violation to the rights of data subjects. The binding power of the Directive to the EU/EEA Member States requires each of the Member States to embed the provisions in the Directive into their national legal system. Thus, there is a free zone where trans-border flow of personal data can take place freely among the Member States because they provide the adequate level of protection. Any approval, adequate safeguard, or additional requirement is not necessary to any further extent. As far as public international law is concerned, by applying the extra-territoriality principle, the requirement of the adequacy is automatically fulfilled at the official representatives of the EU/EEA Member States in the third country, such as the Embassy or Consulate General because of the extended jurisdiction of the Member States. However, this principle is not extended to private sectors, since subsidiary offices of multinational companies, still have to abide to the national law in the third country although the base of operations of the company is located in the EU/EEA Member States. In this case, the adequate level of protection is still required even though the transfer is conducted internally among the subsidiaries of the company located in third countries. Currently, the EC has conducted some adequacy findings and has compiled a white list of countries providing an adequate level of protection. This approval means the trans-border flow of personal data can take place as in the free zone between the EU/EEA Member States. However, to date, the white list covers a limited list of countries, seven to be exact. This list might not prove too sufficient from the point of view of multinational companies in accommodating their interest, as it does not include many countries of growing commercial interest. From this point of view, there is a need to harmonize various privacy and data protection regulations in many countries through the establishment of an internationally congruent legal framework for privacy and data protection. Unfortunately, it will take some effort and time for the establishment, while a fast solution is needed. By considering the Directive thus far the strictest legal framework compared with other existing legal framework on privacy and data protection, obviously, there is a need for countries outside the EU/EEA Member States to improve their legal framework to become compliance with adequate level of protection requirement under the Directive. Since Indonesia is neither a Member State of the EU/EEA nor included in the white list of adequacy finding, the requirement of adequate level of protection is applied to Indonesia as a third country. The trans-border flow of personal data only can take place after the data controller is certain that the protection level of personal data in Indonesia is adequate under the Directive. Apparently, Indonesia is needed to criticize, whether or not its legal framework providing an adequate level of protection. Moreover, Indonesia as a Member State of the Asia-Pacific Economic Cooperation (APEC) has received a pressure to provide a sufficient level of protection on trans-border flow of personal data, in relation to the existence of the APEC Privacy Framework. This pressure has become heavier because of Indonesia position as the Association of South East Asian Nations/ASEAN Member States. Therefore, the main objective of this thesis is to examinehow Indonesia can improve its legal framework to comply with the adequate level of protection in view of Directive 95/46/EC. Conducting this examination is important in determining ways Indonesia might be developed into an attractive destination country for international commerce activities. In order to answer the objective of this thesis, three research questions have to be answered: firstly,currently, why Directive 95/46/EC is being acknowledged as the strictest legal instrument concerning privacy and data protection on conducting trans-border flow of personal data compared with other existing legal instruments. Secondly, how the European Commission determines the adequate level of protection in the third country in question under Directive 95/46/EC. Then, thirdly, to what extent legal framework of data protection in Indonesia measures up to the adequate level of protection in Indonesia under Directive 95/46/EC. In line with the effort to answer the first research question, this thesis will try to identify any possibility for improvement towards the current adequacy finding system. Hence, a balance accommodation might be obtained and maintained between the one who requires the adequate level of protection and the one who has to fulfill it. This thesis will be structured as follows. The first chapter is the introduction in which the objective of this thesis is explained. In the second chapter, there will be a brief comparison between the Directive with other legal instruments concerning privacy and data protection. Afterwards, some explanations on the requirement of the adequate level of protection in the light of the Directive will be provided, including the measurement to be used in conducting the adequacy finding and will explore any possible solution if there is no adequate level of protection in the third country in question. Further, this chapter will cover the current problems within the Directive as well as possible suggestions to overcome them. Thus, answering the first and second research question. In the third chapter, relevant issues surrounding Indonesian legal framework will be discussed, including a brief explanation on how Indonesia regulates privacy and data protection as well as a number of the difficulties experienced in doing so. The findings in the second and third chapters shall be employed to carry out the examination in the fourth chapter, which objective is to answer the third research question. The chapter serves to analyze the adequate level of protection of Indonesian legal framework by applying the measurements in the light of the Directive. The analysis will include various potential problems faced by Indonesia on its effort to improve protection of personal data along with several suggestions on how to overcome them. At the final stage, there will be a conclusion, to what extent Indonesia can be deemed as providing an adequate level of protection. As a result, a solution on how Indonesia might improve its legal framework under the Directive to both avoid a lack of protection and offer an adequate level of protection will be achieved. 