Data Protection Principles as Basic Foundation for Data Protection in EU/EEA Introduction to Data Protection Theory Seminar - AFIN 02. 02. 2006 Stephen.

Slides:



Advertisements
Similar presentations
Re-use of PSI Data Protection Issues Cécile de Terwangne Professor at the Law Faculty, Research Director at CRIDS University of Namur (Belgium) 2 nd LAPSI.
Advertisements

PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR
Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Data Protection & Privacy in the Information Age COMNET – Legal Frameworks for ICTs Malta 2013 Dr Antonio Ghio Dr Jeanine Rizzo.
DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
Convention for the protection of individual with regard to automatic processing of personal data “The purpose of this convention is to secure in the territory.
Protection of Personal Data, Historical context In 1982, Iceland signed the Council of Europe Convention nr. 108 from 1981 for the Protection.
The Data Protection (Jersey) Law 2005.
Data Protection.
DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
The European Union legal framework for clinical data access: The European Union legal framework for clinical data access: potential challenges and opportunities.
Text Privacy and Data Protection in Sweden Christine Kirchberger.
Data Protection as Human Rights and International Legislation on Personal Data AFIN- DRI 1010 Lecture Stephen K. Karanja Senior Researcher.
Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview
The Data Protection Act
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
Lawyer at the Brussels Bar Lecturer at the University of Strasbourg Assistant at the University of Brussels Data Protection & Electronic Communications.
LexisNexis Confidential EU Privacy Framework Michael Lamb LexisNexis Risk Solutions Vice President and Lead Counsel: Regulatory, Privacy & Policy May 19,
The Data Protection Act 1998 The Eight Principles.
The Eighth Asian Bioethics Conference Biotechnology, Culture, and Human Values in Asia and Beyond Confidentiality and Genetic data: Ethical and Legal Rights.
OCR Nationals Level 3 Unit 3.  To understand how the Data Protection Act 1998 relates to the data you will be collecting, storing and processing  To.
Data Protection: An enabler? David Freeland, Senior Policy Officer 23 October 2014.
Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;
Data Protection - Rights & Responsibilities Information Commissioner’s Office Orkney Practice Forum 4 th July 2007.
Data Protection Principles as Basic Foundation for Data Protection in EU/EEA Introduction to Data Protection Theory Seminar - AFIN Stephen.
Data Protection Act The Data Protection Act (DPA) is a balance between rights of the DATA SUBJECT and obligations of the DATA CONTROLLER DATA CONTROLLER.
SKK - NCHR AFIN- DRI 1010 Lecture Stephen K. Karanja Senior Researcher Norwegian Centre for Human Rights Data Protection.
What is the Data Protection Act (DPA)? 1998 The Data Protection Act 1998 seeks to strike a balance between the rights of individuals and the sometimes.
DATA PROTECTION ACT INTRODUCTION The Data Protection Act 1998 came into force on the 1 st March It is more far reaching than its predecessor,
© University of Reading Lee Shailer 06 June 2016 Data Protection the basics.
Data protection—training materials [Name and details of speaker]
Presented by Ms. Teki Akuetteh LLM (IT and Telecom Law) 16/07/2013Data Protection Act, 2012: A call for Action1.
Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.
European Data Protection Supervisor TAIEX Seminar - Belgrade 9 February 2009 Principles of data protection and international legal framework Alfonso Scirocco.
Data Protection Laws in the European Union John Armstrong CMS Cameron McKenna.
Judicial Training on Data Protection and Privacy Rights
Processing for archiving purposes in the GDPR
Trevor Ellis Trainee Programmer (1981 – 28 years ago)
Issues of personal data protection in scientific research
General Data Protection Regulation (GDPR)
Data Protection: EU & International
GDPR – Legal Aspects Desislava Krusteva, Attorney-at-Law, CIPP/E
General Data Protection Regulation
Data Protection Update – GDPR or bust
General Data Protection Regulation: Turning the black into white
GDPR Overview GDPR - General Data Protection Regulations
EU Directive 95/46/EC (Paragraph 2) “Whereas data-processing systems are designed to serve man; whereas they must Respect their fundamental rights.
Data Protection & Freedom of Information- An Introduction
GENERAL DATA PROTECTION REGULATION (GDPR)
State of the privacy union
G.D.P.R General Data Protection Regulations
The GDPR and research data
FEK årskonferanse 28. februar 2018.
Data Protection principles
Data Protection and You
Relocation CARNIVAL come one…come all
GDPR Workshop MEU Symposium Prague 2018
Big Data & the General Data Protection Regulation
Information Handling Research Student Induction Day
Welcome IITA Inbound Insider Webinar: An Introduction to GDPR
Public Privacy: juridical & ethical perspective
The EDPS: competences and processing of personal data in EU funds
Data Protection in Law Enforcement Area Chapter 9a of the draft law
Overview of the recommendations regarding approximation of the Law on personal data protection to the new EU General data protection regulation Valerija.
Dr Elizabeth Lomas The General Data Protection Regulation (GDPR): Changing the data protection landscape Dr Elizabeth Lomas
Presentation transcript:

Data Protection Principles as Basic Foundation for Data Protection in EU/EEA Introduction to Data Protection Theory Seminar - AFIN Stephen K. Karanja Researcher AFIN

Protection of Personal Data in EU and EEA Main Data Protection Laws –EU Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data –National data protection laws. »Norwegian Personal Data Act 2000

What are Data protection Principles? Abstractions from rules Good practices Safeguards –ECHR & case law

Basic Principles Fairly and Lawful Minimality Purpose Specification Data Quality Data Security Sensitivity Individual Participation Disclosure Limitation Transfer of Data to Third Countries Supervision

Fairly and Lawful Principle Art. 6 (1)(a) Directive & §11(a) PDA personal data must be processed fairly and lawfully Most important What does Fairly Mean? –Conform to laid down rules and procedures –Sensitive and take account of data subjects interests and reasonable expectations – proportionality and balance –Transparency – not secret – no deception What does Lawful Mean? –Legality principle– permitted by law or authorised –Done with lawful justification or excuse (legitimate) - Article 7 Directive & §8 & 9 PDA –Article 8(2) ECHR & case law –Transparency

Minimality Principle Art. 6(1)(e) & § 28 PDA Necessary – personal data collected should be limited to what is necessary to achieve the purposes for which the data are gathered and further processed What is necessary? –Art. 7 & 8 Directive –§8 & 9 PDA –Art. 8 (2) ECHR case law – “a pressing social need” i.e. proportionate to the legitimate aim pursued. Incal v. Turkey (1998) 29 EHRR 449 §57 –SAS Braathens request for fingerprints of passengers Non-excessiveness, proportionality (to the purpose) Art. 6 (1)(c) Directive & § 11(d) PDA Data erasure and anonymity § 11(e), 27 & 28 PDA

Purpose Specification Principle Art. 6(1)(b) Directive & §11(b) PDA Personal data shall be processed for specified, lawful/legitimate purposes and not processed in ways that are incompatible with those purposes. –Specified, defined or stated purpose –Lawful/legitimate purpose - proportionality –Further processing not incompatible with original purpose –Transparency Exceptions –Art. 9 Directive - freedom expression: Journalistic, artistic & literary purposes and expression –§11 para. 2 PDA – historical, statistical or scientific purposes

Data Quality Personal data should be valid with respect to what they are intended to describe, and relevant and complete with respect to the purpose for which they are intended to be processed. - Art. 6 (1)(c)(d) Directive & §11(d)(e) PDA Adequacy –Relevancy –Non-excessiveness Accuracy –Up to datedness –Completeness –Rectification (supplement) and erasure or blocking

Data Security Data are not destroyed accidentally and not subject to unauthorised access, alteration, destruction or disclosure - Art. 17 Directive & § 13 PDA –Implement appropriate technical and organisational measures –Securing technical equipment and networks –Contracts where processing is carried out on behalf of the controller Accessibility

Sensitivity Principle Limits the processing of certain types of data which are regarded as especially sensitive for data subject and requires specific safeguards as compared with other personal data - Art. 8 Directive & § 9 PDA What is sensitive data? –Art. 8 (1) Directive & § 2 (8) PDA – personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and health or sex life. –Data relating to criminal act – a person has been suspected of, charged with, indicted or convicted of a criminal act. Exemptions –Art. 8 (2) Directive & § 9 PDA Personal Identity Numbers or other identification numbers or identifier of general application –§ 12 PDA – can only be used where objective need for certain identification and necessary to achieve such identification –Data Inspectorate may require the use of PIN in order to ensure that the personal data are of adequate quality.

Individual Participation A set of data subject’s rights. The rights are designed to enable data subjects to have a degree of control and participate in the processing of their personal data Balance of power Self-determination or individual control principle The rights –Right of access Art. 12 Directive & § 18 PDA –Right to information regarding automated decisions ( Art. 15 Directive & § 22 PDA) –Right to object Art. 14 Directive »Adversary affect the data subject »Direct marketing –Right to rectification, erasure and blocking –Obligation to notify or provide information »When data are collected from the data subject »When data are collected from other persons »In connection to with the use of personal profiles § 21 PDA –Right to demand manual processing § 25 PDA

Exemptions Rights are not always absolute. Exemptions allow processing of personal data where State or societal interests may override individual interests i.e. protection of fundamental values in a democratic society Mitigate conflict or balance competing interests General –Art. 3(2) –Art. 9 Directive –Art. 13 Directive & § 22 PDA »Limitations – provided for by legislative measure and must be necessary. »Interpretation Art. 8 (2) ECHR »ECJ case of Österrechicher Rundfunk et al 20 May 2003 joined cases C- 465/00, C-139/01 &C-139/01 Specific –Sensitive data

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.