1 Sydney, 2 Oct 2008 Cross-border data flows: Who benefits from abandoning borders? Ø + Graham Greenleaf & Nigel Waters.

Slides:



Advertisements
Similar presentations
1 Enforcement Powers of National Data Protection Authorities and Experience gained of the Data Protection Directive Safe Harbour Conference Washington.
Advertisements

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
International Privacy Laws Ashley Michele Green Sensitive Information in a Wired World October 30, 2003.
Interaction between EIA and Articles 6.3 and 6.4 of Habitats Directive Yvonne Scannell Law School, Trinity College, Dublin Arthur Cox, Solicitors, Dublin.
Cross-border Data Flows and Privacy Reform Patrick Sefton | Principal, Brightline Lawyers.
© 2005 Morrison & Foerster LLP All Rights Reserved Data Security and Incident Notification: The Impact of Foreign Law Presented April 26, 2006 to EDUCAUSE.
The Geopolitics of Personal Data and the Governance of Privacy Colin J. Bennett Department of Political Science University of Victoria BC, Canada
Five years of the APEC Privacy Framework - Failure or Promise? Graham Greenleaf Faculty of Law, University of New South Wales ASLI Conference, NUS, Singapore,
GRAHAM GREENLEAF AM PROFESSOR OF LAW & INFORMATION SYSTEMS UNSW AUSTRALIA PANEL 8 – MAPPING APEC CBPRS ONTO EU BCRS INTERNATIONAL DATA PROTECTION & PRIVACY.
1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,
CSE2500 Systems Security and Privacy Week 11 Privacy Law in Australia (after 2000)
Cross Border Internal Investigations Roger Best 06 July 2011.
Managing Personal Information - Australian Companies Outsourcing to India and the Philippines Professor Margaret Jackson and Marita Shelly.
Time for a new standard - AS General Conditions of Contract
Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
EU: Bilateral Agreements of Member States
EU: Bilateral Agreements of Member States. Formerly concluded international agreements of Member States with third countries Article 351 TFEU The rights.
The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.
© Suzanne Scotchmer 2004 from Innovation and Incentives Intellectual Property in the International Arena: E ntanglement of incentives and politics.
Per Anders Eriksson
Transborder dataflows Flow of information across national borders Much of this data involves personal information.
Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Protecting information rights –­ advancing information policy Privacy law reform for APP entities (organisations)
Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.
CLOUD AND SECURITY: A LEGISLATOR'S PERSPECTIVE 6/7/2013.
Tackling IT crime in a global context: the Convention on Cybercrime 3 years after Julio Pérez Gil University of Burgos, Spain.
Module 6 National implementation and monitoring frameworks.
Agency AUTHORITY OF AGENTS (1) Where an agent acts in the name of a principal, the rules on direct representation apply. (2) Where an intermediary acts.
APEC vs APT?: The struggle for regional privacy standards Graham Greenleaf ‘Terrorists & Watchdogs’ Conference, 8 September 2003 See
Main Building Blocks of National Legislation: Graham Zebedee, Head, Export Control Policy Section, Foreign & Commonwealth Office, United Kingdom.
1 SAFE HARBOR FRAMEWORK Barbara S. Wellbery Morrison & Foerster LLP 2000 Pennsylvania Avenue Washington, DC /
Conducting Cross-Border International Internal Investigations Association of Corporate Counsel International Legal Affairs Committee Jeffrey D. Clark Willkie.
Data Protection Privacy in the Digital Age: the UN General Assembly Resolution Sophie Kwasny, 16 October th International Conference, Mauritius.
Privacy & Personal Information Prepared by the CBC Law Department CONFIDENTIAL – FALL 2011.
The European influence on privacy law and practice Nigel Waters, Pacific Privacy Consulting International Dimension of E-commerce and Cyberspace Regulation.
Managing Risks Associated With Privacy Alison Baker- Senior Associate Hall & Wilcox 24 November
A Perspective: Data Flow Governance in Asia Pacific & APEC Framework Martin Abrams October 21, 2008.
“What’s Ethics Got To Do With It” Presentation to the Canberra Evaluation Forum Gary Kent Head Governance Australian Institute of Health and Welfare.
June 1, st Asia Pacific Privacy Authorities (APPA) Forum – PHAEDRA Workshop Nr. 3: The EU Data Protection Regulation and regional perspectives.
Spectrum authorisation under new EU package Roger Stewart Radiocommunications Agency Head of licensing policy unit.
Malcolm Crompton APEC Information Privacy Framework: review, impact, & progress APEC Symposium on Information Privacy Protection in E Government & E Commerce.
Privacy: An International Perspective Marty Abrams August 18, 2008.
Student Financial Assistance. Session 55-2 Session 55 Internet Privacy Laws.
1 Canadian Privacy Policy: Customizing E.U. Standards Remarks by Jennifer Stoddart Privacy Commissioner of Canada Privacy Symposium: Summer 2007 August.
APEC vs APT?: The struggle for regional privacy standards Graham Greenleaf ‘Terrorists & Watchdogs’ Conference, 8 September 2003.
Préposé fédéral à la protection des données et à la transparence PFPDT Federal Data Protection and Information Commissioner FDPIC Les impératifs d’une.
International Summit of Human Gene Editing December 2, 2015 Gary E. Marchant, Ph.D., J.D.
Title: Overview of 1958 and 1998 Agreements Author: Peter Robertson Economy: Australia.
Strategies to Assist Economies to Integrate into UNECE Framework for Vehicle Regulation #2 Peter Robertson General Manager, Vehicle Safety Standards Australia.
Privacy, Data Protection and Lex Informatica -- lecture 7 Dr. Lee A. Bygrave,
ETUC Project 2014/06 "Building an Enabling Environment for Voluntary and Autonomous Negotiations at Transnational Level between Trade Unions and Multinational.
The EU General Data Protection Regulation Frank Rankin.
Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.
TRANSBORDER DATA FLOWS INA MEIRING. THE PROTECTION OF PERSONAL INFORMATION ACT (“POPI”) > 'personal information' means information relating to an identifiable,
2011 Annual May Workshop The Australian Privacy Law Reform Project: a snapshot Karin Clark 4 May 2011.
Recognizing the Client
Privacy in the Digital Age: the UN General Assembly Resolution
Convention 108 and the EU framework: Differing while Converging
Data Protection Officer’s Overview of the GDPR
UK Bribery Act 2010 Nick van Benschoten UK Government
European Union Institutions Law Making
Data Protection: EU & International
Convention108 in a snapshot
APP entities (organisations)
Data Protection and Freedom of expression Sophie Kwasny
Protection of Personal Information Bill: An International Perspective
Data transfers to non-EU countries under the new GDPR
The Modernisation of Convention108
National implementation and monitoring frameworks
IAPP TRUSTe SYMPOSIUM 9-11 JUNE 2004
Presentation transcript:

