Agencija za zaštitu ličnih/osobnih podataka u Bosni i Hercegovini Агенција за заштиту личних података у Босни и Херцеговини Personal Data Protection Agency.

Slides:

Advertisements

Similar presentations

Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

Advertisements

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.

Convention for the protection of individual with regard to automatic processing of personal data “The purpose of this convention is to secure in the territory.

Protection of Personal Data, Historical context In 1982, Iceland signed the Council of Europe Convention nr. 108 from 1981 for the Protection.

Taking of evidence within the European Union Council regulation no 1206/2001 on cooperation between the courts of Member States in the taking of evidence.

China on the way to a high-technology country: The legal policy perspective Stefan Luginbuehl Lawyer, International Legal Affairs.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.

The European Union legal framework for clinical data access: The European Union legal framework for clinical data access: potential challenges and opportunities.

EU: Bilateral Agreements of Member States

EU: Bilateral Agreements of Member States. Formerly concluded international agreements of Member States with third countries Article 351 TFEU The rights.

Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

Data Protection Overview

Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.

Data protection supervision authority’s practice concerning exception provided in par. 2 of article 5 of Directive 2002/58/EC DIJANA ŠINKŪNIENĖ State Data.

LexisNexis Confidential EU Privacy Framework Michael Lamb LexisNexis Risk Solutions Vice President and Lead Counsel: Regulatory, Privacy & Policy May 19,

SWISS DATA PROTECTION LAW AND PERSONAL DATA SECURITY MEASURES.

Tax Information Exchange: approach of the Member States of the BRICS Pustovalov Evgeny Eurasian Research Centre for Comparative and International Tax Law,

M. ANGELA JIMENEZ 1 UNIT 5. REGULATION OF EXTERNAL AUDIT IFAC AND E.C.

The Data Protection Act 1998 The Eight Principles.

Taking of evidence within the European Union Council regulation no 1206/2001 on cooperation between the courts of Member States in the taking of evidence.

Access to Public Information in Slovenia Nataša Pirc Musar, LL.B. Commissioner for Access to Public Information The Hague – 24 th -25 th November, 2004.

The Eighth Asian Bioethics Conference Biotechnology, Culture, and Human Values in Asia and Beyond Confidentiality and Genetic data: Ethical and Legal Rights.

1 VIDEO SURVEILLANCE (public/private areas) TOMÁŠ MIČO The Office for Personal Data Protection of the Slovak Republic.

Changes of the Slovene Constitution due to the EU Membership mag. Janez Pogorelec Twinning Project No 00MAC01/02/006: Approximation of Legislation to the.

Data Protection Act AS Module Heathcote Ch. 12.

IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.

INTERNATIONAL E-DISCOVERY: WHEN CULTURES COLLIDE Alvin F. Lindsay Hogan & Hartson LLP.

The Framework for Privacy Policies in the UK: Is telling people what information is gathered about them part of the framework? Does it need to be? Emma.

Towards improvement: Institution of appeal in public procurement – topical procedural and evidentiary issues Kyiv, April , 2012 Oleksandr Voznyuk.

Regulatorna agencija za komunikacije Регулаторна агенција за комуникације Communications Regulatory Agency Accessibility and ICT in Bosnia and Herzegovina.

© 2004 The IPR-Helpdesk is a project of the European Commission DG Enterprise, co-financed within the fifth framework programme of the European Community.

DATA PROTECTION ACT INTRODUCTION The Data Protection Act 1998 came into force on the 1 st March It is more far reaching than its predecessor,

Tax Court of Canada THIRD PARTY INFORMATION IN MAKING ASSESSMENT INTERNATIONAL ASSOCIATION OF TAX JUDGES Lucerne, Switzerland September 4, 2015 The Hon.

© University of Reading Lee Shailer 06 June 2016 Data Protection the basics.

1 TAIEX JHA Workshop on data protection and cloud computing Data transfers to third countries and standard contractual clauses Skopje, 29 May 2014.

Data protection—training materials [Name and details of speaker]

M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 2– Freedom Movement for Workers Bilateral.

M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 28 – Consumer and Health Protection.

Presented by Ms. Teki Akuetteh LLM (IT and Telecom Law) 16/07/2013Data Protection Act, 2012: A call for Action1.

Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.

