European CommissionDirectorate-General Justice, Freedom and Security Data Protection 1 Conference on Cross Border Data Flows & Privacy October 15-16, 2007.

Slides:



Advertisements
Similar presentations
Re-use of PSI Data Protection Issues Cécile de Terwangne Professor at the Law Faculty, Research Director at CRIDS University of Namur (Belgium) 2 nd LAPSI.
Advertisements

Public Sector Information & Data Protection: A plea for personal privacy settings for the re-use of PSI Bart van der Sloot Institute for Information Law.
PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR
EU-MIDIS European Union Minorities & Discrimination Survey Collecting reliable and comparable data on the Roma across the EU Eva Sobotka.
1 Enforcement Powers of National Data Protection Authorities and Experience gained of the Data Protection Directive Safe Harbour Conference Washington.
Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Data Protection Billy Hawkes Data Protection Commissioner Irish Human Rights Commission 20 November 2010.
Data Protection & Privacy in the Information Age COMNET – Legal Frameworks for ICTs Malta 2013 Dr Antonio Ghio Dr Jeanine Rizzo.
DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.
The data retention directive: data protection aspects Frank Robben General manager Crossroads Bank for Social Security Sint-Pieterssteenweg 375 B-1040.
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
Convention for the protection of individual with regard to automatic processing of personal data “The purpose of this convention is to secure in the territory.
Protection of Personal Data, Historical context In 1982, Iceland signed the Council of Europe Convention nr. 108 from 1981 for the Protection.
The Data Protection (Jersey) Law 2005.
Signature (unit, name, etc.) Introduction to biometrics from a legal perspective Yue Liu Mar NRCCL, UIO.
DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
ILONA GAVRONSKA GROUP IL-41 INTERNATIONAL LAW DEPARTMENT KYIV NATIONAL ACADEMY OF SCIENCES OF UKRAINE KYIV UNIVERSITY OF LAW.
A European View of Privacy Protection John Woulds Director of Operations UK Data Protection Commissioner National Conference on Privacy, Technology & Criminal.
Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Attorney at the Bars of Paris and Brussels Database exploitation & Data protection Thibault Verbiest Amsterdam 1 April 2005
Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Data Protection Overview
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
Lawyer at the Brussels Bar Lecturer at the University of Strasbourg Assistant at the University of Brussels Data Protection & Electronic Communications.
European data protection and privacy regulations Johny GASSER Orange Business Services – Consulting & Solutions Integration International Cyber Center.
EHRs and the European Union – current legislation and future directions. Dr Richard Fitton.
LexisNexis Confidential EU Privacy Framework Michael Lamb LexisNexis Risk Solutions Vice President and Lead Counsel: Regulatory, Privacy & Policy May 19,
The Eighth Asian Bioethics Conference Biotechnology, Culture, and Human Values in Asia and Beyond Confidentiality and Genetic data: Ethical and Legal Rights.
Data Protection: An enabler? David Freeland, Senior Policy Officer 23 October 2014.
IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.
Data Protection Act & Freedom of Information Simon Mansell Corporate Governance and Information Team.
Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
INTERNATIONAL E-DISCOVERY: WHEN CULTURES COLLIDE Alvin F. Lindsay Hogan & Hartson LLP.
WHOIS data The EU legal principles ICANN - GNSO meeting 2 March 2004 George Papapavlou, European Commission ICANN - GNSO meeting 2 March 2004 George Papapavlou,
Data protection and European citizens’ initiatives
Data protection and compliance in context 19 November 2007 Stewart Room Partner.
Data Protection Principles as Basic Foundation for Data Protection in EU/EEA Introduction to Data Protection Theory Seminar - AFIN Stephen.
DATA PROTECTION ACT INTRODUCTION The Data Protection Act 1998 came into force on the 1 st March It is more far reaching than its predecessor,
Data Protection Principles as Basic Foundation for Data Protection in EU/EEA Introduction to Data Protection Theory Seminar - AFIN Stephen.
GCSE ICT Data and you: The Data Protection Act. Loyalty cards Many companies use loyalty cards to encourage consumers to use their shops and services.
© University of Reading Lee Shailer 06 June 2016 Data Protection the basics.
Data Protection – the Lisbon Effect Billy Hawkes Data Protection Commissioner Institute of International and European Affairs Dublin, 17 September 2009.
Presented by Ms. Teki Akuetteh LLM (IT and Telecom Law) 16/07/2013Data Protection Act, 2012: A call for Action1.
Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.
TRANSBORDER DATA FLOWS INA MEIRING. THE PROTECTION OF PERSONAL INFORMATION ACT (“POPI”) > 'personal information' means information relating to an identifiable,
European Data Protection Supervisor TAIEX Seminar - Belgrade 9 February 2009 Principles of data protection and international legal framework Alfonso Scirocco.
Data Protection Laws in the European Union John Armstrong CMS Cameron McKenna.
Luca De Matteis Justice counsellor (criminal law, data protection)
Data Protection: The Law
THE NEW GENERAL DATA PROTECTION REGULATION: A EUROPEAN OR A GLOBAL STANDARD? Bart van der Sloot Senior Researcher Tilburg Institute for Law, Technology,
Issues of personal data protection in scientific research
Data Protection: EU & International
Data Protection The Current Regime
General Data Protection Regulation
EU Directive 95/46/EC (Paragraph 2) “Whereas data-processing systems are designed to serve man; whereas they must Respect their fundamental rights.
GENERAL DATA PROTECTION REGULATION (GDPR)
New Data Protection Legislation
State of the privacy union
G.D.P.R General Data Protection Regulations
ESF Monitoring & Evaluation and Data Protection in Spain
Relocation CARNIVAL come one…come all
GDPR Workshop MEU Symposium Prague 2018
The activity of Art. 29. Working Party György Halmos
Is Data Protection a Fundamental Right Protecting the Individual?
Information Handling Research Student Induction Day
Public Sector Information & Data Protection: A plea for personal privacy settings for the re-use of PSI Bart van der Sloot Institute for Information Law.
Welcome IITA Inbound Insider Webinar: An Introduction to GDPR
The EDPS: competences and processing of personal data in EU funds
The supervision of personal data processing by EU institutions and bodies => data protection and privacy, why it matters, for you as citizens and as EU.
Presentation transcript:

European CommissionDirectorate-General Justice, Freedom and Security Data Protection 1 Conference on Cross Border Data Flows & Privacy October 15-16, 2007 Washington, D.C. The European Unions Data Protection Framework 12 Years Later Giovanni Buttarelli Secretary General, Garante per la Protezione dei Dati Personali

European CommissionDirectorate-General Justice, Freedom and Security Data Protection 2 Data protection is a fundamental right. Data protection / privacy protection Right to privacy: the right to be left alone Data protection: right of self- determination for information EU legislation

European CommissionDirectorate-General Justice, Freedom and Security Data Protection 3 Everyone has the right to the protection of his/her personal data A new right for nowadays dimension of privacy

European CommissionDirectorate-General Justice, Freedom and Security Data Protection 4 The sources of the law The main declarations: Article 8 European Convention of Human Rights Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (ETS No. 108) EU Charter of Fundamental Rights: Art. 8 EU legislation

European CommissionDirectorate-General Justice, Freedom and Security Data Protection 5 Article 8 - Protection of personal data 1.Everyone has the right to the protection of personal data concerning him or her. 2.Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified. 3.Compliance with these rules shall be subject to control by an independent authority. EU Charter of fundamental rights

European CommissionDirectorate-General Justice, Freedom and Security Data Protection 6 General data protection rules: EU Directive 95/46/EC Electronic communication: EU Directive 2002/58/EC Police and judicial co-operation in criminal matters EU Framework Decision COM (2005) 475 Other texts dealing with data protection: Schengen Convention Europol Eurojust Texts on the Internet: EU legislation

European CommissionDirectorate-General Justice, Freedom and Security Data Protection 7 DIRECTIVE 95/46/EC EU legislation

European CommissionDirectorate-General Justice, Freedom and Security Data Protection 8 Data Protection Directive 95/46/EC: high level of protection of personal data free movement of data within EU/EEA Personal data: identified or identifiable person Processing: broad definition Applies to public and private sectors Relation data subject - controller Basic principles

European CommissionDirectorate-General Justice, Freedom and Security Data Protection 9 Article 2 'personal data' shall mean any information relating to an identified or identifiable natural person ('data subject'); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity; 'processing of personal data' ('processing') shall mean any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction; Processing means more than collection Definitions

