Presentation is loading. Please wait.

Presentation is loading. Please wait.

Clash of jurisdictions in the area of data protection

Published byRodger Holmes Modified over 6 years ago

Similar presentations

Presentation on theme: "Clash of jurisdictions in the area of data protection"— Presentation transcript:

1 Clash of jurisdictions in the area of data protection

2 Part 1: PRISM / SAFE HARBOR
@maxschrems

3 FACTS @maxschrems

4

5

6 FISA § 1881a Electronic Communication Service Provider
„Foreign Intelligence Information“ Certification for one year („FISA Court“) Minimizing / Targeting procedures (US persons) „Directive“ at Service Provider API (?)

7 ? DISPUTED Technical implementation Amount of data „pulled“
Review mechanisms ?

8 LEGAL ARGUMENT @maxschrems

9 „ADEQUATE PROTECTION“ ?
Facebook Inc. Facebook Ireland Ltd.

10 Strategic Approach NSA + ECSPs = “Public/Private Surveillance”
Facebook is subject to US and EU law EU law regulates third country transfers EU law has to be interpreted in the light of the CFR and the ECHR

11 Art 7 & 8 CFR „PRISM“ -v- Data Retention Content Data -v- Meta Data
„Available“ -v- Storage Endless -v- 24 Months

12 Interference (simplified)
Data pulled? Data accessible?

13 Art 8 CFR „Making Available“ EU proportionality test Facebook Inc.

14 Interference Art 8 ECHR (simplified)

15 PROCEDURE @maxschrems

16 PROCEDURE: DPCs @maxschrems

17

18 Foto: James Flynn „I don’t think it will come as much of a surprise that in fact US intelligence services do have access from US companies“

19

20 CJEU @maxschrems

21

22 Findings (CFR) SH is invalid: (overnight)
Mass Surveillance violates “essence” of Art 7 CFR Legal Redress in the US violates “essence” of Art 47 CFR

23 “Essence” Proportionality No Interference Essence
Legitimate aim for the measure Measure suitable to achieve the aim Measure must be necessary to achieve the aim (Less onerous way?) Measure must be reasonable, considering the competing interests of different groups at hand

24 Other Key Findings “Essentially Equivalent” Protection in 3rd Country
Effective Detection and Supervision Mechanisms Legal Redress in Line with Art 47 CFR ...higher standard than many MS?

25 GRC EO FISA 702

26 Part 2: PRIVACY SHIELD @maxschrems

27

28 TWO HURDLES @maxschrems

29 = CFR . ≈ 95/46. Art 25 of 95/46/EC CFR Art 7, 8 & 47
„Ess. Equivalent” CFR Art 7, 8 & 47

30 PRIVATE SECTOR NOTICE & CHOICE
@maxschrems

31 collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, dissemination or otherwise making available, and any other form of “processing”; blocking, erasure, destruction; use, alignment or combination, “Opt Out” for two specific situations disclosure by transmission, change of purpose,

32 Collection Use Storage
Disclosure Change of Purpose Collection Use Storage

33 HOW TO KILL THE TWO LIMITS IN TWO LINES?

34 UNLIMITED DATA PROCESSING
USE A BROAD PURPOSE + THIRD PARTY CLAUSE = UNLIMITED DATA PROCESSING

35 PRIVATE SECTOR REDRESS
@maxschrems

36 Choice / $$$ DPAs . Panel

37 SURVEILLANCE ASSESSMENT
@maxschrems

38 “The US authorities ... assured there is no indiscriminate or mass surveillance by national security authorities.” EU-COM, February 29th, 2016

39 ANNEX VI, PAGE 4

40 PPD-28, PAGE 3

41 PPD-28, PAGE 3, FN 5

42 SURVEILLANCE REDRESS @maxschrems

43 DPA „has been investigated“ „complied or remedied“
„will neither confirm nor deny that whether the individual has been the target of surveillance“ nor „confirm specific remedy“ ANNEX III, Paragraph 4(e)

44

45 THANKS @maxschrems

Download ppt "Clash of jurisdictions in the area of data protection"

Similar presentations

EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure.

EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure.
1 Enforcement Powers of National Data Protection Authorities and Experience gained of the Data Protection Directive Safe Harbour Conference Washington.

1 Enforcement Powers of National Data Protection Authorities and Experience gained of the Data Protection Directive Safe Harbour Conference Washington.
Data Protection & Privacy in the Information Age COMNET – Legal Frameworks for ICTs Malta 2013 Dr Antonio Ghio Dr Jeanine Rizzo.

Data Protection & Privacy in the Information Age COMNET – Legal Frameworks for ICTs Malta 2013 Dr Antonio Ghio Dr Jeanine Rizzo.
DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.

What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.
Protection of Personal Data, 11.02.2011. Historical context In 1982, Iceland signed the Council of Europe Convention nr. 108 from 1981 for the Protection.

Protection of Personal Data, Historical context In 1982, Iceland signed the Council of Europe Convention nr. 108 from 1981 for the Protection.
Signature (unit, name, etc.) Introduction to biometrics from a legal perspective Yue Liu Mar. 2007 NRCCL, UIO.

Signature (unit, name, etc.) Introduction to biometrics from a legal perspective Yue Liu Mar NRCCL, UIO.
Data Protection and the GRA. 1. Commentary on Data Protection 2. The GRA’s Role The Register Investigations, Mediation and Compensation Enforcement Notices.

Data Protection and the GRA. 1. Commentary on Data Protection 2. The GRA’s Role The Register Investigations, Mediation and Compensation Enforcement Notices.
Coping with Electronic Records Setting Standards for Private Sector E-records Retention.

Coping with Electronic Records Setting Standards for Private Sector E-records Retention.
DATA PROTECTION and Research University Research Ethics Committee – 08.05.2006 David Cauchi Office of the Data Protection Commissioner.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.
Europol’s tailor-made data protection framework

Europol’s tailor-made data protection framework
A European View of Privacy Protection John Woulds Director of Operations UK Data Protection Commissioner National Conference on Privacy, Technology & Criminal.

A European View of Privacy Protection John Woulds Director of Operations UK Data Protection Commissioner National Conference on Privacy, Technology & Criminal.
Per Anders Eriksson

Per Anders Eriksson
Anomalous Aspects of Transfer of Personal Data from the E.U. to the U.S. Stephen R. Bell Willkie Farr & Gallagher ABA Section of International Law New.

Anomalous Aspects of Transfer of Personal Data from the E.U. to the U.S. Stephen R. Bell Willkie Farr & Gallagher ABA Section of International Law New.
Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Lawyer at the Brussels Bar Lecturer at the University of Strasbourg Assistant at the University of Brussels Data Protection & Electronic Communications.

Lawyer at the Brussels Bar Lecturer at the University of Strasbourg Assistant at the University of Brussels Data Protection & Electronic Communications.
European data protection and privacy regulations Johny GASSER Orange Business Services – Consulting & Solutions Integration International Cyber Center.

European data protection and privacy regulations Johny GASSER Orange Business Services – Consulting & Solutions Integration International Cyber Center.
Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.

Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.
Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.

Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.

Similar presentations

Ads by Google