European data protection and privacy regulations Johny GASSER Orange Business Services – Consulting & Solutions Integration International Cyber Center.

Slides:



Advertisements
Similar presentations
Re-use of PSI Data Protection Issues Cécile de Terwangne Professor at the Law Faculty, Research Director at CRIDS University of Namur (Belgium) 2 nd LAPSI.
Advertisements

European CommissionDirectorate-General Justice, Freedom and Security Data Protection 1 Conference on Cross Border Data Flows & Privacy October 15-16, 2007.
Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Data Protection Billy Hawkes Data Protection Commissioner Irish Human Rights Commission 20 November 2010.
Data Protection & Privacy in the Information Age COMNET – Legal Frameworks for ICTs Malta 2013 Dr Antonio Ghio Dr Jeanine Rizzo.
DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.
HIPSSAPROJECT Support for Harmonization of the ICT Policies in Sub-Sahara Africa Meeting with Data Protection Law Stakeholders 28/29 th August, 2013 PRESENTATION.
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
Convention for the protection of individual with regard to automatic processing of personal data “The purpose of this convention is to secure in the territory.
Protection of Personal Data, Historical context In 1982, Iceland signed the Council of Europe Convention nr. 108 from 1981 for the Protection.
The Data Protection (Jersey) Law 2005.
Signature (unit, name, etc.) Introduction to biometrics from a legal perspective Yue Liu Mar NRCCL, UIO.
The Geopolitics of Personal Data and the Governance of Privacy Colin J. Bennett Department of Political Science University of Victoria BC, Canada
DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.
Class 13 Internet Privacy Law European Privacy.
Attorney at the Bars of Paris and Brussels Database exploitation & Data protection Thibault Verbiest Amsterdam 1 April 2005
Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Data Protection Overview
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
Lawyer at the Brussels Bar Lecturer at the University of Strasbourg Assistant at the University of Brussels Data Protection & Electronic Communications.
1 When hate speech tangles privacy... When hate speech tangles privacy...
Migration Law Schengen Information System by Konrad Wilk.
Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.
LexisNexis Confidential EU Privacy Framework Michael Lamb LexisNexis Risk Solutions Vice President and Lead Counsel: Regulatory, Privacy & Policy May 19,
The Eighth Asian Bioethics Conference Biotechnology, Culture, and Human Values in Asia and Beyond Confidentiality and Genetic data: Ethical and Legal Rights.
IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.
Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
INTERNATIONAL E-DISCOVERY: WHEN CULTURES COLLIDE Alvin F. Lindsay Hogan & Hartson LLP.
Ioannis Iglezakis Data Protection. Definition of Data Protection The legal protection of individuals with regard to automatic processing of personal information.
EHR stakeholder workshop – 11th October EHR integration for clinical research: Legal & Privacy issues Mats Sundgren – AstraZeneca Petra Wilson -
IM NETWORK MEETING 20 TH JULY, 2010 CONSULTATION WITH 3 RD PARTIES.
Data protection and European citizens’ initiatives
Data protection and compliance in context 19 November 2007 Stewart Room Partner.
Data Protection Principles as Basic Foundation for Data Protection in EU/EEA Introduction to Data Protection Theory Seminar - AFIN Stephen.
DATA PROTECTION ACT INTRODUCTION The Data Protection Act 1998 came into force on the 1 st March It is more far reaching than its predecessor,
Data Protection Principles as Basic Foundation for Data Protection in EU/EEA Introduction to Data Protection Theory Seminar - AFIN Stephen.
1 TAIEX JHA Workshop on data protection and cloud computing Data transfers to third countries and standard contractual clauses Skopje, 29 May 2014.
Presented by Ms. Teki Akuetteh LLM (IT and Telecom Law) 16/07/2013Data Protection Act, 2012: A call for Action1.
Protection of Personal Information Act An Analysis on the impact.
Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.
TRANSBORDER DATA FLOWS INA MEIRING. THE PROTECTION OF PERSONAL INFORMATION ACT (“POPI”) > 'personal information' means information relating to an identifiable,
European Data Protection Supervisor TAIEX Seminar - Belgrade 9 February 2009 Principles of data protection and international legal framework Alfonso Scirocco.
Data Protection Laws in the European Union John Armstrong CMS Cameron McKenna.
Clash of jurisdictions in the area of data protection
THE NEW GENERAL DATA PROTECTION REGULATION: A EUROPEAN OR A GLOBAL STANDARD? Bart van der Sloot Senior Researcher Tilburg Institute for Law, Technology,
Issues of personal data protection in scientific research
The General Data Protection Regulation act (GDPR)
GDPR – Legal Aspects Desislava Krusteva, Attorney-at-Law, CIPP/E
Data Protection The Current Regime
General Data Protection Regulation
GDPR Overview Gydeline – October 2017
Information Governance and Data Privacy: A World of Risk
GDPR Overview Gydeline – October 2017
EU Directive 95/46/EC (Paragraph 2) “Whereas data-processing systems are designed to serve man; whereas they must Respect their fundamental rights.
Bob Siegel President Privacy Ref, Inc.
Protecting Assignee Data Throughout the Supply Chain
State of the privacy union
G.D.P.R General Data Protection Regulations
Data Protection and You
Relocation CARNIVAL come one…come all
GDPR Workshop MEU Symposium Prague 2018
Is Data Protection a Fundamental Right Protecting the Individual?
Information Handling Research Student Induction Day
Welcome IITA Inbound Insider Webinar: An Introduction to GDPR
The EDPS: competences and processing of personal data in EU funds
Dr Elizabeth Lomas The General Data Protection Regulation (GDPR): Changing the data protection landscape Dr Elizabeth Lomas
The supervision of personal data processing by EU institutions and bodies => data protection and privacy, why it matters, for you as citizens and as EU.
General Data Protection Regulation (GDPR)
General Data Protection Regulation
General Data Protection Regulation (GDPR) and library authority data
Presentation transcript:

European data protection and privacy regulations Johny GASSER Orange Business Services – Consulting & Solutions Integration International Cyber Center 2011 Workshop on Cyber Security and Global Affairs Budapest, May 31 to Jun 2, 2011

2 International Cyber Center – Budapest Workshop agenda section 1status of the data protection section 2European regulations basics section 3concerns with US section 4potential solutions

3 International Cyber Center – Budapest Workshop status of the data & privacy protection

4 International Cyber Center – Budapest Workshop data protection status source:

5 International Cyber Center – Budapest Workshop data protection status - Europe source:

6 International Cyber Center – Budapest Workshop are security and privacy issues Top concerns? source: Forrester Research, January 2010 “As IaaS Cloud Adoption Goes Global, Tech Vendors Must Address Local Concerns ”

7 International Cyber Center – Budapest Workshop European regulations basics

8 International Cyber Center – Budapest Workshop key European regulations on data and privacy protection  European Convention on Human Rights (ECHR) (formally the Convention for the Protection of Human Rights and Fundamental Freedoms)  European Commission Directive 95/46/EC the data protection directive  European Commission Directive 2002/58/EC Directive 2002/58 on Privacy and Electronic Communications, also known as E-Privacy Directive  National Constitutions  National regulations (penal, civil, data protection, etc)  International Treaty – Cybercrime Convention

9 International Cyber Center – Budapest Workshop definitions (source EU Directive 95/46 – data protection)  personal data shall mean any information relating to an identified or identifiable natural person ('data subject'); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity;  processing of personal data ('processing') shall mean any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction;

10 International Cyber Center – Budapest Workshop EU directive 95/46  personal data must be collected for specified, explicit and legitimate purposes, and kept up to date  personal data may be processed only if the data subject has unambiguously given his/her consent  it is forbidden to process personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of data concerning health or sex life.  every data subject should have the right to obtain from the controller which data is processed  the data subject should have the right to object, on legitimate grounds, to the processing of data relating to him/her  the controller must notify the national supervisory authority before carrying out any processing operation.

11 International Cyber Center – Budapest Workshop EU directive 95/46 – cross border transfer  Transfers of personal data from a Member State to a third country with an adequate level of protection are authorized.  the transfer of personal data to a third country which does not ensure an adequate level of protection must be prohibited  list of countries having adequate level of protection is published and maintained by European Commission  the adequacy of the level of protection afforded by a third country must be assessed in the light of all the circumstances surrounding the transfer operation or set of transfer operations

12 International Cyber Center – Budapest Workshop concerns with US

13 International Cyber Center – Budapest Workshop concerns about US Rumors, myths and facts  use of Patriot act Bush administration has convinced the Belgium private SWIFT to provide US with an access to all inter bank orders. Justification were about the fact that SWIFT has subsidiaries in US, so Patriot Act was applicable. This has been revealed in 2006 by the New York Times.  activities of the NSA The National Security Agency (NSA) carries out industrial espionage on governmental organizations and private-sector firms, with its wiretapping network Echelon. This has been officially revealed in 1998 in a report presented to the European Parliament, and confirmed in 2000 by former CIA director James Woolsey, in an article in March for the Wall Street Journal. Confirmed case are Airbus with Saudi Arabia contract, Thomson CSF with Brazil military contract and Japanese NEC.

14 International Cyber Center – Budapest Workshop potential solutions

15 International Cyber Center – Budapest Workshop potential solutions for European Companies  do not work with US companies for sensitive data, or financial industry Take care about “in the cloud” services  work only with companies applying SAFE HARBOUR principles  use standards contractual clauses as defined by EC (Decision 2001/497/EC)  perform audit on site in US, or obtain SAS70/SSAE16/ISAE3402 independent audit report  deploy solution and infrastructure to ensure that no private data are accessible from US, even in disaster recovery scenario For US companies  apply to the SAFE HARBOUR self certification  demonstrate that you can not access personal data, or provide logs in real- time of which access has been done, etc  work hard to get the trust of your European customers

16 International Cyber Center – Budapest Workshop summary data protection in Europe  is not simple to address  is serious, it is a fundamental right of the Human Rights  SAFE HARBOUR is an effective solution for US companies, easiest and safest for US companies, but it has limits: self certification  Employees have rights to privacy, even at job, even if business only rule in contract, signed.  In the cloud services are subject to data protection regulations… including cross borders flows restrictions…

thank you

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.