Data protection and compliance in context 19 November 2007 Stewart Room Partner.

Slides:

Advertisements

Similar presentations

Public Sector Information & Data Protection: A plea for personal privacy settings for the re-use of PSI Bart van der Sloot Institute for Information Law.

Advertisements

PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR

Legal & Regulatory Compliance. Overview What types of information should be included? What issues or problems might there be? What benefits could be obtained?

Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

Data Protection Billy Hawkes Data Protection Commissioner Irish Human Rights Commission 20 November 2010.

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.

TEAM 4 Case Study Mauritius: Mrs Nandini Kissoon-Luckputtya

Convention for the protection of individual with regard to automatic processing of personal data “The purpose of this convention is to secure in the territory.

The Data Protection (Jersey) Law 2005.

Data Protection and Records Management

EU: Bilateral Agreements of Member States

EU: Bilateral Agreements of Member States. Formerly concluded international agreements of Member States with third countries Article 351 TFEU The rights.

University of Sunderland Professionalism and Personal Skills Unit 11 Professionalism and Personal Skills Computer Legislation.

A European View of Privacy Protection John Woulds Director of Operations UK Data Protection Commissioner National Conference on Privacy, Technology & Criminal.

Towards a Freedom of Information Law in Qatar Fahad bin Mohammed Al Attiya Executive Chairman, Qatar National Food Security Programme.

Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

National Smartcard Project Work Package 8 – Information Law Report.

Data Protection Act Description The Data Protection Act controls how your personal information can be used and protects from the misuse of your.

Information Commissioner’s Office: data protection Judith Jones Senior Policy Officer Strategic Liaison – public security 16 November 2011.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Overview

An overview of the Data Protection Act Legal framework The Data Protection Act 1998 came into force in March 2001, replacing the Data Protection.

The ICO and the DPA Ken Macdonald Assistant Commissioner Information Commissioner’s Office ScotStat Public Sector Analysts Network 30 th September 2010.

 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.

Data Protection for Church of Scotland Congregations

The Information Commissioner’s Office David Evans.

Regulation of Personal Information Daniel Pettitt, Leon Sewell and Matthew Pallot.

THE HUMAN RIGHTS ACT AND THE UK POLICE SERVICE Click on slide-show icon When completed exit PowerPoint programme to return to the CD- ROM content.

Human Rights Act 1998 The European convention on human rights The European convention on human rights The Convention rights The Convention rights How does.

Identifying Human Rights The protections offered by the ECHR and the Human Rights Act 1998 Brayne & Carr: Law for Social Workers: 10e Chapter 3.

EHRs and the European Union – current legislation and future directions. Dr Richard Fitton.

LexisNexis Confidential EU Privacy Framework Michael Lamb LexisNexis Risk Solutions Vice President and Lead Counsel: Regulatory, Privacy & Policy May 19,

1 Freedom of Information (Scotland) Act 2002 A strategic view.

The Data Protection Act 1998 The Eight Principles.

Data Protection Privacy in the Digital Age: the UN General Assembly Resolution Sophie Kwasny, 16 October th International Conference, Mauritius.

Personal data protection in criminal procedure International collaboration and principle of proportionality LEFIS ROVANIEMI MEETING 19TH 20TH JANUARY 2007.

Access to Public Information in Slovenia Nataša Pirc Musar, LL.B. Commissioner for Access to Public Information The Hague – 24 th -25 th November, 2004.

The Eighth Asian Bioethics Conference Biotechnology, Culture, and Human Values in Asia and Beyond Confidentiality and Genetic data: Ethical and Legal Rights.

Data Protection: An enabler? David Freeland, Senior Policy Officer 23 October 2014.

Finding a PPP Partner Essential EU Law Considerations Bernard Wilson Maribor, 18 January 2005 Bernard Wilson Maribor, 18 January 2005.

IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.

European Data Protection Supervisor Pharmaceutical Regulatory & Compliance Congress, Brussels, 7 June 2007 European Privacy and Data Protection Policy.

Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.

Processing personal health data: the regulator’s perspective Ken Macdonald Assistant Commissioner Information Commissioner’s Office.

Twelve Guiding Principles for the Regulation of Surveillance Camera Systems Presented by: Alastair Thomas Date: 23 rd October 2013.

PROTECTION OF PERSONAL DATA. OECD GUIDELINES: BASIC PRINCIPLES OF NATIONAL APPLICATION Collection Limitation Principle There should be limits to the collection.

DATA PROTECTION ACT INTRODUCTION The Data Protection Act 1998 came into force on the 1 st March It is more far reaching than its predecessor,

© University of Reading Lee Shailer 06 June 2016 Data Protection the basics.

Can you share? Yes you can!! Angus Council Adult Protection Maureen H Falconer, Senior Policy Officer Information Commissioner’s Office.

Getting data sharing right for every child Maureen H Falconer Senior Policy Officer Information Commissioner’s Office.

Presented by Ms. Teki Akuetteh LLM (IT and Telecom Law) 16/07/2013Data Protection Act, 2012: A call for Action1.

Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.

