Presentation is loading. Please wait.

Presentation is loading. Please wait.

Personal data protection in public institutions – effective approach

Published byHelmuth Esser Modified over 5 years ago

Similar presentations

Presentation on theme: "Personal data protection in public institutions – effective approach"— Presentation transcript:

1 Personal data protection in public institutions – effective approach
EU Twinning Project Expert: Dr Jens Ambrock Project Activity: Training course “Personal data protection and freedom of information” Date: This project is funded by the European Union

2 Main Principles of European Data Protection Law
Checklist of Art. 5 GDPR: Lawfulness Fairness Transparency Purpose limitation Accuracy Data minimisation Storage limitation Integrity and confidentiality Accountability

3 Main Principles of European Data Protection Law
Checklist of Art. 5 GDPR: Lawfulness Fairness Transparency Purpose limitation Accuracy Data minimisation Storage limitation Integrity and confidentiality Accountability

4 Principle of Lawfulness
Processing of personal data only allowed on the basis of or legal ground (= law) consent

5 Structure of Legal Grounds
Area specific (national) law e.g. tax law / food law / academic law / wastewater law etc. Area specific clauses of the GDPR e.g. Art. 22 GDPR (Profiling), e.g. Art. 9 (2) GDPR (special categories) etc. General clauses of the GDPR Art. 6 (1) b)-f) GDPR Changed purpose, Art 6 (4) GDPR Consent

6 Example of Area-specific Law
§ 15 Hamburg Waste Disposal Act The competent public authority is entitled to collect and process personal data (…) for the puposes of its accomplishment of tasks. The collection and processing may in particular be carried out for purposes of 1. supervision of the waste disposal, 2. organisation of the waste disposal according to § 6, 3. (…) 4. consultation on waste disposal according to § 3.

7 Structure of Legal Grounds
Area specific (national) law e.g. tax law / food law / academic law / wastewater law etc. Area specific clauses of the GDPR e.g. Art. 22 GDPR (Profiling), e.g. Art. 9 (2) GDPR (special categories) etc. General clauses of the GDPR Art. 6 (1) b)-f) GDPR Changed purpose, Art 6 (4) GDPR Consent

8 General Clauses for Data Processing
Fulfil a contract Art. 6 (1) b) GDPR “processing is necessary for the performance of a contract to which the data subject is party” Example: Employment contract Example: Public administration buying goods Necessary More than just helpful Purpose of the contract

9 General Clauses for Data Processing
Public interest Art. 6 (1) e) GDPR “processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller” Always comply with the public authorities‘ duties / functions  statute / legal basis of the public body

10 General Clauses for Data Processing
Legal obligation Art. 6 (1) c) GDPR Obligation to process data  Permission to process data e.g. tax law e.g. investivative authorities public prosecution authority e.g. auditing authority / comptroller‘s office e.g. Freedom of Information Act

11 Consent Only if no legal basis is applicable
statement or by a clear affirmative action Only valid if freely given Free choice to refuse the consent No voluntariness in cases of subordination Employer v employee State v citisen  The state (usually) does not ask for consent

12 Principle of Purpose Limitation
The purpose of the processing is to be defined before the collection. Collection without puropse is forbidden. Limit on the data which is necessary to serve the purpose. Problem of changed purposes Example: Journalist asks for the salaries of administrative employees. Example: Journalist asks for data collected by the police. Old purpose: Payment of Salaries New purpose: Public information/discussion Old purpose: Danger prevention New purpose: Public information/discussion

13 Freedom of Information Act(s)
Most EU-memberstates provide FOI-acts Administrative data is to provide upon request No specification of reasons Requests e.g. from press/media, NGOs or interested citizens Derogations Personal data(!) Business secrets Public interests e.g. ongoing procedures e.g. security (police tactics)

14 Freedom of Information: Example
open call for tender design drafts from six architects requests for files concerning criteria for the choice of the winning draft building permission Public money spent on the project architect‘s name = personal data? business secrets?

