Presentation is loading. Please wait.

Presentation is loading. Please wait.

Report on data protection legislation Case of Romania

Published byLaurel Blake Modified over 5 years ago

Similar presentations

Presentation on theme: "Report on data protection legislation Case of Romania"— Presentation transcript:

1 Report on data protection legislation Case of Romania
Brussels, March 2011

2 A. Romanian national legislation on data protection
In view of aligning the national legislation to the EU acquis, Romania adopted Law no. 677/2001 on the Protection of Individuals on Processing of Personal Data and the Free Movement of Such Data (amended and completed at a later stage), as well as a number of regulations aiming at the personal data processing and the private life protection: Law no. 682/2001 on the ratification of the Convention on the protection of individuals with regard to automatic processing of personal data, adopted at Strasbourg on 28th January 1981; Law no. 102/2005 regarding the setting up, organisation and functioning of the National Supervisory Authority for Personal Data Processing, Law nr. 506/2004 on the processing of personal data and the protection of privacy in the electronic communications sector; Law no. 298/2008 on the retention of data generated or processed in connection with the provisions of publicly available electronic communications services or public communications networks and for the amendment of; Law nr. 506/2004 on the processing of personal data and the protection of private life within the electronic communication sector.

3 Romania fully transpose the EU legislation:
Directive 95/46/CE on the protection of individuals with regard to the processing of personal data and on the free movement of such data; Directive no. 2002/58/CE concerning the processing of personal data and the protection of privacy in the electronic communications sector.

4 The provisions of the Law no
The provisions of the Law no. 677/2001 applies to personal data processing, performed in full or in part, by automatic means, as well as to the processing by other means than the automatic ones, which are part of or destined to a personal data filling system. Art.3 of Law no.677/2001 obviously and unambigously defines the essential terms employed by the legal act (for example, personal data, personal data processing, storage, personal data filing system, data controller, data processor, third party, recipient, anonymous data).

5 B. Basic principle of the law and its exemptions
The terms of legitimacy regarding the data processing are mainly relied on the intentional and unequivocal consent for the data processing by the person in question.

6 Exemptions – consent not required
a) carry out a contract or an agreement previous to that contract to which the data subject is party of, or in order to take some measures, at his request, before signing that contract or previous agreement; b) protect the data subject’s life, physical integrity or health or that of a threatened third party; c) fulfill a legal obligation of the data controller; d) accomplish some measures of public interest or regarding the exercise of public official authority prerogatives of the data controller or of the third party to wich the date are disclosed; e) accomplish a legitimate interst of the data controller or of the third party to which the date are disclosed, on the condition that this interest does not prejudice the interests, or the fundamental rights and freedoms of the data subject; or when the processing f) concerns data which is obtained from publicly accesible documents, according to the law; g) is performed exclusively for statistical purposes, historical or scientific research and the data remains anonymous throughout the entire processing.

7 C. Special Rules on Personal Data Processing
Processing personal data regarding ethnic or racial origin, political, religious or philosophical beliefs or those of similar nature, trade-union allegiance, as well as personal data regarding the state of health or sex life, is prohibited.

8 Derogations 1. when the data subject has expressly given her/his consent for such data processing; 2. when the processing is required in order to meet the obligations or specific rights of the data controller in the field of labor law, in accordance with the legal guarantee; a possible disclosure to third party of the processed data may take place only if the data controller is legally required to do so, or if the data subject has expressly agreed to the disclosure. According to the law the data controller is any natural or legal person, including public authorities, institutions and their legal bodies, that establishes the means and the purpose of the personal data processing.

9 The processing of personal data with an identification function:
we encounter again the principle of express and unequivocal consent of the concerned subject for the processing of the personal identification number or other personal data with a general identification function. The processing personal data regarding the state of health: the same principle applies but the interdiction of processing does not apply: if the processing is necessary for the protection of public health; if the processing is necessary for the prevention of an imminent danger, the prevention of a criminal offence or the prevention of the result of such an action; for the removal of the damaging results of such an action.

10 3. Ending the processing operations
If the data subject has not given his/her express and unequivocal consent for another destination: the personal data should be destroyed; transferred to another data controller; transformed into anonymous data and stored exclusively for statistical, historical or scientific research. The data controller may store the personal data for the required period of time, in order to achieve the specific goals.

11 D. Current status. Participation in ESF supported activities
The Romanian legislation about the personal data protection is not a factor limiting the monitoring and the reporting of participants in ESF supported activities. The data connected with the race or ethnicity or the ones about the health state may be processed in all the necessary purposes such as collection, recording, organizing, storing, retrieval, consultation, use, disclosure to third parties by transmission etc.

12 Ministry of Labor through the Managing Authority for the Sectoral Operational Programme for Human Resources Development implemented secondary legislation (implementing legislation) according to which : the beneficiaries of the projects funded through ESF must take the measures required for the legal registration as a personal data operator; the beneficiaries must require the consent of the participants regarding the personal data processing (applicant’s instruction and guide published on the official website –www. fseromania.ro).

13 The declaration of ethnicity or disabled or other disadvantaged people:
the difficulty does not consist in the legal regime required by the legislation about personal data processing; but in the reticence shown by the persons themselves.

