Data Protection Laws in the European Union John Armstrong CMS Cameron McKenna.

Slides:



Advertisements
Similar presentations
Public Sector Information & Data Protection: A plea for personal privacy settings for the re-use of PSI Bart van der Sloot Institute for Information Law.
Advertisements

PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR
Data Protection & Privacy in the Information Age COMNET – Legal Frameworks for ICTs Malta 2013 Dr Antonio Ghio Dr Jeanine Rizzo.
DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
Convention for the protection of individual with regard to automatic processing of personal data “The purpose of this convention is to secure in the territory.
The Data Protection (Jersey) Law 2005.
Data Protection.
DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
Per Anders Eriksson
Anomalous Aspects of Transfer of Personal Data from the E.U. to the U.S. Stephen R. Bell Willkie Farr & Gallagher ABA Section of International Law New.
Data Protection Act Description The Data Protection Act controls how your personal information can be used and protects from the misuse of your.
Data Protection: The Law. EU & Irish Legislation Data Protection Directive 95/46/EC Electronic Privacy Directive 2002/58/EC EUROPOL etc Data Protection.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview
The Data Protection Act
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
The role of privacy in the security landscape
LexisNexis Confidential EU Privacy Framework Michael Lamb LexisNexis Risk Solutions Vice President and Lead Counsel: Regulatory, Privacy & Policy May 19,
The Data Protection Act 1998 The Eight Principles.
OCR Nationals Level 3 Unit 3.  To understand how the Data Protection Act 1998 relates to the data you will be collecting, storing and processing  To.
Data Protection Act AS Module Heathcote Ch. 12.
IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.
Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
Processing personal health data: the regulator’s perspective Ken Macdonald Assistant Commissioner Information Commissioner’s Office.
DATA PROTECTION ACT 1998 Became law on 1 March 2000 Only applies to the use of personal data, that is data which relates to an identifiable living individual,
INTERNATIONAL E-DISCOVERY: WHEN CULTURES COLLIDE Alvin F. Lindsay Hogan & Hartson LLP.
WHOIS data The EU legal principles ICANN - GNSO meeting 2 March 2004 George Papapavlou, European Commission ICANN - GNSO meeting 2 March 2004 George Papapavlou,
Ioannis Iglezakis Data Protection. Definition of Data Protection The legal protection of individuals with regard to automatic processing of personal information.
The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;
Introduction Data protection is relevant to every individual, business or organisation today, not just Local Government. As well as protecting privacy,
Data Protection - Rights & Responsibilities Information Commissioner’s Office Orkney Practice Forum 4 th July 2007.
Data Protection Principles as Basic Foundation for Data Protection in EU/EEA Introduction to Data Protection Theory Seminar - AFIN Stephen.
Data Protection Act The Data Protection Act (DPA) is a balance between rights of the DATA SUBJECT and obligations of the DATA CONTROLLER DATA CONTROLLER.
DATA PROTECTION ACT 2002 The Basics Balance the rights of an individual with an organisation’s legitimate need to process personal data Promote openness.
DATA PROTECTION ACT (DPA). WHAT IS THE DATA PROTECTION ACT?  The Data Protection Act The Data Protection Act (DPA) gives individuals the right.
DATA PROTECTION ACT INTRODUCTION The Data Protection Act 1998 came into force on the 1 st March It is more far reaching than its predecessor,
Data Protection Principles as Basic Foundation for Data Protection in EU/EEA Introduction to Data Protection Theory Seminar - AFIN Stephen.
© University of Reading Lee Shailer 06 June 2016 Data Protection the basics.
The EU General Data Protection Regulation Frank Rankin.
Data protection—training materials [Name and details of speaker]
Practical implications of the Data Protection Bill By John Robinson Data Protection Co-Ordinator South Bucks NHS Trust.
Presented by Ms. Teki Akuetteh LLM (IT and Telecom Law) 16/07/2013Data Protection Act, 2012: A call for Action1.
Protection of Personal Information Act An Analysis on the impact.
Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.
Students’ Unions 2011 Data Protection and Students’ Unions Mairead O’Reilly 19 July 2011.
Personal Data Protection
Data Protection: The Law
Trevor Ellis Trainee Programmer (1981 – 28 years ago)
Issues of personal data protection in scientific research
General Data Protection Regulation (GDPR)
Data Protection The Current Regime
General Data Protection Regulation
Data Protection Legislation
GDPR Overview GDPR - General Data Protection Regulations
EU Directive 95/46/EC (Paragraph 2) “Whereas data-processing systems are designed to serve man; whereas they must Respect their fundamental rights.
Data Protection & Freedom of Information- An Introduction
Bob Siegel President Privacy Ref, Inc.
GENERAL DATA PROTECTION REGULATION (GDPR)
The General Data Protection Regulation (GDPR)
New Data Protection Legislation
State of the privacy union
G.D.P.R General Data Protection Regulations
GDPR Overview and Use Cases.
Relocation CARNIVAL come one…come all
IMPLICATIONS OF GDPR ROBERT BELL.
GDPR Workshop MEU Symposium Prague 2018
IAPP TRUSTe SYMPOSIUM 9-11 JUNE 2004
Legal Basis: CRITERIA FOR MAKING DATA PROCESSING LEGITIMATE
Presentation transcript:

Data Protection Laws in the European Union John Armstrong CMS Cameron McKenna

CMS - p2 Overview  Directive on the protection of individuals with regard to the processing of personal data (95/46/EC)  Implementation- France Ireland Luxembourg  Minimum standard- Laws of member states still of protection relevant  Baseline for international data protection/privacy laws

CMS - p3 Scope  Processing of - wholly or partly by automatic means personal data - which form part of a filing system or are intended to form part of a filing system  Exemptions - National Security - Crime and Taxation - Domestic Purposes  National laws - equipment situated in the UK for the apply in the processing of data place of establishment

CMS - p4 Essential Definitions  personal data- any information relating to an identified or identifiable natural person (“data subject”)  processing- any operation or set of operations which is performed upon personal data whether or not by automatic means  filing system- any structured set of personal data accessible according to specific criteria  controller- a natural or legal person, public authority, agency or body who alone or jointly with others determines the purposes and means of the processing of personal data  processor- a natural or legal person etc which processes personal data on behalf of the controller

CMS - p5 Principles of data quality  Fair and lawful processing  Collected and processed for specified and legitimate purposes  Adequate, relevant and not excessive in relation to the purpose for which they are processed  Accurate and up-to-date  Kept no longer than necessary

CMS - p6 Notification  prior notification of processing required except categories of processing unlikely to affect adversely the rights and freedoms of data subjects  details to be notified –name/purposes/categories of data subject and data/recipients/proposed transfers to third countries/description of security measures  sanctions –criminal penalties

CMS - p7 Legitimate Processing  unambiguous consent  necessary for the performance of or entering into a contract with the data subject  necessary to comply with a legal obligation  necessary to protect the data subjects vital interests  necessary for the exercise of official functions  necessary for the legitimate interests of the controller or third party recipients except where this prejudices the rights or freedoms of the data subject  special categories of processing –racial/ethnic origin –political opinions –religious/philosophical beliefs –trade union membership –health or sex life

CMS - p8 Information to be given to Data Subjects  identity of the controller  purposes of processing  further information to be fair - recipients - obligatory/voluntary/consequences - right of access/rectification  at the time of obtaining from a person other than the data subject and at least prior to disclosure unless this involves disproportionate effort

CMS - p9 Rights of Data Subjects  at reasonable intervals/without excessive delay or expense –confirmation of processing, purposes, categories of data and recipients –communication in intelligible form of the data and if available the source of the data –logic involved in automated decision making  rectification, erasure or blocking of data and notification to third parties unless involving disproportionate effort  compensation for damage and distress

CMS - p10 Transfer of data to non-EU members  No transfer to a non-EU member state unless: –adequate level of protection –unambiguous consent of the data subject –necessary for the performance of a contract with the data subject –necessary for pre-contractual measures in response to data subjects request –necessary for conclusion of a contract with a third party in the data subject’s interests –necessary or legally required in the public interest or for the establishment, exercise or defence of legal claims –necessary to protect the interests of the data subject –disclosure from a public register

CMS - p11 Transfer of data to non-EU members cont’d  Member state authorises transfer with adequate safeguards for the protection of privacy and rights and freedoms of individuals  Community approved standard contractual clauses offering sufficient safeguards –controller to controller –controller to processor

CMS - p12 US ‘Safe Harbor’  180 signatories  Principles –Notice- purposes - contacts - types of third party disclosure - clear/conspicuous language - at time of asking or as soon as practical thereafter (before use for another purposes/disclosure) –Choice- opt out - disclosure - incompatible purpose - clear/conspicuous/readily available mechanisms - opt in - sensitive information

CMS - p13 US ‘Safe Harbor’ cont’d  Onward transfer- notice and choice principles apply - agent/processor - subscription to principles - subject to directive - contractual safeguards - no responsibility - unless knowledge actual or constructive and reasonable steps to prevent or stop  Security - reasonable precautions to protect data from loss, misuse and unauthorised access, disclosure, alteration and distribution  Data Integrity- relevant for purpose - not incompatible with purpose - reasonable steps to ensure data is reliable/accurate/complete/current

CMS - p14 US ‘Safe Harbor’ cont’d  Access -access - ability to correct/amend/delete inaccurate information - subject to disproportionality and rights of other individuals  Enforcement -mechanisms for ensuring compliance -recourse for non-compliance -Readily available/affordable -Investigation/resolution -Award of damages -follow up verification of compliance -obligation to remedy problems -rigorous sanctions for non-compliance