Lee A. Bygrave, Norwegian Research Center for Computers and Law

Slides:

Advertisements

Similar presentations

SOURCES OF EU RIGHTS LAW Article 6 TEU indicates three sources for EE Human rights law. 1) EU Charter of Fundamental Rights, Which was proclaimed in Nice.

Advertisements

Sarah Branam Mehmet MunurDino Tsibouris

Slide 1/15 © copyright Standard training programme in judicial cooperation in criminal matters within the European Union Version: 3.0 Last updated:

University of Bremen Collaborative Research Center “Transformations of the State” Project B4 Regulation and Legitimation in the Internet Slide 1 Hybrid.

© OECD A joint initiative of the OECD and the European Union, principally financed by the EU Background Note: Regulation & Enforcement of Public Procurement.

EU: Bilateral Agreements of Member States

EU: Bilateral Agreements of Member States. Formerly concluded international agreements of Member States with third countries Article 351 TFEU The rights.

A European View of Privacy Protection John Woulds Director of Operations UK Data Protection Commissioner National Conference on Privacy, Technology & Criminal.

Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

From European to international standards on data protection (1/2)

CROSS BORDER SUCCESSION,

Privacy, Data Protection and Lex Informatica -- lecture 4 Dr. Lee A. Bygrave,

Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.

The European influence on privacy law and practice Nigel Waters, Pacific Privacy Consulting International Dimension of E-commerce and Cyberspace Regulation.

IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.

European Data Protection Supervisor Pharmaceutical Regulatory & Compliance Congress, Brussels, 7 June 2007 European Privacy and Data Protection Policy.

June 1, st Asia Pacific Privacy Authorities (APPA) Forum – PHAEDRA Workshop Nr. 3: The EU Data Protection Regulation and regional perspectives.

Privacy, Data Protection and Lex Informatica -- lecture 6 Dr. Lee A. Bygrave,

Privacy, Data Protection and Lex Informatica -- lecture 7 Dr. Lee A. Bygrave,

DR ANDREA MULLIGAN BARRISTER-AT-LAW LLB, LLM(HARV.), PH.D Safe Harbor and Schrems v DPC.

1 Agencia Española de Protección de Datos The Use of Contracts and BCRs to Transfer Personal Data The European Union – United States Safe Harbor framework:

1 TAIEX JHA Workshop on data protection and cloud computing Data transfers to third countries and standard contractual clauses Skopje, 29 May 2014.

Key Points for a Privacy Programme for Multinationals Steve Coope.

Data Protection – the Lisbon Effect Billy Hawkes Data Protection Commissioner Institute of International and European Affairs Dublin, 17 September 2009.

Agencija za zaštitu ličnih/osobnih podataka u Bosni i Hercegovini Агенција за заштиту личних података у Босни и Херцеговини Personal Data Protection Agency.

© CENTER FOR INFORMATION TECHNOLOGY SERVICES UNIVERSITY OF OSLO USIT Page 1 Re: Study on the privacy issues arising with the public pan-European White.

Procedural Safeguards in Criminal Proceedings in the European Union in Practice Estella Baker Professor of European Criminal Law & Justice

Privacy and Data Security in an Increasingly Globalized World

Convention 108 and the EU framework: Differing while Converging

Data Protection Officer’s Overview of the GDPR

E-VOLUTION OF DATA PROTECTION (IMPLEMENTATION OF DATA PROTECTION REFORM) Developments and Challenges in EU Privacy Law Aspects from a German Perspective.

Industry 4.0 – New ways of cooperative working – are we prepared?

Peter Swire Holder Chair of Law and Ethics

Clash of jurisdictions in the area of data protection

Effective implementation: from Principles to Realities

Arbitration and the MLI

GDPR (General Data Protection Regulation)

Dejan Dabetic, LL.M. Head of Tax Treaties Division

THE NEW GENERAL DATA PROTECTION REGULATION: A EUROPEAN OR A GLOBAL STANDARD? Bart van der Sloot Senior Researcher Tilburg Institute for Law, Technology,

Data Protection: EU & International

WORLD OF CLOUD COMPUTING AFTER GDPR challenges, opportunities and the unknown Matjaž Drev, MA. National Supervisor for Personal Data Protection, Information.

