Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.

Published byBritton Montgomery Modified over 8 years ago

Similar presentations

Presentation on theme: "Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help."— Presentation transcript:

1

2 Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help of the data protection policy of the DaimlerChrysler AG

3 CoCv1_eng2 Current situation Technical convergence promotes a worldwide exchange of goods and services. Competition becomes more and more a global challenge. Increase in possibilities of matching and processing personal data collected for various purposes. Raise of the potential risks for a fraudulent use of personal data. Increase of the sensitivity of consumers regarding the handling of their personal data. Development and integration of data security and data protection concepts in their products and services is crucial for global acting companies.

4 CoCv1_eng3 Tendencies of the privacy legislation worldwide Increase in enacting data protection laws worldwide, but different national legal requirements due to the lack of a globally competent legislator. Tendency of incorporating data protection and privacy issues in laws governing electronic commerce especially in Asian countries. Influence of the EC-Directive and national laws of Asia/Pacific and Latin-America restricting the transborder data flow. Data protection and privacy legislation is on the way to an international law convergence.

5 CoCv1_eng4 Legal situation with regard to transborder data flows A transborder transfer of personal data is only permitted if the third country ensures an adequate level of data protection. Requirement results from the EC-Directive on data protection and the privacy acts of Australia, Hong Kong, Taiwan, Argentina. Currently a transfer is only permitted in the following cases: From the EU/EEC to Hungary, Switzerland, Canada (with restrictions). From the EU/EEC to the US provided that the US- American company adheres to the Safe Harbor Principles and is subject to the jurisdiction of the Federal Trade Commission or another institution which effectively ensures the compliance with these principles.

6 CoCv1_eng5 Legal situation with regard to transborder data flows Exceptions from the requirement to provide an adequate level of data protection: Unambiguous consent of the data subject; The transfer is necessary for the performance of a contract between the data subject and the controller or for precontractual measures taken in response to the data subject’s request; or The transfer is necessary for the conclusion or performance of a contract concluded in the interest of the data subject between the controller and a third party; or

7 CoCv1_eng6 Legal situation with regard to transborder data flows Exceptions from the requirement to provide an adequate level of data protection: The transfer is necessary to protect the vital interests of the data subject. Since each transfer has to be assessed on its own merits, the reliance on the exemptions is not sufficient for companies which transfer data worldwide for diverse purposes.

8 CoCv1_eng7 Options for global acting companies Obtain the consent to the transfer to substandard countries from the data subject. Adduce adequate safeguards with respect to the protection of the privacy and fundamental rights and freedoms of individuals and as regards the exercise of the corresponding rights; like Incorporate contractual clauses/model clauses. Implement Codes of Conduct.

9 CoCv1_eng8 Pros Individual solutions are possible. Efforts then if its necessary. Cons Option not expressly provided by all nationals laws providing for restrictions on transborder data flows. Due to the different national requirements, it can be difficult to obtain a legally effective consent. Information about and consent to a transfer to a substandard country. Consent solution

10 CoCv1_eng9 Cons A consent could be withheld or revoked, mere consideration leads to a complication of the data processing process. In case of a transmission of employee’s data it might be necessary to participate the workers council. Consent solution

11 CoCv1_eng10 Pros Specific solution for each specific case, consideration of peculiarities possible. Efforts then if its necessary. Cons Increased expenditure for administration due to the obligation to incorporate and to update each single contract. No contribution to increase the awareness of the concerned employees. Notification/approval by the respective dpa required. Contractual clauses Contract

12 CoCv1_eng11 Pros Formally adopted by the European Commission being a sufficient safeguard for providing an adequate level of data protection. Cons No uniform application by the dpa’s. Alterations have to be approved. Contains the obligation for the data importer to cooperate with the competent supervisory authority, has to observe its decisions with regard to the data transferred. Standard contractual clauses

13 CoCv1_eng12 Pros Possibility to make use of the tendency of law convergence and provision of a global solution. Easy to implement, control and to update. Low expenses for law enforcement. Uniform procedures within the company as a marketing tool. Cons Approval by the respective data protection authorities required. Codes of Conduct

14 CoCv1_eng13 Cons Current procedure to get Codes of Conduct Community- wide approved is burdensome and bureaucratic. Several options: Decision by the European Commission pursuant to Art. 26 para.4 of the EU Data Protection Directive. Community-wide validity of an approval by one data protection authority, accordingly the participation of the other Member States and the Commission has to be ensured. Codes of Conduct

15 CoCv1_eng14 Codes of Conduct are the best solution to cope with the legal requirements for transborder data flow.

16 CoCv1_eng15 Principles and requirements for the collection and processing of personal data. Requirements for the transfer of personal data to third parties, including data exchange within the Group. Rights of the data subject. Requirement to maintain confidentiality. Principles of data security. Requirements for the involvement of third parties, including in case of a data processing on behalf. Responsibilities and sanctions. Internal law enforcement. Content of Codes of Conduct

17 CoCv1_eng16 Appointment of a Chief Officer Corporate Data Protection (CPO) with worldwide responsibility that reports directly to the Board of Management. Infrastructure of locally responsible Data protection coordinators for the different regions of the world. Coordination of the Data protection coordinators by regular meetings conducted by the CPO. Internal law enforcement within the DaimlerChrysler Group

18 CoCv1_eng17 Thank you for your attention. For further questions mail to anja.miedbrodt@daimlerchrysler.com

Download ppt "Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help."

Similar presentations

EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure.

EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure.
PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR

PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
EDUCATION Directive 2002/14/EC of 11 March 2002 establishing a general framework for informing and consulting employees in the European Community.

EDUCATION Directive 2002/14/EC of 11 March 2002 establishing a general framework for informing and consulting employees in the European Community.
Sarah Branam Mehmet MunurDino Tsibouris

Sarah Branam Mehmet MunurDino Tsibouris
© 2005 Morrison & Foerster LLP All Rights Reserved Data Security and Incident Notification: The Impact of Foreign Law Presented April 26, 2006 to EDUCAUSE.

© 2005 Morrison & Foerster LLP All Rights Reserved Data Security and Incident Notification: The Impact of Foreign Law Presented April 26, 2006 to EDUCAUSE.
“Reform of the Child Care System: Taking Stock and Accelerating Action” South East Europe 3 – 6 July 2007, Sofia.

“Reform of the Child Care System: Taking Stock and Accelerating Action” South East Europe 3 – 6 July 2007, Sofia.
Congress and Contractor Personal Conflicts of Interest May 21, 2008 Jon Etherton Etherton and Associates, Inc.

Congress and Contractor Personal Conflicts of Interest May 21, 2008 Jon Etherton Etherton and Associates, Inc.
Managing Personal Information - Australian Companies Outsourcing to India and the Philippines Professor Margaret Jackson and Marita Shelly.

Managing Personal Information - Australian Companies Outsourcing to India and the Philippines Professor Margaret Jackson and Marita Shelly.
EU: Bilateral Agreements of Member States

EU: Bilateral Agreements of Member States
EU: Bilateral Agreements of Member States. Formerly concluded international agreements of Member States with third countries Article 351 TFEU The rights.

EU: Bilateral Agreements of Member States. Formerly concluded international agreements of Member States with third countries Article 351 TFEU The rights.
Per Anders Eriksson

Per Anders Eriksson
Transborder dataflows Flow of information across national borders Much of this data involves personal information.

Transborder dataflows Flow of information across national borders Much of this data involves personal information.
Anomalous Aspects of Transfer of Personal Data from the E.U. to the U.S. Stephen R. Bell Willkie Farr & Gallagher ABA Section of International Law New.

Anomalous Aspects of Transfer of Personal Data from the E.U. to the U.S. Stephen R. Bell Willkie Farr & Gallagher ABA Section of International Law New.
Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Keeping on top of the Cloud - Compliance from a Regulator’s Perspective Henry Chang, IT Advisor Office of the Privacy Commissioner for Personal Data, Hong.

Keeping on top of the Cloud - Compliance from a Regulator’s Perspective Henry Chang, IT Advisor Office of the Privacy Commissioner for Personal Data, Hong.
Clinical Research Conference 2012 Legal, Ethical, and Social Dimensions of Clinical Research Takis Vidalis, Ph. D., Hellenic National Bioethics Commission.

Clinical Research Conference 2012 Legal, Ethical, and Social Dimensions of Clinical Research Takis Vidalis, Ph. D., Hellenic National Bioethics Commission.
A Common Immigration Policy for Europe Principles, actions and tools June 2008.

A Common Immigration Policy for Europe Principles, actions and tools June 2008.
|Date 13-05-2011 faculty of law groningen centre of energy law 1 Security of Supply – EU Perspective and Legal Framework First EU-Russia Energy Law Conference,30.

|Date faculty of law groningen centre of energy law 1 Security of Supply – EU Perspective and Legal Framework First EU-Russia Energy Law Conference,30.
Company Confidential How to implement privacy and security requirements in practice? Tobias Bräutigam, OTT Senior Legal Counsel, Nokia 8 October 2012 1.

Company Confidential How to implement privacy and security requirements in practice? Tobias Bräutigam, OTT Senior Legal Counsel, Nokia 8 October

Similar presentations

Ads by Google