2. The EU Legal Framework regarding trans-border flow of Personal Data The trans-border flow of personal data is stipulated by regulations concerning data protection. Since the early eighties, several regulations, drawn up by different organizations, have been published in this respect. The first initiative was performed by Organization for Economic Co-operation and Development (OECD) by establishing the Guidelines on the Protection of Privacy and Trans-border Flows of Personal Data (the OECD Guidelines) in 1980. The intention of the Guidelines is to prevent any conflicts between national laws, which can hamper the free flow of personal data between the OECD Member States. This establishment brought an awareness of the importance protection of the trans-border flow of personal data. A similar purpose with the OECD Guidelines has brought the Member States of the Council of Europe (the CoE) to publish a convention on their interest in the following year. They agreed that it is needed to reconcile the fundamental values of the respect for privacy and the free flow of information between them. The agreement is stated in the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (CETS No. 108), with purpose to take into account the right of privacy and the increasing flow across frontiers of personal data in regards of automatic processing, as a way to extend the safeguards for everyones rights and fundamental freedoms. In 1990, by considering the UN has more Member States compared with the OECD and the CoE, Guidelines concerning Computerized Personal Data Files (the UN Guidelines) was established as a way to bring the principles on privacy and data protection being implemented wider among countries. The UN General Assembly through Resolution No. A/RES/45/95 on 14 December 1990, requests the Governments of every Member States to take into account this Guidelines in their legislation. Further, the governmental, intergovernmental, and non-governmental organizations are also requested to respect the Guidelines in carrying out the activities within their field of competence. Nonetheless, the OECD Guidelines, the CETS No. 108, and the UN Guidelines still have some weaknesses. There are some principles of data protection, which are required to be embedded in national laws of each of the Member States but there is no means for ensuring their effective application. For examples, there are no supervisory authority provision in the CETS No. 108 and a lack of procedural clauses in the OECD Guidelines. In another case, concerning the binding power of the instrument, the OECD Guidelines is voluntarily binding to its Member States as well as the UN Guidelines, even though the UN Guidelines has the supervision and sanction provisions. Therefore, Directive 95/46/EC on the Protection of Individuals with regard to the Processing of Personal Data and on the Free Movement of Such Data has been established by the European Union (the EU) to overcome the limited effect of the two Guidelines and the Convention as mentioned above. Good level of compliance, support and help to individual data subject, and appropriate redress to the injured parties are the means used by the Directive for ensuring the effective application of the content of the rules. Apart from the compliance issue, the obligations and rights set down in the Directive are built upon the OECD Guidelines, the CETS No. 108, and the UN Guidelines. These three legal instruments contain similar principles, except for lawfulness, fairness, and non-discrimination principles are from the UN Guidelines; and special categories of data and additional safeguards for the data subject principles are from the ECTS No. 108. While the rest of the adopted principles are collection limitation, data quality, purpose specification, use limitation, security safeguard, openness, individual participation, and accountability. Further, the aims of the Directive can be seen from two perspectives. The first one is the economical perspective, in relation to the establishment and functioning of an internal market, in which to ensure the free movement of goods, persons, services, and capital, including the free movement of personal data. The second is from the fundamental rights perspective, in which to set the rules for high-level data protection to ensure the protection of the fundamental rights of the individuals. The newest legal instrument concerning privacy and data protection is the APEC Privacy Framework 2004 (the Framework), established by Asia-Pacific Economic Cooperation (APEC). The purpose of the Framework is to ensure there are no barriers for information flows among the APEC Member Economies by promoting a consistent approach to data protection. There are nine principles in the Framework that are built based on the OECD Guidelines. In brief, the adopted principles are preventing harm, notice, collection limitation, uses of personal information, choice, integrity of personal information, security safeguard, access and correction, and accountability. However, this Framework has the same weakness as the previous legal instruments on privacy and data protection before the Directive, which is the absent of means for ensuring the effective application of the principles. Additionally, it should be noted that APEC is a forum that established based on a voluntary basis, without any constitut ion or legally binding obligations for the Member Economies. Hence, the Framework is not binding to the Member Economies. From the brief analysis above, currently, the Directive posses the highest level of protection compared with other existing legal instruments on privacy and data protection. In this respect, to achieve the objective of this thesis as stated in the first chapter, the research questions will be answered by focusing on the Directive. Therefore, in the next section, there will be an explanation on the legal bases of trans-border flow of personal data to third countries under the Directive, followed by a rationalization on how the European Commission (EC) determines whether or not an adequate level of protection exists in the third country in question. Subsequently, the means for ensuring the effective application of the content of rules will be elaborated upon a description on a series of possibilities if the third country in question is not deemed to provide an adequate level of protection. Although currently, the Directive provides high-level of protection, some problems and suggestions will be provided, as an effort to address input for improvement. The findings in this chapter will be used to carry out the adequacy finding of Indonesia as a third country (in the fourth chapter) by doing a comparison with the findings on Indonesian legal framework in chapter three. 