1 Sydney, 2 Oct 2008 Cross-border data flows: Who benefits from abandoning borders? Ø + Graham Greenleaf & Nigel Waters

2 Sydney, 2 Oct 2008 Materials Current NPP 9 Transborder data flowsNPP 9 Greenleaf, Waters & Bygrave CLPC Submission to ALRC on DP72, Pt D December 2007 ‘14. Transborder Data Flows (UPP 11)’‘14. Transborder Data Flows (UPP 11)’ ALRC proposed UPP 11. Cross-border Data Flowsproposed UPP 11. Cross-border Data Flows ALRC Report - Ch 31 (Cross-border Data Flows)Ch 31 Symposium presentations by –Malcolm Crompton, Information Integrity Solutions, and former Federal Privacy Commissioner <>Malcolm Crompton – Chris Connolly, Director, Galexia Consulting (and Paper)Chris ConnollyPaper –Peter Ford, ANU College of Law and Former First Assistant Secretary, Commonwealth Attorney-General's DepartmentPeter Ford

3 Sydney, 2 Oct 2008 Let’s send your details to Russia + UPP 11 now applies to agencies as well as companies Ø No longer any border controls on data transfers, only ‘accountability’ –Never a breach merely because of destination of transfer. –Consent to transfer not required before transfer occurs. –Not even possible to forbid transfer of your data to anywhere overseas, once it has been collected. –It’s always OK to transfer your data to Russia Or to anywhere else where sending personal data is dangerous to you Subject to compliance with Use & Disclosure principles - including secondary use Ø Transferors remain liable for UPP breaches (‘accountability’) –BUT only if they are foolish enough not to fit under any of 4 exemptions (so ‘accountability’ will probably never happen) ‘Accountability’ is inadequate protection in any event Ø Requires individual to be aware of, and to prove, breach of UPPs in a foreign country before any liability to arise in transferor Bottom line: Better to make transfer a breach in itself (ie ‘border controls), unless an justifiable exemption from liability applies