European CommissionDirectorate-General Justice, Freedom and Security Data Protection 10 (Unambiguous) Consent Necessary for performance of a contract Necessary for compliance with a legal obligation of the controller Necessary to protect the vital interest of the data subject Necessary for the performance of a task of public interest or official authority Legitimate interests of the controller (balance of interest) Legitimacy

European CommissionDirectorate-General Justice, Freedom and Security Data Protection 11 Adequate, relevant and not excessive (in relation to purpose) Accurate and kept up to date Kept in a form which permits identification for no longer than necessary Quality of data

European CommissionDirectorate-General Justice, Freedom and Security Data Protection 12 Personal data must be collected for a specified, explicit and legitimate purpose Not further processed in a way incompatible with those purposes Finality principle

European CommissionDirectorate-General Justice, Freedom and Security Data Protection 13 Processing of sensitive data is in principle prohibited Data revealing race or ethnic origin, political opinions, religious or philosophical belief, trade-union membership, health or sexual life Exceptions: –explicit consent, –obligations of controller in employment field, –vital interests data subject or another person, –legitimate activities of non-profit organisation, –data manifestly made public or legal claims Sensitive data

European CommissionDirectorate-General Justice, Freedom and Security Data Protection 14 Data protection rights Information for the data subject: –clear and understandable language –sufficient information Access to own data Rectification Objection Complaint to Data Protection Authority Rights of the individual

European CommissionDirectorate-General Justice, Freedom and Security Data Protection 15 Controller obligations Responsible for exercise of data subjects rights Confidentiality of the processing Security of the processing Notification to the data protection authority Liability Obligations

European CommissionDirectorate-General Justice, Freedom and Security Data Protection 16 Data Protection Supervision Authorities Fully independent bodies Responsible for enforcing national legislation Organization to be decided by Member States Criteria + powers: EC Directive 95/46/EC (Art. 28) cf. Council of Europe: Additional protocol to Convention 108 regarding supervisory authorities and transborder data flows (ETS No. 181) Full iIndependence means : no government control or supervision Supervisory Authority

European CommissionDirectorate-General Justice, Freedom and Security Data Protection 17 European initiatives Over 30 national DPAs An independent Working Party including 27 Dpas plus observers (Article 29 of Directive 95/46/EC) Several primary objectives: To promote the uniform application of the general principles of the Directives in all Member States and the co-operation between Dpas To advise the European Commission on data protection on any Community measures affecting the rights and freedoms of natural persons with regard to the processing of personal data and privacy. To make recommendations to the public at large on matters relating to the protection of persons with regard to the processing of personal data and privacy in the EU

European CommissionDirectorate-General Justice, Freedom and Security Data Protection 18 The transfer of personal data is authorised within the Member States of the EU and the EEA (25 EU + Island + Liechtenstein + Norway) (situation in 2005) Transfer of data

European CommissionDirectorate-General Justice, Freedom and Security Data Protection Transfer of personal data outside the EU/EEA under certain conditions : Exceptions: Adequate protection by third country Adequacy decision by COM Authorisation by Supervisory Authority Standard contractual clauses Transfer of data

European CommissionDirectorate-General Justice, Freedom and Security Data Protection 20 Resolution on Development on International Standards (29^International Conference Montreal September 2007 to support the development of effective and universally accepted nternational privacy standards

European CommissionDirectorate-General Justice, Freedom and Security Data Protection 21 Communication from the European Commission to the European Parliament and to the Council 7 March 2007 (2007) 87

European CommissionDirectorate-General Justice, Freedom and Security Data Protection 22 Resolution International Co-operation (29^International Conference Montreal September 2007) Recognise that countries have adopted different approaches to protecting personal information and enhancing privacy rights Encourage Data Protection Commissioners to further develop their existing efforts to support international co- operation and to work with internationl organisations to strengthen data protection worldwide

European CommissionDirectorate-General Justice, Freedom and Security Data Protection 23 Declaration of Civil Society Organizations on the Role of Data Protection and Privacy Commissioners (Montreal, September 25, 2007) The worlds Privacy Commissioners must increase their own collective efforts at protecting privacy to counterbalance the increasing cross-border efforts of the worlds security establishments Privacy Commissioners should be more proactive in addressing the privacy impacts of commercial purposes…

European CommissionDirectorate-General Justice, Freedom and Security Data Protection 24 Thank you for your attention

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.