2. The Legal Bases of Trans-border Flows of Personal Data to Third Countries The trans-border flow of personal data to a third country to be acknowledged as lawful, it has to be conducted in accordance with the national data protection law of the EU/EEA Member States. It is applicable to the data controllers established in the EU, both at the time when data is being collected and processed. In general, the law consists of a combination between the obligations of data controllers and the rights of data subject. Before the establishment of the Directive, these rights and obligations were regulated under some national data protection laws with different level of protection. In the light of the functioning of internal market in the EU/EEA, all these obligations and rights, including certain procedures to be applied in case of trans-border flow of personal data to a third country, are regulated in the Directive. Whereas the Directive is legally binding to the EU/EEA Member States, an adequate level of protection is fulfilled and consequently trans-border flow of personal data is able to take place among them. Further, when the personal data is used for electronic communication purposes, then the rights and obligations as lay down in Directive 2002/58/EC shall take place. There are three possible types of transfer under the Directive. The first and second types are a communication of personal data by a data controller based in the EU/EEA Member States to another data controller or to a processor based in a third country. Another possibility type is a communication of personal data by a data subject based in the EU/EEA Member States to a data controller based in a third country. Nevertheless, it should noted that the Directive does not cover transfers of personal data in the course of judicial and police cooperation activities falling within Titles V and VI of the Treaty on European Union. The main regulation in the Directive concerning trans-border flow of personal data to a third country is Article 25. The first paragraph of the Article sets out the principle that the EU/EEA Member States shall allow the transfer of personal data only if the third country in question ensures an adequate level of protection. From this provision, it is necessary to explain further on the subject of the transfer of personal data and an adequate level of protection. First, what the Directive means by the transfer of personal data. Undoubtedly, it is often associated with the act of sending or transmitting personal data from one country to another, for instance by sending paper or electronic documents containing personal data by post or e-mail. By seeing from a different perspective, the situation where one conducts a certain activity with the purpose to make data available for others, besides the owner of the data (the data subject), and located in another country, is included as a trans-border flow of personal data. However, by making data accessible for everyone who connects to internet by uploading any personal data on internet web pages, even though that person is located in another country, is not included in the meaning of transfer of personal data to another country. The reason for the previous statement is this kind of activity is properly acknowledged as publishing activity, not transferring activity. This exception is stated clearly by the Court of Justice in the Bodil Lindqvist Case as there is no transfer of personal data to a third country where an individual in a Member State loads personal data onto an internet page making those data accessible to anyone who connects to the internet, including people in a third country. Subsequently, since the Directive is binding to 27 EU Member States, including three countries (Norway, Liechtenstein, and Iceland), which are bound by the Directive by virtue of the European Economic Area agreement (EEA), personal data can flow freely among them. In other words, there is a free zone among the EU/EEA member states. Therefore, transfer in the light of the Directive has to be seen as transfer of personal data from EU/EEA member states to other countries outside EU/EEA, which are recognized as third countries, and the adequate level of protection in those third countries has to be assessed. There is a so-called white list of countries, which have been assessed by the EC and affirmed to provide an adequate level of protection according to the Directive. Currently, the list consists of seven countries as follows: Argentina, Canada (limited to private sector data), Switzerland, United States (Safe Harbor and specific type of transfer: Passenger Name Record/PNR), the Bailiwick of Guernsey, the Isle of Man, and the Bailiwick of Jersey. The approval of adequacy shall be analyzed more carefully because once a country is listed in the white list, does not automatically mean that personal data can flow to the country freely. One should pay attention whether the affirmation is given for the entire legal framework or only for certain part of it in a specific field, sector (public or private), or regarding a specific type of transfer. Insofar, even though the result of adequacy finding shows that the data protection level in certain countries is not adequate, the EC will not create a black list for that negative finding because of political consequences. Instead of the black list, the EC tends to enter into negotiation with the certain country in order to find a solution. It can be concluded from the foregoing, that the adequacy finding is temporary and subject to be reviewed. Procedure of the Adequacy Finding In acknowledging the adequacy finding, the EC has to follow certain procedure, which has been determined in Article 25 Paragraph (6) of the Directive and is known as comitology. At first, there will be a proposal from the EC, followed by an opinion from Article 29 Working Party and an opinion from Article 31 Management Committee, which needs to be delivered by a qualified majority of member states. Afterwards, the EC submits the proposed finding to the European Parliament (EP), who will examine whether the EC has used its executing powers correctly and comes up with recommendation if necessary. As a final point, the EC then can formally issue the result of the adequacy finding. In the next section, the measurements used by the EC in conducting the finding will be explained in detail. 3. Assessing the Adequate Level of Protection The Article 29 Working Party has given an obvious statement thatany meaningful analysis of adequate protection must comprise the two basic elements: the content of the rules applicable and the means for ensuring their effective application.According to WP 12 of the European Commission (EC), a set of content principles that should be embodied in the existing regulations are the following: Purpose limitation principle: data should be processed for a specific purpose and subsequently used or further communicated only if it is compatible with the purpose of the transfer. Data quality and proportionality principle: data should be accurate and, where necessary, kept up to date. Transparency principle: individuals should be provided with information as to the purpose of the processing, the identity of the data controller in the third country and other necessary information to ensure fairness. Security principle: technical and organizational measures should be taken by the data controller that are appropriate to the risks presented by the processing. Rights of access, rectification and opposition: the data subject have the right to obtain a copy of all data relating to him/her that are processed, to rectification of those data that are shown to be inaccurate, and be able to object to the processing of the data. Restrictions on onwards transfers to non-parties to the contract: further transfers of the personal data by the recipient of the original data transfer only permitted if the second recipient provides an adequate level of protection. In addition to these content principles, another set of the means for ensuring the effective application of the principles, whether judicial or non-judicial, are required in order to fulfill the following objectives: Good level of compliance with the rules: the level of awareness of controllers and data subjects and the existence of effective and dissuasive sanctions are the measurements to examine the compliance level, including direct verification by authorities, auditors, or independent data protection officials. Support and help to individual data subjects: an individual should be able to enforce his/her rights rapidly and effectively without prohibitive cost. Institutional mechanism is needed to conduct independent investigation of complaints. Appropriate redress to the injured parties: where rules are not complied, redress to the injured party with independent adjudication or arbitration is provided, including compensation and sanction impose. Beyond the content principles, some additional principles are still needed to consider when it comes to certain types of processing. Additional safeguards when sensitive categories of data are involved and a right to opt-out when data are processed for direct marketing purposes should be in place. Another principle is the right for the data subject not to be a subject to an automated individual decision that intended to evaluate certain aspects, which can give any legal effects and have a significant effect to the data subject. These content principles, including additional principles, and the means for ensuring their effectiveness should be viewed as a minimum requirement in assessing the adequate level of protection in all cases. However, according to Article 25 Paragraph 2 of the Directive, in some cases, there will be two possibilities. There is a need to add the list with more requirements or to reduce it. To determine whether some requirements need to be added or reduced, the degree of risk that the transfer poses to the data subject becomes an important factor. The Article 29 Working Party has provided a list of categories of transfer, which poses particular risks to privacy, as mentioned below: Transfers involving certain sensitive categories of data as defined by Article 8 of the Directive Transfers which carry the risk of financial loss (e.g., credit card payments over the internet) Transfers carrying a risk to personal safety Transfers made for the purpose of making a decision which significantly affects the individual (e.g., recruitment or promotion decisions, the granting of credit, etc) Transfers which carry a risk of serious embarrassment or tarnishing of an individuals reputation Transfers which may result in specific actions which constitute a significant intrusion into an individuals private life (e.g., unsolicited telephone calls) Repetitive transfers involving massive volumes of data (e.g., transactional data processed over telecommunications networks, the Internet, etc.) Transfers involving the collection of data in a particularly covert or clandestine manner (e.g., internet cookies) To sum up, the circumstances should be taken into account when assessing adequacy in a specific case, being: the nature of the data the purpose and duration of the proposed processing operations the country of origin and the country of final destination the rules of law, both general and sectoral, in force in the country in question the professional rules and the security measures which are complied with in that country. Self -regulation From the circumstances as referred to Article 25 Paragraph 2 of the Directive, it can be seen that the assessments of the adequate level of protection is conducted according to the rules of law as well as the professional rules and the security measures. In other words, it has to be examined from a self-regulation perspective as well. The Article 29 Working Party presents a broad meaning of self-regulation asany set of data protection rules applying to a plurality of the data controllers from the same profession or industry sector, the content of which has been determined primarily by members of the industry or profession concerned.This wide definition offers the possibility to on the one hand a voluntary data protection code developed by a small industry association with only a few members and on the other hand a set of codes of professional ethics with quasi judicial force for a certain profession, such as doctors or bankers. Still, one should bear in mind, to be considered as an appropriate legal instrument to be analyzed, it has to have binding power to its members and has to provide adequate safeguards if the personal data are transferred again to non-member entities. Ob Development of Electronic Data Flows Development of Electronic Data Flows 1. Introduction The current development on the flow of electronic data, especially those relating to personal data across nations is increasing daily. Most of the flows are related to business activities whereas services are provided to fulfill the needs of people. It also leads to the transformation of commerce, which becomes worldwide and increasingly international. The transfer of huge quantities of data, relating to customers and employees, are required and often occurred among entities that located in different countries. An example would be the system of outsourcing, a practice in which companies and governments hire an external service provider in another country to deliver a program or provide a service, such as managing database of human resources or customers. This can often result in improved efficiencies and levels of services. Further, the advancement of global networks, such as the internet, provides the possibilities to collect, process, and distribute personal data on an unprecedente d scale. However, the trans-border flow of personal data is not only performed by companies or governments but also conducted by individuals in everyday life as well. When the data is used by companies or government, this can represent a high volume of data, such as in the form of the transfer of databases. There will be a quite different volume of data when it is provided by individuals when they disclose their personal data while participating in particular activities, such as browsing the internet or registering on various websites to obtain certain services. Additionally, there is a strong possibility for individuals, who are engaging in data transfer activities to lack of full awareness concerning what could be done to their personal data. In some instances, they do not realize that they have disclosed their personal data and it is subject to transmission and processing within countries not offering the same level of protection as their own country. For example, a student physically located in the Netherlands may complete an online game registration form, containing several spaces soliciting his/her identities, not knowing that the actual service provider is registered in India. Another example, a social worker residing within the United Kingdom might disclose his/her personal data on a web application for an internet banking service provided by a bank based in the United States. From the short description above, the trans-border flow of personal data exists in everyday life on a daily basis and it becomes a vital need of every stakeholder, whether governments or private sectors, including individuals. Nevertheless, while