Presentation is loading. Please wait.

Presentation is loading. Please wait.

European data protection and privacy regulations Johny GASSER Orange Business Services – Consulting & Solutions Integration International Cyber Center.

Published byAlicia Stone Modified over 8 years ago

Similar presentations

Presentation on theme: "European data protection and privacy regulations Johny GASSER Orange Business Services – Consulting & Solutions Integration International Cyber Center."— Presentation transcript:

1 European data protection and privacy regulations Johny GASSER Orange Business Services – Consulting & Solutions Integration International Cyber Center 2011 Workshop on Cyber Security and Global Affairs Budapest, May 31 to Jun 2, 2011

2 2 International Cyber Center – Budapest Workshop agenda section 1status of the data protection section 2European regulations basics section 3concerns with US section 4potential solutions

3 3 International Cyber Center – Budapest Workshop status of the data & privacy protection

4 4 International Cyber Center – Budapest Workshop data protection status source: http://www.forrester.com/cloudprivacyheatmaphttp://www.forrester.com/cloudprivacyheatmap

5 5 International Cyber Center – Budapest Workshop data protection status - Europe source: http://www.forrester.com/cloudprivacyheatmaphttp://www.forrester.com/cloudprivacyheatmap

6 6 International Cyber Center – Budapest Workshop are security and privacy issues Top concerns? source: Forrester Research, January 2010 “As IaaS Cloud Adoption Goes Global, Tech Vendors Must Address Local Concerns ”

7 7 International Cyber Center – Budapest Workshop European regulations basics

8 8 International Cyber Center – Budapest Workshop key European regulations on data and privacy protection  European Convention on Human Rights (ECHR) (formally the Convention for the Protection of Human Rights and Fundamental Freedoms)  European Commission Directive 95/46/EC the data protection directive  European Commission Directive 2002/58/EC Directive 2002/58 on Privacy and Electronic Communications, also known as E-Privacy Directive  National Constitutions  National regulations (penal, civil, data protection, etc)  International Treaty – Cybercrime Convention

9 9 International Cyber Center – Budapest Workshop definitions (source EU Directive 95/46 – data protection)  personal data shall mean any information relating to an identified or identifiable natural person ('data subject'); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity;  processing of personal data ('processing') shall mean any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction;

10 10 International Cyber Center – Budapest Workshop EU directive 95/46  personal data must be collected for specified, explicit and legitimate purposes, and kept up to date  personal data may be processed only if the data subject has unambiguously given his/her consent  it is forbidden to process personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of data concerning health or sex life.  every data subject should have the right to obtain from the controller which data is processed  the data subject should have the right to object, on legitimate grounds, to the processing of data relating to him/her  the controller must notify the national supervisory authority before carrying out any processing operation.

11 11 International Cyber Center – Budapest Workshop EU directive 95/46 – cross border transfer  Transfers of personal data from a Member State to a third country with an adequate level of protection are authorized.  the transfer of personal data to a third country which does not ensure an adequate level of protection must be prohibited  list of countries having adequate level of protection is published and maintained by European Commission  the adequacy of the level of protection afforded by a third country must be assessed in the light of all the circumstances surrounding the transfer operation or set of transfer operations

12 12 International Cyber Center – Budapest Workshop concerns with US

13 13 International Cyber Center – Budapest Workshop concerns about US Rumors, myths and facts  use of Patriot act Bush administration has convinced the Belgium private SWIFT to provide US with an access to all inter bank orders. Justification were about the fact that SWIFT has subsidiaries in US, so Patriot Act was applicable. This has been revealed in 2006 by the New York Times.  activities of the NSA The National Security Agency (NSA) carries out industrial espionage on governmental organizations and private-sector firms, with its wiretapping network Echelon. This has been officially revealed in 1998 in a report presented to the European Parliament, and confirmed in 2000 by former CIA director James Woolsey, in an article in March for the Wall Street Journal. Confirmed case are Airbus with Saudi Arabia contract, Thomson CSF with Brazil military contract and Japanese NEC.

