Privacy, Data Protection and Lex Informatica -- lecture 6 Dr. Lee A. Bygrave, 27.2.2006.

Slides:



Advertisements
Similar presentations
Re-use of PSI Data Protection Issues Cécile de Terwangne Professor at the Law Faculty, Research Director at CRIDS University of Namur (Belgium) 2 nd LAPSI.
Advertisements

PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR
1 IS THERE A FUNDAMENTAL RIGHT TO FORGET? Bruxelles – 20 May 2009.
Data Protection Billy Hawkes Data Protection Commissioner Irish Human Rights Commission 20 November 2010.
DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
CHARTERED SECRETARIES AUSTRALIA New Privacy Laws 6 June 2013.
DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.
On Privacy-aware Information Lifecycle Management (ILM) in Enterprises: Setting the Context Marco Casassa Mont Hewlett-Packard.
Data Protection and Ethics Committees in Social Science Research
Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
Europol’s tailor-made data protection framework
Legal European Aspects of Digital Rights Management © Abdullah Sherbini 2006 بسم الله الرحمن الرحيم.
Data Protection Data Protection Acts 1988 & 2003 Directive 95/46/EC Privacy.
Transborder dataflows Flow of information across national borders Much of this data involves personal information.
Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
From European to international standards on data protection (1/2)
Class 13 Internet Privacy Law European Privacy.
The ICO and the DPA Ken Macdonald Assistant Commissioner Information Commissioner’s Office ScotStat Public Sector Analysts Network 30 th September 2010.
Exemptions and the Public Interest Test Louise Townsend - Masons.
Privacy, Data Protection and Lex Informatica -- lecture 4 Dr. Lee A. Bygrave,
CHILDREN’S RIGHTS IN CARE An Enoc member survey Sept 2011.
Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.
Public Voice Symposium, Wroclaw, 13 Sept Best Practices for DPA’s: The Citizens Perspective Karel Neuwirt The Office for Personal Data Protection.
Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.
SWISS DATA PROTECTION LAW AND PERSONAL DATA SECURITY MEASURES.
Privacy, Data Protection and Lex Informatica -- lecture 3 Dr. Lee A. Bygrave,
Privacy of Home Energy Usage Data Jim Williams June 26, 2012 Jim Williams June 26, 2012.
Is Your Research Ethical? The application of Research Ethics Guidelines to Regional Health Authority Research Dr Alan Katz Need to Know: June 9, 2003.
ISBER 2006 Regulations on residual tissue for research in Europe MedLawconsult.
The European influence on privacy law and practice Nigel Waters, Pacific Privacy Consulting International Dimension of E-commerce and Cyberspace Regulation.
Compliance with IOSCO requirements AMEDA Leadership Forum Alexandria Egypt Monday 27 th April 2009 by Dr. Ashraf EL Sharkawy Senior Advisor to the CMA.
1 VIDEO SURVEILLANCE (public/private areas) TOMÁŠ MIČO The Office for Personal Data Protection of the Slovak Republic.
Data Protection Compliance Professor Ian Walden Institute of Computer and Communications Law, Centre for Commercial Law Studies, Queen Mary, University.
From Privacy to Information Governance Dr Petra Wilson Internet Business Solutions Group - Cisco.
IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.
European Data Protection Supervisor Pharmaceutical Regulatory & Compliance Congress, Brussels, 7 June 2007 European Privacy and Data Protection Policy.
FatMax Licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 LicenseCreative Commons Attribution-NonCommercial-ShareAlike 2.5.
WP5: Legal Aspects Overview. 2 Content  Task Overview  Results  Privacy  IPR  Copyright  Trademark.
PROTECTION OF PERSONAL DATA. OECD GUIDELINES: BASIC PRINCIPLES OF NATIONAL APPLICATION Collection Limitation Principle There should be limits to the collection.
THE DATA PROTECTION ACT Data Protection Act 1998 DPA 1. Reasons2. People3. Principles 4. Exemptions 4 key points you need to learn/understand/revise.
Data Protection Principles as Basic Foundation for Data Protection in EU/EEA Introduction to Data Protection Theory Seminar - AFIN Stephen.
Data Protection Act The Data Protection Act (DPA) is a balance between rights of the DATA SUBJECT and obligations of the DATA CONTROLLER DATA CONTROLLER.
Privacy, Data Protection and Lex Informatica -- lecture 7 Dr. Lee A. Bygrave,
DATA PROTECTION ACT (DPA). WHAT IS THE DATA PROTECTION ACT?  The Data Protection Act The Data Protection Act (DPA) gives individuals the right.
Data Protection Principles as Basic Foundation for Data Protection in EU/EEA Introduction to Data Protection Theory Seminar - AFIN Stephen.
The EU General Data Protection Regulation Frank Rankin.
Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.
Data protection—training materials [Name and details of speaker]
Data Protection Laws in the European Union John Armstrong CMS Cameron McKenna.
Privacy, Data Protection and Lex Informatica -- lecture 1
HIPSSA Project PRESENTATION ON SADC DATA PROTECTION MODEL LAW
Data Protection: EU & International
Lee A. Bygrave, Norwegian Research Center for Computers and Law
Introducing GDPR: How the General Data Protection Regulation transforms the world Laura Mudd November 2016.
General Data Protection Regulation
Introduction to GDPR 09/11/2018.
Data protection reform – update from the ICO
State of the privacy union
GDPR Overview and Use Cases.
OECD Guidelines Collection Limitation: should be limited to personal data, obtained by lawful and fair means, and (where appropriate) with knowledge and.
GDPR Workshop MEU Symposium Prague 2018
Is Data Protection a Fundamental Right Protecting the Individual?
General Data Protection regulation (GDPR)
Data Protection in Law Enforcement Area Chapter 9a of the draft law
A Framework for Compliance
Overview of the recommendations regarding approximation of the Law on personal data protection to the new EU General data protection regulation Valerija.
Privacy, Data Protection and Lex Informatica -- lecture 5
Data protection & FOIA considerations
Presentation transcript:

Privacy, Data Protection and Lex Informatica -- lecture 6 Dr. Lee A. Bygrave,

Lecture overview Core principles of data protection laws –Information quality –Data subject participation and control –Disclosure limitation –Information security –Sensitivity –Other new principles? Monitoring and enforcement mechanisms

Information quality DPD Art 6(1)(c), 6(1)(d)) –Multi-facetted; variation in terminology –key criteria: validity, relevance, completeness –variation in terms of stringency of monitoring requirements –insufficient focus on quality of information systems?

Data subject participation and control –duties of information/orientation (DPD Art 10-11) –NB special rule in Norwegian and Icelandic laws with respect to profile use and video surveillance –duties to collect data directly from data subject –duties of consent (DPD Art 7 & 8) –opt-in vs opt-out issue; explicit vs implicit consent –access and rectification rights (DPD Art 12) –NB access to logic in automated decisions –rights to object to direct marketing and automated decision making (DPD Art 14 & 15)

Disclosure limitation Minimum rule: data should not be disclosed except with consent of data subject or by authority of law Not separate principle in DPD but o/wise important (see, eg, OECD Guidelines – “use limitation” principle)

Information security DPD Art 17 –Does Art 17 encourage usage of PETs? –Cf special rule on wartime planning in Danish law

Sensitivity DPD Art 8 –A principle in its own right? –A practicable principle? –Not strongly manifested in all jurisdictions, particularly those o/side Europe (but this is changing a little)

Other principles? Anonymity? Automated decision making?

Monitoring/enforcement Monitoring and enforcement mechanisms –Data Protection Authorities (DPAs) –Licensing / notification schemes –Role of judiciary and quasi-judicial bodies?

Data Protection Authorities Main requirements (see DPD Art 28; CoE Convention Additional Protocol Art 1): –functional independence –variety of tasks with broad discretionary powers –reporting, monitoring, complaints handling, rule development, enforcement; intervention –must be more than mere ombudsmen (?) Increasing need for cross-jurisdictional expertise (DPD Art 28(6))

Licensing/notification schemes Licensing = prior approval req’d from DPA Notification = prior notification req’d Rationales: Ex ante control Transparency Contact between controllers and DPAs Learning / sensory mechanisms

Licensing/notification (2) Balance under DPD (Arts 18-20) –notification = main rule; licensing = exception (recital 54) Cf earlier regimes (eg Norway, Sweden, France) –exemption from notification if internal data protection officer appointed (Art 18(2)) Problems with licensing Divergence in EU/EEA eg, Norway vs Sweden