4 Sydney, 2 Oct 2008 How to avoid ‘accountability’ for Russian transfers How justifiable are the ALRC’s proposed exemptions from liabilty? 1Exempt from liability if on a Government-published Whitelist. –Inadequate guarantees on objectivity of Whitelist Ø OPC to have no role in development of Whitelist Ø Not even a legislative instrument - No Parliamentary oversight Ø Result is that whole thing is political, and privacy will lose 2 Exempt from liability if you transfer to a country you ‘reasonably believe’ to have ‘protections substantially similar to the model UPPs’. Ø ‘Reasonable belief’ is easily manipulated: Just hire a pliable consultant to inform your belief. Black can become White. –Objective test needed: are the protections in fact substantially similar? Ø Ambiguous?: ‘ Effectively upholds privacy protections’ implies remedies, not only principles, but ‘substantially similar to these principles’ undermines that. Should say ‘to this Act’ to remove doubt.

5 Sydney, 2 Oct 2008 More exemptions from liability 3Exemption if authorised or required by law (UPP 11(1)(c)). Ø Preferable if only where required by law 4Exemption if notice given of ‘no liability for transfer’ (UPP 11(1)((b)) Only applies after express advice that transferor will no longer be liable (b). + Notice of ‘no liability’ may serve to prevent some unwise consents Ø But consent is likely to be illusory - ALRC failed to deal with bundled consent, which can include consent to overseas transfers. Ø ALRC does not require this notification to state the proposed destination Informing individuals of overseas transfers - but it is inadequate + Privacy Policy has to say whether PI may be transferred outside Australia, and to list which countries it will go to (Good – helpful perhaps with SWIFT). Ø BUT the UPP 11(1)((b)) notice given to individuals, where this would be far more use, is not required to state this. Ø Result is very poor: a Privacy Policy need not distinguish between different PI collected, but a Notice should relate to specific PI collected.

6 Sydney, 2 Oct 2008 Ø Borders abandoned Border posts abandoned, but with no countervailing benefits to consumers/citizens Accountability is no substitute unless it applies in all cases except transfers required by law or with much stronger requirements for fully informed, and non-bundled consent than are currently proposed.

7 Sydney, 2 Oct 2008 CoE Conv 108 standards What standard does CoE Convention 108 require? –Consultative Committee may advise Council of Ministers (A 19, 20) whether non- European countries meet Conv 108 requirements (uncertain as yet) –Principles are similar to those of OECD Guidelines –Enforcement and mutual assistance requirements are modest Additional Protocol (ETS No 181) adds complications –20/40 parties to Conv. 108 have acceded; 14 more have signed –Requires legislation and an independent authority (Conv 108 does not) –Requires data export limitations (Conv 108 does not) Which non-European countries could meet CoE accession requirements? –Arguable that Australia and NZ could accede to both Convention and Additional Protocol –Arguable that South Korea, Japan and Taiwan could accede to Convention –Potentially, Canada, some Latin American, and some Middle East countries Bottom Line: Considerable scope for non-European accessions

8 Sydney, 2 Oct 2008 Potential for CoE Conv 108 adoption in Asia-Pacific Potential advantages –Not inconsistent with APEC obligations –Joining a Convention is voluntary, not an external imposition –Would result in free flow of PI to and from signatory non-EU countries (A 12(2) requires) –Would result in free flow of PI to and from EU countries, unless they specifically derogate against exports to a country (A 12(3)(b)) –Would encourage other Asia-Pacific countries to develop their laws and enforcement to CoE standard, to gain the benefits of accession Potential disadvantages –Civil Society view may be that Conv. 108 standards are too low –Might it require exports to countries whose laws are not strong enough? –No mechanism to require acceding countries to adhere to standards Bottom Line: Deserves considerable further study by all Asia-Pacific countries with data protection laws; May be a path to a global agreement, avoiding some problems of EU ‘adequacy’; But without the Additional Protocol, it may set too low a standard

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.