Presentation is loading. Please wait.

Presentation is loading. Please wait.

European Data Protection Supervisor TAIEX Seminar - Belgrade 9 February 2009 Principles of data protection and international legal framework Alfonso Scirocco.

Published byPierce Maxwell Modified over 8 years ago

Similar presentations

Presentation on theme: "European Data Protection Supervisor TAIEX Seminar - Belgrade 9 February 2009 Principles of data protection and international legal framework Alfonso Scirocco."— Presentation transcript:

1 European Data Protection Supervisor TAIEX Seminar - Belgrade 9 February 2009 Principles of data protection and international legal framework Alfonso Scirocco

2 European Data Protection Supervisor TAIEX Seminar - Belgrade 9 February 2009 Outline Origin of data protection? International legal framework EU legal framework (including Lisbon) Privacy versus data protection What are personal data? What is data protection? Basic data protection principles Some challenges and one concrete case

3 European Data Protection Supervisor TAIEX Seminar - Belgrade 9 February 2009 Origin of data protection: privacy Notions of private life and privacy ‘Right to be left alone’. A protected private sphere. Private life/Privacy extends to professional activities.

4 European Data Protection Supervisor TAIEX Seminar - Belgrade 9 February 2009 International Legal Framework (I) Right to respect of private life (privacy) Article 12 Universal Declaration of Human Rights (Paris, 1948) Article 17 International Covenant on Civil and Political Rights (New York, 1966) Article 8 European Convention on Human Rights (1950)

5 European Data Protection Supervisor TAIEX Seminar - Belgrade 9 February 2009 International Legal Framework (II) Article 8 European Convention on Human Rights 1.Everyone has the right to respect for his private and family life, his home and his correspondence. 2.There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others. 3 basic principles: necessary in a democratic society (proportionality), for a legitimate purpose, laid down by law (foreseeable, precise). Case law of Strasbourg Court of Human Rights: processing of personal data may interfere with private life

6 European Data Protection Supervisor TAIEX Seminar - Belgrade 9 February 2009 International Legal Framework (III) Right to protection of personal data OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (1980) Council of Europe Convention 108 for the Protection of Individuals with regard to Automatic Processing of Personal Data (1981) –Recommendation No R (87)15 on use of personal data in the police sector United Nations guidelines concerning Computerized personal data files (1990)

7 European Data Protection Supervisor TAIEX Seminar - Belgrade 9 February 2009 EU Legal Framework (I) Primary law One of the fundamental rights recognised as general principles of Community law (art. 6.2 EU Treaty) Article 8 of Charter of Fundamental Rights Article 286 EC Treaty (Amsterdam Treaty)

8 European Data Protection Supervisor TAIEX Seminar - Belgrade 9 February 2009 EU Legal Framework (II) Secondary law Directive 95/46/EC: the "privacy directive“ Sectoral measures: e-privacy directive (97/66, replaced by 2002/58), Case law on scope of application (Rechnungshof, Lindqvist, PNR) Regulation 45/2001: rules on protection of personal data by EU institutions

9 European Data Protection Supervisor TAIEX Seminar - Belgrade 9 February 2009 EU Legal Framework (III) Second and Third Pillar: outside the scope of application of Community instruments 2 nd pillar: no data protection rules (but case law on terrorists lists, Kadi, Mujahedin) 3 rd pillar –Article 30.1.b EU Treaty: collection, storage and processing of relevant information in the field of police cooperation "subject to appropriate provisions on the protection of personal data“ –Recent Framework decision 2008/977 (good step, but no fully comprehensive legal framework, limited scope) –Sector-specific rules, addressing data protection in specific initiatives: Schengen, Europol, Eurojust, Prüm

10 European Data Protection Supervisor TAIEX Seminar - Belgrade 9 February 2009 EU Legal Framework (IV) The Lisbon Treaty and Data protection A new general legal basis for data protection (16) Specificities in the Police and Judicial cooperation. D eclarations: (No. 20) Data protection rules that may have direct implications for national security should take in due account the specific characteristics of the matter (No. 21) Specific data protection rules in police and judicial cooperation may prove necessary because of the specific nature of these fields Data Protection as a Fundamental Right

