Legal Basis: CRITERIA FOR MAKING DATA PROCESSING LEGITIMATE

Slides:

Advertisements

Similar presentations

Re-use of PSI Data Protection Issues Cécile de Terwangne Professor at the Law Faculty, Research Director at CRIDS University of Namur (Belgium) 2 nd LAPSI.

Advertisements

PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR

Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

Data Protection & Privacy in the Information Age COMNET – Legal Frameworks for ICTs Malta 2013 Dr Antonio Ghio Dr Jeanine Rizzo.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.

Convention for the protection of individual with regard to automatic processing of personal data “The purpose of this convention is to secure in the territory.

Data Protection.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.

What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.

The European Union legal framework for clinical data access: The European Union legal framework for clinical data access: potential challenges and opportunities.

REFEDS RESEARCH AND EDUCATION (R&S) ENTITY CATEGORY NICOLE HARRIS.

Data Protection: The Law. EU & Irish Legislation Data Protection Directive 95/46/EC Electronic Privacy Directive 2002/58/EC EUROPOL etc Data Protection.

Class 13 Internet Privacy Law European Privacy.

LexisNexis Confidential EU Privacy Framework Michael Lamb LexisNexis Risk Solutions Vice President and Lead Counsel: Regulatory, Privacy & Policy May 19,

The Data Protection Act 1998 The Eight Principles.

Managing Risks Associated With Privacy Alison Baker- Senior Associate Hall & Wilcox 24 November

Data Protection Act & Freedom of Information Simon Mansell Corporate Governance and Information Team.

Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.

DATA PROTECTION ACT 1998 Became law on 1 March 2000 Only applies to the use of personal data, that is data which relates to an identifiable living individual,

INTERNATIONAL E-DISCOVERY: WHEN CULTURES COLLIDE Alvin F. Lindsay Hogan & Hartson LLP.

Ioannis Iglezakis Data Protection. Definition of Data Protection The legal protection of individuals with regard to automatic processing of personal information.

The promise and peril of ICT implants: setting the legal framework 47 th FITCE Congress London, September 2008 Eleni Kosta, Peggy Valcke Interdisciplinary.

DATA PROTECTION ACT INTRODUCTION The Data Protection Act 1998 came into force on the 1 st March It is more far reaching than its predecessor,

Evaluation of restrictions: art. 15 and art TAIEX Seminar on the EU Service Directive, 3 May 2007 Carlos Almaraz.

Presented by Ms. Teki Akuetteh LLM (IT and Telecom Law) 16/07/2013Data Protection Act, 2012: A call for Action1.

Protection of Personal Information Act An Analysis on the impact.

Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.

Agencija za zaštitu ličnih/osobnih podataka u Bosni i Hercegovini Агенција за заштиту личних података у Босни и Херцеговини Personal Data Protection Agency.

European Data Protection Supervisor TAIEX Seminar - Belgrade 9 February 2009 Principles of data protection and international legal framework Alfonso Scirocco.

Data Protection Laws in the European Union John Armstrong CMS Cameron McKenna.

Students’ Unions 2011 Data Protection and Students’ Unions Mairead O’Reilly 19 July 2011.

Personal Data Protection

Monique Jefferson & Nadine Mather

The future of data protection: General Data Protection Regulation

DIRECTIVE (EU) 2016/680 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing.

Luca De Matteis Justice counsellor (criminal law, data protection)

Data Protection: The Law

Data Protection and Confidentiality

Issues of personal data protection in scientific research

General Data Protection Regulation (GDPR)

IT Applications Theory Slideshows

Data Protection The Current Regime

Data for Child Health: Promoting & Protecting Public Health through Custodianship EAP Brussels, 28 January 2016 Health Databases & Biobanks Promoting &

General Data Protection Regulation: Turning the black into white

GDPR Overview GDPR - General Data Protection Regulations

EU Directive 95/46/EC (Paragraph 2) “Whereas data-processing systems are designed to serve man; whereas they must Respect their fundamental rights.

Data Protection & Freedom of Information- An Introduction

GENERAL DATA PROTECTION REGULATION (GDPR)

Transfers of personal data

New Data Protection Legislation

Appropriate Data Sharing in Health and Social Care

ESF Monitoring & Evaluation and Data Protection in Spain

The gdpr – one month down the line

Data Protection principles

Relocation CARNIVAL come one…come all

Report on data protection legislation Case of Romania

IMPLICATIONS OF GDPR ROBERT BELL.

GDPR Workshop MEU Symposium Prague 2018

Early challenges of the GDPR

Free movement of persons

Welcome IITA Inbound Insider Webinar: An Introduction to GDPR

Public Privacy: juridical & ethical perspective

The EDPS: competences and processing of personal data in EU funds

Data Protection for SDS Employers Alison Johnston Lead Policy Officer (Scotland) Information Commissioner’s Office.

Data Protection What you need to know

Dr Elizabeth Lomas The General Data Protection Regulation (GDPR): Changing the data protection landscape Dr Elizabeth Lomas

Why are we processing data

The supervision of personal data processing by EU institutions and bodies => data protection and privacy, why it matters, for you as citizens and as EU.

Data protection & FOIA considerations

Presentation transcript:

Legal Basis: CRITERIA FOR MAKING DATA PROCESSING LEGITIMATE Delphine Harou

Article 5 (a) Personal data may be processed only if: processing is necessary for the performance of a task carried out in the public interest (i) (necessity test), on the basis of the Treaties or other legal instruments adopted on the basis thereof (ii) (legal basis test) or in the legitimate exercise of official authority vested in the European Union institution or body or in a third party to whom the data are disclosed (iii), (I) and (II) or (III) are cumulative

Article 5 (b) Personal data may be processed only if: Processing is necessary for compliance with a legal obligation to which the controller is subject, National law: Security Safety at work

Article 5 (c) Personal data may be processed only if: Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract

Article 5 (d) Personal data may be processed only if: The data subject has unambiguously given his or her consent, The consent should usually not be the sole justification for a processing and be considered as a complementarily ground for the lawfulness of a processing operation, The consent must be "freely given". In an employment relationship, the data subject might fear to be treated differently if he does not consent to the data processing

Article 5 (e) Personal data may be processed only if: processing is necessary in order to protect the vital interests of the data subject In very few cases only, the vital interests of the data subject is the ground to legitimise the processing operation. The vital interest was used in the case of the crèches OLAF cases: sender has to prove necessity Bavarin Lager

The processing of special categories of data requires further guarantees Article 10 (1) states that the processing of special categories of data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and of data concerning health or sex life, are prohibited. Unless: (a) the data subject has given his or her express consent (b) processing is necessary for the purposes of complying with the specific rights and obligations of the controller in the field of employment law insofar as it is authorised by the Treaties (c) processing is necessary to protect the vital interests of the data subject

Article 10 (4) and (5) 4. Paragraph 1 shall not apply where processing of the data is required for the purposes of preventive medicine, medical diagnosis, the provision of care or treatment or the management of health-care services, and where those data are processed by a health professional subject to the obligation of professional secrecy or by another person also subject to an equivalent obligation of secrecy 5. Processing of data relating to offences, criminal convictions or security measures may be carried out only if authorised by the Treaties or other legal instruments adopted on the basis thereof or, if necessary, by the European Data Protection Supervisor, subject to appropriate specific safeguards