Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Enforcement Powers of National Data Protection Authorities and Experience gained of the Data Protection Directive Safe Harbour Conference Washington.

Published byChristian Wagner Modified over 10 years ago

Similar presentations

Presentation on theme: "1 Enforcement Powers of National Data Protection Authorities and Experience gained of the Data Protection Directive Safe Harbour Conference Washington."— Presentation transcript:

1 1 Enforcement Powers of National Data Protection Authorities and Experience gained of the Data Protection Directive Safe Harbour Conference Washington 16 October Gary Davis Deputy Data Protection Commissioner, Ireland

2 2 EU/EEA Directives Directive 95/46/EC Protection of Individuals with regard to the Processing of Personal Data and on the Free Movement of such Data Directive 2002/58/EC Privacy and Electronic Communications

3 3 Presentation Outline Directive 95/46/EC Obligations Discretion to Member States National Differences Irish Case Study Issues International position

4 4 Directive 95/46/EC Obligations Enforcement Obligations on Members States Article 22 - judicial remedy for individuals Article 23 - entitlement for person to receive compensation Article 24 – effective sanctions for breach of provisions Article 28 – Independent authority(s) in MS responsible for monitoring national provisions Article 27 – Codes of Conduct to be encouraged to contribute to implementation

5 5 Powers for authorities - Article 28 Investigative Powers – access to data and to collect information Prior checking of processing Make decisions on complaints Ordering of blocking, erasure or destruction of data Power to initiate legal action Co-operation between supervisory authorities

6 6 Case Study - Role of the Irish DPA Ombudsman Role: resolution of disputes between data subjects and data controllers or processors Enforcer Role: compliance by data controllers & processors Educational Role: Promotes DP rights and good practice Registration Authority: obligation on major holders of personal data to be placed on public register

7 7 Powers of Irish DPA Information notice (section 12) Enforcement notice (section 10) Compliance Audits (section 10) Powers of entry and inspection (section 24) Decision on complaints (section 10) Codes of Practice (section 13) Refusal to register (section 17) Prohibition of non-EEA transfers (section 11) Prosecute Offences (section 30)

8 8 National Differences? Yes within the margin for manoeuvre for implementation within the Directive All systems have the same objective of protecting the rights of individuals Varying approaches to complaints in some cases ability to levy sanctions or fines directly Interpretation of what constitutes personal data and sensitive personal data Power of entry and audit not uniform Prior checking in some cases before can process certain categories of data Registration/Notification system varies widely

9 9 Issues Implementation respecting individual tradition of each MS causes difficulties for multi-jurisdictional entities. Is the focus on preventing breaches overly bureaucratic? Perhaps stronger powers to decide upon and deal with events after they happen also - Federal Trade Commission. Need for more consistency of interpretation across authorities

10 10 Harmonisation? Recent second European Commission Communication on implementation of Directive Infringement procedures by Commission planned to improve harmonisation Interpretative communications from the Commission on common provisions Enhanced focus of Article 29 Working Party in encouraging a harmonised approach to issues

11 11 Harmonisation? A29 Working Party has agreed on the principle of EU-wide, synchronized national enforcement actions, setting criteria to identify issues for investigations. March 2006 first joint investigation involving national Data Protection Authorities on the processing of personal data in the private health insurance sector. More to come Small point - Data Protection Authorities need to be adequately resourced also

12 12 Improved enforcement - International Context OECD Recommendation on Cross-border Co-operation in the Enforcement of Laws Protecting Privacy adopted on 12 June 2007 APEC efforts also assisting in exchange of knowledge among authorities Many other formal and informal fora dealing with electronic communications and other issues

13 13 Thank You www.dataprotection.ie Contact: gdavis@dataprotection.ie

Download ppt "1 Enforcement Powers of National Data Protection Authorities and Experience gained of the Data Protection Directive Safe Harbour Conference Washington."

Similar presentations

1 SOURCES AND SCOPE OF COMMUNITY LAW Michele Colucci Web site: PARMA 8-9 November.

1 SOURCES AND SCOPE OF COMMUNITY LAW Michele Colucci Web site: PARMA 8-9 November.
20.10.11 Competences of Slovenian regulatory bodies regarding PSI re-use Maja Lubarda Legal Adviser, Information Commissioner.