Disclaimer This presentation is intended only for use by Tulane University faculty, staff, and students. No copy or use of this presentation should occur.

M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 19 – Social Policy and Employment.

M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 10 – Information society and media.

Data Protection Laws in the European Union John Armstrong CMS Cameron McKenna.

TRANSBORDER TRANSFER OF PERSONAL DATA OUT OF THE REPUBLIC OF SERBIA Milica Basta Senior Adviser DPA Serbia Sarajevo May 2016.

© CENTER FOR INFORMATION TECHNOLOGY SERVICES UNIVERSITY OF OSLO USIT Page 1 Re: Study on the privacy issues arising with the public pan-European White.

Personal Data Protection

Monique Jefferson & Nadine Mather

Luca De Matteis Justice counsellor (criminal law, data protection)

THE NEW GENERAL DATA PROTECTION REGULATION: A EUROPEAN OR A GLOBAL STANDARD? Bart van der Sloot Senior Researcher Tilburg Institute for Law, Technology,

PRESENTATION OF MONTENEGRO

Issues of personal data protection in scientific research

Data Protection: EU & International

General Data Protection Regulation

Data protection issues in regulatory investigations

EU Directive 95/46/EC (Paragraph 2) “Whereas data-processing systems are designed to serve man; whereas they must Respect their fundamental rights.

Bob Siegel President Privacy Ref, Inc.

of social security systems, COM (2016)815”

Data transfers to non-EU countries under the new GDPR

The activity of Art. 29. Working Party György Halmos

The Modernisation of Convention108

Is Data Protection a Fundamental Right Protecting the Individual?

The EDPS: competences and processing of personal data in EU funds

Data Protection in Law Enforcement Area Chapter 9a of the draft law

Overview of the recommendations regarding approximation of the Law on personal data protection to the new EU General data protection regulation Valerija.

The Treaty of Lisbon and Administrative Cooperation

Legal Basis: CRITERIA FOR MAKING DATA PROCESSING LEGITIMATE

Why are we processing data

The Regional Workshop of Basel Protocol on Liability and Compensation (18-20 January, Warsaw, Poland) National Procedure for Ratification of International.

Presentation transcript:

Agencija za zaštitu ličnih/osobnih podataka u Bosni i Hercegovini Агенција за заштиту личних података у Босни и Херцеговини Personal Data Protection Agency in Bosnia and Herzegovina Transfer of personal data from Bosnia and Herzegovina – the legal framework and practice of the Agency

Law on Protection of Personal Data („Official Gazette of Bosnia and Herzegovina“ No: 49/06, 76/11 i 89/11) Bosnia and Herzegovina ratified Convention of Council of Europe for Protection of Individuals Regarding the Automatic Processing of Personal Data (ETS 108). The Agency was established by the Law on Protection of Personal Data and it has started its work in Personal data protection in BiH

Personal Data Protection in BiH Law on Amendments to the Law on the Protection of Personal Data („Official Gazette of Bosnia and Herzegovina“ 76/11) The amendments ensured convergence of the Law with European Union Legislation that refers to personal data protection. The most important Amendments to the Law refer to establishment of mechanisms and institutes that will provide a substantial independence for the Agency as a prerequisite for the efficient operation. Amendments to the Law regarding the stipulated conditions for data transfer abroad in relation to the earlier decision where data transfer abroad was not regulated in detail.

Article 17. Before any data transfer abroad it is necessary to check if there is a legal basis for data delivery to third parties, which is regulated by the Article 17 of the Law on Protection of Personal Data According to the Article 17 of the Law: (1) The data controller may not provide personal data to any users prior to notifying thereof the data subject. If the data subject does not consent to providing of the personal data, the data shall not be disclosed to the third party unless such disclosure is in the public interest. (2) The personal data controller is authorized to provide personal data to other users based on the user’s written request if this is necessary for carrying out tasks within the competence specified by law or for exercising of lawful interests of the user. (3) The written request shall indicate the purpose and legal grounds for the personal data use, and the type of personal data requested.

