1 / 35

A short introduction

European Data Protection Law: A Brief Outlook András Jóri Parliamentary Commissioner for Data Protection and Freedom of Information, Hungary ICTtrain Training Session, 7 January 2009. 3rd Parliamentary Commissioner of DP and FOIA

jamar
Télécharger la présentation

A short introduction

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. European Data Protection Law:A Brief OutlookAndrás JóriParliamentary Commissioner for Data Protection and Freedom of Information, HungaryICTtrain Training Session, 7 January 2009

  2. 3rd Parliamentary Commissioner of DP and FOIA Elected by the Parliament for 6 years with a 2/3 majority of the MPs Reports to the Parliament only A short introduction

  3. Main tasks: Data protection supervision Freedom of information supervision Supervision of the procedure of classification of state secrets Giving opinions on bills and other draft legislative instruments Examination of complaints Ex officio procedures 45 staff members (mostly lawyers) A short introduction

  4. European Data Protection Law: A Brief Outlook What is data protection? What is privacy? A short history of European data protection Challenges and criticism The European Data Protection Directive and the activity of the Article 29 Working Party Data protection audit and data protection issues in the telecom sector Privacy on the Internet The presentations of today’s session

  5. Data protection means the legal protection of an individual’s privacy through regulating the processing of her/his personal data and safeguarding certain rights relating to this data appeared in Europe as an answer to the dangers of electronic data processing which were becoming widespread during the IT revolution, beginning with the 1970s The notion of data protection

  6. a claim, entitlement or right of an individual to determine what information about himself (or herself) may be communicated to others;– the measure of control an individual has over information about himself  information privacy, data privacy intimacies of personal identity, or who has sensory access to him a state or condition of limited access to a person, information about him, intimacies of personal identity (Ferdinand Schoeman) The right to privacy is „the right to be left alone” (Brandeis) What is privacy?

  7. Data protection: a tool of privacy protection, aimed at personal data Data protection is always legal protection Data security means the protection of the integrity and confidentiality of data, irrespective of the information content and legal qualification of data. Data security is served by legal, technical and organizational measures Data protection and data security

  8. Complex network of connections between data protection and data security: Most data protection laws contain rules on data security In an open network environment, data security tools might be at least as effective tools for privacy protection as data protection laws are (PET technologies) Data security tools might be objects of legal regulation themselves (eg. „strong” encryption) Data protection and data security

  9. 'personal data 'shall mean any information relating to an identified or identifiable natural person ('data subject'); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity (Directive 95/46/EC) What are personal data?

  10. USA: The Right to Privacy (1890) Brandeis, "Subtler and more far reaching means of invading privacy have become available to the government. Discovery and invention have made it possible for the government, by means far more effective than stretching upon the rack, to obtain disclosure in court of what is whispered in the closet” Orwell: 1984 WWII: Misuse of state databases The widespread use of computerized data processing A brief history of DP law

  11. First data protection act: Hesse (Germany), 1970 The primary goal of the first acts was to safeguard the transparency of the large – primarily state-owned – databases They ensure some rights (primarily the right of access and rectification) that will later become parts of the right of informational self-determination Obligations concerning registering the databases containing personal data appear A brief history of DP law

  12. 1983: German Constitutional Court Decision (Volkszählunsurteil): the right of informational self-determination was born This right includes “the authority of the individual to decide himself, on the basis of the idea of self-determination, when and within what limits based on the principle of self-determination to determine in what information about his private life should be communicated to others and to what extent.” A brief history of DP law

  13. 1980: OEDC Guidelines on the Protection of Privacy and Transborder Flows of Personal Data Collection Limitation Principle Purpose Specification Principle Use Limitation Principle Security Safeguards Principle Openness Principle Individual Participation Principle Accountability Principle A brief history of DP law

  14. 1981: Council of Europe Convention for Data Protection (Convention For the Protection of Individuals with Regard to Automatic Processing of Personal Data) EU encouraged member states to adopt the convention A brief history of DP law

  15. … but the undesirable divergence of national legislations continues: EU Data Protection Directive (Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data) A brief history of DP law