Competences of Slovenian regulatory bodies regarding PSI re-use Maja Lubarda Legal Adviser, Information Commissioner.
PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR

PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR
Public Administration use of Social Networks - Data Protection Implications European Public Administration Network, Dublin Castle, 5 April 2013 Billy Hawkes.

Public Administration use of Social Networks - Data Protection Implications European Public Administration Network, Dublin Castle, 5 April 2013 Billy Hawkes.
Www.fra.europa.eu EU-MIDIS European Union Minorities & Discrimination Survey Collecting reliable and comparable data on the Roma across the EU Eva Sobotka.

EU-MIDIS European Union Minorities & Discrimination Survey Collecting reliable and comparable data on the Roma across the EU Eva Sobotka.
EASA and the EU Regulatory Framework

EASA and the EU Regulatory Framework
European Commission Jacques McMillan Enterprise Directorate-General Legal aspects linked to internal market EUROPEAN CONFERENCE ON MARKET SURVEILLANCE.

European Commission Jacques McMillan Enterprise Directorate-General Legal aspects linked to internal market EUROPEAN CONFERENCE ON MARKET SURVEILLANCE.
Deposit insurance in the European Union José María Roldán | 13 Oct 2005.

Deposit insurance in the European Union José María Roldán | 13 Oct 2005.
1 National Police Board 16 September 2009 Elisabeth Styf President ECIIA Chief Audit Executive for the Swedish Police Service 21 police authorities, the.

1 National Police Board 16 September 2009 Elisabeth Styf President ECIIA Chief Audit Executive for the Swedish Police Service 21 police authorities, the.
Transborder Data Flows & Privacy Contractual clauses in the practice Tanguy Van Overstraeten Washington DC October 16, 2007.

Transborder Data Flows & Privacy Contractual clauses in the practice Tanguy Van Overstraeten Washington DC October 16, 2007.
1 Agencia Española de Protección de Datos AUDITING AND ENFORCEMENT AT THE SPANISH DPA. EXPERIENCE WITH OUTSOURCING TO COUNTRIES WITH A NON ADEQUATE LEVEL.

1 Agencia Española de Protección de Datos AUDITING AND ENFORCEMENT AT THE SPANISH DPA. EXPERIENCE WITH OUTSOURCING TO COUNTRIES WITH A NON ADEQUATE LEVEL.
European CommissionDirectorate-General Justice, Freedom and Security Data Protection 1 Conference on Cross Border Data Flows & Privacy October 15-16, 2007.

European CommissionDirectorate-General Justice, Freedom and Security Data Protection 1 Conference on Cross Border Data Flows & Privacy October 15-16, 2007.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
Data Protection Billy Hawkes Data Protection Commissioner Irish Human Rights Commission 20 November 2010.

Data Protection Billy Hawkes Data Protection Commissioner Irish Human Rights Commission 20 November 2010.
DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.
1 State Service of Ukraine on Personal Data Protection. Volodymyr Kozak, State Service of Ukraine on Personal Data Protection, Deputy Head, PhD Prague,

1 State Service of Ukraine on Personal Data Protection. Volodymyr Kozak, State Service of Ukraine on Personal Data Protection, Deputy Head, PhD Prague,
Shared Information and Mutual Assistance Book V – Mutual Assistance Book VI – Administrative Information Management Presentation for the EU Ombudsman /

Shared Information and Mutual Assistance Book V – Mutual Assistance Book VI – Administrative Information Management Presentation for the EU Ombudsman /
APNIC Executive Council (EC) Election 1. Overview About 2011 EC Election Voting entitlement Online voting On-site voting Proxy appointment Counting procedure.

APNIC Executive Council (EC) Election 1. Overview About 2011 EC Election Voting entitlement Online voting On-site voting Proxy appointment Counting procedure.
1 Insights on cross-border ex ante controls – Polish experiences 27th Conference of Directors of EU Paying Agencies Oviedo, 28-30 April 2010.

1 Insights on cross-border ex ante controls – Polish experiences 27th Conference of Directors of EU Paying Agencies Oviedo, April 2010.
1 The Data Protection Officer at work Experience, good practices and lessons learnt Pierre Vernhes – former DPO at the Council of the EU Workshop on Data.

1 The Data Protection Officer at work Experience, good practices and lessons learnt Pierre Vernhes – former DPO at the Council of the EU Workshop on Data.

Similar presentations

Ads by Google