14 14 International Cyber Center – Budapest Workshop potential solutions

15 15 International Cyber Center – Budapest Workshop potential solutions for European Companies  do not work with US companies for sensitive data, or financial industry Take care about “in the cloud” services  work only with companies applying SAFE HARBOUR principles  use standards contractual clauses as defined by EC (Decision 2001/497/EC)  perform audit on site in US, or obtain SAS70/SSAE16/ISAE3402 independent audit report  deploy solution and infrastructure to ensure that no private data are accessible from US, even in disaster recovery scenario For US companies  apply to the SAFE HARBOUR self certification  demonstrate that you can not access personal data, or provide logs in real- time of which access has been done, etc  work hard to get the trust of your European customers

16 16 International Cyber Center – Budapest Workshop summary data protection in Europe  is not simple to address  is serious, it is a fundamental right of the Human Rights  SAFE HARBOUR is an effective solution for US companies, easiest and safest for US companies, but it has limits: self certification  Employees have rights to privacy, even at job, even if business only rule in contract, signed.  In the cloud services are subject to data protection regulations… including cross borders flows restrictions…

17 thank you

Download ppt "European data protection and privacy regulations Johny GASSER Orange Business Services – Consulting & Solutions Integration International Cyber Center."

Similar presentations

Re-use of PSI Data Protection Issues Cécile de Terwangne Professor at the Law Faculty, Research Director at CRIDS University of Namur (Belgium) 2 nd LAPSI.

Re-use of PSI Data Protection Issues Cécile de Terwangne Professor at the Law Faculty, Research Director at CRIDS University of Namur (Belgium) 2 nd LAPSI.
European CommissionDirectorate-General Justice, Freedom and Security Data Protection 1 Conference on Cross Border Data Flows & Privacy October 15-16, 2007.

European CommissionDirectorate-General Justice, Freedom and Security Data Protection 1 Conference on Cross Border Data Flows & Privacy October 15-16, 2007.
Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Data Protection Billy Hawkes Data Protection Commissioner Irish Human Rights Commission 20 November 2010.

Data Protection Billy Hawkes Data Protection Commissioner Irish Human Rights Commission 20 November 2010.
Data Protection & Privacy in the Information Age COMNET – Legal Frameworks for ICTs Malta 2013 Dr Antonio Ghio Dr Jeanine Rizzo.

Data Protection & Privacy in the Information Age COMNET – Legal Frameworks for ICTs Malta 2013 Dr Antonio Ghio Dr Jeanine Rizzo.
DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.
HIPSSAPROJECT Support for Harmonization of the ICT Policies in Sub-Sahara Africa Meeting with Data Protection Law Stakeholders 28/29 th August, 2013 PRESENTATION.

HIPSSAPROJECT Support for Harmonization of the ICT Policies in Sub-Sahara Africa Meeting with Data Protection Law Stakeholders 28/29 th August, 2013 PRESENTATION.
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
Convention for the protection of individual with regard to automatic processing of personal data “The purpose of this convention is to secure in the territory.

Convention for the protection of individual with regard to automatic processing of personal data “The purpose of this convention is to secure in the territory.
Protection of Personal Data, 11.02.2011. Historical context In 1982, Iceland signed the Council of Europe Convention nr. 108 from 1981 for the Protection.

Protection of Personal Data, Historical context In 1982, Iceland signed the Council of Europe Convention nr. 108 from 1981 for the Protection.
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Signature (unit, name, etc.) Introduction to biometrics from a legal perspective Yue Liu Mar. 2007 NRCCL, UIO.

Signature (unit, name, etc.) Introduction to biometrics from a legal perspective Yue Liu Mar NRCCL, UIO.
The Geopolitics of Personal Data and the Governance of Privacy Colin J. Bennett Department of Political Science University of Victoria BC, Canada www.colinbennett.ca.

The Geopolitics of Personal Data and the Governance of Privacy Colin J. Bennett Department of Political Science University of Victoria BC, Canada
DATA PROTECTION and Research University Research Ethics Committee – 08.05.2006 David Cauchi Office of the Data Protection Commissioner.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.
Class 13 Internet Privacy Law European Privacy.

Class 13 Internet Privacy Law European Privacy.
Attorney at the Bars of Paris and Brussels Database exploitation & Data protection Thibault Verbiest Amsterdam 1 April 2005

Attorney at the Bars of Paris and Brussels Database exploitation & Data protection Thibault Verbiest Amsterdam 1 April 2005
Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Data Protection Overview

Data Protection Overview
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.

 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
Lawyer at the Brussels Bar Lecturer at the University of Strasbourg Assistant at the University of Brussels Data Protection & Electronic Communications.

Lawyer at the Brussels Bar Lecturer at the University of Strasbourg Assistant at the University of Brussels Data Protection & Electronic Communications.

Similar presentations

Ads by Google