  16. The Directive had to be implemented by the member states by 1998 Double objective: “(1) In accordance with this Directive, Member States shall protect the fundamental rights and freedoms of natural persons, and in particular their right to privacy with respect to the processing of personal data. (2) Member States shall neither restrict nor prohibit the free flow of personal data between Member States for reasons connected with the protection afforded under paragraph 1.” Which is the primary objective? A brief history of DP law

  17. Main provisions of the Directive: it applies to “the processing of personal data wholly or partly by automatic means, and to the processing otherwise than by automatic means of personal data which form part of a filing system or are intended to form part of a filing system.” Data quality (fair and lawful data processing; specified purpose; legitimate purpose etc.) „Criteria for making data processing legitimate.”: the Directive specifies items of cases when the national legislation of a Member State renders personal data processing (including special data) possible Rights of the data subjects (the right to receive information the right of access, the right to object) Notification Supervisory authority Judicial remedy and sanctions Personal data transfer to third countries A brief History of DP law

  18. CRITERIA FOR MAKING DATA PROCESSING LEGITIMATE Member States shall provide that personal data may be processed only if: (a) the data subject has unambiguously given his consent; or (b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; or (c) processing is necessary for compliance with a legal obligation to which the controller is subject; or (d) processing is necessary in order to protect the vital interests of the data subject; or (e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or in a third party to whom the data are disclosed; or (f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by the third party or parties to whom the data are disclosed, except where such interests are overridden by the interests for fundamental rights and freedoms of the data subject which require protection (EU Directive, Article 7) A Brief History of DP law

  19. Europe: EU member states (and most other states) have implemented data protection acts based on the Directive (In certain European states, based on the right of informational self-determination; level of protection varies considerably) US: patchwork regulation, industry self-regulatin schemes (US privacy regulation system is not „adequate” according to EU standards) Safe Harbour Agreement, PNR data EU-style data protection regimes appear in Asia, Canada and South-America Data protection in the world today

  20. According to other theorists, DP law causes social costs without benefits Richard A. Posner: An Economic Theory of Privacy, 1981 More information on one’s private life means more gains both for the society and for the individual (examples: taxation, employer-employment relationship, marriage, friendship) Secrets cause costs Privacy (and data protection) is a right of the deceivers to conceal shameful facts about themselves Do we need data protection law? Cons

  21. According to mainstream European constitutional lawyers: yes, we do German Constitutional Court, 1983: Privacy “is endangered primarily by the fact that, contrary to former practice, there is no necessity for reaching back to manually compiled cardboard-files and documents, since data concerning the personal or material relations of a specific individual (personal data) can be stored without any technical restraint with the help of automatic data processing, and can be retrieved any time within seconds, regardless of the distance. Furthermore, in case of creating integrated information systems with other databases, data can be integrated into a partly or entirely complete picture of an individual, without the informed consent of the subject concerned, regarding the correctness and use of data.” The Court stated that the situation can be dangerous both to the individual’s right of self-determination and to democratic society “if one cannot with sufficient surety be aware of who knows what about them. Those who are unsure if differing attitudes and actions are ubiquitously noted and permanently stored, processed or distributed will try not to stand out with their behavior. Those who count with the possibility that their presence at a meeting or participation in a civil initiation might be registered by the authority, may perhaps abandon practicing their basic rights”- Do we need data protection law?

  22. The role of privacy in building and determining our own identity is crucial Do we need data protection law?

  23. Between cultures… Lack of consent

  24. www.familywatchdog.us

  25. www.familywatchdog.us

  26. www.familywatchdog.us

  27. www.familywatchdog.us

  28. Between generations… The success of social networking sites: generational gap between the privacy-savvy parents and the kids eager to show themselves Lack of consent

  29. But the dangers are still here: the AOL search database case

  30. AOL search database case

  31. AOL search database case

  32. AOL search database case

  33. Third-generation data protection acts (TDDSG, 1997) Privacy protection beyond data protection (IT-Grundrecht, German Constitutional Court, 2008) The future?

  34. Without privacy protection „freedom will diminish in such an unnoticed way as clean water and air have ” (László Sólyom) The future?

  35. jori@obh.hu www.obh.hu/adatved www.dataprotection.eu Thank you for your attention!

More Related