Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.

Slides:

Advertisements

Similar presentations

EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure.

Advertisements

PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.

EDUCATION Directive 2002/14/EC of 11 March 2002 establishing a general framework for informing and consulting employees in the European Community.

Sarah Branam Mehmet MunurDino Tsibouris

© 2005 Morrison & Foerster LLP All Rights Reserved Data Security and Incident Notification: The Impact of Foreign Law Presented April 26, 2006 to EDUCAUSE.

“Reform of the Child Care System: Taking Stock and Accelerating Action” South East Europe 3 – 6 July 2007, Sofia.

Congress and Contractor Personal Conflicts of Interest May 21, 2008 Jon Etherton Etherton and Associates, Inc.

Managing Personal Information - Australian Companies Outsourcing to India and the Philippines Professor Margaret Jackson and Marita Shelly.

EU: Bilateral Agreements of Member States

EU: Bilateral Agreements of Member States. Formerly concluded international agreements of Member States with third countries Article 351 TFEU The rights.

Per Anders Eriksson

Transborder dataflows Flow of information across national borders Much of this data involves personal information.

Anomalous Aspects of Transfer of Personal Data from the E.U. to the U.S. Stephen R. Bell Willkie Farr & Gallagher ABA Section of International Law New.

Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

Keeping on top of the Cloud - Compliance from a Regulator’s Perspective Henry Chang, IT Advisor Office of the Privacy Commissioner for Personal Data, Hong.

Clinical Research Conference 2012 Legal, Ethical, and Social Dimensions of Clinical Research Takis Vidalis, Ph. D., Hellenic National Bioethics Commission.

A Common Immigration Policy for Europe Principles, actions and tools June 2008.

|Date faculty of law groningen centre of energy law 1 Security of Supply – EU Perspective and Legal Framework First EU-Russia Energy Law Conference,30.

Company Confidential How to implement privacy and security requirements in practice? Tobias Bräutigam, OTT Senior Legal Counsel, Nokia 8 October

Finance and Governance Workshop Data Protection and Information Management 10 June 2014.

1 THE THIRD ENERGY PACKAGE – THE ENERGY COMMUNITY APPROACH Energy Community Secretariat 20 th Forum of the Croatian Energy Association and WEC National.

The European influence on privacy law and practice Nigel Waters, Pacific Privacy Consulting International Dimension of E-commerce and Cyberspace Regulation.

The Eighth Asian Bioethics Conference Biotechnology, Culture, and Human Values in Asia and Beyond Confidentiality and Genetic data: Ethical and Legal Rights.

IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.

LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.

INTERNATIONAL E-DISCOVERY: WHEN CULTURES COLLIDE Alvin F. Lindsay Hogan & Hartson LLP.

16-17 November 2005 COSCAP – NA Project Steering Group Guangzhou, China 1 Co-operating with the European Aviation safety Agency.

The Principles Governing EU Environmental Law. 2 The importance of EU Environmental Law at the European and globallevel The importance of EU Environmental.

Malcolm Crompton APEC Information Privacy Framework: review, impact, & progress APEC Symposium on Information Privacy Protection in E Government & E Commerce.

Privacy, Data Protection and Lex Informatica -- lecture 7 Dr. Lee A. Bygrave,

1 This project is supported by the European Union 3 rd MEDREG-IMME Seminar Reform and Opening of Maghreb Electricity Markets September 2013 MRA (Malta)

1 Agencia Española de Protección de Datos The Use of Contracts and BCRs to Transfer Personal Data The European Union – United States Safe Harbor framework:

1 TAIEX JHA Workshop on data protection and cloud computing Data transfers to third countries and standard contractual clauses Skopje, 29 May 2014.

 Cooperation and information exchange amongst financial supervisors and regulators are essential for effective oversight in an integrated financial system.

Data protection—training materials [Name and details of speaker]

Key Points for a Privacy Programme for Multinationals Steve Coope.

National Tax Agency Japan Masaharu Koga (Mr.) ―Introduction of Arbitration Procedure― 1.

