Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Enforcement Powers of National Data Protection Authorities and Experience gained of the Data Protection Directive Safe Harbour Conference Washington.

Similar presentations


Presentation on theme: "1 Enforcement Powers of National Data Protection Authorities and Experience gained of the Data Protection Directive Safe Harbour Conference Washington."— Presentation transcript:

1 1 Enforcement Powers of National Data Protection Authorities and Experience gained of the Data Protection Directive Safe Harbour Conference Washington 16 October Gary Davis Deputy Data Protection Commissioner, Ireland

2 2 EU/EEA Directives Directive 95/46/EC Protection of Individuals with regard to the Processing of Personal Data and on the Free Movement of such Data Directive 2002/58/EC Privacy and Electronic Communications

3 3 Presentation Outline Directive 95/46/EC Obligations Discretion to Member States National Differences Irish Case Study Issues International position

4 4 Directive 95/46/EC Obligations Enforcement Obligations on Members States Article 22 - judicial remedy for individuals Article 23 - entitlement for person to receive compensation Article 24 – effective sanctions for breach of provisions Article 28 – Independent authority(s) in MS responsible for monitoring national provisions Article 27 – Codes of Conduct to be encouraged to contribute to implementation

5 5 Powers for authorities - Article 28 Investigative Powers – access to data and to collect information Prior checking of processing Make decisions on complaints Ordering of blocking, erasure or destruction of data Power to initiate legal action Co-operation between supervisory authorities

6 6 Case Study - Role of the Irish DPA Ombudsman Role: resolution of disputes between data subjects and data controllers or processors Enforcer Role: compliance by data controllers & processors Educational Role: Promotes DP rights and good practice Registration Authority: obligation on major holders of personal data to be placed on public register

7 7 Powers of Irish DPA Information notice (section 12) Enforcement notice (section 10) Compliance Audits (section 10) Powers of entry and inspection (section 24) Decision on complaints (section 10) Codes of Practice (section 13) Refusal to register (section 17) Prohibition of non-EEA transfers (section 11) Prosecute Offences (section 30)

8 8 National Differences? Yes within the margin for manoeuvre for implementation within the Directive All systems have the same objective of protecting the rights of individuals Varying approaches to complaints in some cases ability to levy sanctions or fines directly Interpretation of what constitutes personal data and sensitive personal data Power of entry and audit not uniform Prior checking in some cases before can process certain categories of data Registration/Notification system varies widely

9 9 Issues Implementation respecting individual tradition of each MS causes difficulties for multi-jurisdictional entities. Is the focus on preventing breaches overly bureaucratic? Perhaps stronger powers to decide upon and deal with events after they happen also - Federal Trade Commission. Need for more consistency of interpretation across authorities

10 10 Harmonisation? Recent second European Commission Communication on implementation of Directive Infringement procedures by Commission planned to improve harmonisation Interpretative communications from the Commission on common provisions Enhanced focus of Article 29 Working Party in encouraging a harmonised approach to issues

11 11 Harmonisation? A29 Working Party has agreed on the principle of EU-wide, synchronized national enforcement actions, setting criteria to identify issues for investigations. March 2006 first joint investigation involving national Data Protection Authorities on the processing of personal data in the private health insurance sector. More to come Small point - Data Protection Authorities need to be adequately resourced also

12 12 Improved enforcement - International Context OECD Recommendation on Cross-border Co-operation in the Enforcement of Laws Protecting Privacy adopted on 12 June 2007 APEC efforts also assisting in exchange of knowledge among authorities Many other formal and informal fora dealing with electronic communications and other issues

13 13 Thank You Contact:


Download ppt "1 Enforcement Powers of National Data Protection Authorities and Experience gained of the Data Protection Directive Safe Harbour Conference Washington."

Similar presentations


Ads by Google