Bart van der Sloot http://www.ivir.nl/medewerkers/vandersloot.html Data Protection 2.0 The proposal for a General Data Protection Regulation Bart van.

Slides:



Advertisements
Similar presentations
Public Sector Information & Data Protection: A plea for personal privacy settings for the re-use of PSI Bart van der Sloot Institute for Information Law.
Advertisements

PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR
Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Data Protection Billy Hawkes Data Protection Commissioner Irish Human Rights Commission 20 November 2010.
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
Convention for the protection of individual with regard to automatic processing of personal data “The purpose of this convention is to secure in the territory.
Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
The Eighth Asian Bioethics Conference Biotechnology, Culture, and Human Values in Asia and Beyond Confidentiality and Genetic data: Ethical and Legal Rights.
IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.
The Framework for Privacy Policies in the UK: Is telling people what information is gathered about them part of the framework? Does it need to be? Emma.
Data protection and European citizens’ initiatives
Data Subjects’ Rights Isabelle Chatelier. 8 June 2011 Charter of Fundamental Rights Article 8(2) "Everyone has the right of access to data which has been.
The EU General Data Protection Regulation Frank Rankin.
Data Protection – the Lisbon Effect Billy Hawkes Data Protection Commissioner Institute of International and European Affairs Dublin, 17 September 2009.
Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.
František Nonnemann Skopje, 9th October 2012 JHA DP aspects related to provision of information about public figures in CZ.
Freedom of information and protection of personal data Hungarian experiences 5TH MEETING OF DATA PROTECTION AUTHORITIES 28 OCTOBER 2008.
Data Protection Officer’s Overview of the GDPR
Privacy as a societal value
GDPR (General Data Protection Regulation)
Luca De Matteis Justice counsellor (criminal law, data protection)
THE NEW GENERAL DATA PROTECTION REGULATION: A EUROPEAN OR A GLOBAL STANDARD? Bart van der Sloot Senior Researcher Tilburg Institute for Law, Technology,
Computer Ethics Curtiz Cotterell.
General Data Protection Regulation (GDPR)
Viewing the GDPR Through a De-Identification Lens
Data Protection: EU & International
Presentation to GTMC on GDPR
GDPR – Legal Aspects Desislava Krusteva, Attorney-at-Law, CIPP/E
General Data Protection Regulation
International Regulatory Trends
DEN FARLIGE FANTASTISKE APP
General Data Protection Regulation: Turning the black into white
Data Subjects’ Rights.
EU Directive 95/46/EC (Paragraph 2) “Whereas data-processing systems are designed to serve man; whereas they must Respect their fundamental rights.
Data protection reform:
Data Protection & Human Rights
Bob Siegel President Privacy Ref, Inc.
GDPR - New Data Protection Regulation
The Future of Big Data, Equality and Privacy
Introduction to GDPR 09/11/2018.
State of the privacy union
G.D.P.R General Data Protection Regulations
The GDPR and research data
ESF Monitoring & Evaluation and Data Protection in Spain
European actions.
General Data Protection Regulation
Investor protection and MIFID
HIPSSA Project Support for Harmonization of the ICT Policies in Sub-Sahara Africa, Meeting with the Namibia ICT Ministry and Data Protection Stakeholders.
Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .
General Data Protection Regulation
Cybercrime and Data Protection
Bart van der Sloot Data Protection 2.0 The proposal for a General Data Protection Regulation Bart van.
European Data Supervisor
Data transfers to non-EU countries under the new GDPR
The activity of Art. 29. Working Party György Halmos
Big Data & the General Data Protection Regulation
Governing the risk of GDPR compliance
GDPR & Accountability ISACA Ireland Annual Conference 2018
Is Data Protection a Fundamental Right Protecting the Individual?
Public Sector Information & Data Protection: A plea for personal privacy settings for the re-use of PSI Bart van der Sloot Institute for Information Law.
Public Privacy: juridical & ethical perspective
This project is funded by the European Union
Data Protection in Law Enforcement Area Chapter 9a of the draft law
Overview of the recommendations regarding approximation of the Law on personal data protection to the new EU General data protection regulation Valerija.
Privacy in the Age of Big Data
Dr Elizabeth Lomas The General Data Protection Regulation (GDPR): Changing the data protection landscape Dr Elizabeth Lomas
The supervision of personal data processing by EU institutions and bodies => data protection and privacy, why it matters, for you as citizens and as EU.
Outline Background: development of the Commission’s position
THE IMPACT OF DATA PROTECTION RULES ON CORPORATE INFO SECURITY AND INCIDENT RESPONSE MANAGEMENT – The Energy sector CEER Cybersecurity Workshop Massimo.
Presentation transcript:

Bart van der Sloot http://www.ivir.nl/medewerkers/vandersloot.html Data Protection 2.0 The proposal for a General Data Protection Regulation Bart van der Sloot http://www.ivir.nl/medewerkers/vandersloot.html

Overzicht Privacy and Data Protection Data Protection 1.0 Theses

(1) Privacy and Data Protection Charter of Fundamental Rights of the European Union Article 7 Respect for private and family life Everyone has the right to respect for his or her private and family life, home and communications. 2. Article 8 Protection of personal data 1. Everyone has the right to the protection of personal data concerning him or her. 2. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified. 3. Compliance with these rules shall be subject to control by an independent authority.

(1) Privacy and data protection Domain Relations Background Character Privacy Primarily regards the private sphere Primarily regards vertical relationships (citizen – state) Rise of nation states Control on the use of power & duties of care Or….. Data Protection Regards both the private and the public sphere Primarily regards horizontal relationships (citizen -business) Technological developments

(2) Data protection 1.0 Data protection Directive (EU) > Wet bescherming persoonsgegevens (NL) No specific duties, but general standards of care Data collection, use and proecessing should be necessary and propotioniate, should have a clear and legitimate goal Technical and organisational measures Personal data should be correct, complete and up to date

(2) Data Protection 1.0 Only three marginal ‘subjective rights’ Right to acces Transparancy duty Right to rectification if data are not processed according to the data protection rules. Richt to object at least in the cases referred to in Article 7 (e) and (f), to object at any time on compelling legitimate grounds relating to his particular situation to the processing of data relating to him Automated individual decisions which produces legal effects concerning him or significantly affects him and which is based solely on automated processing of data intended to evaluate certain personal aspects relating to him

(2) Data Protection 1.0 Only a marginal role for supervisory authority Limmited possibilities for remedies, liability and sanctions Notification requirement is mosly ignored Sector specific codes of conduct are very few and far between European collection of CBP’s, the Working Party 29, may only adopt non-binding advisory opinions

(3) Data protection 2.0 - General Data Protection Regulation Duties Accountability duty (Documentation, risk assessments, Data protection officer, privacy by design / by default) Reversal of the burden of proof for consent Verification duty for consent of children

(3) Data Protection 2.0 Rights Data portability Right to be forgotten Protection against profiling

(3) Data Protection 2.0 Enforcement Harmonization of the rules: Regulation Commission Working Party 29 Harmonization of enforcement: One stop shop Sanctions and liability widened

(4) Theses Companies are resourceful and technological developments rapidly succeed each other – specific rights and obligations will become obsolete quickly To require of citizens to protect their own personal data (through the use of their subjective rights) is unrealistic Governmental authorities should not to interfere in the freedom of contract between citizens and businesses