1 Enforcement Powers of National Data Protection Authorities and Experience gained of the Data Protection Directive Safe Harbour Conference Washington.

Slides:



Advertisements
Similar presentations
1 SOURCES AND SCOPE OF COMMUNITY LAW Michele Colucci Web site: PARMA 8-9 November.
Advertisements

Competences of Slovenian regulatory bodies regarding PSI re-use Maja Lubarda Legal Adviser, Information Commissioner.
PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR
Public Administration use of Social Networks - Data Protection Implications European Public Administration Network, Dublin Castle, 5 April 2013 Billy Hawkes.
EU-MIDIS European Union Minorities & Discrimination Survey Collecting reliable and comparable data on the Roma across the EU Eva Sobotka.
EASA and the EU Regulatory Framework
European Commission Jacques McMillan Enterprise Directorate-General Legal aspects linked to internal market EUROPEAN CONFERENCE ON MARKET SURVEILLANCE.
Deposit insurance in the European Union José María Roldán | 13 Oct 2005.
1 National Police Board 16 September 2009 Elisabeth Styf President ECIIA Chief Audit Executive for the Swedish Police Service 21 police authorities, the.
Transborder Data Flows & Privacy Contractual clauses in the practice Tanguy Van Overstraeten Washington DC October 16, 2007.
1 Agencia Española de Protección de Datos AUDITING AND ENFORCEMENT AT THE SPANISH DPA. EXPERIENCE WITH OUTSOURCING TO COUNTRIES WITH A NON ADEQUATE LEVEL.
European CommissionDirectorate-General Justice, Freedom and Security Data Protection 1 Conference on Cross Border Data Flows & Privacy October 15-16, 2007.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
Data Protection Billy Hawkes Data Protection Commissioner Irish Human Rights Commission 20 November 2010.
DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.
1 State Service of Ukraine on Personal Data Protection. Volodymyr Kozak, State Service of Ukraine on Personal Data Protection, Deputy Head, PhD Prague,
Shared Information and Mutual Assistance Book V – Mutual Assistance Book VI – Administrative Information Management Presentation for the EU Ombudsman /
APNIC Executive Council (EC) Election 1. Overview About 2011 EC Election Voting entitlement Online voting On-site voting Proxy appointment Counting procedure.
1 Insights on cross-border ex ante controls – Polish experiences 27th Conference of Directors of EU Paying Agencies Oviedo, April 2010.
1 The Data Protection Officer at work Experience, good practices and lessons learnt Pierre Vernhes – former DPO at the Council of the EU Workshop on Data.
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
What CQC do CQC are the health and social care regulator for England CQC register and monitor all health and social care providers in the country to ensure.
Overview of the Rotterdam Convention.
1 Budapest, June 14, Cross border communication among registers - Practical aspects - Yves Gonner Managing director - Trade and Companies Register.
NORMAPME ISO User Guide for European SMEs The essence of.
Presentation to OAS officials/ representatives 2 nd October, 2012.
The fundamentals of EC competition law
Data Protection and the GRA. 1. Commentary on Data Protection 2. The GRA’s Role The Register Investigations, Mediation and Compensation Enforcement Notices.
Data Protection and Records Management
Europol’s tailor-made data protection framework
The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.
A European View of Privacy Protection John Woulds Director of Operations UK Data Protection Commissioner National Conference on Privacy, Technology & Criminal.
Per Anders Eriksson
Transborder dataflows Flow of information across national borders Much of this data involves personal information.
Anomalous Aspects of Transfer of Personal Data from the E.U. to the U.S. Stephen R. Bell Willkie Farr & Gallagher ABA Section of International Law New.
Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
How the Information Commissioner’s office operates as a regulator David Smith Deputy Information Commissioner.
Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.
Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.
1 SAFE HARBOR FRAMEWORK Barbara S. Wellbery Morrison & Foerster LLP 2000 Pennsylvania Avenue Washington, DC /
The European influence on privacy law and practice Nigel Waters, Pacific Privacy Consulting International Dimension of E-commerce and Cyberspace Regulation.
VICTIMS’ RIGHTS New EU Directive establishing minimum standards on the rights, support and protection of victims of crime 20 September 2012 CABVIS Conference.
Moving Forward With the African Dialogue Cross-Border Principles By Mary Gurure Manager, Legal Services and Compliance COMESA Competition Commission Lilongwe,
Data Protection Act AS Module Heathcote Ch. 12.
European Data Protection Supervisor Pharmaceutical Regulatory & Compliance Congress, Brussels, 7 June 2007 European Privacy and Data Protection Policy.
New Rail Market Access Rules Directive 2012/34/EU (recast) EUROPEAN COMMISSION.
Data protection and compliance in context 19 November 2007 Stewart Room Partner.
Page 1 of 7 Practical experience of cooperation and coordination during DP investigations and audits Ultan O’Carroll Technology Advisor Office of Data.
© University of Reading Lee Shailer 06 June 2016 Data Protection the basics.
The EU General Data Protection Regulation Frank Rankin.
© International Training Centre of the ILO International Labour Standards and the ILO Supervisory System: tools to defend workers’ rights Geneva,
Week 12. Lecture 2. Health Law & the EU Cross-border healthcare: patients’ rights.
Data Protection – the Lisbon Effect Billy Hawkes Data Protection Commissioner Institute of International and European Affairs Dublin, 17 September 2009.
-1- WORKSHOP ON DATA PROTECTION AND DATA TRANSFERS TO THIRD COUNTRIES Technical and organizational security measures Skopje, 16 May - 17 May 2011 María.
Data Protection Laws in the European Union John Armstrong CMS Cameron McKenna.
Data Protection Officer’s Overview of the GDPR
Preparing for a data protection audit 28 September 2017
THE NEW GENERAL DATA PROTECTION REGULATION: A EUROPEAN OR A GLOBAL STANDARD? Bart van der Sloot Senior Researcher Tilburg Institute for Law, Technology,
(Portfolio Committee on Justice and Correctional Services)
Data Protection: EU & International
General Data Protection Regulation
Information Governance and Data Privacy: A World of Risk
Data Protection Legislation
Bob Siegel President Privacy Ref, Inc.
Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .
Data Protection and Audit
Is Data Protection a Fundamental Right Protecting the Individual?
OHSC 2018 CONSULTATIVE WORKSHOP - GAUTENG PROVINCE ENFORCEMENT
The EDPS: competences and processing of personal data in EU funds
Overview of the recommendations regarding approximation of the Law on personal data protection to the new EU General data protection regulation Valerija.
Presentation transcript:

1 Enforcement Powers of National Data Protection Authorities and Experience gained of the Data Protection Directive Safe Harbour Conference Washington 16 October Gary Davis Deputy Data Protection Commissioner, Ireland

2 EU/EEA Directives Directive 95/46/EC Protection of Individuals with regard to the Processing of Personal Data and on the Free Movement of such Data Directive 2002/58/EC Privacy and Electronic Communications

3 Presentation Outline Directive 95/46/EC Obligations Discretion to Member States National Differences Irish Case Study Issues International position

4 Directive 95/46/EC Obligations Enforcement Obligations on Members States Article 22 - judicial remedy for individuals Article 23 - entitlement for person to receive compensation Article 24 – effective sanctions for breach of provisions Article 28 – Independent authority(s) in MS responsible for monitoring national provisions Article 27 – Codes of Conduct to be encouraged to contribute to implementation

5 Powers for authorities - Article 28 Investigative Powers – access to data and to collect information Prior checking of processing Make decisions on complaints Ordering of blocking, erasure or destruction of data Power to initiate legal action Co-operation between supervisory authorities

6 Case Study - Role of the Irish DPA Ombudsman Role: resolution of disputes between data subjects and data controllers or processors Enforcer Role: compliance by data controllers & processors Educational Role: Promotes DP rights and good practice Registration Authority: obligation on major holders of personal data to be placed on public register

7 Powers of Irish DPA Information notice (section 12) Enforcement notice (section 10) Compliance Audits (section 10) Powers of entry and inspection (section 24) Decision on complaints (section 10) Codes of Practice (section 13) Refusal to register (section 17) Prohibition of non-EEA transfers (section 11) Prosecute Offences (section 30)

8 National Differences? Yes within the margin for manoeuvre for implementation within the Directive All systems have the same objective of protecting the rights of individuals Varying approaches to complaints in some cases ability to levy sanctions or fines directly Interpretation of what constitutes personal data and sensitive personal data Power of entry and audit not uniform Prior checking in some cases before can process certain categories of data Registration/Notification system varies widely

9 Issues Implementation respecting individual tradition of each MS causes difficulties for multi-jurisdictional entities. Is the focus on preventing breaches overly bureaucratic? Perhaps stronger powers to decide upon and deal with events after they happen also - Federal Trade Commission. Need for more consistency of interpretation across authorities

10 Harmonisation? Recent second European Commission Communication on implementation of Directive Infringement procedures by Commission planned to improve harmonisation Interpretative communications from the Commission on common provisions Enhanced focus of Article 29 Working Party in encouraging a harmonised approach to issues

11 Harmonisation? A29 Working Party has agreed on the principle of EU-wide, synchronized national enforcement actions, setting criteria to identify issues for investigations. March 2006 first joint investigation involving national Data Protection Authorities on the processing of personal data in the private health insurance sector. More to come Small point - Data Protection Authorities need to be adequately resourced also

12 Improved enforcement - International Context OECD Recommendation on Cross-border Co-operation in the Enforcement of Laws Protecting Privacy adopted on 12 June 2007 APEC efforts also assisting in exchange of knowledge among authorities Many other formal and informal fora dealing with electronic communications and other issues

13 Thank You Contact:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.