Presentation is loading. Please wait.

Presentation is loading. Please wait.

COMNET Conference Legal Frameworks for ICTs Legal Frameworks for ICTs Regulating Privacy COMNET 2013 - MALTA - 07.03.2013 Ian Deguara Head - Technical.

Similar presentations


Presentation on theme: "COMNET Conference Legal Frameworks for ICTs Legal Frameworks for ICTs Regulating Privacy COMNET 2013 - MALTA - 07.03.2013 Ian Deguara Head - Technical."— Presentation transcript:

1 COMNET Conference Legal Frameworks for ICTs Legal Frameworks for ICTs Regulating Privacy COMNET MALTA Ian Deguara Head - Technical Office of the Information and Data Protection Commissioner MALTA

2 Fact Sheet - DPA Role of the Commissioner Recent Developments Conclusive Remarks COMNET MALTA

3 Fact Sheet – DPA COMNET MALTA

4 Fact Sheet – Data Protection Authority COMNET MALTA Legislative Background  Right to privacy – a fundamental human right established under article 8 of the European Convention for the Protection of Human Rights and Fundamental Freedoms;  European Convention Act (Cap. 319) makes provision for the substantive articles contained in the European Convention;  CoE Convention 108 on the protection of individuals with regard to the automatic processing of personal data; ratified in Feb ‘03;  Directive 95/46/EC; faithfully transposed under the Data Protection Act (Cap.440); brought fully into force on 15 July 2003;  Subsidiary legislation on, inter alia, the processing of personal data in the electronic communications sector and by the Police.

5 Organisation  The Commissioner enjoys a distinct legal personality and is not subject to the direction or control of any other person or authority;  The Commissioner has the power of investigation, the power to engage in legal proceedings and the power of enforcement;  The Commissioner regulates both public and private sector;  Human resources - small staff built on teamwork who are generalists but with a specialisation (legal, IT and management);  Financial resources - by means of a parliamentary allocation (amounting to 50% of total revenue) in the form of a subvention. Notification fees and fines deriving from administrative penalties accrue as revenue to the Office’s coffers;  Volume of work – more than 10,000 notification forms received, an average of 45 official complaints received annually, 25 telephone queries per week and 50 monthly queries received by ; Fact Sheet – Data Protection Authority COMNET MALTA

6 Fact Sheet – Data Protection Authority Organisation  Raising awareness is one of the main functions of the Office which is primarily achieved by: - delivering presentations; - penning newspapers articles; - participating in radio & TV interviews; - posting information on the portal; - holding sectorial meetings; - activities of the annual Data Protection Day; - liasing closely with the Data Protection Unit within OPM (a dedicated unit responsible to facilitate and coordinate the implementation of data protection in the public service);  As of April 2010 the Commissioner was vested with the additional functions and responsibilities emanating from the provisions of the Freedom of Information Act; brought into force on 1 Sept COMNET MALTA

7 Role of the Commissioner COMNET MALTA

8  The Commissioner is the sole National Supervisory Authority.  The Commissioner regulates both the private and public sector.  The Commissioner enjoys independence similar to that of a judge. Role of the Commissioner COMNET MALTA

9  The Commissioner is responsible for the independent supervision of the data processing, including processing of law enforcement agencies by: - ensuring compliance with the relevant instruments (Conventions/ Decisions) and data protection legislation; - ensuring that the citizen’s right of access, rectification and blocking is being respected; - where there is refusal of such right, receiving and deciding an appeal by the data subject; - carrying out such verifications and inspections as may be required. Role of the Commissioner COMNET MALTA

10 Independence The Information and Data Protection Commissioner –  is appointed by the Prime Minister after having consulted the Leader of the Opposition;  holds office for a period of 5 years and is eligible for reappointment on the expiration of his term of office;  can only be removed by a motion of the Prime Minister upon an address of the House of Representatives supported by the votes of not less than two-thirds of all the members; Role of the Commissioner COMNET MALTA

11 Independence  may not hold any other office of profit; Article 37 of Act amended in December 2003;  takes oath of office before the Attorney General to carry out duties without fear or favour;  is not subject to the direction or control of any other person or authority. Role of the Commissioner COMNET MALTA

12 Independence  The Commissioner has a distinct legal personality and is capable of: - entering into contracts; - acquiring, holding and disposing of any kind of property for the purposes of his functions; - suing and being sued; - doing all such transactions as are incidental or conducive to the exercise of his functions.  Funding voted by the House of Representatives in the general estimates as a subvention. Role of the Commissioner COMNET MALTA

13 Functions The functions of the Data Protection Commissioner include:  to require the notification of processing operations and to keep a public register of such operations;  to exercise control and verification of whether the processing is carried out fairly and lawfully;  to intervene where a data subject is not allowed right of access by a data controller;  to verify the lawful processing of personal data falling under Article 13 of the Directive (secrecy, national security, etc.) - at the request of the data subject; Role of the Commissioner COMNET MALTA

14 Functions  to receive reports, claims and complaints by data subjects taking remedial action where necessary;  to encourage the drawing up of codes of conduct by the various sectors;  to bring to the knowledge of the general public the provisions of the Act and to give advice to any person where it is required;  to advise Government on any legislative measures in relation to his functions; and  to collaborate with supervisory authorities of other countries. Role of the Commissioner COMNET MALTA

15 Power of Investigation  To enable investigation the Commissioner has the right to - - access personal data being processed; - obtain information and documentation on the processing of personal data and its security; - enter and search any premises with the same powers as are vested in the executive police.  Inspections may also be carried out at Law Enforcement Authorities subject to the Commissioner’s written authorisation. The outcome is reported directly and solely to the Commissioner. Role of the Commissioner COMNET MALTA

16 Power of Intervention The Commissioner may order –  rectification  rectification where data is unlawfully processed; stop processing  a data controller to stop processing personal data (except for storage): - when rectification is not effected; - when sufficient information cannot be obtained following an access request; or - if the urgency of the matter so requires. Role of the Commissioner COMNET MALTA

17 Power of Intervention erasure  The Commissioner has also the power to issue a notice for erasure.  The notice may be appealed to the Court of Appeal within 15 days.  The notice becomes effective: - after 15 days if no appeal is lodged; or - after the Court of Appeal affirms the erasure order, in case of an appeal. Role of the Commissioner COMNET MALTA

18 The Commissioner may institute proceedings in a Court of law and may appear before the Appeals Tribunal and the Court of Appeal. Similarly any person aggrieved by a decision of the Commissioner may appeal to the Data Protection Appeals Tribunal -  in writing;  within 30 days from notification of the decision;  on any of the following grounds - - a material error concerning the facts; - a material procedural error; - an error of law; - some material illegality, including unreasonableness or lack of proportionality. Power to Engage in Legal Proceedings Role of the Commissioner COMNET MALTA

19 Power to Engage in Legal Proceedings Recourse to the Court of Appeal shall also lie to a party or to the Commissioner where they feel aggrieved from a decision of the Tribunal -  within 30 days from the decision; and  only on a question of law. Role of the Commissioner COMNET MALTA

20 Power to Engage in Legal Proceedings The Commissioner shall commence proceedings against any person who –  provides untrue information to data subjects or to the Commissioner;  processes personal data in contravention of the criteria required to process - - sensitive personal data; - data relating to criminal records or security measures;  illegally transfers personal data to a third country;  omits to give notification as required by law or provides untrue information in such notification. Role of the Commissioner COMNET MALTA

21 Power of Enforcement Penalties following court proceedings  On conviction a person may be liable to: - a fine not exceeding €23,290; - imprisonment for a term not exceeding six months; OR - both such fine and imprisonment. Role of the Commissioner COMNET MALTA

22 Power of Enforcement  Administrative fines may be imposed by the Commissioner by an order in writing to the data controller, where – - personal data is processed in an unlawful manner; - appropriate security measures are not in place; - a person does not comply with a lawful request relevant to an investigation by the Commissioner.  An administrative fine shall not exceed €23,290 for each violation, and €2,329 for each day during which a violation continues. Role of the Commissioner COMNET MALTA

23 Recent Developments COMNET MALTA

24  Technological progress and globalisation have changed the way personal data is collected, accessed and used;  Common trends nowadays include internet profiling, behavioural and location based advertising;  Information is becoming increasingly exposed and vulnerable leading to security breaches, hacking or other unlawful action especially on the online environment;  Initiatives at EU level aimed towards facilitating information processing or exchange to enhance security and justice;  Privacy challenges are constantly on the increase;  Reform of the EU data protection legislative framework; Recent Developments COMNET MALTA

25  On 25 th January 2012, the EC proposed a comprehensive reform of the 1995 Data Protection Directive;  The main objective was to strengthen online privacy rights, boost Europe’s digital agenda and ensure a harmonised environment across the EU;  A regulation was considered to be the most appropriate legal instrument; direct applicability reduces legal fragmentation and provides more legal certainty;  The proposal introduces new rights and obligations, including: - the right to be forgotten; - data protection by design and default; - personal data breach notification; - data protection impact assessment; Recent Developments COMNET MALTA

26 Recent Developments COMNET MALTA  The proposed regulation also provides for: - the setting up European Data Protection Board; - hefty administrative sanctions; - the adoption of implementing acts by the EC; - a transition period of two years for the implementation of the provisions following its entry into force;  State of play – The Working Party on Information Exchange and Data Protection (DAPIX) are progressing steadily on the article by article analysis of the proposed regulation. No official date has been established for the adoption of such proposal. A possible date might be the end of 2013.

27 Conclusive Remarks COMNET MALTA

28  Information has become a fundamental tool for private and public sector entities;  Data Protection rights should be safeguarded;  Close collaboration between all stakeholders such as the Industry, Law Enforcement Agencies and the Commissioner to ensure effective data protection;  Education and awareness are the fundamentals to create a relationship of mutual trust. Conclusive Remarks COMNET MALTA

29 CREATING THE RIGHT BALANCE BETWEEN Need or Obligation for Data Processing Data Protection Principles and Rights Conclusive Remarks COMNET MALTA

30 Thank you! Office of the Information and Data Protection Commissioner Tel: (+356) Tel: (+356) Portal: Portal: The Floor is now open for discussion/questions Contact Details COMNET MALTA


Download ppt "COMNET Conference Legal Frameworks for ICTs Legal Frameworks for ICTs Regulating Privacy COMNET 2013 - MALTA - 07.03.2013 Ian Deguara Head - Technical."

Similar presentations


Ads by Google