DR ANDREA MULLIGAN BARRISTER-AT-LAW LLB, LLM(HARV.), PH.D Safe Harbor and Schrems v DPC.

Slides:



Advertisements
Similar presentations
Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Advertisements

Data Protection Billy Hawkes Data Protection Commissioner Irish Human Rights Commission 20 November 2010.
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
Slide 1/15 © copyright Standard training programme in judicial cooperation in criminal matters within the European Union Version: 3.0 Last updated:
Den Europæiske Ombudsmand Der Europäische Bürgerbeauftragte Ο Ευρωπαίος Διαμεσολαβητής The European Ombudsman Il Mediatore Europeo Le Médiateur Européen.
International Treaty in EU PIL
EU: Bilateral Agreements of Member States
EU: Bilateral Agreements of Member States. Formerly concluded international agreements of Member States with third countries Article 351 TFEU The rights.
The National Academy of Sciences of Ukraine Kyiv University of Law Anna Vasilchenko Department of International Law Group IL-41.
A European View of Privacy Protection John Woulds Director of Operations UK Data Protection Commissioner National Conference on Privacy, Technology & Criminal.
Per Anders Eriksson
The U.S.-E.U. Safe Harbor Framework The U.S.-E.U. Safe Harbor Framework New Developments in Data Flows, Standards, & Compliance Damon Greer U.S. Department.
Transborder dataflows Flow of information across national borders Much of this data involves personal information.
Anomalous Aspects of Transfer of Personal Data from the E.U. to the U.S. Stephen R. Bell Willkie Farr & Gallagher ABA Section of International Law New.
Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Data Protection Overview
Tina Kraigher and Milena Podjed-Fabjančič 18 April 2010 Processing of Telephone Traffic Data of Employees ( a Case Study )
The Law of the European Union Information and Communication.
Introduction to EU Law Cont.d. ECJ – TFI (Arts ) “The Court of Justice and the Court of First Instance, each within its jurisdiction, shall ensure.
The Human Rights Act 1998 Mechanism Sections 1 and 2 of the HRA 1998.
EHRs and the European Union – current legislation and future directions. Dr Richard Fitton.
Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.
Small claims procedure Regulation (EC) No 861/2007of European Parlament and of the Council of 11 July establishing a European Small Claims Procedure (OJ.
1 SAFE HARBOR FRAMEWORK Barbara S. Wellbery Morrison & Foerster LLP 2000 Pennsylvania Avenue Washington, DC /
E-COMMERCE AND PRIVACY LAWS IN THE UAE Rindala Beydoun Senior Legal Counsel Al Tamimi & Company.
The European influence on privacy law and practice Nigel Waters, Pacific Privacy Consulting International Dimension of E-commerce and Cyberspace Regulation.
The Eighth Asian Bioethics Conference Biotechnology, Culture, and Human Values in Asia and Beyond Confidentiality and Genetic data: Ethical and Legal Rights.
Data Protection Compliance Professor Ian Walden Institute of Computer and Communications Law, Centre for Commercial Law Studies, Queen Mary, University.
The ECJ's Huawei/ZTE judgment (C-170/13) Thomas Kramler DG Competition, European Commission (The views expressed are not necessarily those of the European.
IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.
The application of certain restrictions on access to environmental information in accordance with AC Personal Data Ana Barreira Instituto.
INTERNATIONAL E-DISCOVERY: WHEN CULTURES COLLIDE Alvin F. Lindsay Hogan & Hartson LLP.
Johann Ruben Leiss, MLE, LL.M. (EUI) - PhD Research Fellow, Stipendiat - The CESL and the Initiative on Contract Rules for Online Purchases from a Comparative.
Michael Fruhmann Dr. Michael Fruhmann EBRD Project Ukraine 29/30th March /31/ Procedural fairness and the EU Remedies Directive – an overview.
INTERNATIONAL ARBITRATION Leonardo Graffi STUDYING LAW AT ROMA TRE FALL SEMESTER 22 October 2010.
Data protection and European citizens’ initiatives
Standards of competition law in Member States of the European Union. The conceptual definition of a consumer - The consequence of understanding the terminology.
Regulation of Lobbying Act 2015: Presentation to members of the media Sherry Perreault Head of Lobbying Regulation Standards in Public Office Commission.
1 CLASS 14 pt. 1 International Privacy Law Privacy and Information Security Law Randy Canis.
The EU and Access to Environmental Information Unit D4 European Commission, Directorate General for the Environment 1.
1 Agencia Española de Protección de Datos The Use of Contracts and BCRs to Transfer Personal Data The European Union – United States Safe Harbor framework:
1 TAIEX JHA Workshop on data protection and cloud computing Data transfers to third countries and standard contractual clauses Skopje, 29 May 2014.
M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 31 – Common Foreign, Security and.
This course was developed in cooperation with the IUCN Academy of Environmental Law THE ROLE OF THE PUBLIC.
European Law in the Case- law of the Constitutional Court of Latvia Kristine Kruma.
Data Protection – the Lisbon Effect Billy Hawkes Data Protection Commissioner Institute of International and European Affairs Dublin, 17 September 2009.
Lost in Translations – An Examination of the Legal & Practical Problems Associated with the Implementation (or Non-Implementation) of Directive 2010/64/EU.
Agencija za zaštitu ličnih/osobnih podataka u Bosni i Hercegovini Агенција за заштиту личних података у Босни и Херцеговини Personal Data Protection Agency.
František Nonnemann Skopje, 9th October 2012 JHA DP aspects related to provision of information about public figures in CZ.
Data Protection Laws in the European Union John Armstrong CMS Cameron McKenna.
EU-US Data Transfers for Payroll:
Privacy and Data Security in an Increasingly Globalized World
Peter Swire Holder Chair of Law and Ethics
Surveillance around the world
Clash of jurisdictions in the area of data protection
Actions for damages under the Data Protection Directive and the GDPR
THE NEW GENERAL DATA PROTECTION REGULATION: A EUROPEAN OR A GLOBAL STANDARD? Bart van der Sloot Senior Researcher Tilburg Institute for Law, Technology,
Data Protection: EU & International
Information Governance and Data Privacy: A World of Risk
Data Protection & Human Rights
Bob Siegel President Privacy Ref, Inc.
Bart van der Sloot Data Protection 2.0 The proposal for a General Data Protection Regulation Bart van.
Bart van der Sloot Data Protection 2.0 The proposal for a General Data Protection Regulation Bart van.
Data transfers to non-EU countries under the new GDPR
Peter Swire Engage CISO Roundtable with the
Fundamental rights.
Overview of the recommendations regarding approximation of the Law on personal data protection to the new EU General data protection regulation Valerija.
EUROPEAN UNION CITIZENSHIP
PROCURA DELLA REPUBBLICA v. M.
Presentation transcript:

DR ANDREA MULLIGAN BARRISTER-AT-LAW LLB, LLM(HARV.), PH.D Safe Harbor and Schrems v DPC

Background to Schrems v DPC Increasing prominence of data protection law in Europe. Lengthy and fractious negotiation of General Data Protection Regulation. Articles 7 and 8 of the Charter on Fundamental Rights. Robust judgments of the Court of Justice of the European Union – Google Spain, Digital Rights Ireland. Snowden revelations – Project PRISM.

Safe Harbor and Schrems v DPC I. Overview of Safe Harbor II. The High Court’s Decision in Schrems v DPC III. The Decision of the Court of Justice of the European Union IV. Practical Effects: Implications for International Data Transfer V. Beyond Safe Harbor

I. Overview of Safe Harbor Commission Decision 2000/520, 26 July 2000, under Article 25(6), Data Protection Directive. European Commission and US Department of Commerce. Transfer of data from EU to US. Safe Harbor privacy principles – corresponded to principles under Data Protection Directive. Set of FAQs. Self-certification system.

The Safe Harbor Privacy Principles Notice - Inform individuals as to purpose etc. Choice – Allow opt out. Onward Transfer – Disclosure to 3 rd parties. Security – Duty to protect against loss, misuse, etc. Data Integrity – Processing must be relevant to purpose of collection/authorisation. Access – Individual right to access personal data. Enforcement – Effective mechanisms.

II. The High Court’s Decision in Schrems v DPC [2014] IEHC 310 Facts: Privacy campaigner Maximillian Schrems. Facebook Ireland is data controller for European users of Facebook service. Mr Schrems’ 23 complaints to Irish Data Protection Commissioner. Complaint 23: that his data was not secure under Safe Harbor in light of Snowden allegations. DPC rejects complaint as ‘frivolous and vexatious’ on basis he is bound by Safe Harbor. Mr Schrems initiates judicial review proceedings.

