Transborder dataflows Flow of information across national borders Much of this data involves personal information.

Slides:

Advertisements

Similar presentations

Damon Greer Safe Harbor Program October 15, 2007

Advertisements

EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure.

PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR

1 Enforcement Powers of National Data Protection Authorities and Experience gained of the Data Protection Directive Safe Harbour Conference Washington.

International Privacy Laws Ashley Michele Green Sensitive Information in a Wired World October 30, 2003.

ONLINE PRIVACY & DATA PROTECTION VERINE ETSEBETH.

The Data Protection (Jersey) Law 2005.

4th Annual Enterprise Security Asia Conference February 2007, Kuala Lumpur, Malaysia Bright Ideas on Business Privacy Stephen Cobb, CISSP Cobb Associates.

Privacy: Accountability and Enforceability Jamie Yoo April 11, 2006 CPSC 457: Sensitive Information in a Wired World.

The Geopolitics of Personal Data and the Governance of Privacy Colin J. Bennett Department of Political Science University of Victoria BC, Canada

PRIVACY A Consumer Reporting Agency Perspective. Collect and Sell Information on People Credit Bureaus – Equifax, Experian & TransUnion – are CRA’s But.

1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,

The Australian Privacy Principles Protecting information rights – advancing information policy.

CSE2500 Systems Security and Privacy Week 11 Privacy Law in Australia (after 2000)

Managing Personal Information - Australian Companies Outsourcing to India and the Philippines Professor Margaret Jackson and Marita Shelly.

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Privacy Law.

EU: Bilateral Agreements of Member States. Formerly concluded international agreements of Member States with third countries Article 351 TFEU The rights.

The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.

CyLab Usable Privacy and Security Laboratory 1 Privacy Policy, Law and Technology Privacy Law September 9, 2010.

A European View of Privacy Protection John Woulds Director of Operations UK Data Protection Commissioner National Conference on Privacy, Technology & Criminal.

Per Anders Eriksson

The U.S.-E.U. Safe Harbor Framework The U.S.-E.U. Safe Harbor Framework New Developments in Data Flows, Standards, & Compliance Damon Greer U.S. Department.

High Technology Cooperation Group: Data Privacy The Indo-U.S. High Technology Cooperation Group November 18, Privacy and Cyber Security:

Anomalous Aspects of Transfer of Personal Data from the E.U. to the U.S. Stephen R. Bell Willkie Farr & Gallagher ABA Section of International Law New.

Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario.

Data Protection Overview

Protecting information rights – advancing information policy Privacy law reform for APP entities (organisations)

RESPECT Guidelines regarding data protection aspects whithin socio-economic research Y. Poullet, K. Rosier, I. Vereecken CRID-FUNDP in cooperation with.

© 2007 The MITRE Corporation. MITRE Privacy Practice W3C Government Linked Data Working Group Michael Aisenberg, Esq. 29 June 2011 Predicate for Privacy.

Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.

Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.

LexisNexis Confidential EU Privacy Framework Michael Lamb LexisNexis Risk Solutions Vice President and Lead Counsel: Regulatory, Privacy & Policy May 19,

APEC vs APT?: The struggle for regional privacy standards Graham Greenleaf ‘Terrorists & Watchdogs’ Conference, 8 September 2003 See

1 SAFE HARBOR FRAMEWORK Barbara S. Wellbery Morrison & Foerster LLP 2000 Pennsylvania Avenue Washington, DC /

Protecting information rights – advancing information policy The Australian Privacy Principles.

The European influence on privacy law and practice Nigel Waters, Pacific Privacy Consulting International Dimension of E-commerce and Cyberspace Regulation.

Investigating Rights and Responsibilities at work

IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.

Europe's work in progress: quality of mHealth Pēteris Zilgalvis, J.D., Head of Unit, Health and Well-Being, DG CONNECT Voka Health Community 29 September.

Robert Guerra Director, CryptoRights Foundation Implementing Privacy Implementing Privacy: Rules of the Game for Developers Mac-Crypto Conference on Macintosh.

Business Law and the Regulation of Business Chapter 47: International Business Law By Richard A. Mann & Barry S. Roberts.

Malcolm Crompton APEC Information Privacy Framework: review, impact, & progress APEC Symposium on Information Privacy Protection in E Government & E Commerce.

PROTECTION OF PERSONAL DATA. OECD GUIDELINES: BASIC PRINCIPLES OF NATIONAL APPLICATION Collection Limitation Principle There should be limits to the collection.