11 European Data Protection Supervisor TAIEX Seminar - Belgrade 9 February 2009 Privacy vs. data protection -Right to data protection is a fundamental right -Article 8 ECHR -Article 8 Charter of Fundamental Rights Closely linked to right to privacy but not the same Narrower and wider than privacy Individuals’ “control” over information

12 European Data Protection Supervisor TAIEX Seminar - Belgrade 9 February 2009 What are personal data? (I) What are personal data? -Article 2(a): any information relating to an identified or identifiable natural person -‘any information’ -‘relating to’ -‘an identified or identifiable’ -An identifiable person is one who can be identified, directly or indirectly -‘natural person’ Some examples: Article 29 WP Opinion 4/2007

13 European Data Protection Supervisor TAIEX Seminar - Belgrade 9 February 2009 What are personal data? (II) -Special categories of personal data -Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and of data concerning health or sex life, are prohibited -Stricter rules apply

14 European Data Protection Supervisor TAIEX Seminar - Belgrade 9 February 2009 What is data protection? (I) Regulating the processing of personal data Defining rights and obligations

15 European Data Protection Supervisor TAIEX Seminar - Belgrade 9 February 2009 What is data protection? (II) Article 8 Charter of Fundamental Rights of the EU: 1. Everyone has the right to the protection of personal data concerning him or her. 2. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified. 3. Compliance with these rules shall be subject to control by an independent authority.

16 European Data Protection Supervisor TAIEX Seminar - Belgrade 9 February 2009 Basic principles (I) Purpose limitation principle –Explicit and legitimate purpose, not processed for incompatible purposes Proportionality principle –Adequate, not excessive, stored no longer than necessary Data quality – Ensuring that data are accurate and up to date: different degree of accuracy and reliability, quality checks

17 European Data Protection Supervisor TAIEX Seminar - Belgrade 9 February 2009 Basic principles (II) Transparency –Informing the data subject Security Rights and remedies –Right to access (direct or indirect), rectify or erase –Judicial remedy, data protection authority Exceptions

18 European Data Protection Supervisor TAIEX Seminar - Belgrade 9 February 2009 Basic principles (III) Transfer to third countries (Additional Protocol to Convention 108) –Adequate level of protection –PNR-cases (ECJ, May 2006, C-317/04 & 318/04) –Lindqvist (ECJ, November 2003, C-101/01) Data on Internet: transfer to third countries?

19 European Data Protection Supervisor TAIEX Seminar - Belgrade 9 February 2009 Basic principles (IV) Independent supervision –Essential element of data protection, in most western countries (not US) –One or more supervisory authorities –Proactive enquiries might be needed –Technical skills required –Judicial control not enough Concept of independence (infringement case Commission v. Germany)

20 European Data Protection Supervisor TAIEX Seminar - Belgrade 9 February 2009 Basic principles (V) Independent supervision: roles and actors Roles: supervise (also through Data Protection Officer), advise, cooperate Actors: –Data protection authorities in the Member States –Article 29 Working Party –European Data Protection Supervisor –Other Supervisory bodies: Europol, Eurojust, Schengen

21 European Data Protection Supervisor TAIEX Seminar - Belgrade 9 February 2009 Challenges for data protection Development of technologies –Digitalization –Miniaturization Law enforcement/Fight to terrorism –The Stockholm Programme –Use of commercial data for law enforcement »PNR, SWIFT, Data retention Globalization A more harmonised legal and institutional framework at EU level?