the flow has led to greater efficiencies and economic benefits, on the other hand this kind of flow has also raised concerns that some information could end up in the hands of people for whom it was not intended. Worse even is the situation when no one has realized the flow has taken place, spawning a great opportunity for infringement upon ones privacy rights. Some rules concerning privacy and data protection have been set up at national, regional, and international levels to guarantee privacy as one of the human rights is not harmed by any activity, including data processing as the final purpose of trans-border flow. Consequently, the trans-border flow of personal data has to be conducted in a lawful manner. In this respect, a legal framework on trans-border flow of personal data has been enacted in Europe by the European Commission (EC) under two directives. The first one is Directive 95/46/EC concerning the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data. This Directive has been further equipped by the second directive, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications). In relation to the research objective of this thesis, Directive 95/46/EC is the most relevant and therefore, Directive 2002/58/EC will be referred to when necessary. It should be noted that whenever a term the Directive is being used in this thesis, the term shall refer to Directive 95/46/EC. Under the Directive, a main rule concerning the trans-border flow of personal data has been set up. These include the obligation of data controller to use personal data for specified, explicit, and legitimate purposes, to collect only relevant and necessary data, to guarantee the security of the data against accidental or unauthorized access or manipulation, and in specific cases to notify the competent independent supervisory body before carrying out all or certain types of data processing operations. On the other hand, there is a series of rights for individuals as data subject, such as the right to receive certain information whenever data is collected, to access and correct the data, and to object to certain types of data processing. Nevertheless, all of the practice of these rights and obligations present a significant problem when the trans-border flow of personal data takes place from the European Union/European Economic Area (the EU/EEA) Member States to countries outside the EU/EEA, for the reason that the Directive requires an adequate level of protection in the destination countries. The transfer of personal data to a third country is prohibited when the third country does not have an adequate level of protection to ensure that the processing of personal data will not cause any violation to the rights of data subjects. The binding power of the Directive to the EU/EEA Member States requires each of the Member States to embed the provisions in the Directive into their national legal system. Thus, there is a free zone where trans-border flow of personal data can take place freely among the Member States because they provide the adequate level of protection. Any approval, adequate safeguard, or additional requirement is not necessary to any further extent. As far as public international law is concerned, by applying the extra-territoriality principle, the requirement of the adequacy is automatically fulfilled at the official representatives of the EU/EEA Member States in the third country, such as the Embassy or Consulate General because of the extended jurisdiction of the Member States. However, this principle is not extended to private sectors, since subsidiary offices of multinational companies, still have to abide to the national law in the third country although the base of operations of the company is located in the EU/EEA Member States. In this case, the adequate level of protection is still required even though the transfer is conducted internally among the subsidiaries of the company located in third countries. Currently, the EC has conducted some adequacy findings and has compiled a white list of countries providing an adequate level of protection. This approval means the trans-border flow of personal data can take place as in the free zone between the EU/EEA Member States. However, to date, the white list covers a limited list of countries, seven to be exact. This list might not prove too sufficient from the point of view of multinational companies in accommodating their interest, as it does not include many countries of growing commercial interest. From this point of view, there is a need to harmonize various privacy and data protection regulations in many countries through the establishment of an internationally congruent legal framework for privacy and data protection. Unfortunately, it will take some effort and time for the establishment, while a fast solution is needed. By considering the Directive thus far the strictest legal framework compared with other existing legal framework on privacy and data protection, obviously, there is a need for countries outside the EU/EEA Member States to improve their legal framework to become compliance with adequate level of protection requirement under the Directive. Since Indonesia is neither a Member State of the EU/EEA nor included in the white list of adequacy finding, the requirement of adequate level of protection is applied to Indonesia as a third country. The trans-border flow of personal data only can take place after the data controller is certain that the protection level of personal data in Indonesia is adequate under the Directive. Apparently, Indonesia is needed to criticize, whether or not its legal framework providing an adequate level of protection. Moreover, Indonesia as a Member State of the Asia-Pacific Economic Cooperation (APEC) has received a pressure to provide a sufficient level of protection on trans-border flow of personal data, in relation to the existence of the APEC Privacy Framework. This pressure has become heavier because of Indonesia position as the Association of South East Asian Nations/ASEAN Member States. Therefore, the main objective of this thesis is to examinehow Indonesia can improve its legal framework to comply with the adequate level of protection in view of Directive 95/46/EC. Conducting this examination is important in determining ways Indonesia might be developed into an attractive destination country for international commerce activities. In order to answer the objective of this thesis, three research questions have to be answered: firstly,currently, why Directive 95/46/EC is being acknowledged as the strictest legal instrument concerning privacy and data protection on conducting trans-border flow of personal data compared with other existing legal instruments. Secondly, how the European Commission determines the adequate level of protection in the third country in question under Directive 95/46/EC. Then, thirdly, to what extent legal framework of data protection in Indonesia measures up to the adequate level of protection in Indonesia under Directive 95/46/EC. In line with the effort to answer the first research question, this thesis will try to identify any possibility for