II. The High Court’s Decision in Schrems v DPC Holding: High Court, Hogan J. Makes preliminary reference of questions to Court of Justice of European Union. Findings of fact:  “I will therefore proceed on the basis that personal data transferred by companies such as Facebook Ireland to its parent company in the United States is thereafter capable of being accessed by the NSA in the course of a mass and indiscriminate surveillance of such data. Indeed, in the wake of the Snowden revelations, the available evidence presently admits of no other realistic conclusion.” [para. 13]

II. The High Court’s Decision in Schrems v DPC Locus Standi: Mr Schrems entitled to invoke provisions of Irish Constitution, though not resident in Ireland. Findings on constitutionality of mass State surveillance. Right to privacy and right to inviolability of dwelling. Links to German basic law.  “One might accordingly ask how the dwelling could in truth be a "place of repose from the cares of the world" if, for example, the occupants of the dwelling could not send an or write a letter or even conduct a telephone conversation if they could not be assured that they would not be subjected to the prospect of general or casual State surveillance of such communications on a mass and undifferentiated basis.” [para. 54]

II. The High Court’s Decision in Schrems v DPC Reference for preliminary ruling by CJEU. (1) Whether in the course of determining a complaint which has been made to an independent office holder who has been vested by statute with the functions of administering and enforcing data protection legislation that personal data is being transferred to another third country (in this case, the United States of America) the laws and practices of which, it is claimed, do not contain adequate protections for the data subject, that office holder is absolutely bound by the Community finding to the contrary contained in [Decision 2000/520] having regard to Article 7, Article 8 and Article 47 of [the Charter], the provisions of Article 25(6) of Directive [95/46] notwithstanding? (2) Or, alternatively, may and/or must the office holder conduct his or her own investigation of the matter in the light of factual developments in the meantime since that Commission decision was first published?

III. Decision of the Court of Justice of the European Union Case C-362/14 Schrems v Data Protection Commissioner EU:C:2015:650 Struck down two provisions of Safe Harbor decision. Invalidity of Safe Harbor programme necessarily followed. Article 1 Safe Harbor not compliant with Article 25(6) Data Protection Directive. No finding as to adequacy of data protection in US law. Need for “essential equivalence.” Safe Harbor principles subordinate to general law and national security measures.

III. Decision of the Court of Justice of the European Union Absence of real enforcement mechanisms for individuals. Compliance with Articles 7 and 8 of Charter of Fundamental Rights of the European Union. Requirement that derogations from general rules re personal data be strictly construed. Mass surveillance not compliant with Charter:  “In particular, legislation permitting the public authorities to have access on a generalised basis to the content of electronic communications must be regarded as compromising the essence of the fundamental right to respect for private life, as guaranteed by Article 7 of the Charter.” [para. 94]

III. Decision of the Court of Justice of the European Union General comments on role of national supervisory authorities. Individuals entitled to bring complaints to national authorities re security of their data, even where Commission decision in place. Individual and national authorities must both have recourse to judicial remedies with view to making preliminary reference.

III. Decision of the Court of Justice of the European Union Article 3 Safe Harbor declared invalid. Purported to deny national supervisory authorities powers granted by Article 28 of Data Protection Directive. Article 25(6) does not grant Commission entitlement to abridge those powers. Backdrop of tension as to role of national supervisory authorities.

IV. Practical Effects: Implications for International Data Transfer Invalidity of Safe Harbor not surprising. Many organisations had contingency plans in place. Reliance on other provisions of Directive for international data transfer:  Standard contractual clauses  Binding corporate rules  Derogations:  Performance of contract  Establishment, exercise or defence of legal claims  Consent of the individual

V. Beyond Safe Harbor Privacy Shield – agreement in principle. Schrems sets parameters for agreement:  Need for general finding as to adequacy of legal protection.  Strict scrutiny of derogations from data protection rules.  Incompatibility of mass surveillance with Charter.  Significance of independence of national supervisory authorities.

Questions and Comments Welcome Andrea Mulligan BL    Law Library, Four Courts, Dublin 7.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.