The EU and International Environmental Law

Gunnar Vaht Head of the Estonian ENIC/NARI Baku, 2017

General Data Protection Regulation

Data protection issues in regulatory investigations

International Regulatory Trends

Information Governance and Data Privacy: A World of Risk

The European Union General Data Protection Regulation (GDPR)

General Data Protection Regulation: A Primer for U.S. Companies

Bob Siegel President Privacy Ref, Inc.

Iain McDonald Information Commissioner

Introduction to GDPR 09/11/2018.

Stewart Dresner Chief Executive, Privacy Laws & Business

The Law, the “Great Repeal Bill”, Health and Brexit

Regulation and Digital Rights: The Big Picture

Purposes, Preamble and Theories

Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .

חוק הגנת הפרטיות בהשוואה ל GDPR

Legal Implications of Brexit

Data transfers to non-EU countries under the new GDPR

The role of Convention 108+ with regard to international data flows from EU member states and EU institutions? 23/10/2018, Brussels Wojciech R. Wiewiórowski.

The Modernisation of Convention108

GDPR & Accountability ISACA Ireland Annual Conference 2018

U.S. Intelligence Oversight Reforms & the Cloud Act

Peter Swire Engage CISO Roundtable with the

Academic Year Prof. Pietro Boria

DATA PROTECTION AND THE IMPACT OF BREXIT 29 NOVEMBER 2016 Robin White Old Square Chambers

General Data Protection Regulation (GDPR)

Data Privacy and GDPR Jane Shvets

Presentation transcript:

Lee A. Bygrave, Norwegian Research Center for Computers and Law The GDPR’s data export regime: caught between a rock and hard place? EU2017.ee; University of Tartu, 8 Sept. 2017

This is not bananas we’re talking about!

The second crusade? “Why would Europe not be proud to contribute its requiring standards of respect for fundamental rights to the world in general?” -- CJEU President, Koen Lenaerts, 2015

EU as global rule maker The Brussels effect … Over 100 countries with dp laws Most follow ‘EU’ model Cf. APEC Privacy Framework Position of PRC?

GDPR data export regime: tried and tested Over 40 years of European TBDF restrictions Legitimate rationale: anti-circumvention (not protectionism or proselytization!) GDPR export regime ≈ DPD export regime Reliance on adequacy assessment of third country But some tweaking and added detail …

Some examples of tweaking Explicit provision for BCRs (Art. 47) Rules extend to data transfers to intl. orgs. More fine-grained adequacy assessment E.g. adequacy of sectors, not whole jurisdictions‘ ‘Anti-FISA’ clause (aka ‘Snowden’ clause): ‘Any judgment of a court or tribunal and any decision of an administrative authority of a third country requiring a controller or processor to transfer or disclose personal data may only be recognised or enforceable in any manner if based on an international agreement, such as a mutual legal assistance treaty, in force between the requesting third country and the Union or a Member State’ (Art. 48) [not binding on UK or Ireland]

GDPR data export regime: trying and tiring (and tired?) Cumbersome and exacting focus on practical effect Lopsided in focus relatively few adequacy findings privileged status of USA Safe Harbor Agreement (2000); EU-U.S. Privacy Shield (2016); Umbrella Agreement for data exchange between LEAs in EU and U.S. (2017) Where does PRC feature?

Don’t forget the judiciary (and Charter)!

Fundamental rights jurisprudence as game changer Ratcheting up of standards Adequate protection = ‘essentially equivalent’ protection: Case C-362/14, Schrems v. Data Protection Commissioner CFR as primary benchmark Less room for pragmatism Cf. SHA and NZ adequacy decision Would Lindqvist (Case C-101/01) be resolved differently now? EU TBDF regulation “caught between reality and illusion” (Kuner)

“Interoperability” as holy grail OECD Guidelines, para. 21; APEC Cross-Border Privacy Rules