Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data Protection Compliance Professor Ian Walden Institute of Computer and Communications Law, Centre for Commercial Law Studies, Queen Mary, University.

Published byMitchell Lindsey Modified over 8 years ago

Similar presentations

Presentation on theme: "Data Protection Compliance Professor Ian Walden Institute of Computer and Communications Law, Centre for Commercial Law Studies, Queen Mary, University."— Presentation transcript:

1 Data Protection Compliance Professor Ian Walden Institute of Computer and Communications Law, Centre for Commercial Law Studies, Queen Mary, University of London

2 Introductory Remarks u u Personal data – –‘processing’: collecting, using, disclosing & transferring personal data u u Compliance – –data controller ‘determines purpose and means’ – –e.g. SWIFT case – –data processor e.g. Web host –” (art. 17(4)) –“shall be in writing or in another equivalent form” (art. 17(4))

3 Transparency u u Obligation – –fair processing (art. 6(1)) – –when using networks to store information or gain access to information stored on users terminal equipment (02/58/EC, art. 5(3)) e.g. ‘cookies’ ‘provided with clear and comprehensive information’ u u Timing – –when collected from data subject (art. 10) – –when not obtained from data subject (art. 11) unless already has it

4 Transparency u u Content of notification – –identity, purposes, recipients, consequences, right of access u u Right of access (art. 12) – –personal data – –meta-data purposes, disclosures, source – –right of rectification, erasure, blocking notification of third parties u u Notification to national authority (art. 18)

5 Transparency u u Related legislation – –Distance-selling Directive 97/7/EC: art. 4 (prior information), art. 5 (written confirmation) Distance-selling of financial services Directive 02/65/EC: art. 3 (prior information), art. 4 (additional requirements), art. 5 (communication of terms & information) – –eCommerce Directive 00/31/EC: art. 5 (general), art. 6 (commercial communications), art. 10 (contract process) u u Form – –‘durable medium’ “which enables the consumer to store information addressed personally to him in a way accessible for future reference” (02/65/EC, at art. 2(f)) – –‘easily, directly and permanently accessible to the recipients of the service’

6 Processing Personal Data u Consent –“freely given, specific and informed” u Ex ante –as one ground for legitimising processing –as sole ground for legitimising processing use of traffic data for ‘marketing’ or ‘provision of value added services’ (02/58/EC, art. 6(3)) use of traffic data for ‘marketing’ or ‘provision of value added services’ (02/58/EC, art. 6(3)) u Ex post –right to object to processing for the purposes of ‘direct marketing’ (art. 14(b))

7 Processing Personal Data –nature implied (opt-out) & explicit (opt-in) implied (opt-out) & explicit (opt-in) –‘unambiguously’ ‘special categories of data’ (art. 8) ‘special categories of data’ (art. 8) Directive 99/93/EC, art. 8(2) re: certification service providers Directive 99/93/EC, art. 8(2) re: certification service providers –timing prior prior –Directive 02/58/EC, art. 13(1): unsolicited communications u Alternative grounds –performance of a contract (transactional) –compliance with a legal obligation (regulatory)

8 Problem of Children u u From marketing to social networking sites, e.g. Bebo, Facebook u u When is a child independent? – –OIC: 12 yrs; FEDMA: 14 yrs u u Children’s Online Privacy Protection Act of 1998 – –directed at children under 13, or knowingly collects – –otherwise, not under a duty to investigate age of visitors – –‘verifiable parental consent’ e.g. email with digital signature – –enforcement UMG Recordings $400,000 and Bonzi Software $75,000

9 Transferring Data u Question of applicable law (art. 4) –“..for purposes of processing personal data makes use of equipment..” transit exception transit exception web-based forms web-based forms –Lindqvist (2003) uploading to web does not mean ‘transfer’ (para. 68) uploading to web does not mean ‘transfer’ (para. 68) u ‘Adequate level of protection’ (art. 25) –‘in the light of all the circumstances’ –Community findings (art. 25(6)) of adequacy Switzerland, Hungary, Canada, Argentina, US ‘Safe Harbor’ Switzerland, Hungary, Canada, Argentina, US ‘Safe Harbor’

10 Transferring Data u u Derogations (art. 26) – –consent – –specified need, e.g. “on important public interest grounds, or for the establishment, exercise or defence of legal claims;” But SWIFT case: “only important public interests identified as such by the national legislation applicable to data controllers established in the EU are valid in this connection.” (WP 128) – –authorised by national authority e.g. contractual provisions, binding corporate rules

Download ppt "Data Protection Compliance Professor Ian Walden Institute of Computer and Communications Law, Centre for Commercial Law Studies, Queen Mary, University."

