Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.

Published byFelipe Dancy Modified over 9 years ago

Similar presentations

Presentation on theme: "Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari."— Presentation transcript:

1 Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari

2 8 June 2011 European Data Protection Legal Framework INTERNATIONALEUNATIONAL European Convention on Human Rights – art. 8 EU Charter on Fundamental Rights – art. 8 Transposition of Directives to national laws Council of Europe Convention n. 108 - 1981 “Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data” former First Pillar: Directive 95/46, Directive 2002/58 (e- privacy), Directive on Data Retention For EU Institutions : Regulation 45/2001 Sector specific laws and codes of conduct

3 8 June 2011 Charter of Fundamental Rights of the European Union Article 8 - Protection of personal data 1. Everyone has the right to the protection of personal data concerning him or her. 2. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified. 3. Compliance with these rules shall be subject to control by an independent authority.

4 8 June 2011 What is “Data Protection”? Obligations (data controller): - data quality, lawfulness of processing, transfer of personal data, sensitive data, information to be provided, adoption of security measures, etc. Rights (data subject): - access, rectification, blocking, erasure, right to object, automated individual decisions, etc. Exemptions and restrictions Remedies Independent Supervisory Authority

5 8 June 2011 Compliance with the Regulation: Layered approach Institutions and bodies Controllers Data Protection Officer EDPS

6 8 June 2011 What is the EDPS? The EDPS is an independent supervisory authority devoted to protecting personal data and privacy and promoting good practice in the EU institutions and bodies. A number of specific duties of the EDPS are laid down in Regulation 45/2001. The three main fields of work are: Supervisory tasks Consultative tasks: to advise EC institutions and bodies on proposals for new legislation as well as on implementing measures. Technical advances, notably in the IT sector, with an impact on data protection are monitored as part of this activity. Cooperative tasks: involving work in close collaboration with national data protection authorities and acting as a member of the Article 29 Working Party.

7 8 June 2011 Supervision main activities Prior check: specific risks Complaints: data processed by EU institutions and bodies Consultations on Administrative Measures Inspections: own initiative or on the basis of a complaint

8 8 June 2011 Raising awareness Targeted monitoring and reporting exercises General monitoring and reporting exercises Inspections EDPS compliance monitoring tools

9 8 June 2011 Powers: article 47 Give advice Refer matter to controller and make proposals to remedy breach Warn or admonish controller Order rectification, blocking, erasure Impose temporary or definitive ban Refer matter to institution or EP, Council, COM Refer matter to ECJ

10 8 June 2011 Scope of application of Directive 95/46/EC and Regulation 45/2001 Material scope: processing of personal data wholly or partly by automatic means or which form part of a filling system Personal data: “any information relating to an identified or identifiable natural person”, that is the ‘data subject’; An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity” Art. 29 Working Party: where the criteria of "content", "purpose" or "result" allow the information on the legal person or on the business to be considered as "relating" to a natural person, it should be considered as personal data, and the data protection rules should apply.

11 8 June 2011 Data quality criteria Processed fairly and lawfully Collected for specified, explicit and legitimate purpose Adequate, relevant and non excessive Accurate and kept up to date Kept in a form which permits identification of data subjects for no longer than necessary

12 8 June 2011 When is data processing “lawful”? Article 5: –a) public interest on the basis of EU law / official authority vested in EU institution/body –b) compliance with legal obligation –c) performance of a contract –d) unambiguous consent –e) vital interests

13 8 June 2011 Change of purpose Article 4.1.b “not processed in a way incompatible with the purposes for which data was collected” Article 6.1.”personal data shall only be processed for purposes other than those for which have been collected if change of purpose is expressly permitted by internal rules of the EU institution or body”

14 8 June 2011 When is data processing “fair”? Rights of data subject Information (no excessive delay/expense) on whether data are processed, purpose, recipient, Information on rights of data subject, legal basis / time limit / recourse to EDPS Access and rectification, erasure or blocking

15 8 June 2011 Data transfers under Regulation 45/2001 Transfer from EU institution to recipients subject to Dir. 95/46 (national authorities): yes if recipient establishes that transfer necessary for public interest task or subject to public authority Transfer from EU institution to recipients not subject to Dir. 95/46: adequacy + solely to allow tasks of controller´s competence

16 8 June 2011 Security of processing To prevent unauthorised disclosure or access, unlawful destruction, accidental loss or alteration or other unlawful processing, controller to implement appropriate technical and organisational measures to ensure security Specific requirements for automated means of processing (art. 22.2 Reg. 45/2001)

17 8 June 2011 Restrictions (article 20) May restrict application of certain principles (conservation period, rights of data subjects, …) when necessary for - Prevention, investigation, detection, prosecution of criminal offences - Important financial or economic interest - Protection of data subject or rights and freedoms of others - National security, public security or defence MS

18 8 June 2011 Restrictions (cont) If apply restriction: -Inform reasons and recourse EDPS -May defer this information for as long as would deprive the restriction of its effect (20.5) -Indirect access through EDPS (art 20.4)

19 8 June 2011

Download ppt "Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari."

Similar presentations

Re-use of PSI Data Protection Issues Cécile de Terwangne Professor at the Law Faculty, Research Director at CRIDS University of Namur (Belgium) 2 nd LAPSI.

Re-use of PSI Data Protection Issues Cécile de Terwangne Professor at the Law Faculty, Research Director at CRIDS University of Namur (Belgium) 2 nd LAPSI.
Public Sector Information & Data Protection: A plea for personal privacy settings for the re-use of PSI Bart van der Sloot Institute for Information Law.

Public Sector Information & Data Protection: A plea for personal privacy settings for the re-use of PSI Bart van der Sloot Institute for Information Law.
PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR

PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR
European CommissionDirectorate-General Justice, Freedom and Security Data Protection 1 Conference on Cross Border Data Flows & Privacy October 15-16, 2007.

European CommissionDirectorate-General Justice, Freedom and Security Data Protection 1 Conference on Cross Border Data Flows & Privacy October 15-16, 2007.
Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Data Protection Billy Hawkes Data Protection Commissioner Irish Human Rights Commission 20 November 2010.

Data Protection Billy Hawkes Data Protection Commissioner Irish Human Rights Commission 20 November 2010.
Data Protection & Privacy in the Information Age COMNET – Legal Frameworks for ICTs Malta 2013 Dr Antonio Ghio Dr Jeanine Rizzo.

Data Protection & Privacy in the Information Age COMNET – Legal Frameworks for ICTs Malta 2013 Dr Antonio Ghio Dr Jeanine Rizzo.
DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.
The data retention directive: data protection aspects Frank Robben General manager Crossroads Bank for Social Security Sint-Pieterssteenweg 375 B-1040.

The data retention directive: data protection aspects Frank Robben General manager Crossroads Bank for Social Security Sint-Pieterssteenweg 375 B-1040.
1 The Data Protection Officer at work Experience, good practices and lessons learnt Pierre Vernhes – former DPO at the Council of the EU Workshop on Data.

1 The Data Protection Officer at work Experience, good practices and lessons learnt Pierre Vernhes – former DPO at the Council of the EU Workshop on Data.
Convention for the protection of individual with regard to automatic processing of personal data “The purpose of this convention is to secure in the territory.

Convention for the protection of individual with regard to automatic processing of personal data “The purpose of this convention is to secure in the territory.
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
DATA PROTECTION and Research University Research Ethics Committee – 08.05.2006 David Cauchi Office of the Data Protection Commissioner.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.
A European View of Privacy Protection John Woulds Director of Operations UK Data Protection Commissioner National Conference on Privacy, Technology & Criminal.

A European View of Privacy Protection John Woulds Director of Operations UK Data Protection Commissioner National Conference on Privacy, Technology & Criminal.
Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview

Data Protection Overview
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.

 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
The Information Commissioner’s Office David Evans.

The Information Commissioner’s Office David Evans.
The role of privacy in the security landscape

The role of privacy in the security landscape

Similar presentations

Ads by Google