The EDPS: competences and processing of personal data in EU funds

Slides:



Advertisements
Similar presentations
The Role of the IRB An Institutional Review Board (IRB) is a review committee established to help protect the rights and welfare of human research subjects.
Advertisements

Re-use of PSI Data Protection Issues Cécile de Terwangne Professor at the Law Faculty, Research Director at CRIDS University of Namur (Belgium) 2 nd LAPSI.
EU-MIDIS European Union Minorities & Discrimination Survey Collecting reliable and comparable data on the Roma across the EU Eva Sobotka.
DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.
1 The Data Protection Officer at work Experience, good practices and lessons learnt Pierre Vernhes – former DPO at the Council of the EU Workshop on Data.
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.
Europol’s tailor-made data protection framework
EU: Bilateral Agreements of Member States
EU: Bilateral Agreements of Member States. Formerly concluded international agreements of Member States with third countries Article 351 TFEU The rights.
Class 13 Internet Privacy Law European Privacy.
COMMISSION FOR PERSONAL DATA PROTECTION 14 TH Meeting, CEEDPA may, Kyiv LEGAL FRAMEWORK FOR DATA PROTECTION, COMPETENCES AND PRIORITIES OF THE COMMISSION.
1 When hate speech tangles privacy... When hate speech tangles privacy...
Migration Law Schengen Information System by Konrad Wilk.
Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.
Personal data protection in Internet Thomas Papaliagkas, LLM.
III Mercator International Symposium November 2004 "Linguistic diversity and education: Challenges and opportunities" Mercator-Legislation “The right.
Europe's work in progress: quality of mHealth Pēteris Zilgalvis, J.D., Head of Unit, Health and Well-Being, DG CONNECT Voka Health Community 29 September.
European Data Protection Supervisor Pharmaceutical Regulatory & Compliance Congress, Brussels, 7 June 2007 European Privacy and Data Protection Policy.
Undertakings for collective investment in transferable securities (UCITS) Worldbank Global Development Learning Network The Advanced Program in Accounting.
European Data Protection Supervisor Inhye Lee. What is EDPS?  Located in Brussels, Belgium  Established in January 2004  Peter Hustinx, Joaquin Bayo.
Data protection and European citizens’ initiatives
Data Protection Principles as Basic Foundation for Data Protection in EU/EEA Introduction to Data Protection Theory Seminar - AFIN Stephen.
Workshop on Privacy of Public Figures and Freedom of Information - Skopje, 9-10 October 2012.
1 TAIEX JHA Workshop on data protection and cloud computing Data transfers to third countries and standard contractual clauses Skopje, 29 May 2014.
Sharing Information Legally Lindsay Ould London Borough of Lewisham.
Presented by Ms. Teki Akuetteh LLM (IT and Telecom Law) 16/07/2013Data Protection Act, 2012: A call for Action1.
Protection of Personal Information Act An Analysis on the impact.
TRANSBORDER DATA FLOWS INA MEIRING. THE PROTECTION OF PERSONAL INFORMATION ACT (“POPI”) > 'personal information' means information relating to an identifiable,
European Data Protection Supervisor TAIEX Seminar - Belgrade 9 February 2009 Principles of data protection and international legal framework Alfonso Scirocco.
The fundamental rights of LGBT citizens in Europe – EU legislation and the Charter of Fundamental Rights.
The future of data protection: General Data Protection Regulation
EU Law Law 326.
Processing for archiving purposes in the GDPR
Public Participation in Biofuels Voluntary
GDPR (General Data Protection Regulation)
THE NEW GENERAL DATA PROTECTION REGULATION: A EUROPEAN OR A GLOBAL STANDARD? Bart van der Sloot Senior Researcher Tilburg Institute for Law, Technology,
Issues of personal data protection in scientific research
General Data Protection Regulation
Data for Child Health: Promoting & Protecting Public Health through Custodianship EAP Brussels, 28 January 2016 Health Databases & Biobanks Promoting &
General Data Protection Regulation: Turning the black into white
EU Directive 95/46/EC (Paragraph 2) “Whereas data-processing systems are designed to serve man; whereas they must Respect their fundamental rights.
DP BILL: DIFFERENCES AND DEROGATIONS
Expert Hearing on Data Protection Legislation and ESF Reporting
Research Code of Practice Research Ethics Review Procedures
ESF Monitoring & Evaluation and Data Protection in Spain
European actions.
Annelisa COTONE European Commission DG Justice
Relocation CARNIVAL come one…come all
Report on data protection legislation Case of Romania
Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .
Timing June : Negotiations with Council and EP: modification of the Financial Regulation subject to ordinary legislative procedure End 2011:
IMPLICATIONS OF GDPR ROBERT BELL.
GDPR Workshop MEU Symposium Prague 2018
European Data Supervisor
The legal and institutional framework for data access in Norway
The activity of Art. 29. Working Party György Halmos
Is Data Protection a Fundamental Right Protecting the Individual?
ARTICLE 16 OF REGULATION (EC) 1083/2006
Operational Programme and Personal Data Protection
Future Monitoring and Evaluation: Focus on results Antonella Schulte-Braucks Ines Hartwig ESF Evaluation Partnership Brussels 17 November 2011.
European Labour Law Jean Monnet Chair of EU Labour Law Academic Year Silvia Borelli:
Data Protection in Law Enforcement Area Chapter 9a of the draft law
Comitology and the Treaty of Lisbon
Legal Basis: CRITERIA FOR MAKING DATA PROCESSING LEGITIMATE
Overview of standards-related obligations and reporting by Mongolia
The supervision of personal data processing by EU institutions and bodies => data protection and privacy, why it matters, for you as citizens and as EU.
Hellenic Statistical Authority (ELSTAT)
EU Data Protection Legislation
Health and safety at work in the EU
Presentation transcript:

The EDPS: competences and processing of personal data in EU funds Expert hearing on data protection legislation Hielke Hijmans Head of Sector Policy and Consultation European Data Protection Supervisor

Overview Legal framework Supervision Consultation Cooperation

Legal Framework Article 16 TFEU Directive 95/46/EC + 2002/58/EC Right to Data Protection Establishment of an independent supervisory authority Directive 95/46/EC + 2002/58/EC Adoption of Regulation (EC) N° 45/2001 Entry into force January 2001 Data protection legal framework under revision

Supervision Task of EDPS is to monitor and ensure that the provisions of Regulation (EC) No 45/2001, as well as other Community acts on the protection of fundamental rights and freedoms, are complied with when EU institutions and bodies process personal data; Prior checks of processing operations in the EU Institutions: Biometric databases, Recruitments, medical files, exclusion databases etc Inspections and audits

Consultation Task of the EDPS to advise the EU institutions and bodies on all matters relating to the processing of personal data; this includes consultation on proposals for legislation and monitoring new developments that have an impact on the protection of personal data Opinions on data protection framework, Financial Regulation, European statistics. Evaluation of FP7 research projects

Cooperation Task of EDPS to cooperate with national supervisory authorities and supervisory bodies in the ‘third pillar’ of the EU with a view to improving consistency in the protection of personal data Observer in Expert Groups Article 29 Data Protection Working Party: Opinion No 4/2007 on the concept of personal data (2008)

Personal data in ESF Requirement: Justification of transfer: Commission Regulation 1828/2006: legal obligations on Member States to collect data on participants in ESF supported activities (gender, age, participant belongs to a minority or vulnerable group, etc) Justification of transfer: Transfer from EU institutions to authorities in Member States is covered by Regulation 45/2001 (Art 8). Not applicable here. Analogy can not be used here General transfer of personal data within the EU is covered by Directive 95/46 Articl 7) c): processing is necessary for compliance with a legal obligation to which the controller is subject

Sensitive Data (I) ESF legal framework foresees collection of sensitive data by Member States. Principle of Directive 95/46 = prohibition Art 8: Processing of personal data revealing racial or ethnic origin, religious or philosophical beliefs […], and the processing of data concerning health or sex life is prohibited

Sensitive data (II) Exceptions ? Art 8 lists possible exceptions: Art 8, 2) explicit consent, data made public by data subject, required by employment law vital interest of the data subject → not applicable here

Sensitive data (III) Other ground? Art 8) 4): Subject to the provision of suitable safeguards, Member States may, for reasons of substantial public interest, lay down exemptions in addition to those laid down in paragraph 2 either by national law or by decision of the supervisory authority. →Would require further amendements of current national legislation

Micro data Defined by Eurostat as confidential data which contain information about individual statistical units. Eurostat: access to anonymised microdata available at Eurostat only for scientific purposes. EDPS adopted two consultative Opinions on Community statistics on health data and on European Statistics: Discrepancy of concepts: Statistical anonymity may still allows indirect identification of data subjects Microdata are the data which are more likely to contain personal data. Commission set up ESAC (European Statistical Advisory Committee) to discuss, among others, access to statistical data by researchers. EDPS is a member of ESAC

Other problems National implementations: Databases of data submitted to notifications, prior control by DPAs The list of sensitive data is implemented differently, depending on the Member States’ interpretation.