1 / 68

Topic 1 - Introduction to the European Union Data Protection Regime 

Topic 1 - Introduction to the European Union Data Protection Regime . Guidance for using these slides ( remove before delivering ).

bern
Télécharger la présentation

Topic 1 - Introduction to the European Union Data Protection Regime 

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Topic 1 - Introduction to the European Union Data Protection Regime 

  2. Guidance for using these slides (removebeforedelivering) These slides are meant to be easily adaptable to different audiences. To facilitate this, each slide is assignedto a specificaudience (see „relevant for:” in the notes). In the notes-section below each slide, you find an indication of the slide’s degree of difficulty [i.e. whether it is suited for data protection beginners or not], its target audience [everyone vs authorities, lawyers, data protection officers, etc.], and its degree of importance [whether it is essential that you deliver it, or if it can be removed without impacting the effectiveness of the training]. Prior to training delivery, please: Read the slides and the notesthoroughly Take a look at the readingmaterials – theyalsoservetoassistyou in your preparation Remove/hide the slides that you consider unnecessary [right click on the slide miniature on the left and click ‘hide slide’]. A provisionalcategorisation has beenmadebasedon the depth and importance of the respectivecontent Adjust slides to national or sectoral requirements Add content that you consider essential for your particular audience Feel free to replace the default layout with your organisation’s layout

  3. How to Read The Slides’ Colour Frames [Remove Before Delivering] Green – Is a basic slide: we encourage you to keep it Yellow – is a medium level slide: it is important, but does not jeopardise effectiveness if removed Red – is an advanced slide: consider adapting it to your audience, preparing your audience for it, or removing it if you deem it unnecessary Purple – advised adaptation: this slide should contain information regarding the national legislation complementing the EU Regulations; if the content regards a different Member State, we advise you replace it with the national, relevant content

  4. Speaker Name Title Department Contact details

  5. Theseslidesserveas an introduction to EU Data Protection focused around the GDPR, assuming that recipients have no previous knowledge in this area. It provides a general overview of the field and introduce key legislation, definitions, as well as an overview of the GDPR concepts and its compliance requirements in terms of actions to be undertaken. 

  6. Table of contents Concepts of privacy The righttoprivacy in human rightcatalogues The Council of Europe and EU framework The EU dataprotectionregime – the GDPR The notion of personal data Principles of processing personal data Related rights and concepts

  7. 1. Concepts of privacy

  8. Concepts of privacy (1) 19th century New technology – instant photography New concepts in media: tabloids, gossippress, ambushjournalism 1879 - U.S. Judge, Thomas Cooleyspoke of “the right to be let alone” as a matter of personal security 1890 - Samuel Warren and Louis Brandeis infamousarticle on the individual’s right to privacy, coinedas “the right to be let alone” /Harvard Law Review/ Strong relationship with human dignity and other personality rights Reflection to technological developments

  9. Concepts of privacy (3) – Alan Westin “Privacy is the claim of individuals, groups orinstitutions to determine for themselves when, how,and to what extent information about them iscommunicated to others.” “Privacy is the voluntary and temporarywithdrawal of a person from the general societythrough physical or physiological means, eitherin a state of solitude or small-group intimacy or,when among larger groups, in a condition ofanonymity or reserve.”

  10. Concepts of privacy (2) - William Prosser Four kinds of invasion (torts) to privacy: • Intrusion upon the plaintiff ’s seclusion or solitude,or into his private affairs, • Public disclosure of embarrassing private facts aboutthe plaintiff, • Publicity which places the plaintiff in a false light inthe public eye, • Appropriation for the defendant’s advantage, of theplaintiff ’s name or likeness.

  11. Concepts of privacy (4) – Roger Clarke • “Privacy is the interest that individuals have insustaining a ‘personal space’, free from interference byother people and organisations.” • Dimensions of privacy: • Privacy of the person • Privacy of personal behavior • Privacy of personal communications • Privacy of personal data • Privacy of personal experience [2013]

  12. Concepts of privacy (5) – Koopset.al.

  13. Questions?

  14. Table of contents Concepts of privacy The righttoprivacy in human rightcatalogues The Council of Europe and EU framework The EU dataprotectionregime – the GDPR The notion of personal data Principles of processing personal data Related rights and concepts

  15. 2. The righttoprivacy in human rightcatalogues

  16. Human rightcatalogues (1) - Overview Art. 12 Universal Declaration of Human Rights(UDHR) Art. 8 European Convention on Human Rights(ECHR) Art. 7 & 8 Charter of fundamental rights of theEuropean Union (CFR)

  17. Human rightcatalogues (2) - UDHR Art. 12 No one shall be subjected to arbitrary interferencewith his privacy, family, home orcorrespondence, nor to attacks upon his honourand reputation. Everyone has the right to theprotection of the law against such interference orattacks.

  18. Human rightcatalogues (3) - ECHR Art. 8 (1) Everyone has the right to respect for his private and familylife, his home and his correspondence. (2)There shall be no interference by a public authority withthe exercise of this right except such as is in accordancewith the law and is necessary in a democratic society inthe interests of national security, public safety or theeconomic well-being of the country, for the prevention ofdisorder or crime, for the protection of health or morals,or for the protection of the rights and freedoms of others.

  19. Human rightcatalogues (4) - CFR Art. 7Everyone has the right to respect for his orher private and familylife, home andcommunications.

  20. Human rightcatalogues (5) - CFR Art. 8 (1) Everyone has the right to the protection of personaldata concerning him or her. (2) Such data must be processed fairly for specifiedpurposes and on the basis of the consent of the personconcerned or some other legitimate basis laid down by law.Everyone has the right of access to data which has beencollected concerning him or her, and the right to have itrectified. (3) Compliance with these rules shall be subject to controlby an independent authority.

