Presentation is loading. Please wait.

Presentation is loading. Please wait.

Consent and Contract under EU Data Protection Law

Published byBlake Bryan Modified over 6 years ago

Similar presentations

Presentation on theme: "Consent and Contract under EU Data Protection Law"— Presentation transcript:

1 Consent and Contract under EU Data Protection Law
Paul M. Schwartz BCLT Privacy Law Forum: Silicon Valley March 24, 2017

2 My Co-Author Professor Peifer
Prof. Dr. Karl-Nikolaus Peifer Director, Institute for Media Law And Communications Law And Director, Institute for Broadcasting Law University of Cologne

3 Katherine Tassi, Snap

4 Lindsey L. Tonsager, Covington & Burling

5 Dr. Kai Westerwelle, Taylor Wessing

6 Different visions of Data Privacy
Overview Different visions of Data Privacy Shared Doctrine: Contract and Consent EU: Rights Talk in Action US: Protecting the Privacy Consumer Data Privacy’s International Future

7 Different Visions of Data Privacy: the EU
“Rights talk”: strong constitutionalization of privacy and data protection Statutory laws anchored in constitution rights Proportionality test to protect privacy European Court of Justice, Luxembourg

8 Different Visions of Data Privacy: the US
Weak constitutional protections for information privacy Strong constitutional protections for free flow of information “Marketplace discourse”: protection of privacy consumer in marketplace

9 EU: Rights Talk in Action
Strong limits on contract and consent in EU “EU data protection puts a core of important data privacy rights beyond the ability of a person to trade because such individual behavior would both erode a capacity of self-determination and have a negative collective impact.” Contract and consent cannot trump the GDPR’s fundamental rules, including legal basis for processing, data minimization, and purpose specification.

10 GDPR on Consent, Article 7
If consent presented as part of written declaration concerning other matters, “the request for consent must be presented in a manner which is clearly distinguishable from the other matters, in an intelligible and easily accessible form, using clear and plain language” Right to withdraw consent at any time. “It shall be as easy to withdraw consent as to give it”

11 GDPR on Consent, Article 7
“When assessing whether consent is freely given, utmost account shall be taken of the fact whether, among others, the performance of a contract, including the provision of a service, is made conditional on the consent to the processing of data that is not necessary for the performance of this contract.”

12 US: Protecting the Privacy Consumer
Main privacy inalienability is that of mandated disclosure requirements Contract largely irrelevant– for data processors, a realm of “heads, I win; tails, you lose.” Consent plays a limited role in U.S. law. Minor role for “warning function” -- opt-in.

13 Data Privacy’s International Future (1)
“Rights talk” is a key part of the EU project “Privacy consumers” ties into deep-rooted US concepts A shift to institutions: e.g., Privacy Shield: Data Integrity, Choice, Enforcement and Oversight

14 Privacy Shield (2016)

15 Privacy Shield (2016)

16 A Way Forward? Law is “agreement about the things that are fundamental.” Cardozo, 1924

17 Data Privacy’s International Future (2)
New Institutions and New Structures New understandings of data privacy to be created in international institutions and new processes European Data Protection Board Privacy Shield – deputizes U.S. institutions, officials and private parties to enforce the interests of EU citizens

18 Katherine Tassi, Snap

19 GDPR, Article 6, “legitimate interests”
Article 6: Processing is lawful when it “is necessary for the purposes of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data…”

20 GDPR, Article 47, “legitimate interests
Recital 47: “The legitimate interests of a controller … or of a third party, may provide a legal basis for processing, provided that the interests or the fundamental rights and freedoms of the data subject are not overriding, taking into consideration the reasonable expectations of the data subjects based on their relationship with the controller.”

21 Katherine Tassi, Snap Will the “legitimacy” basis in GDPR turn into important grounds for processing for US companies? Is the future one of segregation of EU personal data from the rest of the world’s?

22 Lindsey L. Tonsager, Covington & Burling

23 Lindsey L. Tonsager, Covington & Burling
Are US and EU privacy laws really different? Can the GDPR actually be value-added for your business?

