Trusted Computing und Digital Rights Management - PowerPoint PPT Presentation

1 / 17
About This Presentation
Title:

Trusted Computing und Digital Rights Management

Description:

WP 38 (Op. 1/2001) of Working Party 29 ... also be multilateral although ... Obligations of importers to inform about local laws affecting the contractually ... – PowerPoint PPT presentation

Number of Views:30
Avg rating:3.0/5.0
Slides: 18
Provided by: herr153
Category:

less

Transcript and Presenter's Notes

Title: Trusted Computing und Digital Rights Management


1
BERLIN COMMISSIONER FOR DATA PROTECTION
AND FREEDOM OF INORMATION, GERMANY
Statement at the Workshop on Contractual
Clauses Dr. Alexander Dix, LL.M. Berlin
Commissioner for Data Protection and Freedom of
Information Member of the Art.29 Working
Party Conference on International Transfers of
Personal Data Brussels, 23-24 October 2006
2
Outline
  • Contracts an early option
  • Standard clauses for controllers and processors
  • Alternative clauses
  • Advantages and disadvantages
  • The role of the national supervisory authorities

Berlin Commissioner Conference on
International for Data Protection
Transfers of Personal Data and Freedom of
Information Brussels 23-24 October 2006
3
Contracts an early option
  • Contractual clauses were used even before
    Directive 95/46 to ensure adequate protection in
    the U.S. (Citibank-BahnCard case)
  • The model worked well then but it was soon
    obvious that standardisation was necessary

Berlin Commissioner Conference on
International for Data Protection
Transfers of Personal Data and Freedom of
Information Brussels 23-24 October 2006
4
Standard clauses for controllers and processors
  • WP 38 (Op. 1/2001) of Working Party 29
  • Commission Decision 2001/497/EC
    (Controllers-to-controllers)
  • WP 47 (Op. 7/2001) of Working Party 29
  • Commission Decision 2002/16/EC (Controllers-to-pro
    cessors)

Berlin Commissioner Conference on
International for Data Protection
Transfers of Personal Data and Freedom of
Information Brussels 23-24 October 2006
5
Alternative standard clauses for controllers
  • WP 84 (Op. 8/2003) of Working Party 29
  • Commission Decision 2004/915/EC (amending Dec.
    2001/497/EC controllers-to-controllers)

Berlin Commissioner Conference on
International for Data Protection
Transfers of Personal Data and Freedom of
Information Brussels 23-24 October 2006
6
Equivalent alternatives
  • No hierarchy between the Commissions (original)
    set of standard clauses and the alternative
    clauses(although set II e.g. restricts the right
    of access beyond the terms of the Directive)
  • No clause shopping
  • Commission is considering consolidation of
    standard clausesinto one instrument

Berlin Commissioner Conference on
International for Data Protection
Transfers of Personal Data and Freedom of
Information Brussels 23-24 October 2006
7
Advantages of contracts
  • They can ensure adequate safeguards in an
    environment without adequate protection
  • They are therefore preferable to the derogations
    under Art. 26(1)

Berlin Commissioner Conference on
International for Data Protection
Transfers of Personal Data and Freedom of
Information Brussels 23-24 October 2006
8
Advantage for SMEs
  • Contracts require expensive legal know how
  • Only large companies can afford it
  • Standard clauses therefore important tool for SMEs
  • Berlin Commissioner Conference on
    International
  • for Data Protection Transfers of Personal
    Data
  • and Freedom of Information Brussels 23-24
    October 2006

9
Disadvantage of the contractual solution
  • Little transparency as to the use of contracts
  • Obligation to notify the Commission and MS only
    in case of ad hoc, not standard contracts (Art.
    26(3))
  • Different monitoring techniques
  • Commission criticises lack of monitoring of data
    transfers to third countries

Berlin Commissioner Conference on
International for Data Protection
Transfers of Personal Data and Freedom of
Information Brussels 23-24 October 2006
10
Figures
  • Majority of notifications concern standard
    contracts (64/78) no obligation to notify
  • The rest concern ad hoc contracts and BCRs
  • Majority of contracts dealt with transfers to the
    US (66/78)

Berlin Commissioner Conference on
International for Data Protection
Transfers of Personal Data and Freedom of
Information Brussels 23-24 October 2006
11
Figures (ctd.)
  • Most of the transfers concern employment data
    (70)
  • Controller-to-controller transfer more frequent
    than controller-to-processor transfer (40/24)

Berlin Commissioner Conference on
International for Data Protection
Transfers of Personal Data and Freedom of
Information Brussels 23-24 October 2006
12
Another disadvantage
  • Often standard clauses are used within a group of
    companies without adapting them to the specific
    situation
  • General problem standard contracts and even more
    so master agreements tend to be seen as easy fix
    (panacea)
  • Too little attention given to necessary
    modifications
  • Berlin Commissioner Conference on
    International
  • for Data Protection Transfers of Personal
    Data
  • and Freedom of Information Brussels 23-24
    October 2006

13
Contracts bilateral or multilateral ?
  • Contracts in the Internet age can still be a
    useful tool
  • They need not be bilateral
  • They can also be multilateral although
    complexity will rise
  • Berlin Commissioner Conference on
    International
  • for Data Protection Transfers of Personal
    Data
  • and Freedom of Information Brussels 23-24
    October 2006

14
Need for overhaul
  • Commission calls for clarification in the area of
    onward transfer
  • Obligations of importers to inform about local
    laws affecting the contractually guaranteed
    safeguards (lessened by alternative clauses)
    should be extended
  • Berlin Commissioner Conference on
    International
  • for Data Protection Transfers of Personal
    Data
  • and Freedom of Information Brussels 23-24
    October 2006

15
Need for overhaul (ctd.)
  • Standard contractual clauses may offer
  • sufficient safeguards in one legal system (e.g.
    U.S.)
  • but insufficient safeguards in another (e.g.
    China)
  • Clauses need to be enforced by independent
    judiciary
  • Berlin Commissioner Conference on
    International
  • for Data Protection Transfers of Personal
    Data
  • and Freedom of Information Brussels 23-24
    October 2006

16
Role of national authorities
  • All sets of standard clauses are without
    prejudice to national authorisations by MS
    (Recital 6 and 15 of Dec.2001/497)
  • Harmonisation is limited to the provision of
    adequate safeguards in the third country
  • National authorities have to check whether
    processing is legal prior to and regardless of
    the transfer
  • Berlin Commissioner Conference on
    International
  • for Data Protection Transfers of Personal
    Data
  • and Freedom of Information Brussels 23-24
    October 2006

17
Thank you
dix_at_privacy.de
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2025 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Trusted Computing und Digital Rights Management" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!