Technology and Brand Law Implementing The New EU Data Protection Regulations.

Slides:

Advertisements

Similar presentations

Public Sector Information & Data Protection: A plea for personal privacy settings for the re-use of PSI Bart van der Sloot Institute for Information Law.

Advertisements

PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR

1 Enforcement Powers of National Data Protection Authorities and Experience gained of the Data Protection Directive Safe Harbour Conference Washington.

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.

Data Protection Information Management / Jody McKenzie.

Article 8 and Home Repossession. Article 8 (1) Everyone has the right to respect for his private and family life, his home and his correspondence (2)There.

Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

National Smartcard Project Work Package 8 – Information Law Report.

Data Protection: The Law. EU & Irish Legislation Data Protection Directive 95/46/EC Electronic Privacy Directive 2002/58/EC EUROPOL etc Data Protection.

Class 13 Internet Privacy Law European Privacy.

Data Protection Overview

The Data Protection Act

CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland.

Regulation of Personal Information Daniel Pettitt, Leon Sewell and Matthew Pallot.

LexisNexis Confidential EU Privacy Framework Michael Lamb LexisNexis Risk Solutions Vice President and Lead Counsel: Regulatory, Privacy & Policy May 19,

Elma Graham. To understand what data protection is To reflect on how data protection affects you To consider how you would safeguard the data of others.

The Eighth Asian Bioethics Conference Biotechnology, Culture, and Human Values in Asia and Beyond Confidentiality and Genetic data: Ethical and Legal Rights.

OCR Nationals Level 3 Unit 3.  To understand how the Data Protection Act 1998 relates to the data you will be collecting, storing and processing  To.

Data Protection Act AS Module Heathcote Ch. 12.

FatMax Licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 LicenseCreative Commons Attribution-NonCommercial-ShareAlike 2.5.

Data Protection Act & Freedom of Information Simon Mansell Corporate Governance and Information Team.

Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.

The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;

BTEC ICT Legal Issues Data Protection Act (1998) Computer Misuse Act (1990) Freedom of Information Act (2000)

Legal issues The Data Protection Act Legal issues What the Act covers The misuse of personal data By organizations and businesses.

Data Protection - Rights & Responsibilities Information Commissioner’s Office Orkney Practice Forum 4 th July 2007.

THE DATA PROTECTION ACT Data Protection Act 1998 DPA 1. Reasons2. People3. Principles 4. Exemptions 4 key points you need to learn/understand/revise.

Implementation of the Personal Data Protection law of Georgia Giorgi Giorganashvili Head of IT department of the Office of the personal data protection.

Data Subjects’ Rights Isabelle Chatelier. 8 June 2011 Charter of Fundamental Rights Article 8(2) "Everyone has the right of access to data which has been.

What is the Data Protection Act (DPA)? 1998 The Data Protection Act 1998 seeks to strike a balance between the rights of individuals and the sometimes.

The EU General Data Protection Regulation Frank Rankin.

Data protection—training materials [Name and details of speaker]

Sharing Personal Data ‘What you need to know’ Corporate Information Governance Team Strategic Intelligence.

Practical implications of the Data Protection Bill By John Robinson Data Protection Co-Ordinator South Bucks NHS Trust.

Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.

František Nonnemann Skopje, 9th October 2012 JHA DP aspects related to provision of information about public figures in CZ.

Data Protection Laws in the European Union John Armstrong CMS Cameron McKenna.

Information Governance Support Information Governance Services

Data Protection Officer’s Overview of the GDPR

Key changes with the GDPR

Surveillance around the world

Actions for damages under the Data Protection Directive and the GDPR

Data Subject Rights under the GDPR

Luca De Matteis Justice counsellor (criminal law, data protection)

Data Protection: The Law

THE NEW GENERAL DATA PROTECTION REGULATION: A EUROPEAN OR A GLOBAL STANDARD? Bart van der Sloot Senior Researcher Tilburg Institute for Law, Technology,

General Data Protection Regulation (GDPR)

Data Protection: EU & International

General Data Protection Regulation

Data protection issues in regulatory investigations

Museums + Heritage webinar, 30 November 2017

Data Protection Update – GDPR or bust

Data Protection Legislation

The European Union General Data Protection Regulation (GDPR)

Data Subjects’ Rights.

Data Protection & Freedom of Information- An Introduction

DP BILL: DIFFERENCES AND DEROGATIONS

Bob Siegel President Privacy Ref, Inc.

