Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data Protection in Law Enforcement Area Chapter 9a of the draft law

Published byAlvin Bond Modified over 5 years ago

Similar presentations

Presentation on theme: "Data Protection in Law Enforcement Area Chapter 9a of the draft law"— Presentation transcript:

1 Data Protection in Law Enforcement Area Chapter 9a of the draft law
EU Twinning Project Expert: Julia Antonova Project Activity: 1.3 Date: April 3, 2018 This project is funded by the European Union

2 TOPICS Introduction: what is the DPD
What are are differences between the DPD and GDPR Draft law on data protection: structure and scope of application to the law eneforcement authorities Definition of the law enforcement authorities Main elementst of te draft Chapter 9a

3 Data Protection Directive
Adopted in April 2016 together with the GDPR Date of implementation: May 6, 2018 Rules relating to the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security

4 GDPR vs DPD Different scope
More possibilities for restrictions under the DPD – special nature of the law enforcement area Especially – possibilities to limit following rights of the data subject: Right to access Right to rectification Right to erasure Also limitations to information abut data breaches

5 Structure of the draft law (nr 133)
Chapters 1 to – general part (lex generalis) Chapter 9a – special part for law enforcement (lex specialis) General part is applicable to the law enforcement sector, taking into account derogations in Chapter 9a Chapter 9a is applicable only to the activities related to the law enforcement (meaning – administrative activities are subject to general rules)

6 Scope of Chapter 9a Chapters 1 to – general part (lex generalis) Chapter 9a – special part for law enforcement (lex specialis) General part is applicable to the law enforcement sector, taking into account derogations in Chapter 9a Chapter 9a is applicable only to the activities related to the law enforcement (meaning – administrative activities are subject to general rules)

7 How does the law work? Law nr 133 – main law on data protection
Important to remember: there are sectoral laws that have to be in line with law 133 law 133 refers to sectoral laws sectoral laws have to „implement“ law 133 in specific area Example: law 133 lays down general data protection rules, law on police say how police act in their work, incliding data processing

8 Definition of law enforcement authority (Article 3)
law enforcement authority – in the meaning of this law is: A) a public authority or a subdivision of such authority, competent for the prevention, investigation, detection of criminal offences with the aim of conducting criminal proceedings, prosecution of criminal offences or execution of criminal penalties, including safeguarding against and the prevention of threats to public security, for example but not limited to police, prosecutor’s office bodies, customs, penitenciary institutions, bodies for preventing and figting corruption, money laundering, terrorism financing, recovery of criminal assets, probation bodies. B) a public authority or a subdivision of such authority acting in the area of national or state security, when carrying out special investigative measures.

9 When does Chapter 9a apply? (1)
WHO? Controller ot processor is a law enforcement authority WHEN? Law enforcement authority processes data for law enforcement purposes, such as: prevention, investigation, detection and/or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public order; using special investigative measures in national or state security area

10 When does Chapter 9a apply? (2)
When does NOT apply? Authority is not a law enforcement authority Law enforcement authority is carrying out other activities, such as: organisational tasks (statistics, journalistic purposes, research etc) administrative tasks (human resources, finance et) participating in administrative, disciplinary etc procedure (administrative fines, disciplinary measures, background checks etc) THEN GENERAL RULES APPLY!

11 Biggest differences Main differences from the general part – more possibilities for restictions and limitations Reason: need to balance interests of law enforcement with fundamentaal right to privacy Processing in the area of law enforcement is always considered to be „risky“ processing Reason: bigger risks to data subject rights

12 Basis for processing Law enforcement authority can only process data on the basis of law Article 482 Legal ground for processing has to come from specific law: police law, criminal procedure law, prisons law etc Important: law enforcement authority can not process data on the basis of contract, consent, legitimate interest, vital interests or legal obligation

13 Principles of processing
(Almost) same principles as for other areas Lawfullness and fairness (NB! Transparency does not apply!) Purpose limitation Data minimization Accuracy Storage limitation Integrity and confidentiality

14 Important: time-limits
Personal data shall be stored for limited time Always have to determine the time-limit Mostly: time-limit provided by specific law If the law does not provide: controller establishes the time limit (+ opinion of the Center) NB! After time-limit is over, data to be deleted!

15 Rights of the data subjects
Data subjects have the right to: access data (Art 4811) Request rectification (Art 4813) Request deletion of data (Art 4813) NB! Where allowed by specific legislation, rights can be restricted, wholly or partially Restriction shall be applied only for as lõng as necessary Restriction has to be justifies, proportionate and necessary

16 Grounds for restrictions
Articles Art 4812, Art 4813 (4) avoid obstructing official or legal inquiries, investigations or procedures; avoid prejudicing the prevention, detection, investigation or prosecution of criminal offences or the execution of criminal penalties; protect public security; protect national security; protect state security; protect the rights and freedoms of others.