14 Data transfer Is always permitted when the data subject has explicitly given her/his consent for the transfer. In sensitive cases the consent must be written. The beneficiaries of the projects do not practically encounter special problems on this issue regarding the data reporting to the monitoring system of the managing authorities.

15 Conclusions From the legal point of view, both managing authorities and the project beneficiary have no restriction for obtaining the personal data belonging to the subjects participating in an ESF project, after the end of the activities from that project. Still in practice this is not always the case and it is difficult to follow up on such aspects. Further improvements in this matter are therefore needed, mainly from the project beneficiaries themselves.

16 The Romanian legislation on personal data protection contains the necessary elements for harmonizing the principle to know with data protection principles. There is a need for additional administrative efforts from the project providers for collecting/storing/monitoring the personal microdata with a higher accuracy in order to be able to provide a true picture of the social segment targeted by ESF supported activities. Further measures are recommended with the view to improve guidance line addressed to the applicants/beneficiaries of projects by establishing as accurate as possible parameters to be collected from the project participants. As a concluding remark, implementation of programs of training, education and awareness among project beneficiaries are needed in order to foster a better understanding of the processing of personal data in order to avoid incomplete/incoherent/not sustainable data information.

Download ppt "Report on data protection legislation Case of Romania"

Similar presentations

Re-use of PSI Data Protection Issues Cécile de Terwangne Professor at the Law Faculty, Research Director at CRIDS University of Namur (Belgium) 2 nd LAPSI.

Re-use of PSI Data Protection Issues Cécile de Terwangne Professor at the Law Faculty, Research Director at CRIDS University of Namur (Belgium) 2 nd LAPSI.
Data Protection & Privacy in the Information Age COMNET – Legal Frameworks for ICTs Malta 2013 Dr Antonio Ghio Dr Jeanine Rizzo.

Data Protection & Privacy in the Information Age COMNET – Legal Frameworks for ICTs Malta 2013 Dr Antonio Ghio Dr Jeanine Rizzo.
DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
Convention for the protection of individual with regard to automatic processing of personal data “The purpose of this convention is to secure in the territory.

Convention for the protection of individual with regard to automatic processing of personal data “The purpose of this convention is to secure in the territory.
Protection of Personal Data, 11.02.2011. Historical context In 1982, Iceland signed the Council of Europe Convention nr. 108 from 1981 for the Protection.

Protection of Personal Data, Historical context In 1982, Iceland signed the Council of Europe Convention nr. 108 from 1981 for the Protection.
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
DATA PROTECTION and Research University Research Ethics Committee – 08.05.2006 David Cauchi Office of the Data Protection Commissioner.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.
The European Union legal framework for clinical data access: The European Union legal framework for clinical data access: potential challenges and opportunities.

The European Union legal framework for clinical data access: The European Union legal framework for clinical data access: potential challenges and opportunities.
What if my organization conducts business across borders ? Your footnote Privacy and “Personal Information” have different meanings in different countries;

What if my organization conducts business across borders ? Your footnote Privacy and “Personal Information” have different meanings in different countries;
Data Protection: The Law. EU & Irish Legislation Data Protection Directive 95/46/EC Electronic Privacy Directive 2002/58/EC EUROPOL etc Data Protection.

Data Protection: The Law. EU & Irish Legislation Data Protection Directive 95/46/EC Electronic Privacy Directive 2002/58/EC EUROPOL etc Data Protection.
Class 13 Internet Privacy Law European Privacy.

Class 13 Internet Privacy Law European Privacy.
Attorney at the Bars of Paris and Brussels Database exploitation & Data protection Thibault Verbiest Amsterdam 1 April 2005

Attorney at the Bars of Paris and Brussels Database exploitation & Data protection Thibault Verbiest Amsterdam 1 April 2005
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.

 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
Lawyer at the Brussels Bar Lecturer at the University of Strasbourg Assistant at the University of Brussels Data Protection & Electronic Communications.

Lawyer at the Brussels Bar Lecturer at the University of Strasbourg Assistant at the University of Brussels Data Protection & Electronic Communications.
Managing Risks Associated With Privacy Alison Baker- Senior Associate Hall & Wilcox 24 November 2006 819234.3.

Managing Risks Associated With Privacy Alison Baker- Senior Associate Hall & Wilcox 24 November
Data Protection: An enabler? David Freeland, Senior Policy Officer 23 October 2014.

Data Protection: An enabler? David Freeland, Senior Policy Officer 23 October 2014.
Data Protection Corporate training 2012. Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.

Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
INTERNATIONAL E-DISCOVERY: WHEN CULTURES COLLIDE Alvin F. Lindsay Hogan & Hartson LLP.

INTERNATIONAL E-DISCOVERY: WHEN CULTURES COLLIDE Alvin F. Lindsay Hogan & Hartson LLP.
Data Protection Principles as Basic Foundation for Data Protection in EU/EEA Introduction to Data Protection Theory Seminar - AFIN 31. 01. 2007 Stephen.

Data Protection Principles as Basic Foundation for Data Protection in EU/EEA Introduction to Data Protection Theory Seminar - AFIN Stephen.

Similar presentations

Ads by Google