Presented by Ms. Teki Akuetteh LLM (IT and Telecom Law) 16/07/2013Data Protection Act, 2012: A call for Action1.

Protection of Personal Information Act An Analysis on the impact.

Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.

E-C OMMERCE : T HE E -C ONSUMER AND THE ATTACKS AGAINST THE PERSONAL DATA Nomikou Eirini Attorney at Law, Piraeus Bar Association Master Degree in Web.

František Nonnemann Skopje, 10th October 2012 JHA Data protection and re-use of PSI as a tool for public control–CZ approach.

Agencija za zaštitu ličnih/osobnih podataka u Bosni i Hercegovini Агенција за заштиту личних података у Босни и Херцеговини Personal Data Protection Agency.

TRANSBORDER DATA FLOWS INA MEIRING. THE PROTECTION OF PERSONAL INFORMATION ACT (“POPI”) > 'personal information' means information relating to an identifiable,

Data Protection Laws in the European Union John Armstrong CMS Cameron McKenna.

TRANSBORDER TRANSFER OF PERSONAL DATA OUT OF THE REPUBLIC OF SERBIA Milica Basta Senior Adviser DPA Serbia Sarajevo May 2016.

© CENTER FOR INFORMATION TECHNOLOGY SERVICES UNIVERSITY OF OSLO USIT Page 1 Re: Study on the privacy issues arising with the public pan-European White.

HIPSSA Project PRESENTATION ON SADC DATA PROTECTION MODEL LAW

Convention 108 and the EU framework: Differing while Converging

Data Protection Officer’s Overview of the GDPR

Accountability & Structured Privacy Management

The Protection of Confidential Commercial or Industrial Information in Environmental Law: Analysis and Call for a Graded Concept of Protection Prof. Dr.

THE NEW GENERAL DATA PROTECTION REGULATION: A EUROPEAN OR A GLOBAL STANDARD? Bart van der Sloot Senior Researcher Tilburg Institute for Law, Technology,

Privacy principles Individual written policies

Data Protection: EU & International

Data Protection The Current Regime

General Data Protection Regulation

Information Governance and Data Privacy: A World of Risk

EU Directive 95/46/EC (Paragraph 2) “Whereas data-processing systems are designed to serve man; whereas they must Respect their fundamental rights.

Bob Siegel President Privacy Ref, Inc.

Protection of Personal Information Bill: An International Perspective

Employee Privacy and Privacy of Employee Information

GDPR Overview and Use Cases.

Data transfers to non-EU countries under the new GDPR

The activity of Art. 29. Working Party György Halmos

The European Anti-Corruption Report

The EDPS: competences and processing of personal data in EU funds

SRO APPROACH TO REGULATION

EU Data Protection Legislation

Presentation transcript:

Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help of the data protection policy of the DaimlerChrysler AG

CoCv1_eng2 Current situation Technical convergence promotes a worldwide exchange of goods and services. Competition becomes more and more a global challenge. Increase in possibilities of matching and processing personal data collected for various purposes. Raise of the potential risks for a fraudulent use of personal data. Increase of the sensitivity of consumers regarding the handling of their personal data. Development and integration of data security and data protection concepts in their products and services is crucial for global acting companies.

CoCv1_eng3 Tendencies of the privacy legislation worldwide Increase in enacting data protection laws worldwide, but different national legal requirements due to the lack of a globally competent legislator. Tendency of incorporating data protection and privacy issues in laws governing electronic commerce especially in Asian countries. Influence of the EC-Directive and national laws of Asia/Pacific and Latin-America restricting the transborder data flow. Data protection and privacy legislation is on the way to an international law convergence.

CoCv1_eng4 Legal situation with regard to transborder data flows A transborder transfer of personal data is only permitted if the third country ensures an adequate level of data protection. Requirement results from the EC-Directive on data protection and the privacy acts of Australia, Hong Kong, Taiwan, Argentina. Currently a transfer is only permitted in the following cases: From the EU/EEC to Hungary, Switzerland, Canada (with restrictions). From the EU/EEC to the US provided that the US- American company adheres to the Safe Harbor Principles and is subject to the jurisdiction of the Federal Trade Commission or another institution which effectively ensures the compliance with these principles.

