Download presentation
Presentation is loading. Please wait.
Published byGwendolyn McDowell Modified over 9 years ago
1
Class 13 Internet Privacy Law European Privacy
3
Differing Approaches EuropeUnited States General Terms DATA PROTECTIONS PRIVACY Data Protection Privacy is policies, laws, and regs Data protection is privacy related laws and regulations Treatment of Privacy Fundamental human right. No processing of PI is default, and processing must meet strict guidelines Some constitutional rights to privacy. Commercial use is acceptable. Processing limited by sector. Privacy Protection ModelComprehensiveSectoral Sensitive Information race/ethnic origin, political opinion, religion, health or sex life, criminal history, union membership SSN, Drivers License, Medical records, financial info
4
The Comprehensive Model ❖ EU data protection directive (1998) ❖ Parental consent before collecting data from under 13 ❖ Companies with >250 employees must have data protection
5
Why the different approaches to privacy?
6
Defining what is private in EU ❖ EU definition of PI ❖ Any information relating to an identified or identifiable individual (includes name, address). ❖ Personal data ❖ Any information related to an identifiable natural person
7
EU Data Protection Roles ❖ DPA in each member state ❖ Data controller – individual in entity who directs data management (most laws are focused on data controller) ❖ Data processor – follows orders of data collector ❖ Data subject – user ❖ Processing - Under EU ANYTHING with PI is processing (even storage)
8
Generally ❖ Processing of PI prohibited unless: ❖ Notice ❖ Consent ❖ Data quality principles ❖ Other exceptions ❖ Special processing for certain categories ❖ Right to access and object ❖ Controls on automated decisions ❖ Notice to DPAs ❖ Transfer restrictions
9
Legitimate Processing ❖ EXPRESS CONSENT unless ❖ Contract where data subject is subject of a contract ❖ Legal obligation ❖ Vital interests of data subjet ❖ Legitimate use ❖ Processing of Sensitive PI PROHIBITED unless: ❖ Explicit consent ❖ Vital interests ❖ Public information
11
Transferring Out of Europe ❖ Adequacy ❖ Andorra, Argentina, Canada (commercial organizations), Faeroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay and the US Department of Commerce's Safe Harbor Privacy Principles ❖ Safe-harbor (Between EU and US only) ❖ Model contracts ❖ Limited exceptions ❖ Binding corporate rules
12
Employee Privacy ❖ May not probe into past ❖ Employee monitoring ONLY with specific justification ❖ Background checks are limited ❖ Employers required to consult with trade unions agreements and regulations
16
EU Cookie Directive ❖ The ePrivacy directive – more specifically Article 5(3) – requires prior informed consent for storage of or access to information stored on a user's terminal equipment. ❖ In other words, you must ask users if they agree to most cookies and similar technologies … before the site starts to use them.
17
EU Cookie Directive ❖ However, some cookies are exempt from this requirement. Consent is not required if the cookie is: ❖ used for the sole purpose of carrying out the transmission of a communication, and ❖ strictly necessary in order for the provider of an information society service explicitly required by the user to provide that service.
19
Closing out the class
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.