17 Data Protection breach
Obligation to notify the Center about the personal data breach (Art 4815) Obligation to notify the data subject (Art 4816) – procedure in accordance with Article 332 Possibilities to limit notification of data subject (Art 4816 (2) and (3)

18 Logging (Art 4817) The law enforcement authority shall keep the logs for the following processing operations: collectin, recording, consultation, alteration, disclosure, printing, transfers, combinations and erasure Logs have to be made available to the Center

19 Supervision The NCPDP is the competent independent supervisory to supervise data processing by the law enforcement authorities Law enforcement authority has to cooperate with the NCPDP Law enforcement authorities have to provide information to the NCPDP in case the NCPDP is investigating a complaint or carrying out checks Information to data subject – limited

20 International transfers
Articles Normally – either on the basis of decision by the Center or on basis of law (International agreements etc) Derogations for specific situations – Article 4821 (1)

Download ppt "Data Protection in Law Enforcement Area Chapter 9a of the draft law"

Similar presentations

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
EDUCATION Directive 2002/14/EC of 11 March 2002 establishing a general framework for informing and consulting employees in the European Community.

EDUCATION Directive 2002/14/EC of 11 March 2002 establishing a general framework for informing and consulting employees in the European Community.
Commissioner for Personal Data Protection

Commissioner for Personal Data Protection
A European View of Privacy Protection John Woulds Director of Operations UK Data Protection Commissioner National Conference on Privacy, Technology & Criminal.

A European View of Privacy Protection John Woulds Director of Operations UK Data Protection Commissioner National Conference on Privacy, Technology & Criminal.
Data Protection Corporate training 2012. Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.

Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
INTERNATIONAL E-DISCOVERY: WHEN CULTURES COLLIDE Alvin F. Lindsay Hogan & Hartson LLP.

INTERNATIONAL E-DISCOVERY: WHEN CULTURES COLLIDE Alvin F. Lindsay Hogan & Hartson LLP.
Data Protection Principles as Basic Foundation for Data Protection in EU/EEA Introduction to Data Protection Theory Seminar - AFIN 31. 01. 2007 Stephen.

Data Protection Principles as Basic Foundation for Data Protection in EU/EEA Introduction to Data Protection Theory Seminar - AFIN Stephen.
Data Protection Principles as Basic Foundation for Data Protection in EU/EEA Introduction to Data Protection Theory Seminar - AFIN 02. 02. 2006 Stephen.

Data Protection Principles as Basic Foundation for Data Protection in EU/EEA Introduction to Data Protection Theory Seminar - AFIN Stephen.
The EU General Data Protection Regulation Frank Rankin.

The EU General Data Protection Regulation Frank Rankin.
M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 31 – Common Foreign, Security and.

M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 31 – Common Foreign, Security and.
M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 31 – Common Foreign and Security Policy.

M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 31 – Common Foreign and Security Policy.
Agencija za zaštitu ličnih/osobnih podataka u Bosni i Hercegovini Агенција за заштиту личних података у Босни и Херцеговини Personal Data Protection Agency.

Agencija za zaštitu ličnih/osobnih podataka u Bosni i Hercegovini Агенција за заштиту личних података у Босни и Херцеговини Personal Data Protection Agency.
Data Protection Laws in the European Union John Armstrong CMS Cameron McKenna.

Data Protection Laws in the European Union John Armstrong CMS Cameron McKenna.
Preparing for the GDPR Helping us to help you.

Preparing for the GDPR Helping us to help you.
HIPSSA Project PRESENTATION ON SADC DATA PROTECTION MODEL LAW

HIPSSA Project PRESENTATION ON SADC DATA PROTECTION MODEL LAW
Data Protection Officer’s Overview of the GDPR

Data Protection Officer’s Overview of the GDPR
The future of data protection: General Data Protection Regulation

The future of data protection: General Data Protection Regulation
DIRECTIVE (EU) 2016/680 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing.

DIRECTIVE (EU) 2016/680 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing.
GDPR (General Data Protection Regulation)

GDPR (General Data Protection Regulation)
THE NEW GENERAL DATA PROTECTION REGULATION: A EUROPEAN OR A GLOBAL STANDARD? Bart van der Sloot Senior Researcher Tilburg Institute for Law, Technology,

THE NEW GENERAL DATA PROTECTION REGULATION: A EUROPEAN OR A GLOBAL STANDARD? Bart van der Sloot Senior Researcher Tilburg Institute for Law, Technology,

Similar presentations

Ads by Google