Data Protection: Your Rights as a Data Subject

Introduction to GDPR 09/11/2018.

Transfers of personal data

Introducing the General Data Protection Regulation 2016

Privacy: a work in progress

G.D.P.R General Data Protection Regulations

European actions.

What is the Data Protection Act (DPA)? 1998

Fines, Sanctions and Compensation The teeth in the GDPR & Data Protection Act 2018 by Simon McGarr, CIPP/E Data Compliance Europe.

Overview of the recommendations regarding approximation of the Law on personal data protection to the new EU General data protection regulation Valerija.

DATA PROTECTION AND THE IMPACT OF BREXIT 29 NOVEMBER 2016 Robin White Old Square Chambers

Data protection & FOIA considerations

Presentation transcript:

Technology and Brand Law Implementing The New EU Data Protection Regulations

2 Technology and Brand Law It might be a good idea if we implemented the old one.

3 Technology and Brand Law Summary Who is a data subject and what are their rights? Who has obligations to data subjects? What is excluded from scope of data protection? What isn’t? Subject access requests – what are they and what do they cover? The “right to be forgotten” and recent developments Data protection and the State The right to be compensated for breaches of the Data Protection Acts – Recent developments in Ireland, UK and Europe

4 Technology and Brand Law Scope Current exclusions – Activities falling outside scope of EU law (public security, defence, criminal) – Purely personal or household activity GDPR – Broadly similar – Territorial Established in EU Selling to or monitoring of EU data subjects

5 Technology and Brand Law Data Subject

6 Technology and Brand Law Indirectly? The Myth of anonymization Scope narrowed slightly in GDPR

7 Technology and Brand Law Subject access request Duty on controller Without constraint and excessive delay or expense – Confirmation of processing, purposes and categories of data and recipients to whom the data are disclosed – The data undergoing processing and their source – Information on automated processing Rectification erasure or blocking Expanded slightly in GDPR

8 Technology and Brand Law Example Case C-486/12 X SAR to Dutch municipality for details of subject’s previous addresses to contest a traffic fine Municipality requests fee of €12.80 Referred to ECJ Fees may be levied Not excessive and not exceeding the cost of communicating the personal data

9 Technology and Brand Law Example Dublin Bus –v- DPC SAR for video footage of alleged personal injury on a Dublin Bus Refused because of existence of proceedings Distinguished English DPA – discretion where litigation No Irish exemption where litigation in process SAR does not subvert the jurisdiction of the courts

10 Technology and Brand Law Right to be forgotten At the moment it doesn’t exist Google Spain –v- AEPD Case C-131/12 – Automatic processing of publicly available personal data is new act processing – Search engine is controller – Responsibility of controller in respect of erasure rectification and blocking – Economic interests of search engine cannot be used as justification of processing – Public interest of internet users may justify processing in particular circumstances New article 17 in GDPR – four grounds – No longer necessary – Consent withdrawn and no other legal ground – Objects pursuant to article 19 – Other non-compliance with GDPR

11 Technology and Brand Law Data Protection and the State Data protection rules apply to the State However there are limited circumstances where the state can restrict DP rights – 6(1) – DP Principles – 10 – Provision of information PD obtained from the DS – 11(1) – Provision of information PD not obtained from the DS – 12 - SAR – 21 – Publicizing of processing operations – register Necessary to safeguard – National security – Defence – Public security – Prevention of crime – Important economic interest of a MS or EU – Certain regulatory functions – Protection of DS or rights and freedoms of others

12 Technology and Brand Law Bara C-201/14 Data sharing by Romanian public bodies Article 10, 11 and 13 Public body must inform data subject Any restriction must be a legislative measure i.e. protocols etc cannot be used DPC guidance Charter of fundamental rights Article 52 GDPR more or less the same except the legislative measures have to have explicit provisions at least to the objectives

13 Technology and Brand Law Right to be compensated Collins –v- FDB Insurance [2013] IEHC 137 No automatic right or strict liability Must suffer loss Traditional tort principles applied CR19 –v- Chief Constable of the PSNI [2014] NICA 54 Nominal damages for distress but substantive damages for actual loss Vidal Hall –v- Google [2015] EWCA Civ 311 (now before UKSC) S13(2) of DPA 1988 Is there a tort of misuse of private information? Is UK law compatible with A23 of directive and Articles 7 and 8 of CFR

14 Technology and Brand Law GDPR – Explicit liability for processor – Joint and severable liability

(0) l