CoCv1_eng5 Legal situation with regard to transborder data flows Exceptions from the requirement to provide an adequate level of data protection: Unambiguous consent of the data subject; The transfer is necessary for the performance of a contract between the data subject and the controller or for precontractual measures taken in response to the data subject’s request; or The transfer is necessary for the conclusion or performance of a contract concluded in the interest of the data subject between the controller and a third party; or

CoCv1_eng6 Legal situation with regard to transborder data flows Exceptions from the requirement to provide an adequate level of data protection: The transfer is necessary to protect the vital interests of the data subject. Since each transfer has to be assessed on its own merits, the reliance on the exemptions is not sufficient for companies which transfer data worldwide for diverse purposes.

CoCv1_eng7 Options for global acting companies Obtain the consent to the transfer to substandard countries from the data subject. Adduce adequate safeguards with respect to the protection of the privacy and fundamental rights and freedoms of individuals and as regards the exercise of the corresponding rights; like Incorporate contractual clauses/model clauses. Implement Codes of Conduct.

CoCv1_eng8 Pros Individual solutions are possible. Efforts then if its necessary. Cons Option not expressly provided by all nationals laws providing for restrictions on transborder data flows. Due to the different national requirements, it can be difficult to obtain a legally effective consent. Information about and consent to a transfer to a substandard country. Consent solution

CoCv1_eng9 Cons A consent could be withheld or revoked, mere consideration leads to a complication of the data processing process. In case of a transmission of employee’s data it might be necessary to participate the workers council. Consent solution

CoCv1_eng10 Pros Specific solution for each specific case, consideration of peculiarities possible. Efforts then if its necessary. Cons Increased expenditure for administration due to the obligation to incorporate and to update each single contract. No contribution to increase the awareness of the concerned employees. Notification/approval by the respective dpa required. Contractual clauses Contract

CoCv1_eng11 Pros Formally adopted by the European Commission being a sufficient safeguard for providing an adequate level of data protection. Cons No uniform application by the dpa’s. Alterations have to be approved. Contains the obligation for the data importer to cooperate with the competent supervisory authority, has to observe its decisions with regard to the data transferred. Standard contractual clauses

CoCv1_eng12 Pros Possibility to make use of the tendency of law convergence and provision of a global solution. Easy to implement, control and to update. Low expenses for law enforcement. Uniform procedures within the company as a marketing tool. Cons Approval by the respective data protection authorities required. Codes of Conduct

CoCv1_eng13 Cons Current procedure to get Codes of Conduct Community- wide approved is burdensome and bureaucratic. Several options: Decision by the European Commission pursuant to Art. 26 para.4 of the EU Data Protection Directive. Community-wide validity of an approval by one data protection authority, accordingly the participation of the other Member States and the Commission has to be ensured. Codes of Conduct

CoCv1_eng14 Codes of Conduct are the best solution to cope with the legal requirements for transborder data flow.

CoCv1_eng15 Principles and requirements for the collection and processing of personal data. Requirements for the transfer of personal data to third parties, including data exchange within the Group. Rights of the data subject. Requirement to maintain confidentiality. Principles of data security. Requirements for the involvement of third parties, including in case of a data processing on behalf. Responsibilities and sanctions. Internal law enforcement. Content of Codes of Conduct

CoCv1_eng16 Appointment of a Chief Officer Corporate Data Protection (CPO) with worldwide responsibility that reports directly to the Board of Management. Infrastructure of locally responsible Data protection coordinators for the different regions of the world. Coordination of the Data protection coordinators by regular meetings conducted by the CPO. Internal law enforcement within the DaimlerChrysler Group

CoCv1_eng17 Thank you for your attention. For further questions mail to