improvement towards the current adequacy finding system. Hence, a balance accommodation might be obtained and maintained between the one who requires the adequate level of protection and the one who has to fulfill it. This thesis will be structured as follows. The first chapter is the introduction in which the objective of this thesis is explained. In the second chapter, there will be a brief comparison between the Directive with other legal instruments concerning privacy and data protection. Afterwards, some explanations on the requirement of the adequate level of protection in the light of the Directive will be provided, including the measurement to be used in conducting the adequacy finding and will explore any possible solution if there is no adequate level of protection in the third country in question. Further, this chapter will cover the current problems within the Directive as well as possible suggestions to overcome them. Thus, answering the first and second research question. In the third chapter, relevant issues surrounding Indonesian legal framework will be discussed, including a brief explanation on how Indonesia regulates privacy and data protection as well as a number of the difficulties experienced in doing so. The findings in the second and third chapters shall be employed to carry out the examination in the fourth chapter, which objective is to answer the third research question. The chapter serves to analyze the adequate level of protection of Indonesian legal framework by applying the measurements in the light of the Directive. The analysis will include various potential problems faced by Indonesia on its effort to improve protection of personal data along with several suggestions on how to overcome them. At the final stage, there will be a conclusion, to what extent Indonesia can be deemed as providing an adequate level of protection. As a result, a solution on how Indonesia might improve its legal framework under the Directive to both avoid a lack of protection and offer an adequate level of protection will be achieved. 2. The EU Legal Framework regarding trans-border flow of Personal Data The trans-border flow of personal data is stipulated by regulations concerning data protection. Since the early eighties, several regulations, drawn up by different organizations, have been published in this respect. The first initiative was performed by Organization for Economic Co-operation and Development (OECD) by establishing the Guidelines on the Protection of Privacy and Trans-border Flows of Personal Data (the OECD Guidelines) in 1980. The intention of the Guidelines is to prevent any conflicts between national laws, which can hamper the free flow of personal data between the OECD Member States. This establishment brought an awareness of the importance protection of the trans-border flow of personal data. A similar purpose with the OECD Guidelines has brought the Member States of the Council of Europe (the CoE) to publish a convention on their interest in the following year. They agreed that it is needed to reconcile the fundamental values of the respect for privacy and the free flow of information between them. The agreement is stated in the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (CETS No. 108), with purpose to take into account the right of privacy and the increasing flow across frontiers of personal data in regards of automatic processing, as a way to extend the safeguards for everyones rights and fundamental freedoms. In 1990, by considering the UN has more Member States compared with the OECD and the CoE, Guidelines concerning Computerized Personal Data Files (the UN Guidelines) was established as a way to bring the principles on privacy and data protection being implemented wider among countries. The UN General Assembly through Resolution No. A/RES/45/95 on 14 December 1990, requests the Governments of every Member States to take into account this Guidelines in their legislation. Further, the governmental, intergovernmental, and non-governmental organizations are also requested to respect the Guidelines in carrying out the activities within their field of competence. Nonetheless, the OECD Guidelines, the CETS No. 108, and the UN Guidelines still have some weaknesses. There are some principles of data protection, which are required to be embedded in national laws of each of the Member States but there is no means for ensuring their effective application. For examples, there are no supervisory authority provision in the CETS No. 108 and a lack of procedural clauses in the OECD Guidelines. In another case, concerning the binding power of the instrument, the OECD Guidelines is voluntarily binding to its Member States as well as the UN Guidelines, even though the UN Guidelines has the supervision and sanction provisions. Therefore, Directive 95/46/EC on the Protection of Individuals with regard to the Processing of Personal Data and on the Free Movement of Such Data has been established by the European Union (the EU) to overcome the limited effect of the two Guidelines and the Convention as mentioned above. Good level of compliance, support and help to individual data subject, and appropriate redress to the injured parties are the means used by the Directive for ensuring the effective application of the content of the rules. Apart from the compliance issue, the obligations and rights set down in the Directive are built upon the OECD Guidelines, the CETS No. 108, and the UN Guidelines. These three legal instruments contain similar principles, except for lawfulness, fairness, and non-discrimination principles are from the UN Guidelines; and special categories of data and additional safeguards for the data subject principles are from the ECTS No. 108. While the rest of the adopted principles are collection limitation, data quality, purpose specification, use limitation, security safeguard, openness, individual participation, and accountability. Further, the aims of the Directive can be seen from two perspectives. The first one is the economical perspective, in relation to the establishment and functioning of an internal market, in which to ensure the free movement of goods, persons, services, and capital, including the free movement of personal data. The second is from the fundamental rights perspective, in which to set the rules for high-level data protection to ensure the protection of the fundamental rights of the individuals. The newest legal instrument concerning privacy and data protection is the APEC Privacy Framework 2004 (the Framework), established by Asia-Pacific Economic Cooperation (APEC). The purpose of the Framework is to ensure there are no barriers for information flows among the APEC Member Economies by promoting a consistent approach to data protection. There are nine principles in the Framework that are built based on the OECD Guidelines. In brief, the adopted principles are preventing harm, notice, collection limitation, uses of personal information, choice, integrity of personal information, security safeguard, access and correction, and accountability. However, this Framework has the same weakness as the previous legal instruments on