24 Dr. Kai Westerwelle, Taylor Wessing

25 Dr. Kai Westerwelle, Taylor Wessing
Threats to the Privacy Shield and Model Clauses: the State of Play Privacy Shield under scrutiny Schrems II: Model Contractual Clauses Opinions of EU Regulators

26 Question and Answer Period

Download ppt "Consent and Contract under EU Data Protection Law"

Similar presentations

Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Rule-Making Book II EU Administrative Procedures – The ReNEUAL Draft Model Rules 2014 Brussels, May 19-20 th 2014 1 Herwig C.H. Hofmann University of Luxembourg.

Rule-Making Book II EU Administrative Procedures – The ReNEUAL Draft Model Rules 2014 Brussels, May th Herwig C.H. Hofmann University of Luxembourg.
Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Ide kerülhet az előadás címe CCTV operation at work Belgrade, 11 th April 2013.

Ide kerülhet az előadás címe CCTV operation at work Belgrade, 11 th April 2013.
The Eighth Asian Bioethics Conference Biotechnology, Culture, and Human Values in Asia and Beyond Confidentiality and Genetic data: Ethical and Legal Rights.

The Eighth Asian Bioethics Conference Biotechnology, Culture, and Human Values in Asia and Beyond Confidentiality and Genetic data: Ethical and Legal Rights.
IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.

IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.
Access to Commercial Information A Comparative Overview Darian Pavli Open Society Justice Initiative.

Access to Commercial Information A Comparative Overview Darian Pavli Open Society Justice Initiative.
INTERNATIONAL E-DISCOVERY: WHEN CULTURES COLLIDE Alvin F. Lindsay Hogan & Hartson LLP.

INTERNATIONAL E-DISCOVERY: WHEN CULTURES COLLIDE Alvin F. Lindsay Hogan & Hartson LLP.
Vienna 14 March 2006 Andrew J. Popham Vice-President of FEE Partner, PricewaterhouseCoopers LLP The New Directive on Statutory Audit in the EU.

Vienna 14 March 2006 Andrew J. Popham Vice-President of FEE Partner, PricewaterhouseCoopers LLP The New Directive on Statutory Audit in the EU.
Privacy, data protection and connected cars Lilian Edwards, Professor of Internet Law University of Strathclyde Researcher in Residence, Digital Catapult.

Privacy, data protection and connected cars Lilian Edwards, Professor of Internet Law University of Strathclyde Researcher in Residence, Digital Catapult.
Your Code of Conduct: Data Protection & Compliance Your Code of Conduct: Data Protection & Compliance for Charities.

Your Code of Conduct: Data Protection & Compliance Your Code of Conduct: Data Protection & Compliance for Charities.
Agencija za zaštitu ličnih/osobnih podataka u Bosni i Hercegovini Агенција за заштиту личних података у Босни и Херцеговини Personal Data Protection Agency.

Agencija za zaštitu ličnih/osobnih podataka u Bosni i Hercegovini Агенција за заштиту личних података у Босни и Херцеговини Personal Data Protection Agency.
Data Protection Laws in the European Union John Armstrong CMS Cameron McKenna.

Data Protection Laws in the European Union John Armstrong CMS Cameron McKenna.
General Data Protection Regulation (EU 2016/679)

General Data Protection Regulation (EU 2016/679)
Surveillance around the world

Surveillance around the world
Brussels Privacy Symposium on Identifiability

Brussels Privacy Symposium on Identifiability
Student Privacy in an Ever-Changing Digital World

Student Privacy in an Ever-Changing Digital World
GDPR (General Data Protection Regulation)

GDPR (General Data Protection Regulation)
THE NEW GENERAL DATA PROTECTION REGULATION: A EUROPEAN OR A GLOBAL STANDARD? Bart van der Sloot Senior Researcher Tilburg Institute for Law, Technology,

THE NEW GENERAL DATA PROTECTION REGULATION: A EUROPEAN OR A GLOBAL STANDARD? Bart van der Sloot Senior Researcher Tilburg Institute for Law, Technology,
A trust-based framework for the data-driven economy

A trust-based framework for the data-driven economy

Similar presentations

Ads by Google