Conference on Cross Border Data Flows - PowerPoint PPT Presentation

1 / 24
About This Presentation
Title:

Conference on Cross Border Data Flows

Description:

Title: Slide 1 Last modified by: Federal Trade Commission Created Date: 6/30/2005 1:35:19 PM Document presentation format: On-screen Show Other titles – PowerPoint PPT presentation

Number of Views:45
Avg rating:3.0/5.0
Slides: 25
Provided by: safeharbo4
Category:

less

Transcript and Presenter's Notes

Title: Conference on Cross Border Data Flows


1
  • Conference on Cross Border Data Flows Privacy
  • October 15-16, 2007
  • Washington, D.C.
  • The European Unions Data Protection
  • Framework 12 Years Later
  • Giovanni
    Buttarelli
  • Secretary General, Garante per la Protezione dei
    Dati Personali

2

EU legislation
  • Data protection is a fundamental right.
  • Data protection / privacy protection
  • Right to privacy the right to be left alone
  • Data protection right of self-determination for
    information

3
  • Everyone has the right to the protection
  • of his/her personal data
  • A new right
  • for nowadays dimension of privacy

4

EU legislation
  • The sources of the law
  • The main declarations
  • Article 8 European Convention of Human Rights
  • Council of Europe Convention for the Protection
    of Individuals with regard to Automatic
    Processing of Personal Data (ETS No. 108)
  • EU Charter of Fundamental Rights Art. 8

5

EU Charter of fundamental rights
  • Article 8 - Protection of personal data
  • Everyone has the right to the protection of
    personal data concerning him or her.
  • Such data must be processed fairly for specified
    purposes and on the basis of the consent of the
    person concerned or some other legitimate basis
    laid down by law. Everyone has the right of
    access to data which has been collected
    concerning him or her, and the right to have it
    rectified.
  • Compliance with these rules shall be subject to
    control by an independent authority.

6

EU legislation
  • General data protection rules EU Directive
    95/46/EC
  • Electronic communicationEU Directive 2002/58/EC
  • Police and judicial co-operation in criminal
    mattersEU Framework Decision COM (2005) 475
  • Other texts dealing with data protection
  • Schengen ConventionEuropolEurojust
  • Texts on the Internet
  • http//europa.eu.int/comm/justice_home/fsj/privacy
    /index_en.htm

7

EU legislation
  • DIRECTIVE 95/46/EC

8
Basic principles
  • Data Protection Directive 95/46/EC
  • high level of protection of personal data
  • free movement of data within EU/EEA
  • Personal data identified or identifiable person
  • Processing broad definition
  • Applies to public and private sectors
  • Relation data subject - controller

9
Definitions
  • Article 2
  • 'personal data' shall mean any information
    relating to an identified or identifiable natural
    person ('data subject')
  • an identifiable person is one who can be
    identified, directly or indirectly, in particular
    by reference to an identification number or to
    one or more factors specific to his physical,
    physiological, mental, economic, cultural or
    social identity
  • 'processing of personal data' ('processing')
    shall mean any operation or set of operations
    which is performed upon personal data, whether or
    not by automatic means, such as collection,
    recording, organization, storage, adaptation or
    alteration, retrieval, consultation, use,
    disclosure by transmission, dissemination or
    otherwise making available, alignment or
    combination, blocking, erasure or destruction
  • Processing means more than collection

10
Legitimacy
  • (Unambiguous) Consent
  • Necessary for performance of a contract
  • Necessary for compliance with a legal obligation
    of the controller
  • Necessary to protect the vital interest of the
    data subject
  • Necessary for the performance of a task of public
    interest or official authority
  • Legitimate interests of the controller (balance
    of interest)

11
Quality of data
  • Adequate, relevant and not excessive (in
    relation to purpose)
  • Accurate and kept up to date
  • Kept in a form which permits identification for
    no longer than necessary

12
Finality principle
  • Personal data must be collected for a specified,
    explicit and legitimate purpose
  • Not further processed in a way incompatible with
    those purposes

13
Sensitive data
  • Processing of sensitive data is in principle
    prohibited
  • Data revealing race or ethnic origin, political
    opinions, religious or philosophical belief,
    trade-union membership, health or sexual life
  • Exceptions
  • explicit consent,
  • obligations of controller in employment field,
  • vital interests data subject or another person,
  • legitimate activities of non-profit organisation,
  • data manifestly made public or legal claims

14
Rights of the individual
  • Data protection rights
  • Information for the data subject
  • clear and understandable language
  • sufficient information
  • Access to own data
  • Rectification
  • Objection
  • Complaint to Data Protection Authority

15
Obligations
  • Controller obligations
  • Responsible for exercise of data subjects rights
  • Confidentiality of the processing
  • Security of the processing
  • Notification to the data protection authority
  • Liability

16

Supervisory Authority
  • Data Protection Supervision Authorities
  • Fully independent bodies
  • Responsible for enforcing national legislation
  • Organization to be decided by Member States
  • Criteria powers
  • EC Directive 95/46/EC (Art. 28)
  • cf. Council of Europe Additional protocol to
    Convention 108 regarding supervisory authorities
    and transborder data flows (ETS No. 181)
  • Full iIndependence means
  • no government control or supervision

17
  • European initiatives
  • Over 30 national DPAs
  • An independent Working Party including 27
    Dpas plus observers (Article 29 of Directive
    95/46/EC)
  • http//ec.europa.eu/justice_home/fsj/privacy/worki
    nggroup/index_en.htm
  • Several primary objectives
  • To promote the uniform application of the general
    principles of the Directives in all Member States
    and the co-operation between Dpas
  • To advise the European Commission on data
    protection on any Community measures affecting
    the rights and freedoms of natural persons with
    regard to the processing of personal data and
    privacy.
  • To make recommendations to the public at large on
    matters relating to the protection of persons
    with regard to the processing of personal data
    and privacy in the EU

18
Transfer of data
  • The transfer of personal data is authorised
  • within the Member States of the EU and the EEA
  • (25 EU Island Liechtenstein Norway)
  • (situation in 2005)

19
Transfer of data
  • Transfer of personal data outside the EU/EEA
    under certain conditions
  • Exceptions
  • Adequate protection by third country
  • Adequacy decision by COM
  • Authorisation by Supervisory Authority
  • Standard contractual clauses

20
  • Resolution on Development on International
    Standards
  • (29International Conference Montreal 26-28
    September 2007
  • to support the development of effective and
    universally accepted nternational privacy
    standards

21
  • Communication from the European Commission to the
    European Parliament and to the Council
  • 7 March 2007
  • (2007) 87

22
  • Resolution International Co-operation
    (29International Conference Montreal 26-28
    September 2007)
  • Recognise that countries have adopted different
    approaches to protecting personal information and
    enhancing privacy rights
  • Encourage Data Protection Commissioners to
    further develop their existing efforts to support
    international co-operation and to work with
    internationl organisations to strengthen data
    protection worldwide

23
  • Declaration of Civil Society Organizations on
    the Role of Data Protection and Privacy
    Commissioners
  • (Montreal, September 25, 2007)
  • The worlds Privacy Commissioners must increase
    their own collective efforts at protecting
    privacy to counterbalance the increasing
    cross-border efforts of the worlds security
    establishments
  • Privacy Commissioners should be more proactive
    in addressing the privacy impacts of commercial
    purposes

24
  • Thank you for your attention
Write a Comment
User Comments (0)
About PowerShow.com