Privacy: An International Perspective Marty Abrams August 18, 2008.

1 Copyright © International Security, Trust & Privacy Alliance -All Rights Reserved Making Privacy Operational International Security, Trust.

Issues Related to Global Information Systems A business can’t just worry about its home- country laws, rules and regulations. If a business has global.

Privacy, Data Protection and Lex Informatica -- lecture 7 Dr. Lee A. Bygrave,

DR ANDREA MULLIGAN BARRISTER-AT-LAW LLB, LLM(HARV.), PH.D Safe Harbor and Schrems v DPC.

The EU General Data Protection Regulation Frank Rankin.

Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.

-1- WORKSHOP ON DATA PROTECTION AND DATA TRANSFERS TO THIRD COUNTRIES Technical and organizational security measures Skopje, 16 May - 17 May 2011 María.

Agencija za zaštitu ličnih/osobnih podataka u Bosni i Hercegovini Агенција за заштиту личних података у Босни и Херцеговини Personal Data Protection Agency.

Data Protection Laws in the European Union John Armstrong CMS Cameron McKenna.

HIPSSA Project PRESENTATION ON SADC DATA PROTECTION MODEL LAW

Convention 108 and the EU framework: Differing while Converging

Surveillance around the world

THE NEW GENERAL DATA PROTECTION REGULATION: A EUROPEAN OR A GLOBAL STANDARD? Bart van der Sloot Senior Researcher Tilburg Institute for Law, Technology,

Data Protection: EU & International

General Data Protection Regulation

International Regulatory Trends

APP entities (organisations)

Information Governance and Data Privacy: A World of Risk

EU Directive 95/46/EC (Paragraph 2) “Whereas data-processing systems are designed to serve man; whereas they must Respect their fundamental rights.

Employee Privacy and Privacy of Employee Information

HIPSSA Project Support for Harmonization of the ICT Policies in Sub-Sahara Africa, Meeting with the Namibia ICT Ministry and Data Protection Stakeholders.

Data Protection and You

The Modernisation of Convention108

IAPP TRUSTe SYMPOSIUM 9-11 JUNE 2004

Presentation transcript:

Transborder dataflows Flow of information across national borders Much of this data involves personal information

Examples of transborder personal data An American buys a book from a bookstore in England –Information on the sale and payment cross two national borders A Spaniard does contract work with a company in Canada –Information regarding payment crosses two national borders and earnings information is registered with two internal revenue agencies

National Differences Definition –US, Canada and France Define protections of personal data in terms of privacy –Most of the European countries Define it as data protection Omnibus legislation versus sectoral rules

More national differences US –Privacy issues are driven by consumerism and free trade—stress on free flow of information and often cite the First Amendment for support European and some other countries –Privacy issues and data protection policies protect fundamental rights of citizens— reflects belief that governments have a duty to protect privacy of citizens

Harmonization efforts Council of Europe adopted recommendations that information should be accurate, timely and relevant; confidentiality and security should be protected; individuals should have rights of access, notice, consent, correction—and went on to draft an international treaty— US did not sign it OECD adopted non-binding guidelines

Negotiations between US and EU Three key issues –Degree of individual control: opt-in versus opt-out for secondary uses—expectation in Europe is that personal information will not be exchanged; it is the opposite in the US –“Equivalent” or “Adequate” to the EU Directive before information can be transferred to or from an EU country –What type of government authority was necessary to enforce and oversee—most European countries have privacy commissions

Options First method: show that US policies were indeed adequate to the EU Directive—two US lawyers conducted study—no clear cut verdict Second method: individual contracts— didn’t have the force of law and didn’t involve sovereign nations Third method: negotiate an arrangement between EU and US—a “safe harbor”

Safe Harbor Principles Notice: notify individuals about purpose; any third party disclosures; contact information Choice: must provide opt-out as far as third party disclosure or incompatible use; opt-in for sensitive information Onward Transfer (third party): assure that the third party also follows notice and choice

Access: individuals must have access to personal information and right to amend or delete if inaccurate Security: reasonable precautions to protect information Data Integrity: personal information must be relevant for the purpose it is to be used; ensure data is reliable for intended use Enforcement: independent recourse mechanism

Private Sector Enforcement Must have dispute resolution system in place Must remedy problems arising out of noncompliance –Remedies have to be strong enough to encourage compliance –Must include publicity for findings of noncompliance

Government Enforcement Federal Trade Commission –Counts as unfair and deceptive trade practice Department of Transportation –Airlines and ticket agents

List of companies