Data Protection Compliance Professor Ian Walden Institute of Computer and Communications Law, Centre for Commercial Law Studies, Queen Mary, University.

Slides:



Advertisements
Similar presentations
Re-use of PSI Data Protection Issues Cécile de Terwangne Professor at the Law Faculty, Research Director at CRIDS University of Namur (Belgium) 2 nd LAPSI.
Advertisements

Public Sector Information & Data Protection: A plea for personal privacy settings for the re-use of PSI Bart van der Sloot Institute for Information Law.
PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
Protection of Personal Data, Historical context In 1982, Iceland signed the Council of Europe Convention nr. 108 from 1981 for the Protection.
Silicon Valley Apps for Kids Meetup Laura D. Berger October 22, 2012 The views expressed herein are those of the speaker, and do not represent the views.
Privacy Online Professor Ian Walden Institute of Computer and Communications Law, Centre for Commercial Law Studies, Queen Mary, University of London Of.
1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,
DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.
The European Union legal framework for clinical data access: The European Union legal framework for clinical data access: potential challenges and opportunities.
MEDIA LAW Copenhagen University SESSION 10 Dirk VOORHOOF Ghent University (->contact)
Lecture to Carleton University, Center for European Studies, December 1, 2010.
Copyright © 2004 by Prentice-Hall. All rights reserved. PowerPoint Slides to Accompany BUSINESS LAW E-Commerce and Digital Law International Law and Ethics.
Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.
Anomalous Aspects of Transfer of Personal Data from the E.U. to the U.S. Stephen R. Bell Willkie Farr & Gallagher ABA Section of International Law New.
Class 13 Internet Privacy Law European Privacy.
THE CHOICES WE MAKE THAT MATTER – International Data Privacy/Protection JILL L. UREY, ASSISTANT GENERAL COUNSEL MID-ATLANTIC CIO FORUM NOVEMBER 20, 2014.
Attorney at the Bars of Paris and Brussels Database exploitation & Data protection Thibault Verbiest Amsterdam 1 April 2005
Marketing - Best Practice from a Legal Point of View Yvonne Cunnane - Information Technology Law Group 30 November 2006.
Lawyer at the Brussels Bar Lecturer at the University of Strasbourg Assistant at the University of Brussels Data Protection & Electronic Communications.
“Internet” and “Operator” (COPPA Statute) InternetOperator Collectively the myriad of computer and telecommunications facilities, including equipment.
Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.
Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.
Data protection supervision authority’s practice concerning exception provided in par. 2 of article 5 of Directive 2002/58/EC DIJANA ŠINKŪNIENĖ State Data.
LexisNexis Confidential EU Privacy Framework Michael Lamb LexisNexis Risk Solutions Vice President and Lead Counsel: Regulatory, Privacy & Policy May 19,
Privacy & Personal Information Prepared by the CBC Law Department CONFIDENTIAL – FALL 2011.
The European influence on privacy law and practice Nigel Waters, Pacific Privacy Consulting International Dimension of E-commerce and Cyberspace Regulation.
Data Protection Act AS Module Heathcote Ch. 12.
IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.
Olof Nilsson.  Ex: Facebook, MySpace, LinkedIn ◦ Allows users to create web pages or profiles that provide information about themselves and are available.
E-Privacy and Cookies: Legal Aspects. E-Privacy Directive 2002/58, amended by 136/2009 Main amendments focus on DBN (security) and confidentiality of.
International Investigations: Issues to Consider When Conducting or Defending Against an FCPA Investigation Outside the United States Presented by: Sandee.
INTERNATIONAL E-DISCOVERY: WHEN CULTURES COLLIDE Alvin F. Lindsay Hogan & Hartson LLP.
WHOIS data The EU legal principles ICANN - GNSO meeting 2 March 2004 George Papapavlou, European Commission ICANN - GNSO meeting 2 March 2004 George Papapavlou,
COPYRIGHT © 2011 South-Western/Cengage Learning. 1 Click your mouse anywhere on the screen to advance the text in each slide. After the starburst appears,
The Framework for Privacy Policies in the UK: Is telling people what information is gathered about them part of the framework? Does it need to be? Emma.
Chapter 11.  Electronic commerce (e-commerce)  The sale of goods and services by computer over the Internet  Internet (Net)  A collection of millions.
Terms of Service Agreements What does the fine print really contain?
© 2010 Pearson Education, Inc., publishing as Prentice-Hall 1 INTERNET LAW AND E-COMMERCE © 2010 Pearson Education, Inc., publishing as Prentice-Hall CHAPTER.
Privacy, Data Protection and Lex Informatica -- lecture 7 Dr. Lee A. Bygrave,
Privacy Compliance in Schools Darrebin A/P’s Network 7 May 2009.
Privacy, data protection and connected cars Lilian Edwards, Professor of Internet Law University of Strathclyde Researcher in Residence, Digital Catapult.
Presentation Title Data Protection The new EU Regulation Insert your logo here.
1 TAIEX JHA Workshop on data protection and cloud computing Data transfers to third countries and standard contractual clauses Skopje, 29 May 2014.
Data Protection and Privacy. nTechnology and personal data – Immense power to process and store data nInformation economy – Driver of economic value:
Data protection—training materials [Name and details of speaker]
Presented by Ms. Teki Akuetteh LLM (IT and Telecom Law) 16/07/2013Data Protection Act, 2012: A call for Action1.
Ethical, legal and social aspects of public health genomics Mark Taylor, School of Law, University of Sheffield 7 th November 2014.
E-C OMMERCE : T HE E -C ONSUMER AND THE ATTACKS AGAINST THE PERSONAL DATA Nomikou Eirini Attorney at Law, Piraeus Bar Association Master Degree in Web.
Agencija za zaštitu ličnih/osobnih podataka u Bosni i Hercegovini Агенција за заштиту личних података у Босни и Херцеговини Personal Data Protection Agency.
Data Protection Laws in the European Union John Armstrong CMS Cameron McKenna.
Key changes with the GDPR
Industry 4.0 – New ways of cooperative working – are we prepared?
Student Privacy in an Ever-Changing Digital World
Electronic Transactions & Authentication
Role of Service Providers in Cybercrime Investigations
Data Protection The Current Regime
EU Directive 95/46/EC (Paragraph 2) “Whereas data-processing systems are designed to serve man; whereas they must Respect their fundamental rights.
Bob Siegel President Privacy Ref, Inc.
Privacy & Access to Information
The General Data Protection Regulation (GDPR)
DATA e-Privacy Regulation Proposal
Appropriate Data Sharing in Health and Social Care
GDPR Overview and Use Cases.
GDPR Workshop MEU Symposium Prague 2018
Data transfers to non-EU countries under the new GDPR
Data Protection: The new EU Regulation
General Date Protection Regulation
Overview of the recommendations regarding approximation of the Law on personal data protection to the new EU General data protection regulation Valerija.
EU Data Protection Legislation
Presentation transcript:

Data Protection Compliance Professor Ian Walden Institute of Computer and Communications Law, Centre for Commercial Law Studies, Queen Mary, University of London

Introductory Remarks u u Personal data – –‘processing’: collecting, using, disclosing & transferring personal data u u Compliance – –data controller ‘determines purpose and means’ – –e.g. SWIFT case – –data processor e.g. Web host –” (art. 17(4)) –“shall be in writing or in another equivalent form” (art. 17(4))

Transparency u u Obligation – –fair processing (art. 6(1)) – –when using networks to store information or gain access to information stored on users terminal equipment (02/58/EC, art. 5(3)) e.g. ‘cookies’ ‘provided with clear and comprehensive information’ u u Timing – –when collected from data subject (art. 10) – –when not obtained from data subject (art. 11) unless already has it

Transparency u u Content of notification – –identity, purposes, recipients, consequences, right of access u u Right of access (art. 12) – –personal data – –meta-data purposes, disclosures, source – –right of rectification, erasure, blocking notification of third parties u u Notification to national authority (art. 18)

Transparency u u Related legislation – –Distance-selling Directive 97/7/EC: art. 4 (prior information), art. 5 (written confirmation) Distance-selling of financial services Directive 02/65/EC: art. 3 (prior information), art. 4 (additional requirements), art. 5 (communication of terms & information) – –eCommerce Directive 00/31/EC: art. 5 (general), art. 6 (commercial communications), art. 10 (contract process) u u Form – –‘durable medium’ “which enables the consumer to store information addressed personally to him in a way accessible for future reference” (02/65/EC, at art. 2(f)) – –‘easily, directly and permanently accessible to the recipients of the service’

Processing Personal Data u Consent –“freely given, specific and informed” u Ex ante –as one ground for legitimising processing –as sole ground for legitimising processing use of traffic data for ‘marketing’ or ‘provision of value added services’ (02/58/EC, art. 6(3)) use of traffic data for ‘marketing’ or ‘provision of value added services’ (02/58/EC, art. 6(3)) u Ex post –right to object to processing for the purposes of ‘direct marketing’ (art. 14(b))

Processing Personal Data –nature implied (opt-out) & explicit (opt-in) implied (opt-out) & explicit (opt-in) –‘unambiguously’ ‘special categories of data’ (art. 8) ‘special categories of data’ (art. 8) Directive 99/93/EC, art. 8(2) re: certification service providers Directive 99/93/EC, art. 8(2) re: certification service providers –timing prior prior –Directive 02/58/EC, art. 13(1): unsolicited communications u Alternative grounds –performance of a contract (transactional) –compliance with a legal obligation (regulatory)

Problem of Children u u From marketing to social networking sites, e.g. Bebo, Facebook u u When is a child independent? – –OIC: 12 yrs; FEDMA: 14 yrs u u Children’s Online Privacy Protection Act of 1998 – –directed at children under 13, or knowingly collects – –otherwise, not under a duty to investigate age of visitors – –‘verifiable parental consent’ e.g. with digital signature – –enforcement UMG Recordings $400,000 and Bonzi Software $75,000

Transferring Data u Question of applicable law (art. 4) –“..for purposes of processing personal data makes use of equipment..” transit exception transit exception web-based forms web-based forms –Lindqvist (2003) uploading to web does not mean ‘transfer’ (para. 68) uploading to web does not mean ‘transfer’ (para. 68) u ‘Adequate level of protection’ (art. 25) –‘in the light of all the circumstances’ –Community findings (art. 25(6)) of adequacy Switzerland, Hungary, Canada, Argentina, US ‘Safe Harbor’ Switzerland, Hungary, Canada, Argentina, US ‘Safe Harbor’

Transferring Data u u Derogations (art. 26) – –consent – –specified need, e.g. “on important public interest grounds, or for the establishment, exercise or defence of legal claims;” But SWIFT case: “only important public interests identified as such by the national legislation applicable to data controllers established in the EU are valid in this connection.” (WP 128) – –authorised by national authority e.g. contractual provisions, binding corporate rules

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.