Presentation is loading. Please wait.

Presentation is loading. Please wait.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.

Similar presentations


Presentation on theme: "29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY."— Presentation transcript:

1 29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS 29e Confrence internationale des commissaires à la protection de la vie prive

2 29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS 29e Confrence internationale des commissaires à la protection de la vie prive Workshop 3 Globalization Dragon – Spanning the Earths Four Corners: Whats on the international horizons?

3 29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS 29e Confrence internationale des commissaires à la protection de la vie prive Layers of International Cooperation 1.Common Standards 2.Infrastructures 3.Joint Actions 4.Public Relations

4 29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS 29e Confrence internationale des commissaires à la protection de la vie prive First layer: Common Standards International standards for data protection -Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, Strasbourg, UN – Guidelines concerning computerized personal data files (14 Dec. 1990) -OECD – Recommendation of the Council concerning Guidelines governing the protection of privacy and transborder flows of personal personal data (23 Sept. 1980) -Montreux Declaration (14-16 Sept. 2005) Common standards on technologies and implementations (ISO...)

5 29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS 29e Confrence internationale des commissaires à la protection de la vie prive Second layer: Infrastructures of Cooperation International Conferences –IWGDPT (installed for telecommunication issues 1983) Regional conferences (eg. Art. 29 WP, European Conf., Asia Pacific Conf., Latin American Data Protection Network) Trans-Atlantic dialogue e.g. Safe Harbor Workshops -OECD – Recommendation on Cross-border Co-operation in the Enforcement of Laws Protecting Privacy (12 June 2007) OECD – Recommendation on Cross-border Co-operation in the Enforcement of Laws Protecting Privacy (12 June 2007)

6 29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS 29e Confrence internationale des commissaires à la protection de la vie prive Third layer: Joint actions First joint enforcement action on European level (Art. 29 WP) - insurance companies –Second one just started on search engines Joint appearance to public –BCR –Standard Contractual Clauses

7 29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS 29e Confrence internationale des commissaires à la protection de la vie prive Fourth layer: Gaining Public Awareness In an environment with -new technologies -more and more surveillance by state authorities -data collecting and evaluation of data by private enterprises By -Publishing opinions -Advising governments -Informing citizens and public Communicate our mission –Paris/London Initiative

8 29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS 29e Confrence internationale des commissaires à la protection de la vie prive Contact details Peter Schaar Federal Commissioner for Data Protection and Freedom of Information Chairman of the Article 29 Working Party Husarenstr. 30 D Bonn Tel: +49 (0) Fax: +49 (0)

9 29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS 29e Confrence internationale des commissaires à la protection de la vie prive OECD Work on Cross-border Privacy Law Enforcement Co-operation Michael Donohue

10 29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS 29e Confrence internationale des commissaires à la protection de la vie prive Overview Working Party on Information Security and Privacy –created expert group: privacy officials, EC, CoE –chaired by the Privacy Commissioner of Canada –consulted with business, civil society, other intl groups Report on Privacy Law Enforcement (Oct. 2006) –describes existing enforcement authorities and systems –identifies cross-border challenges New OECD Instrument (June 2007) –OECD Recommendation on Cross-border Co-operation in the Enforcement of Laws Protecting Privacy –now into the implementation stage

11 29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS 29e Confrence internationale des commissaires à la protection de la vie prive 11 Why work on improved enforcement co-op? the need for this work is a recurring theme for OECD... OECD Privacy Guidelines (1980) –facilitate mutual assistance in procedural & investigative matters. Ottawa Ministerial Declaration (1998) –ensure effective enforcement mechanisms for non-compliance and redress Report on Privacy Online (2003) –establish mechanisms for cross-border co-operation between public agencies in procedural and investigative matters and consistent with a broader trend... Intl Commissioners Conference (Montreux Declaration) APEC Data Privacy Subgroup Council of Europe, EU Art. 29 Working Party

12 29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS 29e Confrence internationale des commissaires à la protection de la vie prive The evolving climate for data flows and privacy risks Technology and Data flows fast, cheap connections efficient storage and processing data and voice converge via IP data flows with a mouse click Changing Business Processes global distribution of tasks international data transfers are increasingly integral to the economy human resources, financial services, customer service, education, e-commerce

13 29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS 29e Confrence internationale des commissaires à la protection de la vie prive The evolving climate for data flows and privacy risks Privacy risk environment Data breach Secondary usage Identity theft Changing user perceptions Data breach reports consumers may go elsewhere Increasing fears of data misuse threaten online banking interest Online users mobilise fast

14 29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS 29e Confrence internationale des commissaires à la protection de la vie prive The New Recommendation Adopted by the OECD Council on 12 June 2007 –approval at level of ambassadors sends an important signal –non-binding, but represents a serious political commitment –co-operation occurs within existing legal frameworks –leaves the implementation details to MCs and their authorities What does it do? –recites high-level policy objectives –identifies key elements for successful co-operation –invites non-OECD economies to collaborate with OECD members Builds on OECD precedents on enforcement co-operation –consumer protection, spam, competition law Grounded in the 1980 OECD Privacy Guidelines

15 29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS 29e Confrence internationale des commissaires à la protection de la vie prive Scope and Related Issues Covers the enforcement of Laws Protecting Privacy –national laws, the enforcement of which, has the effect of protecting personal data consistent with the OECD Privacy Guidelines Focus of the Recommendation –violations most serious in nature –primarily aimed at laws governing the private sector (but can include public sector) –and is not intended to interfere with government activities related to sovereignty, security, public policy Recognises the role of discretion –authorities may decline or limit assistance, where the request is outside the scope or otherwise inconsistent with national laws, important interests or priorities

16 29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS 29e Confrence internationale des commissaires à la protection de la vie prive Key Actors Privacy Enforcement Authorities –Public bodies –Enforcement responsibility for Laws Protecting Privacy –Power to investigate or pursue enforcement proceedings Other stakeholders –Criminal law enforcement bodies –Privacy officers in organisations –Private sector oversight groups Dont forget governments

17 29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS 29e Confrence internationale des commissaires à la protection de la vie prive Domestic Measures Recognises that you need to have the right domestic arrangements to co-operation internationally Calls for a review of laws, procedures -- and adjustments if needed Authorities need effective powers –sanctions and deterrence –investigations –corrective action Authorities need the ability to co-operate –to share information –to provide assistance (e.g., obtain documents or statements)

18 29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS 29e Confrence internationale des commissaires à la protection de la vie prive International Co-operation Mutual Assistance –requests for assistance –preserve the confidentiality of non-public information –respect the purpose specified when information exchanged –co-ordinate investigations to (at a minimum) avoid interference –referral of complaints, notifications Collective initiatives in support of mutual assistance –contact points, information about laws –sharing information about outcomes –foster the establishment of an informal network of authorities Co-operation with other stakeholders –criminal authorities, privacy officers, civil society, business

19 29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS 29e Confrence internationale des commissaires à la protection de la vie prive Implementation Developing a Contact List –single national point of contact –internal list (with complete contact information) –public list (without personal contact information) –co-ordination with other lists (e.g. APEC) Request for Assistance Form –identifies key categories of information –ensures careful pre-request preparation –flexible: can be adopted to fit the situation –non-duplicative: doesnt ask for what is readily available elsewhere Review implementation and report back to Council: June 2010

20 29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS 29e Confrence internationale des commissaires à la protection de la vie prive The Role of the EDPS Ensuring DP in Community policies Peter Hustinx European Data Protection Supervisor 27 September 2007

21 29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS 29e Confrence internationale des commissaires à la protection de la vie prive Role of the EDPS

22 29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS 29e Confrence internationale des commissaires à la protection de la vie prive EU Data Protection Article 8 ECHR CoE Convention 108 –Basic principles, subject rights, independent supervision EC Directives 95/46 and 97/66 (2002/58) Article 286 EC Treaty Regulation (EC) 45/2001 –Community institutions and bodies, Community law ECJ Österreichischer Rundfunk EU Charter > Reform Treaty

23 29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS 29e Confrence internationale des commissaires à la protection de la vie prive Monitoring Compliance Data Protection Officers –Position Paper on Role of DPO in ensuring effective compliance (2005) Prior Checks –Processing operations with specific risks: medical data, offences, staff evaluation, exclusion of rights, etc Complaints & Inquiries –MOU with Ombudsman, DG Competition, ECB-SWIFT Spring 2007 –Taking stock of progress in implementation of Regulation 45/2001 by EC institutions and bodies, with appropriate feedback

24 29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS 29e Confrence internationale des commissaires à la protection de la vie prive Consultation Consultation Policy –Article 28.2 of Regulation 45/2001 –Inventory for 2007: relevant initiatives (16 > 36) First Pillar –Better implementation of Directive 95/46/EC –Communications on RFID and PET –Revision of E-Privacy Directive 2002/58/EC Third Pillar –Data Protection Framework –Europol Decision –Implementation of Prüm Treaty

25 29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS 29e Confrence internationale des commissaires à la protection de la vie prive Monitoring Technologies Strategic analysis –RFID, Biometrics, Identity Management –Privacy by design –Best available techniques Seventh Research Framework (FP7) –IST 2006 Helsinki –Contribution to research projects –Evaluation of pilot projects

26 29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS 29e Confrence internationale des commissaires à la protection de la vie prive Cooperation Article 29 Working Party –National DPA, EDPS, Commission Joint authorities in Third Pillar –Schengen, Europol, Customs, Eurojust EU Information Systems –Eurodac, SIS II, VIS (coordinated supervision) –Internal Market, Consumer Protection International organisations –Workshops Geneva 2005, Munich 2007

27 29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS 29e Confrence internationale des commissaires à la protection de la vie prive Court Interventions PNR cases –Joint cases C-317/04 and C-318/04 before ECJ Public access to documents –Cases T-170/03 (British American Tobacco), T-161/04 (Valero Jordana) and T-194/04 (Bavarian Lager) at CFI Data retention directive 2006/24/EC –Case C-301/06 (Ireland vs Council and EP) at ECJ »Scope of legal basis in first pillar? Freedom of expression (Art. 9 Directive 95/46/EC) –Case C-73/07 (Tietosuojavaltuutettu vs Satakunnan Markkinapörssi Oy and Satamedia Oy) at ECJ

28 29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS 29e Confrence internationale des commissaires à la protection de la vie prive More information: Postal address: Rue Wiertz 60 - MO 63 B-1047 Brussels

29 29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS 29e Confrence internationale des commissaires à la protection de la vie prive Bringing the Corners Together: The APEC Privacy Framework Making Privacy Work Around the Pacific Mr. Colin Minihan Principal Legal Officer, Information Law Branch, Attorney-Generals Department, Australia

30 29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS 29e Confrence internationale des commissaires à la protection de la vie prive Privacy in APEC 21 economies in the Asia-Pacific region - uses cooperation, not treaties The APEC Privacy Framework - based on OECD Guidelines - principles based, practical focus - endorsed by Ministers in Santiago in 2004

31 29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS 29e Confrence internationale des commissaires à la protection de la vie prive Implementation of the Framework Guidance for domestic implementation - flexible, focus on compatibility Guidance for international implementation: - information sharing among economies - cooperation in investigation + enforcement - business use of cross-border privacy rules

32 29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS 29e Confrence internationale des commissaires à la protection de la vie prive Cross-Border Privacy Rules What does it mean? Who participates? How does it work? Is there a regulator?

33 29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS 29e Confrence internationale des commissaires à la protection de la vie prive The Data Privacy Pathfinder A Pathfinder tests practical implementation issues We are approaching the problem of cross- border data flows by slicing it into manageable sections Nine specific projects under consideration

34 29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS 29e Confrence internationale des commissaires à la protection de la vie prive Privacy Regulators in APEC APEC economies are diverse, and include: - Privacy Commissioners in Australia, Canada, Hong Kong China, New Zealand, Republic of Korea, Russia - Regulators with a privacy role in Japan, Mexico, Singapore, the United States

35 29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS 29e Confrence internationale des commissaires à la protection de la vie prive The Role of Regulators Regulators ensure accountability, the key principle underpinning the CBPR system Encourage regulators to work with business, trustmarks and consumers Encouraging regulator co-operation and information exchange across borders

36 29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS 29e Confrence internationale des commissaires à la protection de la vie prive Coordination with International Bodies OECD participating in APEC Data Privacy Sub-Group meetings as a member Important WPISP work on cross-border information sharing and enforcement Working with other organisations helps build a better result for everybody

37 29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS 29e Confrence internationale des commissaires à la protection de la vie prive The Sydney Resolution The APEC Privacy Framework is the principal international text in the region Sub-Group develops and sets privacy policy Each year the APEC host economy changes This is an opportunity to raise awareness of privacy issues in that economy

38 29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS 29e Confrence internationale des commissaires à la protection de la vie prive APEC 2008 and beyond Two key strands to our work: - Pathfinder projects - engagement with the OECD Strong education and collaboration theme to our work - two workshops will be held in Peru


Download ppt "29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY."

Similar presentations


Ads by Google