Presentation is loading. Please wait.

Presentation is loading. Please wait.

EU Data Protection Legislation

Published byYonca Korkmaz Modified over 5 years ago

Similar presentations

Presentation on theme: "EU Data Protection Legislation"— Presentation transcript:

1

2 EU Data Protection Legislation
Alain Strowel Covington & Burling Brussels ( The data protection presentation is based on the input of Covington’s privacy lawyers (H. Tielemans and J. Albert)

3 EU Data Protection Legislation
Framework Data Protection Directive (95/46/EC) Implementation Date : October 1998 Implemented in all EU Member States with the exception of Ireland and France Electronic Communications Data Protection Directive (2002/58/EC) Implementation Date : November 2003

4 EU Data Protection Legislation
Framework Directive Aims to ensure the free flow of personal data within the EU and to protect fundamental rights and freedoms of the data subject (right to privacy) Protection is reflected in : Obligations imposed on controller (relating to data quality, technical security, notification to a supervisory authority and in general the circumstances under which processing can take place) Rights conferred to data subject (relating to obtaining information, consult, request corrections and object to processing)

5 EU Data Protection Legislation
Data must be adequate, relevant and not excessive for the purpose(s) for which they are collected Controller must have data subject consent or claim a need to: Perform a contract with the data subject Comply with a legal obligation Protect the data subject’s vital interests Process for legitimate business purposes

6 EU Data Protection Legislation
Compliance Issues Companies collecting data across the EU face many compliance challenges Implementing laws are lengthy and complex Challenging jurisdictional issues Diverging interpretation among various DPA’s

7 EU Data Protection Legislation
Definition of Personal Data Defined as : any information relating to an identified or identifiable natural person. An identifiable person is one who can be identified directly or indirectly, by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity

8 EU Data Protection Legislation
Interpreted differently throughout the EU Interpreted too broadly One example: IP addresses

9 EU Data Protection Legislation
IP addresses Article 29 Working Party: personal data towards all parties concerned Assumption that if an IP address is identifiable by one company, e.g. an ISP, it is personal data for all companies concerned ISPs generally do not divulge IP accounts May diminish privacy and thus have the precise opposite effect

10 The New ECDP Directive Directive contains new rules on
Traffic data Cookies Directories Unsolicited commercial A number of interpretive issues are raised by these provisions Issues may be clarified by national legislation, but not necessarily

11 Directories Subscribers must be given opportunity, free of charge, to determine which data requested by service provider are published in directory Applies only to subscribers, so only covers directories published by service providers What rules will apply to third party directories? Data Protection Directive Member States can require additional consent for all directories if searches possible on basis other than name

12 Unsolicited Commercial Email
Opt-in, except s to existing customers marketing company’s own similar products or services Tightening of rules in some Member States, liberalization in others Who is an existing customer? Contact details must be obtained in context of sale of product or service Can “free” services imply a remuneration? If so, what is a service – does visiting a website count?

13 Thank you

Download ppt "EU Data Protection Legislation"

Similar presentations

Data Protection Billy Hawkes Data Protection Commissioner Irish Human Rights Commission 20 November 2010.

Data Protection Billy Hawkes Data Protection Commissioner Irish Human Rights Commission 20 November 2010.
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Data Protection.

Data Protection.
DATA PROTECTION and Research University Research Ethics Committee – 08.05.2006 David Cauchi Office of the Data Protection Commissioner.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.
The European Union legal framework for clinical data access: The European Union legal framework for clinical data access: potential challenges and opportunities.

The European Union legal framework for clinical data access: The European Union legal framework for clinical data access: potential challenges and opportunities.
Lecture to Carleton University, Center for European Studies, December 1, 2010.

Lecture to Carleton University, Center for European Studies, December 1, 2010.
Anomalous Aspects of Transfer of Personal Data from the E.U. to the U.S. Stephen R. Bell Willkie Farr & Gallagher ABA Section of International Law New.

Anomalous Aspects of Transfer of Personal Data from the E.U. to the U.S. Stephen R. Bell Willkie Farr & Gallagher ABA Section of International Law New.
Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Attorney at the Bars of Paris and Brussels Database exploitation & Data protection Thibault Verbiest Amsterdam 1 April 2005

Attorney at the Bars of Paris and Brussels Database exploitation & Data protection Thibault Verbiest Amsterdam 1 April 2005
Lawyer at the Brussels Bar Lecturer at the University of Strasbourg Assistant at the University of Brussels Data Protection & Electronic Communications.

Lawyer at the Brussels Bar Lecturer at the University of Strasbourg Assistant at the University of Brussels Data Protection & Electronic Communications.
Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.

Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.
Ioannis Iglezakis Directive on privacy and electronic communications.

Ioannis Iglezakis Directive on privacy and electronic communications.
LexisNexis Confidential EU Privacy Framework Michael Lamb LexisNexis Risk Solutions Vice President and Lead Counsel: Regulatory, Privacy & Policy May 19,

LexisNexis Confidential EU Privacy Framework Michael Lamb LexisNexis Risk Solutions Vice President and Lead Counsel: Regulatory, Privacy & Policy May 19,
The Data Protection Act 1998 The Eight Principles.

The Data Protection Act 1998 The Eight Principles.
Data Protection Act AS Module 1 10.8 Heathcote Ch. 12.

Data Protection Act AS Module Heathcote Ch. 12.
IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.

IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.
European Data Protection Supervisor Pharmaceutical Regulatory & Compliance Congress, Brussels, 7 June 2007 European Privacy and Data Protection Policy.

European Data Protection Supervisor Pharmaceutical Regulatory & Compliance Congress, Brussels, 7 June 2007 European Privacy and Data Protection Policy.
INTERNATIONAL E-DISCOVERY: WHEN CULTURES COLLIDE Alvin F. Lindsay Hogan & Hartson LLP.

INTERNATIONAL E-DISCOVERY: WHEN CULTURES COLLIDE Alvin F. Lindsay Hogan & Hartson LLP.
WHOIS data The EU legal principles ICANN - GNSO meeting 2 March 2004 George Papapavlou, European Commission ICANN - GNSO meeting 2 March 2004 George Papapavlou,

WHOIS data The EU legal principles ICANN - GNSO meeting 2 March 2004 George Papapavlou, European Commission ICANN - GNSO meeting 2 March 2004 George Papapavlou,

Similar presentations

Ads by Google