22 European Data Protection Supervisor TAIEX Seminar - Belgrade 9 February 2009 A concrete example: the Marper case S. (11 years) and Marper (40 years) suspected of crimes but not convicted: DNA and fingerprints taken (and held for indefinite time) European Court of Human Rights-judgement 4/12/2008: –Storing of cellular samples, DNA, fingerprints interferes with privacy –Is this interference justified? (article 8.2. ECHR) In accordance with law? Not really... Legitimate aim? Yes Necessary in a democratic society? No, disproportionate measures: blanket and indiscriminate retention, risk of stigmatization, no presumption of innocence

23 European Data Protection Supervisor TAIEX Seminar - Belgrade 9 February 2009 Any questions? Thanks for your attention! Alfonso Scirocco alfonso.scirocco@edps.europa.eu

Download ppt "European Data Protection Supervisor TAIEX Seminar - Belgrade 9 February 2009 Principles of data protection and international legal framework Alfonso Scirocco."

Similar presentations

Re-use of PSI Data Protection Issues Cécile de Terwangne Professor at the Law Faculty, Research Director at CRIDS University of Namur (Belgium) 2 nd LAPSI.

Re-use of PSI Data Protection Issues Cécile de Terwangne Professor at the Law Faculty, Research Director at CRIDS University of Namur (Belgium) 2 nd LAPSI.
PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR

PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR
European CommissionDirectorate-General Justice, Freedom and Security Data Protection 1 Conference on Cross Border Data Flows & Privacy October 15-16, 2007.

European CommissionDirectorate-General Justice, Freedom and Security Data Protection 1 Conference on Cross Border Data Flows & Privacy October 15-16, 2007.
Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Data Protection Billy Hawkes Data Protection Commissioner Irish Human Rights Commission 20 November 2010.

Data Protection Billy Hawkes Data Protection Commissioner Irish Human Rights Commission 20 November 2010.
DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
Convention for the protection of individual with regard to automatic processing of personal data “The purpose of this convention is to secure in the territory.

Convention for the protection of individual with regard to automatic processing of personal data “The purpose of this convention is to secure in the territory.
European Data Protection Supervisor 1 A new body in the European Institutional Landscape : the EDPS Presentation at the Court of Justice Hielke HIJMANS.

European Data Protection Supervisor 1 A new body in the European Institutional Landscape : the EDPS Presentation at the Court of Justice Hielke HIJMANS.
Article 8 and Home Repossession. Article 8 (1) Everyone has the right to respect for his private and family life, his home and his correspondence (2)There.

Article 8 and Home Repossession. Article 8 (1) Everyone has the right to respect for his private and family life, his home and his correspondence (2)There.
DATA PROTECTION and Research University Research Ethics Committee – 08.05.2006 David Cauchi Office of the Data Protection Commissioner.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.
The European Union legal framework for clinical data access: The European Union legal framework for clinical data access: potential challenges and opportunities.

The European Union legal framework for clinical data access: The European Union legal framework for clinical data access: potential challenges and opportunities.
Europol’s tailor-made data protection framework

Europol’s tailor-made data protection framework
EU: Bilateral Agreements of Member States

EU: Bilateral Agreements of Member States
Privacy and security: Is Europe going banana? Jean-Marc Van Gyseghem Head of Unit « Liberties in the information society » CRID – University.

Privacy and security: Is Europe going banana? Jean-Marc Van Gyseghem Head of Unit « Liberties in the information society » CRID – University.
EU: Bilateral Agreements of Member States. Formerly concluded international agreements of Member States with third countries Article 351 TFEU The rights.

EU: Bilateral Agreements of Member States. Formerly concluded international agreements of Member States with third countries Article 351 TFEU The rights.
Data Protection as Human Rights and International Legislation on Personal Data AFIN- DRI 1010 Lecture 22. 01. 2009 Stephen K. Karanja Senior Researcher.

Data Protection as Human Rights and International Legislation on Personal Data AFIN- DRI 1010 Lecture Stephen K. Karanja Senior Researcher.
A European View of Privacy Protection John Woulds Director of Operations UK Data Protection Commissioner National Conference on Privacy, Technology & Criminal.

A European View of Privacy Protection John Woulds Director of Operations UK Data Protection Commissioner National Conference on Privacy, Technology & Criminal.
Douwe Korff professor of international law London Metropolitan University Asser Round Table On The Stockholm.

Douwe Korff professor of international law London Metropolitan University Asser Round Table On The Stockholm.
Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

Similar presentations

Ads by Google