History.... Right up until 1998 the UK did not have a bill of rights giving its citizens rights to certain basic freedoms. However, as early as 1950 the.

Data Protection Laws in the European Union John Armstrong CMS Cameron McKenna.

Privacy in the Digital Age: the UN General Assembly Resolution

Luca De Matteis Justice counsellor (criminal law, data protection)

Trevor Ellis Trainee Programmer (1981 – 28 years ago)

THE NEW GENERAL DATA PROTECTION REGULATION: A EUROPEAN OR A GLOBAL STANDARD? Bart van der Sloot Senior Researcher Tilburg Institute for Law, Technology,

Data Protection: EU & International

General Data Protection Regulation

EU Directive 95/46/EC (Paragraph 2) “Whereas data-processing systems are designed to serve man; whereas they must Respect their fundamental rights.

Data Protection & Freedom of Information- An Introduction

Privacy: a work in progress

G.D.P.R General Data Protection Regulations

Identify the laws and guidelines that affect day-to-day use of IT.

General Data Protection Regulations 2018

The activity of Art. 29. Working Party György Halmos

Is Data Protection a Fundamental Right Protecting the Individual?

Public Sector Information & Data Protection: A plea for personal privacy settings for the re-use of PSI Bart van der Sloot Institute for Information Law.

IAPP TRUSTe SYMPOSIUM 9-11 JUNE 2004

Presentation transcript:

Data protection and compliance in context 19 November 2007 Stewart Room Partner

Data protection in context First iterations of data protection law at Council of Europe level were concerned only with fundamental rights and freedoms, particularly the right to privacy. European Community agenda introduced concern for free movement. Within UK privacy legislation is contained in Human Rights Act, Data Protection Act, Regulation of Investigatory Powers Act etc. Parliament, regulators and the courts are obliged to act compatibly with European Convention on Human Rights. The Courts have modified the domestic law of confidence to protect privacy where a reasonable expectation of privacy exists. But, care must be taken in application of the law, so as not to damage other legitimate State interests and wider economic interests.

The development of privacy law In 1991 the Court of Appeal would not prevent the publication of very sensitive personal information, since there was no actionable right of privacy: Kaye v. Robertson But, in October 2000 the Human Rights Act came into force. And only 18 months later, in March 2002, the Court of Appeal was able to confirm that where the protection of privacy is justified, an action for breach of confidence will provide the necessary protection: Flitcroft v. MGN And now? See the Campbell, Peck, Douglas & Zeta Jones, Prince of Wales, McKennitt, Princess Caroline cases etc.

What is driving the law forward? (1) The introduction of the Human Rights Act 1998 coupled with (2) the Government’s adoption of advanced data processing techniques in the name of better public services are responsible for the rapid development of the law: HRA incorporated European Convention on Human Rights into UK law and imposes a legal obligation on Parliament, Courts and Regulators (as public bodies) to develop domestic law in order to give full effect to the right to privacy within Article 8: S.1 – Incorporates ECHR into domestic law. S.2 – Courts to take account of decisions of European Court of Human Rights. S.3 – Legislation to be compatible with ECHR. S.6 – Public authorities to act compatibly with ECHR. Government is sponsoring the development of massive databases of personal data and these need protecting: Children Act Identity Cards Act ‘Greater data sharing within the public sector - if we get it right - has the potential to be hugely beneficial to the public, as individuals and to society as a whole. Hand in hand with this is the need to provide real reassurance that when personal data is shared, the Government is determined to ensure both its security and integrity.’ Dept for Constitutional Affairs consultation on ‘What price privacy?’ (June 2006).

Data protection overview The Data Protection Act 1998 gives effect to the UK’s obligations under the Council of Europe Data Protection Convention 1981 and the EC Data Protection Directive It describes itself as an Act to make new provision for the regulation of the processing of information relating to living individuals. The actors; data controllers, data subjects and data processors. Personal data; information relating to an identified or identifiable living individual. See Durant v. FSA (2003) and Article 29 Working Party Opinion on the concept of personal data (2007). The data controller is the person who carries the weight of the regulatory burdens. The controller must comply with the data protection principles.

Data protection principles Fair and lawful processing and at least one criterion for legitimacy. Obtaining for a specified, lawful purpose. Processing to purpose. Adequate, relevant, not excessive. Accurate and kept up to data. Data subject rights to be obeyed. Security. Prohibition on transfers to unsafe countries.

Regulatory mechanisms Transparency; notification to regulator, fair processing notices, information notices, subject access. General rules on lawfulness; first data protection principle and schedules 2 & 3. The right to object; processing that will cause substantial and unwarranted damage/ distress, direct marketing. Criminal offences; particularly section 55. Other enforcement by the regulator. Data subject’s civil law remedies.

Hot topics The surveillance society. Unlawful trade in personal data. Privacy enhancing technologies. International transfers of data. Internet and electronic communications.

Compliance Intelligent processing; there are only two kinds of data in the intelligent organisation. Understanding the information lifecycle. Classification of data. Criterion for legitimacy. Data protection principles and transparency mechanisms. Compliance mechanisms; practices, policies and procedures.