Data transfer abroad Article 18 of the Law, paragraphs (1) and (2) (1) Personal data shall not be transferred from Bosnia and Herzegovina to another country or provided for use to any international organization that applies adequate personal data protection measures stipulated by this Law. (2) Adequacy of safeguards referred to in paragraph (1) of this Article is estimated on the basis of specific circumstances in which the transfer of personal data is conducted, in which particularly the following shall be taken into account: a) types of personal data; b) the purpose and period of processing; c) the country in which data is transferred; d) statutory rules in force in the country in which data are transferred; e) professional rules and security measures that must be respected in that country. Countries and international organizations that apply adequate personal data protection measures are those that signed the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (ETS. 108) 28 January, 1981 („Official Gazette of Bosnia and Herzegovina“ – International Agreements, No.: 7/04).

Data transfer abroad Article 18 of the Law, paragraph (3) (3)Personal data that are processed may be taken out of Bosnia and Herzegovina to another country or provided for use to any international organization that does not provide adequate safeguards stipulated by this law when: a) the disclosure of personal data is provided by special law or international treaty binding for Bosnia and Herzegovina; b)the prior consent was obtained from the person whose data are transferred and the person was informed on the potential consequences of the data transfer; c)the disclosure of personal data is necessary to fulfill the contract between the data subject and the controller or the fulfillment of pre-contractual obligations undertaken at the request of the person whose data are processed; d)the disclosure of personal data is necessary to save the life of the person to whom the data pertains or when it is in his/her vital interests; e)the personal data are transferred from the files or records which are, in accordance with the law or other regulations, available to the public; f)the transfer of personal data is necessary for the public interest reasons; g)the transfer of personal data is necessary for concluding or fulfilling a contract between the controller with a third party, when the contract is in the interest of the person whose data are processed.

Data transfer abroad Article 18 of the Law, paragraph (4) Exceptionally, the Agency may approve the transfer of data from Bosnia and Herzegovina to another country which does not provide an appropriate level of protection as defined in paragraph (1) of this Article, when a controller in another country provides adequate safeguards for the protection of privacy and fundamental rights and freedoms of individuals or provision of similar rights arises from the provisions of a special agreement.

Practice of the Agency regarding personal data transfer abroad -Most of the queries regarding the personal data transfer abroad Agency were received from banks in BiH, public authorities, natural persons and legal entities. -We also have some queries from NGO sector and media but particularly interesting is the fact that media very often ask for our competent answers regarding different areas in the field of personal data protection.

Practice of the Agency regarding personal data transfer abroad -Bank queries regarding delivery of personal data to USA for the purpose of IRS (Internal Revenue Service in USA) reporting on balance of US residents who are staying in BiH in accordance to FATCA Law (Foreign Account Tax Compliance). -There is no agreement in Bosnia and Herzegovina about tax information exchange with USA. -Application of Article 18, paragraph (3) of Law on the Protection of Personal Data. -In the specific case transfer is allowed if there is a consent obtained from the person whose data are transferred and the person was informed on the potential consequences of the data transfer, so it is recommended, in case of conclusion of contract with bank clients, to get a written consent of data subject for that kind of processing, which includes compliance with all legal provisions and informing clients about possible consequences of that kind of processing.

-Query regarding personal data delivery by banks in BiH to processors in USA and India. -Application of Article 18, paragraph (3) of the Law. -Prior consent obtained from data subject. -A person should be informed about possible consequences of the data transfer. -Additionally, a contract with processor is necessary in accordance with Article 12 of the Law, which regulates data processing by a processor. Practice of the Agency regarding personal data transfer abroad

Data processing by a Processor -If the Law does not exclude data processing by a processor, the controller may conclude a contract with the processor on personal data processing. The contract shall have to be concluded in writing. -The contract shall specify the scope, purpose and the period of time for which the contract has been concluded, as well as adequate guarantees of the processor in terms of technical and organizational protection of personal data. -Data processing by the processor shall have to be regulated by a contract, which shall bound the processor towards the controller, in particular that the processor shall act only on the basis of the controller’s instructions in accordance with the provisions of this Law. -The processor shall be responsible for personal data processing according to the data controller’s instructions. While exercising his/her duties, the processor shall not transfer its responsibility to other processors, unless explicitly instructed by the data controller to do so.

Agencija za zaštitu ličnih/osobnih podataka u Bosni i Hercegovini Агенција за заштиту личних података у Босни и Херцеговини Personal Data Protection Agency in Bosnia and Herzegovina Thank you for your attention phone: fax: web: