Presentation is loading. Please wait.

Presentation is loading. Please wait.

Attorney at the Bars of Paris and Brussels Database exploitation & Data protection Thibault Verbiest Amsterdam 1 April 2005

Published byFrancine Hudson Modified over 8 years ago

Similar presentations

Presentation on theme: "Attorney at the Bars of Paris and Brussels Database exploitation & Data protection Thibault Verbiest Amsterdam 1 April 2005"— Presentation transcript:

1 Attorney at the Bars of Paris and Brussels Database exploitation & Data protection Thibault Verbiest Amsterdam 1 April 2005 WWW.ULYS.NET thibault.verbiest@ulys.net

2

3 Data Protection  General: Directive 95/46  Particular: Directive 2002/58 Overview legal aspects of databases Intellectual Property:  « Traditional copyright » protection for the structure  « Sui generis » protection for the content -Database: collection of independent data arranged in a systematic or methodical way and individually accessible by electronic or other means. - Substantial investment - Maker of a database has an exclusive right to prevent extraction and/or re-utilization

4 General & sector specific regulations General: 95/46 Protection of personal data General data protection principles Scope? Online and offline Public & private networks Specific 2002/58 Privacy & electronic communications Specific obligations (e.g., cookies, spam) Scope? Communication service Public networks

5 1. General Protection: Directive 95/46  Scope:  9 Principles of Data protection  Sensitive data Member States shall prohibit the processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of data concerning health or sex life.  Case Studies Privacy Policy Collection of information Disclosure of data via webapplication

6 Scope: Directive 95/46  « Processing of personal data »  personal data: Information concerning a data subject identifiable natural person Direct or indirect Controller or third party Legal entity: SME? IP address? 007@hotmail.com?  Processing: Any operation performed upon personal data In the EU? Outsourcing to non-EU countries?

7 Data Protection Principles Data must be:  fairly and lawfully processed;  processed for specified, detailed and legitimate purposes;  adequate, relevant and not excessive;  accurate;  not kept longer than necessary;  processed in accordance with the data subject's rights;  Secure and remain confidential;  not transferred to countries without adequate protection (outside EU);  Processing activities « must » be notified to the supervisory authority.

8 Case study 1: Privacy Policy  Legally required?  Contents The name and address of the controller and processor (contract) Purposes of the processing activity The kind of data processed: « sensitive data » The means to collect and process data (cf. cookies) Inform the data subject on his/her rights and the way he/she can exercise them The technical and organizational measures adopted to ensure the secure and confidential character (cf. disclusure) Reference to general information on data protection legislation, e.g., FAQ, or the contact details privacy officer (privacy@euro-info.org.uk)

9

10

11 Case Study 2: collection of information

12  Processing « shall mean any operation … whether or not by automatic means, such as collection, recording, organization, storage, disclosure by transmission, dissemination or otherwise making available, etc. »  Means of collection: Data subject is aware,e.g., webform/ trade fairs Data subject is not aware, e.g., spy ware

13 Case Study 3: disclosure of personal data  Web database or online database  Database query to retrieve all persons with certain properties  Broad an open notion of « processing » includes « disclosure by transmission, dissemination or otherwise making available »  Pay attention to unauthorized disclosures  Personal details on website: Lindqvist case  Unauthorized access and retrieval of information  Transfer to third parties, e.g, business partners or other DB

14 2. Sector Specific regulation  Directive 2002/58/EC on privacy and electronic communication  One of the Directives of the new « Telecom Package »  Update of Directive 97/66 on privacy and telecommunications  Overview: scope contents Articulation with general framework

15 Scope: sector specific regulation  « This Directive shall apply to the processing of personal data in connection with the provision of publicly available electronic communications services in public communications networks in the Community. » Public networks: no private or corporate networks: « Individual » communication: no broadcasting Online exploitation, ASP? Includes: Protection of the legitimate interests of subscribers who are legal persons (SME). Scope is not always very clear & distinction sometimes too academic.

16 Sector specific regulation Contents: clarification of some principles  Cookies, spy ware  Security and confidentiality  Traffic & location data  Directories of subscribers, e.g., yellow pages  SPAM: collection and use of email!

17 Sector Specific regulation  Pragmatic Approach and articulation:  Directive 95/46 applies to all networks  Obligations imposed by Directive 2002/58/EC, “covered” by Directive 95/46/EC  Example: Security: 2002/58 (art 4) The provider of a publicly available electronic communications service must take appropriate technical and organisational measures to safeguard security of its services, if necessary in conjunction with…. 95/46 (art.17) The controller must implement appropriate technical and organizational measures to protect personal data against … all other unlawful forms of processing.

18 Cookies – online identifiers  Online exploitation of database requires the identification of customers  Processing of personal data Directive 95/46  Directive 2002/58:  Legitimate purposes  User must be informed on the installation, on its purposes:  Users should have the opportunity to refuse to have a cookie  User should receive user-friendly information on how to refuse installation  Consequences of refusal – conditional access

19 Use of electronic contact details (email) Unsolicited Communications: article 13 :  Principle: OPT IN : addresses must give their prior consent  How to obtain a prior valid consent?  Electronic mail: email, sms, mms…pop up?  Exception: OPT-OUT if :  Existing commercial relationship  Same natural or legal person  Similar products or services  Consumer is given the opportunity to refuse reception (opt-out)  Opt-in data bases?

20 & WWW.ULYS.NET Thibault.verbiest@ulys.net Q UESTIONS c OMMENTS

Download ppt "Attorney at the Bars of Paris and Brussels Database exploitation & Data protection Thibault Verbiest Amsterdam 1 April 2005"

Similar presentations

Re-use of PSI Data Protection Issues Cécile de Terwangne Professor at the Law Faculty, Research Director at CRIDS University of Namur (Belgium) 2 nd LAPSI.

Re-use of PSI Data Protection Issues Cécile de Terwangne Professor at the Law Faculty, Research Director at CRIDS University of Namur (Belgium) 2 nd LAPSI.
PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR

PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR
Data Protection & Privacy in the Information Age COMNET – Legal Frameworks for ICTs Malta 2013 Dr Antonio Ghio Dr Jeanine Rizzo.

Data Protection & Privacy in the Information Age COMNET – Legal Frameworks for ICTs Malta 2013 Dr Antonio Ghio Dr Jeanine Rizzo.
DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.
The data retention directive: data protection aspects Frank Robben General manager Crossroads Bank for Social Security Sint-Pieterssteenweg 375 B-1040.

The data retention directive: data protection aspects Frank Robben General manager Crossroads Bank for Social Security Sint-Pieterssteenweg 375 B-1040.
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
Convention for the protection of individual with regard to automatic processing of personal data “The purpose of this convention is to secure in the territory.

Convention for the protection of individual with regard to automatic processing of personal data “The purpose of this convention is to secure in the territory.
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Data Protection.

Data Protection.
Legal issues linked to online recruitment Thibault Verbiest Attorney-at-law at the Brussels Bar and at the Paris Bar

Legal issues linked to online recruitment Thibault Verbiest Attorney-at-law at the Brussels Bar and at the Paris Bar
DATA PROTECTION and Research University Research Ethics Committee – 08.05.2006 David Cauchi Office of the Data Protection Commissioner.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.
The European Union legal framework for clinical data access: The European Union legal framework for clinical data access: potential challenges and opportunities.

The European Union legal framework for clinical data access: The European Union legal framework for clinical data access: potential challenges and opportunities.
1 Pertemuan 7 Points of Exposure Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.

1 Pertemuan 7 Points of Exposure Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.
Legal Liability & Data Protection Paul Van den Bulck Attorney-at-law at the Paris and Brussels Bars Partner Ulys Law Firm Lecturer at University Paris.

Legal Liability & Data Protection Paul Van den Bulck Attorney-at-law at the Paris and Brussels Bars Partner Ulys Law Firm Lecturer at University Paris.
Data Protection: The Law. EU & Irish Legislation Data Protection Directive 95/46/EC Electronic Privacy Directive 2002/58/EC EUROPOL etc Data Protection.

Data Protection: The Law. EU & Irish Legislation Data Protection Directive 95/46/EC Electronic Privacy Directive 2002/58/EC EUROPOL etc Data Protection.
Audiences NI Data Protection Workshop

Audiences NI Data Protection Workshop
Data Protection Overview

Data Protection Overview
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.

 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
Data Protection for Church of Scotland Congregations

Data Protection for Church of Scotland Congregations
Lawyer at the Brussels Bar Lecturer at the University of Strasbourg Assistant at the University of Brussels Data Protection & Electronic Communications.

Lawyer at the Brussels Bar Lecturer at the University of Strasbourg Assistant at the University of Brussels Data Protection & Electronic Communications.

Similar presentations

Ads by Google