privacy and data protection before the Directive, which is the absent of means for ensuring the effective application of the principles. Additionally, it should be noted that APEC is a forum that established based on a voluntary basis, without any constitut ion or legally binding obligations for the Member Economies. Hence, the Framework is not binding to the Member Economies. From the brief analysis above, currently, the Directive posses the highest level of protection compared with other existing legal instruments on privacy and data protection. In this respect, to achieve the objective of this thesis as stated in the first chapter, the research questions will be answered by focusing on the Directive. Therefore, in the next section, there will be an explanation on the legal bases of trans-border flow of personal data to third countries under the Directive, followed by a rationalization on how the European Commission (EC) determines whether or not an adequate level of protection exists in the third country in question. Subsequently, the means for ensuring the effective application of the content of rules will be elaborated upon a description on a series of possibilities if the third country in question is not deemed to provide an adequate level of protection. Although currently, the Directive provides high-level of protection, some problems and suggestions will be provided, as an effort to address input for improvement. The findings in this chapter will be used to carry out the adequacy finding of Indonesia as a third country (in the fourth chapter) by doing a comparison with the findings on Indonesian legal framework in chapter three. 2. The Legal Bases of Trans-border Flows of Personal Data to Third Countries The trans-border flow of personal data to a third country to be acknowledged as lawful, it has to be conducted in accordance with the national data protection law of the EU/EEA Member States. It is applicable to the data controllers established in the EU, both at the time when data is being collected and processed. In general, the law consists of a combination between the obligations of data controllers and the rights of data subject. Before the establishment of the Directive, these rights and obligations were regulated under some national data protection laws with different level of protection. In the light of the functioning of internal market in the EU/EEA, all these obligations and rights, including certain procedures to be applied in case of trans-border flow of personal data to a third country, are regulated in the Directive. Whereas the Directive is legally binding to the EU/EEA Member States, an adequate level of protection is fulfilled and consequently trans-border flow of personal data is able to take place among them. Further, when the personal data is used for electronic communication purposes, then the rights and obligations as lay down in Directive 2002/58/EC shall take place. There are three possible types of transfer under the Directive. The first and second types are a communication of personal data by a data controller based in the EU/EEA Member States to another data controller or to a processor based in a third country. Another possibility type is a communication of personal data by a data subject based in the EU/EEA Member States to a data controller based in a third country. Nevertheless, it should noted that the Directive does not cover transfers of personal data in the course of judicial and police cooperation activities falling within Titles V and VI of the Treaty on European Union. The main regulation in the Directive concerning trans-border flow of personal data to a third country is Article 25. The first paragraph of the Article sets out the principle that the EU/EEA Member States shall allow the transfer of personal data only if the third country in question ensures an adequate level of protection. From this provision, it is necessary to explain further on the subject of the transfer of personal data and an adequate level of protection. First, what the Directive means by the transfer of personal data. Undoubtedly, it is often associated with the act of sending or transmitting personal data from one country to another, for instance by sending paper or electronic documents containing personal data by post or e-mail. By seeing from a different perspective, the situation where one conducts a certain activity with the purpose to make data available for others, besides the owner of the data (the data subject), and located in another country, is included as a trans-border flow of personal data. However, by making data accessible for everyone who connects to internet by uploading any personal data on internet web pages, even though that person is located in another country, is not included in the meaning of transfer of personal data to another country. The reason for the previous statement is this kind of activity is properly acknowledged as publishing activity, not transferring activity. This exception is stated clearly by the Court of Justice in the Bodil Lindqvist Case as there is no transfer of personal data to a third country where an individual in a Member State loads personal data onto an internet page making those data accessible to anyone who connects to the internet, including people in a third country. Subsequently, since the Directive is binding to 27 EU Member States, including three countries (Norway, Liechtenstein, and Iceland), which are bound by the Directive by virtue of the European Economic Area agreement (EEA), personal data can flow freely among them. In other words, there is a free zone among the EU/EEA member states. Therefore, transfer in the light of the Directive has to be seen as transfer of personal data from EU/EEA member states to other countries outside EU/EEA, which are recognized as third countries, and the adequate level of protection in those third countries has to be assessed. There is a so-called white list of countries, which have been assessed by the EC and affirmed to provide an adequate level of protection according to the Directive. Currently, the list consists of seven countries as follows: Argentina, Canada (limited to private sector data), Switzerland, United States (Safe Harbor and specific type of transfer: Passenger Name Record/PNR), the Bailiwick of Guernsey, the Isle of Man, and the Bailiwick of Jersey. The approval of adequacy shall be analyzed more carefully because once a country is listed in the white list, does not automatically mean that personal data can flow to the country freely. One should pay attention whether the affirmation is given for the entire legal framework or only for certain part of it in a specific field, sector (public or private), or regarding a specific type of transfer. Insofar, even though the result of adequacy finding shows that the data protection level in certain countries is not adequate, the EC will not create a black list for that negative finding because of political consequences. Instead of the black list, the EC tends to enter into negotiation with the certain country in order to find a solution. It can be concluded from the foregoing, that the adequacy finding is temporary and subject to be reviewed. Procedure of the Adequacy Finding In acknowledging the adequacy finding, the EC has to follow certain procedure, which has been determined in Article 25 Paragraph (6) of the Directive and is known as comitology. At first, there will be a proposal from the EC, followed by an opinion from Article 29 Working Party and an opinion from Article 31 Management Committee, which needs to be delivered by a qualified majority of member states. Afterwards, the EC submits the proposed finding to the European Parliament (EP), who will examine whether the EC has used its executing powers correctly and comes up with recommendation if necessary. As a final point, the EC then can formally issue the result of the adequacy finding. In the next section, the measurements used by the EC in conducting the finding will be explained in detail. 