ESF Monitoring & Evaluation and Data Protection in Spain

Slides:



Advertisements
Similar presentations
Re-use of PSI Data Protection Issues Cécile de Terwangne Professor at the Law Faculty, Research Director at CRIDS University of Namur (Belgium) 2 nd LAPSI.
Advertisements

Public Sector Information & Data Protection: A plea for personal privacy settings for the re-use of PSI Bart van der Sloot Institute for Information Law.
Prof. Cécile de Terwangne - LAPSI Workshop 7-8 October Re-use and Privacy/Data Protection Cécile de TERWANGNE Professor at the Law Faculty CRID.
PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR
Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Data Protection Billy Hawkes Data Protection Commissioner Irish Human Rights Commission 20 November 2010.
DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
EDUCATION Directive 2002/14/EC of 11 March 2002 establishing a general framework for informing and consulting employees in the European Community.
DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.
The European Union legal framework for clinical data access: The European Union legal framework for clinical data access: potential challenges and opportunities.
EU: Bilateral Agreements of Member States
EU: Bilateral Agreements of Member States. Formerly concluded international agreements of Member States with third countries Article 351 TFEU The rights.
Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Oviedo Convention and Its Protocols – Impact on Polish Law International Bioethics Conference Oviedo Convention in Central and Eastern European Countries.
EHRs and the European Union – current legislation and future directions. Dr Richard Fitton.
Access to Public Information in Slovenia Nataša Pirc Musar, LL.B. Commissioner for Access to Public Information The Hague – 24 th -25 th November, 2004.
The Eighth Asian Bioethics Conference Biotechnology, Culture, and Human Values in Asia and Beyond Confidentiality and Genetic data: Ethical and Legal Rights.
IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.
European Data Protection Supervisor Pharmaceutical Regulatory & Compliance Congress, Brussels, 7 June 2007 European Privacy and Data Protection Policy.
INTERNATIONAL E-DISCOVERY: WHEN CULTURES COLLIDE Alvin F. Lindsay Hogan & Hartson LLP.
WHOIS data The EU legal principles ICANN - GNSO meeting 2 March 2004 George Papapavlou, European Commission ICANN - GNSO meeting 2 March 2004 George Papapavlou,
Is Personal Data Protection a Challenge or merely an Obstacle for Open Data Rosana Lemut Strle, Msc Institute for Privacy and Access to Public Information,
PROTECTION OF PERSONAL DATA. OECD GUIDELINES: BASIC PRINCIPLES OF NATIONAL APPLICATION Collection Limitation Principle There should be limits to the collection.
Data protection and European citizens’ initiatives
The EU and Access to Environmental Information Unit D4 European Commission, Directorate General for the Environment 1.
DATA PROTECTION ACT INTRODUCTION The Data Protection Act 1998 came into force on the 1 st March It is more far reaching than its predecessor,
1 Agencia Española de Protección de Datos The Use of Contracts and BCRs to Transfer Personal Data The European Union – United States Safe Harbor framework:
1 TAIEX JHA Workshop on data protection and cloud computing Data transfers to third countries and standard contractual clauses Skopje, 29 May 2014.
Data Protection – the Lisbon Effect Billy Hawkes Data Protection Commissioner Institute of International and European Affairs Dublin, 17 September 2009.
Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.
Agencija za zaštitu ličnih/osobnih podataka u Bosni i Hercegovini Агенција за заштиту личних података у Босни и Херцеговини Personal Data Protection Agency.
European Data Protection Supervisor TAIEX Seminar - Belgrade 9 February 2009 Principles of data protection and international legal framework Alfonso Scirocco.
František Nonnemann Skopje, 9th October 2012 JHA DP aspects related to provision of information about public figures in CZ.
The fundamental rights of LGBT citizens in Europe – EU legislation and the Charter of Fundamental Rights.
Europe’s ‘Highly Competitive Social Market’ Economy
EU Legislative Powers: Principles and Procedures
GDPR (General Data Protection Regulation)
Luca De Matteis Justice counsellor (criminal law, data protection)
THE NEW GENERAL DATA PROTECTION REGULATION: A EUROPEAN OR A GLOBAL STANDARD? Bart van der Sloot Senior Researcher Tilburg Institute for Law, Technology,
Issues of personal data protection in scientific research
General Data Protection Regulation (GDPR)
Data Protection: EU & International
Data Protection The Current Regime
General Data Protection Regulation
Information Governance and Data Privacy: A World of Risk
EU Directive 95/46/EC (Paragraph 2) “Whereas data-processing systems are designed to serve man; whereas they must Respect their fundamental rights.
Data Protection & Freedom of Information- An Introduction
Data Protection & Human Rights
EU Law and Media and Information Law
Appropriate Data Sharing in Health and Social Care
Bart van der Sloot Data Protection 2.0 The proposal for a General Data Protection Regulation Bart van.
of social security systems, COM (2016)815”
IMPLICATIONS OF GDPR ROBERT BELL.
Cybercrime and Data Protection
Bart van der Sloot Data Protection 2.0 The proposal for a General Data Protection Regulation Bart van.
GDPR Workshop MEU Symposium Prague 2018
European Data Supervisor
GDPR & Accountability ISACA Ireland Annual Conference 2018
Is Data Protection a Fundamental Right Protecting the Individual?
Free movement of persons
Public Sector Information & Data Protection: A plea for personal privacy settings for the re-use of PSI Bart van der Sloot Institute for Information Law.
Welcome IITA Inbound Insider Webinar: An Introduction to GDPR
The EDPS: competences and processing of personal data in EU funds
Legal Basis: CRITERIA FOR MAKING DATA PROCESSING LEGITIMATE
Dr Elizabeth Lomas The General Data Protection Regulation (GDPR): Changing the data protection landscape Dr Elizabeth Lomas
The supervision of personal data processing by EU institutions and bodies => data protection and privacy, why it matters, for you as citizens and as EU.
FUNDAMENTAL SOCIAL RIGHTS IN EU
Outline Background: development of the Commission’s position
Presentation transcript:

ESF Monitoring & Evaluation and Data Protection in Spain  José Leandro Núñez García Director Agencia Española de Protección de Datos

BACKGROUND A brief overview of the Data Protection Framework

A fundamental right  The Lisbon Treaty made legally binding the EU Charter of Fundamental Rights. Its Article 8 is devoted to data protection: 1. Everyone has the right to the protection of personal data concerning him or her. 2. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified. 3. Compliance with these rules shall be subject to control by an independent authority.

Legal framework in Spain  Spanish Constitution Directive 95/46/EC Convention 108 LOPD Enacted in 1999 Replaces the Act of 1992 EAEPD RLOPD 4

Legitimacy grounds Personal data may only be processed…  With the data subject’s consent… …unless laid down otherwise by law For the exercise of powers by public bodies When necessary for performing a contract To protect the data subject’s vital interests When data are in sources available to the public and it is necessary for the legitimate interests pursued by the controller 5

Legitimacy grounds  Data concerning racial origin, health or sex life may only be processed… With the data subject’s explicit consent When provided for by law, for reasons of general interest Where it is required for the purposes of preventive medicine, medical diagnosis, the provision of care or treatment, or the management of health-care services. 6

GENERAL PICTURE ESF Monitoring & Evaluation and Data Protection in Spain 7

How information flows  Beneficiaries Participants Managing authorities European Commission Pollsters

How information flows  Insofar as they are sharing aggregated information, the processing is not within the scope of the Data Protection legislation Beneficiaries Participants Managing authorities European Commission Pollsters 9

How information flows  However, personal data is collected by beneficiaries and pollsters in order to compile statistics. Insofar as they process those personal information, they have to be compliant with the Data Protection legislation. Beneficiaries Participants Managing authorities European Commission Pollsters 10

How to be compliant 1. Legitimacy  Citizens apply freely to participate in each program… … CONSENT Once accepted, the collection of their data is necessary to comply with Art. 40 of the Regulation 1826/2006 … processing PROVIDED FOR BY LAW

How to be compliant 2. Information  Each application (or poll form) should include a data protection notice, drafted in a clear and plain language: Beneficiary’s (or pollster’s) identity and details Intended purpose of the processing (including stats provided for by Law) Recipients to whom the data will de disclosed Data protection rights 12

How to be compliant 3. Proportionality  The collection and subsequent use of data should be limited to such processing as is: Adequate Relevant Non excesive Data collected should be limited to the minimum necessary. 13

How to be compliant 4. Other obligations  Purpose limitation Appropriate security measures Data retention periods Confidentiality Ensure respect of data subjects’ rights Notification to the Data Protection Register 14

AN SPECIFIC CASE Self-employed beneficiaries 15

Beneficiaries & participants  Pursuant to Art. 7(2)d, the list of beneficiaries shall be published by the managing authority. However, “participants in an operation of the ESF shall not be named”. How to deal with self-employed beneficiaries, who are simultaneously participants? 16

Beneficiaries & participants  Ruling of the Court of Justice “Volker und Markus Schecke GbR (C-92/09), Hartmut Eifert (C-93/09) v Land Hessen”. 77. It is thus necessary to determine whether the Council of the European Union and the Commission balanced the European Union’s interest in guaranteeing the transparency of its acts and ensuring the best use of public funds against the interference with the right of the beneficiaries concerned to respect for their private life in general and to the protection of their personal data in particular. 17

Beneficiaries & participants  Ruling of the Court of Justice “Volker und Markus Schecke GbR (C-92/09), Hartmut Eifert (C-93/09) v Land Hessen”. 85. It is necessary to bear in mind that the institutions are obliged to balance, before disclosing information relating to a natural person, the European Union’s interest in guaranteeing the transparency of its actions and the infringement of the rights recognised by Articles 7 and 8 of the Charter. No automatic priority can be conferred on the objective of transparency over the right to protection of personal data (see, to that effect, Commission v Bavarian Lager, paragraphs 75 to 79), even if important economic interests are at stake. 18

Beneficiaries & participants  Ruling of the Court of Justice “Volker und Markus Schecke GbR (C-92/09), Hartmut Eifert (C-93/09) v Land Hessen”. Articles 42(8b) and 44a of Council Regulation (EC) No 1290/2005 of 21 June 2005 on the financing of the common agricultural policy, as amended by Council Regulation (EC) No 1437/2007 of 26 November 2007, and Commission Regulation (EC) No 259/2008 of 18 March 2008 laying down detailed rules for the application of Regulation No 1290/2005 as regards the publication of information on the beneficiaries of funds deriving from the EAGF and the EAFRD are invalid in so far as, with regard to natural persons who are beneficiaries of EAGF and EAFRD aid, those provisions impose an obligation to publish personal data relating to each beneficiary without drawing a distinction based on relevant criteria such as the periods during which those persons have received such aid, the frequency of such aid or the nature and amount thereof 19

PROSPECTIVES FOR FUTURE A comprehensive data protection framework 20

Future of Privacy  Include the fundamental principles of data protection into one comprehensive legal framework. There should be room for flexibility. Specific rules could complement and enhance the protection, provided that they fit within the notion of a comprehensive framework and comply with the main principles. 21

THANK YOU! 22

www.agpd.es