Clash of jurisdictions in the area of data protection

Slides:



Advertisements
Similar presentations
EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure.
Advertisements

1 Enforcement Powers of National Data Protection Authorities and Experience gained of the Data Protection Directive Safe Harbour Conference Washington.
Data Protection & Privacy in the Information Age COMNET – Legal Frameworks for ICTs Malta 2013 Dr Antonio Ghio Dr Jeanine Rizzo.
DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.
Protection of Personal Data, Historical context In 1982, Iceland signed the Council of Europe Convention nr. 108 from 1981 for the Protection.
Signature (unit, name, etc.) Introduction to biometrics from a legal perspective Yue Liu Mar NRCCL, UIO.
Data Protection and the GRA. 1. Commentary on Data Protection 2. The GRA’s Role The Register Investigations, Mediation and Compensation Enforcement Notices.
Coping with Electronic Records Setting Standards for Private Sector E-records Retention.
DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.
Europol’s tailor-made data protection framework
A European View of Privacy Protection John Woulds Director of Operations UK Data Protection Commissioner National Conference on Privacy, Technology & Criminal.
Per Anders Eriksson
Anomalous Aspects of Transfer of Personal Data from the E.U. to the U.S. Stephen R. Bell Willkie Farr & Gallagher ABA Section of International Law New.
Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Lawyer at the Brussels Bar Lecturer at the University of Strasbourg Assistant at the University of Brussels Data Protection & Electronic Communications.
European data protection and privacy regulations Johny GASSER Orange Business Services – Consulting & Solutions Integration International Cyber Center.
Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.
Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.
Amicus Legal Consultants THE DEPLOYMENT OF SPECIAL INVESTIGATIVE MEANS IN PROACTIVE ANTI-CORRUPTION INVESTIGATIONS.
Personal data protection in criminal procedure International collaboration and principle of proportionality LEFIS ROVANIEMI MEETING 19TH 20TH JANUARY 2007.
IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.
Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
INTERNATIONAL E-DISCOVERY: WHEN CULTURES COLLIDE Alvin F. Lindsay Hogan & Hartson LLP.
Tad and Terry Legal Issues in ILP. 28 CFR Part 23 The federal rule that governs or provides guidance for these issues. § 23.3 Applicability: These policy.
Data protection and compliance in context 19 November 2007 Stewart Room Partner.
Yes. You’re in the right room.. Hi! I’m David (Hi David!)
Data Subjects’ Rights Isabelle Chatelier. 8 June 2011 Charter of Fundamental Rights Article 8(2) "Everyone has the right of access to data which has been.
Dino Tsibouris (614) Updates on Cloud, Contracting, Privacy, Security, and International Privacy Issues Mehmet Munur (614)
DR ANDREA MULLIGAN BARRISTER-AT-LAW LLB, LLM(HARV.), PH.D Safe Harbor and Schrems v DPC.
Data Protection Principles as Basic Foundation for Data Protection in EU/EEA Introduction to Data Protection Theory Seminar - AFIN Stephen.
1 Export Control of Dual-Use Items and Arms: Industry Outreach Sofia, May, 2006 POLAND’S EXPERIENCES INDUSTRY OUTREACH and PERSONNEL TRAINING JACEK.
Presented by Ms. Teki Akuetteh LLM (IT and Telecom Law) 16/07/2013Data Protection Act, 2012: A call for Action1.
Protection of Personal Information Act An Analysis on the impact.
TRANSBORDER DATA FLOWS INA MEIRING. THE PROTECTION OF PERSONAL INFORMATION ACT (“POPI”) > 'personal information' means information relating to an identifiable,
Data Protection Laws in the European Union John Armstrong CMS Cameron McKenna.
Consent and Contract under EU Data Protection Law
Peter Swire Holder Chair of Law and Ethics
Surveillance around the world
Brussels Privacy Symposium on Identifiability
GDPR (General Data Protection Regulation)
Preparing for a data protection audit 28 September 2017
Privacy principles Individual written policies
The General Data Protection Regulation act (GDPR)
How Does Electronic Surveillance Work Legally?
General Data Protection Regulation
Data protection issues in regulatory investigations
Information Governance and Data Privacy: A World of Risk
Data Subjects’ Rights.
EU Directive 95/46/EC (Paragraph 2) “Whereas data-processing systems are designed to serve man; whereas they must Respect their fundamental rights.
Data Protection & Human Rights
Bob Siegel President Privacy Ref, Inc.
State of the privacy union
G.D.P.R General Data Protection Regulations
From DPA to GDPR: the key elements
GDPR Overview and Use Cases.
Relocation CARNIVAL come one…come all
Data Protection and Audit
GDPR Workshop MEU Symposium Prague 2018
Laws Governing Police Surveillance
GDPR & Accountability ISACA Ireland Annual Conference 2018
U.S. Intelligence Oversight Reforms & the Cloud Act
Key obligations of the MS in CAP
IAPP TRUSTe SYMPOSIUM 9-11 JUNE 2004
Welcome IITA Inbound Insider Webinar: An Introduction to GDPR
Data Protection in Law Enforcement Area Chapter 9a of the draft law
Overview of the recommendations regarding approximation of the Law on personal data protection to the new EU General data protection regulation Valerija.
General Data Protection Regulation (GDPR)
EU Data Protection Legislation
Presentation transcript:

Clash of jurisdictions in the area of data protection

Part 1: PRISM / SAFE HARBOR @maxschrems

FACTS @maxschrems

FISA § 1881a Electronic Communication Service Provider „Foreign Intelligence Information“ Certification for one year („FISA Court“) Minimizing / Targeting procedures (US persons) „Directive“ at Service Provider API (?)

? DISPUTED Technical implementation Amount of data „pulled“ Review mechanisms … ?

LEGAL ARGUMENT @maxschrems

„ADEQUATE PROTECTION“ ? Facebook Inc. Facebook Ireland Ltd.

Strategic Approach NSA + ECSPs = “Public/Private Surveillance” Facebook is subject to US and EU law EU law regulates third country transfers EU law has to be interpreted in the light of the CFR and the ECHR

Art 7 & 8 CFR „PRISM“ -v- Data Retention Content Data -v- Meta Data „Available“ -v- Storage Endless -v- 24 Months …

Interference (simplified) Data pulled? Data accessible?

Art 8 CFR „Making Available“ EU proportionality test Facebook Inc.

Interference Art 8 ECHR (simplified)

PROCEDURE @maxschrems

PROCEDURE: DPCs @maxschrems

Foto: James Flynn „I don’t think it will come as much of a surprise that in fact US intelligence services do have access from US companies“

CJEU @maxschrems

Findings (CFR) SH is invalid: (overnight) Mass Surveillance violates “essence” of Art 7 CFR Legal Redress in the US violates “essence” of Art 47 CFR

“Essence” Proportionality No Interference Essence Legitimate aim for the measure Measure suitable to achieve the aim Measure must be necessary to achieve the aim (Less onerous way?) Measure must be reasonable, considering the competing interests of different groups at hand

Other Key Findings “Essentially Equivalent” Protection in 3rd Country Effective Detection and Supervision Mechanisms Legal Redress in Line with Art 47 CFR ...higher standard than many MS?

GRC EO 12.333 FISA 702

Part 2: PRIVACY SHIELD @maxschrems

TWO HURDLES @maxschrems

= CFR . ≈ 95/46. Art 25 of 95/46/EC CFR Art 7, 8 & 47 „Ess. Equivalent” CFR Art 7, 8 & 47

PRIVATE SECTOR NOTICE & CHOICE @maxschrems

collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, dissemination or otherwise making available, and any other form of “processing”; blocking, erasure, destruction; use, alignment or combination,   “Opt Out” for two specific situations disclosure by transmission, change of purpose,

Collection Use Storage Disclosure Change of Purpose Collection Use Storage

HOW TO KILL THE TWO LIMITS IN TWO LINES?

UNLIMITED DATA PROCESSING USE A BROAD PURPOSE + THIRD PARTY CLAUSE = UNLIMITED DATA PROCESSING

PRIVATE SECTOR REDRESS @maxschrems

Choice / $$$ DPAs . Panel

SURVEILLANCE ASSESSMENT @maxschrems

“The US authorities ... assured there is no indiscriminate or mass surveillance by national security authorities.” EU-COM, February 29th, 2016

ANNEX VI, PAGE 4

PPD-28, PAGE 3

PPD-28, PAGE 3, FN 5

SURVEILLANCE REDRESS @maxschrems

DPA „has been investigated“ „complied or remedied“ „will neither confirm nor deny that whether the individual has been the target of surveillance“ nor „confirm specific remedy“ ANNEX III, Paragraph 4(e)

THANKS @maxschrems

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.