close

Вход

Забыли?

вход по аккаунту

?

European Data Protection Law - Introduction

код для вставкиСкачать
European Data Protection Law:
A Brief Outlook
AndrГЎs JГіri
Parliamentary Commissioner for Data Protection and Freedom
of Information, Hungary
ICTtrain Training Session, 7 January 2009
A short introduction
пЃ®
пЃ®
пЃ®
3rd Parliamentary Commissioner of DP and
FOIA
Elected by the Parliament for 6 years with a
2/3 majority of the MPs
Reports to the Parliament only
A short introduction
пЃ®
Main tasks:
пЃ®
пЃ®
пЃ®
пЃ®
пЃ®
пЃ®
пЃ®
Data protection supervision
Freedom of information supervision
Supervision of the procedure of classification of state
secrets
Giving opinions on bills and other draft legislative
instruments
Examination of complaints
Ex officio procedures
45 staff members (mostly lawyers)
The presentations of today’s session
пЃ®
European Data Protection Law: A Brief
Outlook
пЃ®
пЃ®
пЃ®
пЃ®
пЃ®
пЃ®
What is data protection? What is privacy?
A short history of European data protection
Challenges and criticism
The European Data Protection Directive and
the activity of the Article 29 Working Party
Data protection audit and data protection
issues in the telecom sector
Privacy on the Internet
The notion of data protection
пЃ®
пЃ®
пЃ®
Data protection means the legal protection of an
individual’s privacy through regulating the
processing of her/his personal data and
safeguarding certain rights relating to this data
appeared in Europe as an answer to the dangers of
electronic data processing which were becoming
widespread during the IT revolution, beginning
with the 1970s
What is privacy?
пЃ®
a claim, entitlement or right of an individual to determine what information
about himself (or herself) may be communicated to others;
– the measure of control an individual has over information about himself
пЃ®
пЃ®
пЃ®
пѓ information privacy, data privacy
intimacies of personal identity, or who has sensory access to him
a state or condition of limited access to a person, information about him,
intimacies of personal identity
(Ferdinand Schoeman)
пЃ®
The right to privacy is „the right to be left alone” (Brandeis)
Data protection and data security
пЃ®
пЃ®
пЃ®
пЃ®
Data protection: a tool of privacy protection,
aimed at personal data
Data protection is always legal protection
Data security means the protection of the
integrity and confidentiality of data,
irrespective of the information content and
legal qualification of data.
Data security is served by legal, technical and
organizational measures
Data protection and data security
пЃ®
Complex network of connections between data
protection and data security:
пЃ®
пЃ®
пЃ®
Most data protection laws contain rules on data
security
In an open network environment, data security
tools might be at least as effective tools for privacy
protection as data protection laws are (PET
technologies)
Data security tools might be objects of legal
regulation themselves (eg. „strong” encryption)
What are personal data?
пЃ®
'personal data 'shall mean any information
relating to an identified or identifiable natural
person ('data subject'); an identifiable person is
one who can be identified, directly or
indirectly, in particular by reference to an
identification number or to one or more factors
specific to his physical, physiological, mental,
economic, cultural or social identity (Directive
95/46/EC)
A brief history of DP law
пЃ®
пЃ®
пЃ®
пЃ®
пЃ®
USA: The Right to Privacy (1890)
Brandeis, "Subtler and more far reaching means of
invading privacy have become available to the
government. Discovery and invention have made it
possible for the government, by means far more
effective than stretching upon the rack, to obtain
disclosure in court of what is whispered in the closet”
Orwell: 1984
WWII: Misuse of state databases
The widespread use of computerized data processing
A brief history of DP law
пЃ®
пЃ®
пЃ®
пЃ®
First data protection act: Hesse (Germany), 1970
The primary goal of the first acts was to safeguard the
transparency of the large – primarily state-owned –
databases
They ensure some rights (primarily the right of access
and rectification) that will later become parts of the
right of informational self-determination
Obligations concerning registering the databases
containing personal data appear
A brief history of DP law
пЃ®
пЃ®
1983: German Constitutional Court Decision
(Volkszählunsurteil): the right of informational selfdetermination was born
This right includes “the authority of the individual to
decide himself, on the basis of the idea of selfdetermination, when and within what limits based on
the principle of self-determination to determine in
what information about his private life should be
communicated to others and to what extent.”
A brief history of DP law
пЃ®
1980: OEDC Guidelines on the Protection of Privacy
and Transborder Flows of Personal Data
пЃ®
пЃ®
пЃ®
пЃ®
пЃ®
пЃ®
пЃ®
Collection Limitation Principle
Purpose Specification Principle
Use Limitation Principle
Security Safeguards Principle
Openness Principle
Individual Participation Principle
Accountability Principle
A brief history of DP law
пЃ®
пЃ®
1981: Council of Europe Convention for Data
Protection (Convention For the Protection of
Individuals with Regard to Automatic
Processing of Personal Data)
EU encouraged member states to adopt the
convention
A brief history of DP law
пЃ®
пЃ®
… but the undesirable divergence of national
legislations continues:
EU Data Protection Directive (Directive
95/46/EC of the European Parliament and of
the Council of 24 October 1995 on the
protection of individuals with regard to the
processing of personal data and on the free
movement of such data)
A brief history of DP law
пЃ®
пЃ®
пЃ®
The Directive had to be implemented by the member states by
1998
Double objective:
 “(1) In accordance with this Directive, Member States shall
protect the fundamental rights and freedoms of natural
persons, and in particular their right to privacy with respect
to the processing of personal data.
пЃ® (2) Member States shall neither restrict nor prohibit the free
flow of personal data between Member States for reasons
connected with the protection afforded under paragraph 1.”
Which is the primary objective?
A brief History of DP law
пЃ®
Main provisions of the Directive:
пЃ®
пЃ®
пЃ®
пЃ®
пЃ®
пЃ®
пЃ®
пЃ®
it applies to “the processing of personal data wholly or partly by automatic
means, and to the processing otherwise than by automatic means of personal
data which form part of a filing system or are intended to form part of a filing
system.”
Data quality (fair and lawful data processing; specified purpose; legitimate
purpose etc.)
„Criteria for making data processing legitimate.”: the Directive specifies items
of cases when the national legislation of a Member State renders personal data
processing (including special data) possible
Rights of the data subjects (the right to receive information the right of access,
the right to object)
Notification
Supervisory authority
Judicial remedy and sanctions
Personal data transfer to third countries
A Brief History of DP law
CRITERIA FOR MAKING DATA PROCESSING LEGITIMATE
пЃ®
Member States shall provide that personal data may be processed only if:
пЃ®
(a) the data subject has unambiguously given his consent; or
пЃ®
(b) processing is necessary for the performance of a contract to which the data subject is
party or in order to take steps at the request of the data subject prior to entering into a
contract; or
пЃ®
(c) processing is necessary for compliance with a legal obligation to which the controller is
subject; or
пЃ®
(d) processing is necessary in order to protect the vital interests of the data subject; or
пЃ®
(e) processing is necessary for the performance of a task carried out in the public interest or in
the exercise of official authority vested in the controller or in a third party to whom the data
are disclosed; or
пЃ®
(f) processing is necessary for the purposes of the legitimate interests pursued by the
controller or by the third party or parties to whom the data are disclosed, except where such
interests are overridden by the interests for fundamental rights and freedoms of the data
subject which require protection
(EU Directive, Article 7)
Data protection in the world today
пЃ®
Europe: EU member states (and most other states) have
implemented data protection acts based on the Directive
пЃ®
пЃ®
US: patchwork regulation, industry self-regulatin schemes
(US privacy regulation system is not „adequate” according
to EU standards)
пЃ®
пЃ®
(In certain European states, based on the right of informational
self-determination; level of protection varies considerably)
Safe Harbour Agreement, PNR data
EU-style data protection regimes appear in Asia, Canada
and South-America
Do we need data protection law? Cons
пЃ®
пЃ®
пЃ®
пЃ®
пЃ®
According to other theorists, DP law causes social
costs without benefits
Richard A. Posner: An Economic Theory of Privacy,
1981
More information on one’s private life means more
gains both for the society and for the individual
(examples: taxation, employer-employment
relationship, marriage, friendship)
Secrets cause costs
Privacy (and data protection) is a right of the
deceivers to conceal shameful facts about themselves
Do we need data protection law?
пЃ®
пЃ®
пЃ®
According to mainstream European constitutional lawyers: yes, we do
German Constitutional Court, 1983:
Privacy “is endangered primarily by the fact that, contrary to former practice, there
is no necessity for reaching back to manually compiled cardboard-files and
documents, since data concerning the personal or material relations of a specific
individual (personal data) can be stored without any technical restraint with the help
of automatic data processing, and can be retrieved any time within seconds,
regardless of the distance. Furthermore, in case of creating integrated information
systems with other databases, data can be integrated into a partly or entirely
complete picture of an individual, without the informed consent of the subject
concerned, regarding the correctness and use of data.” The Court stated that the
situation can be dangerous both to the individual’s right of self-determination and to
democratic society “if one cannot with sufficient surety be aware of who knows
what about them. Those who are unsure if differing attitudes and actions are
ubiquitously noted and permanently stored, processed or distributed will try not to
stand out with their behavior. Those who count with the possibility that their
presence at a meeting or participation in a civil initiation might be registered by the
authority, may perhaps abandon practicing their basic rights”-
Do we need data protection law?
пЃ®
The role of privacy in building and
determining our own identity is crucial
Lack of consent
пЃ®
Between cultures…
www.familywatchdog.us
www.familywatchdog.us
www.familywatchdog.us
www.familywatchdog.us
Lack of consent
пЃ®
пЃ®
Between generations…
The success of social networking sites:
generational gap between the privacy-savvy
parents and the kids eager to show themselves
But the dangers are still here: the AOL
search database case
AOL search database case
AOL search database case
AOL search database case
The future?
пЃ®
пЃ®
Third-generation data protection acts
(TDDSG, 1997)
Privacy protection beyond data protection (ITGrundrecht, German Constitutional Court,
2008)
The future?
Without privacy protection
„freedom will diminish in such an unnoticed way
as clean water and air have ”
(LГЎszlГі SГіlyom)
Thank you for your attention!
пЃ®
пЃ®
пЃ®
jori@obh.hu
www.obh.hu/adatved
www.dataprotection.eu
Документ
Категория
Презентации
Просмотров
6
Размер файла
1 932 Кб
Теги
1/--страниц
Пожаловаться на содержимое документа