  21. Human rightcatalogues (6) ECHR and the CFR Art. 52 (3) CFR „In so far as this Charter contains rights which correspond to rights guaranteed by the Convention for the Protection of Human Rights and Fundamental Freedoms, the meaning and scope of those rights shall be the same as those laid down by the said Convention. This provision shall not prevent Union law providing more extensive protection.”

  22. Human rightscatalogues (7) - nationallegalframework Constitution Data protectionframework Sectoralregulations

  23. Questions?

  24. Table of contents Concepts of privacy The righttoprivacy in human rightcatalogues The Council of Europe and EU framework The EU dataprotectionregime – the GDPR The notion of personal data Principles of processing personal data Related rights and concepts

  25. 3. The Council of Europe and EU framework

  26. Council of Europe 1949Strasbourg, FR 47 member countries 1950EuropeanConvention on HumanRights art. 8 1959 European Court of Human Rights 1981ETS No. 108 - Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data 2001ETS No. 181 - Additional Protocol to the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data regarding supervisory authorities and transborder data flows 2018ModernisedConvention of the Council of Europe Nr. 108 for theprotection of individuals with regard to automaticprocessing of personal data

  27. Sectoral documents of Council of Europe • Recommendation No. R (81) 1 on regulations for automated medical data banks (23 January 1981); • Recommendation No. R (83) 10 on the protection of personal data used for scientific research and statistics (23 September 1983); • Recommendation No. R (85) 20 on the protection of personal data used for the purposes of direct marketing (25 October 1985); • Recommendation No. R (86) 1 on the protection of personal data used for social security purposes (23 January 1986); • Recommendation No. R (87) 15 regulating the use of personal data in the police sector (17 September 1987) • Recommendation No R (86) 1 on the protection of personal data used for social security purposes • Recommendation No. R (89) 2 on the protection of personal data used for employment purposes • Recommendation No R (97) 5 on the protection of data of a medical nature

  28. European Union est. 1952/1993 – Brussels, BE 28 Member States 1952/2009 Court of Justiceof the EuropeanUnion, lu 199595/46/EC DataProtectionDirective 1998Council FrameworkDecision 2008/977/JHA 2000Charter of the FundamentalRights of the European Union art. 7-8 2001 45/2001 EU Data Protection Regulation 20162016/679 GeneralDataProtectionRegulation 20162016/680/EU PoliceandCriminalJusticeDataProtectionDirective multiple legesspeciales[Schengen, Prüm, etc.] multiple international treaties [PNR, UmbrellaAgreement, etc.]

  29. Sectoral documents of the EuropeanUnion 2000/31/EC Directive on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (Directive on electronic commerce) 2002/58/EC Directive concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) 2006/24/EC Directive on the regulation of generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC (Data Retention Directive)

  30. Questions?

  31. Table of contents Concepts of privacy The righttoprivacy in human rightcatalogues The Council of Europe and EU framework The EU dataprotectionregime – the GDPR The notion of personal data Principles of processing personal data Related rights and concepts

  32. 4. The EU dataprotectionregime – the GDPR

  33. 4. The EU dataprotectionregime – the GDPR

  34. Novelties brought by the GDPR

  35. Guidelines and best practices  Article 29 Data Protection Working Party (WP29) European Data Protection Board (EDPB) Guidelines of nationalsupervisoryauthorities

  36. Object of regulation • Protect the fundamental rights and freedoms of natural persons • Right to privacy with respect to the processing of personal data. • Provide adequate and equal level of protection within the EU • Member States shall neither restrict nor prohibit the free flow of personal data between Member States for reasons connected with the protection natural persons with regard to the processing of personal data.

  37. Scope of the GDPR

  38. Scope of national law

  39. Pillars of compliantprocessing • What? • Personaldata • Why? • Purposelimitation • Basedonwhat? • Legitimateground • How? • Further aspects of data processing

  40. Questions?

  41. Table of contents Concepts of privacy The righttoprivacy in human rightcatalogues The Council of Europe and EU framework The EU dataprotectionregime – the GDPR The notion of personal data Principles of processing personal data Related rights and concepts

  42. 5. The notion of personal data

  43. What is “personal data”? “any information relating to an identified or identifiable natural person”

  44. Specialcategories of personaldata (sensitive data) • Personal data revealing • racial or ethnic origin, • political opinions, • religious or philosophical beliefs, • trade union membership, • genetic data, • biometric data for the purpose of uniquely identifying a natural person, • data concerning health, • a natural person's sex life or sexual orientation • Sensitive data is everything that personal data is and more. • Sensitive data must be personal data. Non-personal data can not be sensitive. • The concept of sensitive data represents a recognition that some categories of data carry with them more risks than others.

  45. Special categories of personal data (2) Sensitive data can occur through the combination of various forms of non-sensitive data The creation of a higher regulatory burden for those who process such data. Processing is prohibited by default Further hurdles to such processing. Processes that urge data processors to consider the harms that such processing can bring about. Titel van dia

  46. Genetic data • relating to the inherited or acquired genetic characteristics of a natural person • unique information about • physiology • health • result from an analysis of a biological sample from the natural person

  47. Biometric data • resulting from specific technical processingrelating to the • physical • physiological • behavioural characteristics of a natural person • allow or confirm the unique identification of that natural person • facial images • dactyloscopic data

  48. Processing of personal data • any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as • collection, • recording, • organization, • structuring, • storage, • adaptation or alteration, • retrieval, • consultation, • use, • disclosure by transmission, • dissemination or otherwise making available, • alignment or combination, • restriction, • erasure or destruction

More Related