Similar presentations

Re-use of PSI Data Protection Issues Cécile de Terwangne Professor at the Law Faculty, Research Director at CRIDS University of Namur (Belgium) 2 nd LAPSI.

Re-use of PSI Data Protection Issues Cécile de Terwangne Professor at the Law Faculty, Research Director at CRIDS University of Namur (Belgium) 2 nd LAPSI.
Public Sector Information & Data Protection: A plea for personal privacy settings for the re-use of PSI Bart van der Sloot Institute for Information Law.

Public Sector Information & Data Protection: A plea for personal privacy settings for the re-use of PSI Bart van der Sloot Institute for Information Law.
PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR

PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
Protection of Personal Data, 11.02.2011. Historical context In 1982, Iceland signed the Council of Europe Convention nr. 108 from 1981 for the Protection.

Protection of Personal Data, Historical context In 1982, Iceland signed the Council of Europe Convention nr. 108 from 1981 for the Protection.
Silicon Valley Apps for Kids Meetup Laura D. Berger October 22, 2012 The views expressed herein are those of the speaker, and do not represent the views.

Silicon Valley Apps for Kids Meetup Laura D. Berger October 22, 2012 The views expressed herein are those of the speaker, and do not represent the views.
Privacy Online Professor Ian Walden Institute of Computer and Communications Law, Centre for Commercial Law Studies, Queen Mary, University of London Of.

Privacy Online Professor Ian Walden Institute of Computer and Communications Law, Centre for Commercial Law Studies, Queen Mary, University of London Of.
1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,

1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,
DATA PROTECTION and Research University Research Ethics Committee – 08.05.2006 David Cauchi Office of the Data Protection Commissioner.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.
The European Union legal framework for clinical data access: The European Union legal framework for clinical data access: potential challenges and opportunities.

The European Union legal framework for clinical data access: The European Union legal framework for clinical data access: potential challenges and opportunities.
MEDIA LAW Copenhagen University SESSION 10 Dirk VOORHOOF Ghent University www.psw.ugent.be/dv (->contact) www.psw.ugent.be/dv.

MEDIA LAW Copenhagen University SESSION 10 Dirk VOORHOOF Ghent University (->contact)
Lecture to Carleton University, Center for European Studies, December 1, 2010.

Lecture to Carleton University, Center for European Studies, December 1, 2010.
Copyright © 2004 by Prentice-Hall. All rights reserved. PowerPoint Slides to Accompany BUSINESS LAW E-Commerce and Digital Law International Law and Ethics.

Copyright © 2004 by Prentice-Hall. All rights reserved. PowerPoint Slides to Accompany BUSINESS LAW E-Commerce and Digital Law International Law and Ethics.
Property of Common Sense Privacy - all rights reserved 01875340890 THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.
Anomalous Aspects of Transfer of Personal Data from the E.U. to the U.S. Stephen R. Bell Willkie Farr & Gallagher ABA Section of International Law New.

Anomalous Aspects of Transfer of Personal Data from the E.U. to the U.S. Stephen R. Bell Willkie Farr & Gallagher ABA Section of International Law New.
Class 13 Internet Privacy Law European Privacy.

Class 13 Internet Privacy Law European Privacy.
THE CHOICES WE MAKE THAT MATTER – International Data Privacy/Protection JILL L. UREY, ASSISTANT GENERAL COUNSEL MID-ATLANTIC CIO FORUM NOVEMBER 20, 2014.

THE CHOICES WE MAKE THAT MATTER – International Data Privacy/Protection JILL L. UREY, ASSISTANT GENERAL COUNSEL MID-ATLANTIC CIO FORUM NOVEMBER 20, 2014.
Attorney at the Bars of Paris and Brussels Database exploitation & Data protection Thibault Verbiest Amsterdam 1 April 2005

Attorney at the Bars of Paris and Brussels Database exploitation & Data protection Thibault Verbiest Amsterdam 1 April 2005
Email Marketing - Best Practice from a Legal Point of View Yvonne Cunnane - Information Technology Law Group 30 November 2006.

Marketing - Best Practice from a Legal Point of View Yvonne Cunnane - Information Technology Law Group 30 November 2006.
Lawyer at the Brussels Bar Lecturer at the University of Strasbourg Assistant at the University of Brussels Data Protection & Electronic Communications.

Lawyer at the Brussels Bar Lecturer at the University of Strasbourg Assistant at the University of Brussels Data Protection & Electronic Communications.

Similar presentations

Ads by Google