Data Protection and Justice and Home Affairs

Slides:



Advertisements
Similar presentations
Treaty of Lisbon Implications and changes for the area of Freedom Security and Justice Training programme Lisbon Treaty - Ambassadors.
Advertisements

Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Data Protection Billy Hawkes Data Protection Commissioner Irish Human Rights Commission 20 November 2010.
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
Purpose MLA and extradition (and other forms of international judicial cooperation) with 3rd countries is part of the external policy of the Union Purpose.
The Area of Liberty, Security and Justice. Objectives Free movement for EU citizens Security and safety in a Europe without borders Figth against international.
Irish Centre for European Law Conference The Law of the Lisbon Treaty.
INTRODUCTION INTO PRIVATE INTERNATIONAL LAW OF THE EUROPEAN UNION Marko Jovanovic, LL.M. MASTER IN EUROPEAN INTEGRATION Private International Law in the.
The Treaties, Institutions and Policies of the EU
EU: Bilateral Agreements of Member States
Privacy and security: Is Europe going banana? Jean-Marc Van Gyseghem Head of Unit « Liberties in the information society » CRID – University.
EU: Bilateral Agreements of Member States. Formerly concluded international agreements of Member States with third countries Article 351 TFEU The rights.
MINISTRY OF FINANCE Counsellor, docent, Dr Tuomas Pöysti1 The Constitutionalisation and Evolution of Penal Law and Control Policy in the European.
Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
EU Criminal Law Introduction, Lisbon Treaty. EU criminal legislation EU cannot adopt a general EU criminal code EU cannot adopt a general EU criminal.
European civil procedure law Judicial cooperation in civil matters
Migration Law Schengen Information System by Konrad Wilk.
EHRs and the European Union – current legislation and future directions. Dr Richard Fitton.
Course: European Criminal Law SS 2009 Hubert Hinterhofer.
Personal data protection in criminal procedure International collaboration and principle of proportionality LEFIS ROVANIEMI MEETING 19TH 20TH JANUARY 2007.
European civil procedure law Judicial cooperation in civil matters.
The Eighth Asian Bioethics Conference Biotechnology, Culture, and Human Values in Asia and Beyond Confidentiality and Genetic data: Ethical and Legal Rights.
European Data Protection Supervisor Pharmaceutical Regulatory & Compliance Congress, Brussels, 7 June 2007 European Privacy and Data Protection Policy.
Acquis communautaire Community Acquis DEFINITION.
Course: European Criminal Law SS 2009 Hubert Hinterhofer.
Fight against terrorism. EU institutional/legal framework A bit of history 1957: European Communities are born.
Data protection and European citizens’ initiatives
CRIMINAL LAW OF THE EUROPEAN UNION 1 April 2015 THE LISBON TREATY AND CRIMINAL LAW Dr. sc. Zoran Burić Department of Criminal Procedural Law University.
Course: European Criminal Law SS 2009 Hubert Hinterhofer.
M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 31 – Common Foreign, Security and.
Data Protection – the Lisbon Effect Billy Hawkes Data Protection Commissioner Institute of International and European Affairs Dublin, 17 September 2009.
UK and EU Criminal & Policing Law: What Effect of Brexit?
MOSCOW, NOVEMBER 2007 JUSTICE AND HOME AFFAIRS AND EUROPEAN INTEGRATION PROF DR JAAP W. DE ZWAAN DIRECTOR ‘CLINGENDAEL’ AND PROFESSOR OF EU LAW THE NETHERLANDS.
Lost in Translations – An Examination of the Legal & Practical Problems Associated with the Implementation (or Non-Implementation) of Directive 2010/64/EU.
Agencija za zaštitu ličnih/osobnih podataka u Bosni i Hercegovini Агенција за заштиту личних података у Босни и Херцеговини Personal Data Protection Agency.
The Criminal Law Competence of the EC before Lisbon.
European Data Protection Supervisor TAIEX Seminar - Belgrade 9 February 2009 Principles of data protection and international legal framework Alfonso Scirocco.
Privacy and ‘Big Data’: the European perspective Human Subjects’ Protections in the Digital Age: IRB, Privacy and Big Data Peter Elias, University of Warwick.
TAIEX INTERNAL MARKET WEEK IN BUDAPEST November 2004 Co-operation of Customs Administrations Presentation by: Sandro Le Noci – Italian Customs.
Privacy in the Digital Age: the UN General Assembly Resolution
EU Law Law 326.
DIRECTIVE (EU) 2016/680 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing.
1- Introduction ii-. Part ONE : foreign and security policy.
EU Legislative Powers: Principles and Procedures
European Union Law Law 326.
European Union Institutions Law Making
THE NEW GENERAL DATA PROTECTION REGULATION: A EUROPEAN OR A GLOBAL STANDARD? Bart van der Sloot Senior Researcher Tilburg Institute for Law, Technology,
Data Protection: EU & International
DIRECTORATE GENERAL FOR INTERNAL POLICIES
EU Competences Tamara Ćapeta 2016.
European Union Law Law 326.
Parliamentary and European Law Making Institutions of the European Union Notes:
Data Protection & Human Rights
DIRECTOR ‘CLINGENDAEL’ AND PROFESSOR OF EU LAW
INTRODUCTION INTO PRIVATE INTERNATIONAL LAW OF THE EUROPEAN UNION
Article 10 – Freedom of expression
European actions.
EUROPEAN PUBLIC PROSECUTOR’S OFFICE
Cybercrime and Data Protection
The Modernisation of Convention108
Is Data Protection a Fundamental Right Protecting the Individual?
European Labour Law Jean Monnet Chair of EU Labour Law Academic Year Silvia Borelli:
Data Protection in Law Enforcement Area Chapter 9a of the draft law
The Law of the European Union
The supervision of personal data processing by EU institutions and bodies => data protection and privacy, why it matters, for you as citizens and as EU.
EUROPEAN UNION CITIZENSHIP
Outline Background: development of the Commission’s position
EU Powers Tamara Ćapeta 2014.
European Union Law Daniele Gallo
Presentation transcript:

Data Protection and Justice and Home Affairs The United States - Member States counterterrorism cooperation and the European data protection standards Prof. Paul De Hert, LSTS - VRIJE UNIVERSITEIT BRUSSEL January 14, 2019

1. CoE data protection law Article 8 ECHR Convention No. 108 and its Additional Protocol Recommendation No. R (87) 15 Regulating the Use of Personal Data in the Police Sector January 14, 2019

 1. Article 8 ECHR 1. Everyone has the right to respect for his private and family life, his home and his correspondence. 2. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others. The ECHR does not explicitly mention the protection of personal data. However The ECtHR case law recognises that the right to data protection is encompassed in Art. 8 ECHR: Z v. Finland, M.S. v. Sweden (1987): “The protection of personal data is of fundamental importance to a person’s enjoyment of his or her right to respect for private and family life as guaranteed by article 8 ECHR”. January 14, 2019

2. Convention No. 108 and its Additional Protocol First data protection text Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data 1981 (“Convention 108”) Data Protection Principles Lawfulness Purposes limitation Proportionality Accurate, update Data retention Individuals rights and data collector duties the confidentiality of sensitive data, information of the data subject, his/her right to access, rectification, etc. Additional protocol 2001 adds the “adequacy requirement” for Transborder dataflow between Contracting Party to the Convention and third countries January 14, 2019

3. Recommendation No. R (87) 15 regulating the Use of Personal Data in the Police Sector Scope: balance between the prevention and suppression of criminal offences, the maintenance of public order (state interest) and the respect of the privacy of citizens (individual interest) Soft Law - Guidelines for states: “Each country should establish an independent supervisory body outside the police sector.” “The collection of personal data for police purposes should be limited to such as is necessary for the prevention of a real danger or the suppression of a specific criminal offence” . The process of sensitive data by the police is allowed if the collection is "absolutely necessary for the purposes of a particular inquiry". January 14, 2019

2. EU Primary Law Standards Pre-Lisbon: the Protection to the personal data right and its delayed in the police and judicial cooperation policies The new Article 16 TFEU The inclusion of the Judicial and Police Cooperation in the TFEU January 14, 2019

1. Pre-Lisbon Maastricht Treaty: pillar division structure First pillar: European Community (EC) Legal Basis: Art. 95 and 286 ECT Co-decision procedure (Plmt&Council) Data protection text: Directive 95/46/EC Second pillar: Common Foreign and Security Policy (CFSP) No legal basis and no DP text Third pillar: Police and Judicial Cooperation in Criminal matter (PJCC) Legal basis: Art. 30.1.b TEU intergovernmental cooperation method (EU Plmt is only consulted) Data Protection text: Decision Framework 2008/977/JHA January 14, 2019

The new Article 16 TFEU (Lisbon) Abolition of former pillars and entry of the personal data protection within the Union’s competences: Art.16 TFEU “Everyone has the right to the protection of personal data concerning them”. The European Parliament and the Council, acting in accordance with the ordinary legislative procedure, shall lay down the rules relating to the protection of individuals with regard to the processing of personal data by Union institutions, bodies, offices and agencies, and by the Member States when carrying out activities which fall within the scope of Union law, and the rules relating to the free movement of such data. Compliance with these rules shall be subject to the control of independent authorities. = The recognition of data protection as an autonomous fundamental right with full legal validity as part of primary EU law = An unique legal basis for former first pillar (community matters) and third pillar (police and judicial cooperation in criminal matters)  co-decision procedure January 14, 2019