15 Information Requests from Press and Media
Interest of the individual Private/Family life No public interest Personal disadvantages Role of the press as a „public watchdog“ Also: Online-blogs (with editorial approach) Special right of access Limited to information of public interest Again: Derogation for public interests Including access to personal data  if proportionate Interest of the public - Official business Controversal topic Importance for the democratic discussion

16 Practical Handling When receaving a FOI-request:
Does the file include personal data? Can the personal data be blackend? Example: „The citizen sdfsdfsdfsdfs has received social benefits.“ After blackening the names: Is the data still personal because of the combination of data? Example: „The Moldowan teacher sdfsdfsdfsdfs drives a Toyota has four children and an uncle in Italy.“

17 Practical Handling Aggregation of information
Build groups of persons and generate averages. „Employee x earns y Leu per month.“ „How large are the salaries of the governmental employees?“ „Bus drivers earn from x to z Leu per month; teachers earn from x to z…“ „Bus drivers earn x Leu per month on average; teachers earn y Leu on average.“

18 Thank you for your attention!
Dr Jens Ambrock Office of the Hamburg Commissioner for Data Protection and Freedom of Information Ludwig-Erhard-Straße 22, Hamburg, Germany EU Twinning Project Expert: Dr Jens Ambrock Project Activity: Training course “Personal data protection and freedom of information” Date: This project is funded by the European Union

Download ppt "Personal data protection in public institutions – effective approach"

Similar presentations

DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
Control procedures in polish public procurement law Public Procurement Office 2007.

Control procedures in polish public procurement law Public Procurement Office 2007.
DATA PROTECTION and Research University Research Ethics Committee – 08.05.2006 David Cauchi Office of the Data Protection Commissioner.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.
Hungarian Civil Liberties Union Hungarian Civil Liberties Union www.tasz.hu Ádám Földes Freedom of information in anti-corruption work the Hungarian legal.

Hungarian Civil Liberties Union Hungarian Civil Liberties Union Ádám Földes Freedom of information in anti-corruption work the Hungarian legal.
Sustainable Procurement and Community Benefits Getting ready for Procurement Reform in Scotland Jennifer Marshall.

Sustainable Procurement and Community Benefits Getting ready for Procurement Reform in Scotland Jennifer Marshall.
LOGO The collective agreement. The labour contract.

LOGO The collective agreement. The labour contract.
Data Protection Corporate training 2012. Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.

Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
An Introduction to the Privacy Act Privacy Act 1993 Promotes and protects individual privacy Is concerned with the privacy of information about people.

An Introduction to the Privacy Act Privacy Act 1993 Promotes and protects individual privacy Is concerned with the privacy of information about people.
Dr Jarosław Sułkowski.  Constitution of the Republic of Poland  the Act of 15 July 1987 on the Commissioner for Human Rights LEGAL ACTS.

Dr Jarosław Sułkowski.  Constitution of the Republic of Poland  the Act of 15 July 1987 on the Commissioner for Human Rights LEGAL ACTS.
Privacy Audit and Privacy Seal Barbara Körffer & Dr. Thomas Probst Independent Centre for Privacy Protection Independent Centre for Privacy ProtectionSchleswig-Holstein.

Privacy Audit and Privacy Seal Barbara Körffer & Dr. Thomas Probst Independent Centre for Privacy Protection Independent Centre for Privacy ProtectionSchleswig-Holstein.
The EU General Data Protection Regulation Frank Rankin.

The EU General Data Protection Regulation Frank Rankin.
Evaluation of restrictions: art. 15 and art. 39.5 TAIEX Seminar on the EU Service Directive, 3 May 2007 Carlos Almaraz.

Evaluation of restrictions: art. 15 and art TAIEX Seminar on the EU Service Directive, 3 May 2007 Carlos Almaraz.
1 The balance between access to public information and personal data protection: The German Experience Sven Hermerschmidt, Office of the Federal Commissioner.

1 The balance between access to public information and personal data protection: The German Experience Sven Hermerschmidt, Office of the Federal Commissioner.
František Nonnemann Skopje, 9th October 2012 JHA 48785 DP aspects related to provision of information about public figures in CZ.

František Nonnemann Skopje, 9th October 2012 JHA DP aspects related to provision of information about public figures in CZ.
General Data Protection Regulation (EU 2016/679)

General Data Protection Regulation (EU 2016/679)
Preparing for the GDPR Helping us to help you.

Preparing for the GDPR Helping us to help you.
Privacy in the Digital Age: the UN General Assembly Resolution

Privacy in the Digital Age: the UN General Assembly Resolution
Worker‘s Participation

Worker‘s Participation
Issues of personal data protection in scientific research

Issues of personal data protection in scientific research

Similar presentations

Ads by Google