3. Assessing the Adequate Level of Protection The Article 29 Working Party has given an obvious statement thatany meaningful analysis of adequate protection must comprise the two basic elements: the content of the rules applicable and the means for ensuring their effective application.According to WP 12 of the European Commission (EC), a set of content principles that should be embodied in the existing regulations are the following: Purpose limitation principle: data should be processed for a specific purpose and subsequently used or further communicated only if it is compatible with the purpose of the transfer. Data quality and proportionality principle: data should be accurate and, where necessary, kept up to date. Transparency principle: individuals should be provided with information as to the purpose of the processing, the identity of the data controller in the third country and other necessary information to ensure fairness. Security principle: technical and organizational measures should be taken by the data controller that are appropriate to the risks presented by the processing. Rights of access, rectification and opposition: the data subject have the right to obtain a copy of all data relating to him/her that are processed, to rectification of those data that are shown to be inaccurate, and be able to object to the processing of the data. Restrictions on onwards transfers to non-parties to the contract: further transfers of the personal data by the recipient of the original data transfer only permitted if the second recipient provides an adequate level of protection. In addition to these content principles, another set of the means for ensuring the effective application of the principles, whether judicial or non-judicial, are required in order to fulfill the following objectives: Good level of compliance with the rules: the level of awareness of controllers and data subjects and the existence of effective and dissuasive sanctions are the measurements to examine the compliance level, including direct verification by authorities, auditors, or independent data protection officials. Support and help to individual data subjects: an individual should be able to enforce his/her rights rapidly and effectively without prohibitive cost. Institutional mechanism is needed to conduct independent investigation of complaints. Appropriate redress to the injured parties: where rules are not complied, redress to the injured party with independent adjudication or arbitration is provided, including compensation and sanction impose. Beyond the content principles, some additional principles are still needed to consider when it comes to certain types of processing. Additional safeguards when sensitive categories of data are involved and a right to opt-out when data are processed for direct marketing purposes should be in place. Another principle is the right for the data subject not to be a subject to an automated individual decision that intended to evaluate certain aspects, which can give any legal effects and have a significant effect to the data subject. These content principles, including additional principles, and the means for ensuring their effectiveness should be viewed as a minimum requirement in assessing the adequate level of protection in all cases. However, according to Article 25 Paragraph 2 of the Directive, in some cases, there will be two possibilities. There is a need to add the list with more requirements or to reduce it. To determine whether some requirements need to be added or reduced, the degree of risk that the transfer poses to the data subject becomes an important factor. The Article 29 Working Party has provided a list of categories of transfer, which poses particular risks to privacy, as mentioned below: Transfers involving certain sensitive categories of data as defined by Article 8 of the Directive Transfers which carry the risk of financial loss (e.g., credit card payments over the internet) Transfers carrying a risk to personal safety Transfers made for the purpose of making a decision which significantly affects the individual (e.g., recruitment or promotion decisions, the granting of credit, etc) Transfers which carry a risk of serious embarrassment or tarnishing of an individuals reputation Transfers which may result in specific actions which constitute a significant intrusion into an individuals private life (e.g., unsolicited telephone calls) Repetitive transfers involving massive volumes of data (e.g., transactional data processed over telecommunications networks, the Internet, etc.) Transfers involving the collection of data in a particularly covert or clandestine manner (e.g., internet cookies) To sum up, the circumstances should be taken into account when assessing adequacy in a specific case, being: the nature of the data the purpose and duration of the proposed processing operations the country of origin and the country of final destination the rules of law, both general and sectoral, in force in the country in question the professional rules and the security measures which are complied with in that country. Self -regulation From the circumstances as referred to Article 25 Paragraph 2 of the Directive, it can be seen that the assessments of the adequate level of protection is conducted according to the rules of law as well as the professional rules and the security measures. In other words, it has to be examined from a self-regulation perspective as well. The Article 29 Working Party presents a broad meaning of self-regulation asany set of data protection rules applying to a plurality of the data controllers from the same profession or industry sector, the content of which has been determined primarily by members of the industry or profession concerned.This wide definition offers the possibility to on the one hand a voluntary data protection code developed by a small industry association with only a few members and on the other hand a set of codes of professional ethics with quasi judicial force for a certain profession, such as doctors or bankers. Still, one should bear in mind, to be considered as an appropriate legal instrument to be analyzed, it has to have binding power to its members and has to provide adequate safeguards if the personal data are transferred again to non-member entities. Ob