The inclusion of the Judicial and Police Cooperation in the TFEU Activities of the former third pillar, the Police Cooperation and the Judicial Cooperation pass under the Title V. Area of Freedom, Security and Justice in the TFEU Article 16 TFEU applies Co-decision procedure (Plmt&Council) full judicial review of the ECJ Article 218(6): the adoption of international cooperation agreements dealing with personal data protection (Data Sharing Agreements with third States) are subjected to the consent of the Parliament. January 14, 2019

3. The Framework Directive 2008/977/JHA Adoption, purpose and scope Adopted under 2nd pillar after 9/11 = pro-security context The data protection reference text for the judicial and police cooperation area in criminal matter (// Dir.95/46 general and commercial matter) Apply to European and International cross-border data contexts Do not apply: to domestic processing and domestic transfers to already existing agreements between Member States or between the EU and third States to law enforcement authorities (Europol, Eurojust) and exchange systems (CIS, SIS) already governed by specific-sector instruments January 14, 2019

3. The Framework Directive 2008/977/JHA The principles governing Data Transfers to third States and International bodies Processing = General Data Protection Principles (lawfulness, purposes limitation, proportionality, accurate and update) + Transfer = Article 13§1: Member States must assess the data protection legal framework of the third state and verify that it provides an adequate level of protection compared to the European Data Protection standards = ADEQUACY PRINCIPLE Adequate third state  may send data Not adequate third state  must adopt additional DP safeguards Transfer must be necessary for the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties; The receiving authority must be a law enforcement authority The Member State from which the data were obtained has given its consent to transfer January 14, 2019

4.The Proposal for Directive Scope Applies to both purely domestic and cross-border data processing operated in the context of police and judicial cooperation Applies to existing legal instruments between EU Member States  they shall be renegotiated and amended if they do not include appropriate safeguards Transfer to third states The adequacy principle Commission may make “some adequacy determinations” = common interpretation about which are the adequate third states A system of direct verification by independent authorities Effective and dissuasive sanctions January 14, 2019

5. Transatlantic relations & data sharing cooperation US-EU Post 9/11: counterterrorism measures  conclusion of bilateral and multilateral data sharing agreements allowing the transfer of massive personal data about the 508 000 EU citizen’s towards the US via law enforcement (Europol, Eurojust, FBI, Interpol) and intelligence agencies (CIA, NSA) channels US-EU Mutual legal assistance Agreement US-EU Agreement on Extradition US-Europol US-Eurojust PNR Agreements SWIFT Agreement Main Criticism: in their negotiation, the EU and EU institutions did not live up to impose their own European data protection principles  agreements not in compliance with EU DP standards January 14, 2019

6. The Visa Waiver Program (VWP) and the data sharing agreements to Prevent and Combat Serious Crime (PCSC) US-MS VWP: allows nationals of 37 designated countries, including 23 EU Member States, to travel to the United States without having a visa (only a valid Electronic System for Travel Authorization (ESTA)) for business, transit or travel purposes for up to 90 days. Creates economic and political benefits between US and “VWP states” After 9/11 US government decides to impose new requirements to be part or remain VWP States: amongst them, the conclusion of a Preventing and Combating Serious Crime Agreement (PCSC) January 14, 2019

7. The PCSC or “Prüm-like Treaties” PCSC or “Prum like Treaties” Objective: “sharing agreements aiming to fight against terrorism and serious cross-border crime” Content Similar to the Prüm Treaty but with less safeguards and with a non–EU State (not subjected to the same DP legal standards) Vague and broad concepts (ex: National contact point) categories of sensitive data may be transferred to the other Party if it is relevant to the purpose of the agreement (strictly necessity requirement ?) NO independent supervisory data protection  Member States have pushed aside their own data protection standards January 14, 2019

8. EU-US General Data Protection Agreement: Solution? Under the suggestion of the High Level Contact Group (manage the discussions on privacy and personal data protection between the EU and the US in the context of the exchange of information), the EU Plmt & EU Com include in the reform DP package a General data Protection Transatlantic Agreement Umbrella agreement: a lex generalis for all future bilateral or multilateral data sharing agreements signed between the US and the EU institutions, its agencies, bodies, and Member States based on 12 “common principles” a list of the incompatibility points has been dressed and will serve to draft the future agreement EU Com and Art 29WP supports the introduction of a Retroactivity Principle  existing (multilateral and bilateral) data sharing agreements applicable in criminal matters such as the US-EU institutions agreements and PCSC agreements will be re-examined in the light of the new data protection standards encompassed in the general agreement.

Thank you January 14, 2019