12 January Register of Interest Representatives Identification number in the register:

Size: px
Start display at page:

Download "12 January 2011. Register of Interest Representatives Identification number in the register: 52646912360-95"

Transcription

1 Z E N T R A L E R K R E D I T A U S S C H U S S MITGLIEDER: BUNDESVERBAND DER DEUTSCHEN VOLKSBANKEN UND RAIFFEISENBANKEN E.V. BERLIN BUNDESVERBAND DEUTSCHER BANKEN E.V. BERLIN BUNDESVERBAND ÖFFENTLICHER BANKEN DEUTSCHLANDS E.V. BERLIN DEUTSCHER SPARKASSEN- UND GIROVERBAND E.V. BERLIN-BONN VERBAND DEUTSCHER PFANDBRIEFBANKEN E.V. BERLIN Comments of the Zentraler Kreditausschuss 1 on the Communication from the European Commission to the European Parliament, the Council, the Economic and Social Committee and the Committee of the Regions of 4 November 2010 A comprehensive approach on personal data protection in the European Union COM(2010) 609 final 12 January 2011 Register of Interest Representatives Identification number in the register: The ZKA is the joint committee operated by the central associations of the German banking industry. These associations are the Bundesverband der Deutschen Volksbanken und Raiffeisenbanken (BVR), for the cooperative banks, the Bundesverband deutscher Banken (BdB), for the private commercial banks, the Bundesverband Öffentlicher Banken Deutschlands (VÖB), for the public-sector banks, the Deutscher Sparkassen und Giroverband (DSGV), for the savings banks financial group, and the Verband deutscher Pfandbriefbanken (vdp), for the mortgage banks. Collectively, they represent more than 2,200 banks.

2 - 2 - In its Communication of 4 November 2010, the European Commission sets out its approach to modernising data protection at EU level. Our comments on the Commission s objectives are as follows: 1. General remarks The requirements of the Data Protection Directive have now been in force for fifteen years and have generally proved their worth. This is the right time to carefully review and, where necessary, adjust them. Not only the technical environment, but also the European Union itself has changed. Article 8 of the EU Charter of Fundamental Rights has made data protection a basic right throughout Europe, and this also has to be taken into account when modernising data protection rules. 1.1 Intelligibility The right to the protection of personal data enshrined in Article 8 of the EU Charter of Fundamental Rights should be reflected in data protection rules in a manner which is readily intelligible to citizens and companies. In some member states, data protection legislation has become so complex that even experts find it difficult to understand. To gain broad acceptance, the data protection framework of tomorrow will have to be formulated in plain language. The EU should therefore urge its member states to implement the revised data protection framework in a way which is easily understandable and should lead by example. This is all the more important given that only intelligible legal texts can be translated into all EU languages with relatively little loss of meaning. 1.2 Avoid contradictory regulatory requirements Banking supervisors are continually issuing more stringent anti-money laundering, anti-fraud and compliance requirements for banks. These frequently conflict with data protection rules: take, for instance, the rules on monitoring payments for indications of money laundering. Banks can only comply with both regimes if they are consistent with one another. When modernising the EU data protection framework, a legal mechanism should therefore be found under which data protection law will take better account of regulatory requirements for banks. 1.3 Data protection and technology Experience has shown that one of the strengths of the Data Protection Directive is its avoidance of excessive technical detail. Technical and organisational aspects of data protection should nevertheless not be ignored since they raise key questions which the Commission s

3 - 3 - comprehensive approach has not yet addressed. Differing application and perception of technical and organisational measures in member states make it difficult to implement data protection rules in practice. Consideration should therefore be given to offering guidance in the form of a pan-european minimum standard for technical and organisational measures. Existing standards for IT security, such as ISO 27001, could be complemented an EU standard for technical and organisational aspects of data protection. A pan-european standard of this kind, recognised by data protection authorities in all member states, would eliminate the need to repeat the same check multiple times on the basis of different local data protection laws. The standard would, at the same time, need to be flexible enough to allow companies to tailor implementation to their individual requirements. 1.4 Take account of new forms of data processing Technological progress and the potential of the internet mean the way in which data are processed in companies and public institutions will continue to change. Here are two examples: Cloud computing is a new way of organising data processing in which several parties are involved. The concept of the data controller and the data processor enshrined in the Data Protection Directive will need to be revisited in the light of this development. A modern legal framework will have to be found which allows companies and public institutions to exploit the potential of cloud computing in their capacity as controllers while complying with data protection rules. Requirements should also be drawn up for cloud service providers in their capacity as processors to ensure that they assume joint responsibility for, and satisfy a minimum level of, data protection. New social network services on the internet have led to a growth in the amount of publicly or semi-publicly accessible personal data. More and more companies are opening their own network accounts for marketing purposes. This raises questions concerning provider identification information, for example, or about the use of personal data which account holders themselves have made publicly available. 1.5 Self-protection by the data subject An essential prerequisite for effective data protection, particularly on the internet, is that data subjects make responsible use of their personal data and take full advantage of available security functions. Raising the awareness of data subjects and promoting technical literacy are therefore important objectives of data protection policy. Unfortunately, there appears to be a

4 - 4 - growing trend in e-commerce via the internet for certain service providers to request customers making online payments to disclose the personal identification media, such as PINs and onetime passwords, which banks have given them for the purpose of protecting themselves when banking online. This has the potential to undermine the security and integrity of online banking. When modernising the data protection framework, consideration should therefore be given to how legal requirements could safeguard the technical self-protection tools of the data subject (e.g. identification media, encryption technologies) against unauthorised use or access by third parties. 2. Transparency for data subjects (section of the Communication) 2.1 Scope of the information requirements Transparency is without question a fundamental condition for enabling data subjects to exercise their rights. When discussing how to enhance transparency, however, the following points should be borne in mind: Information should be tailored to the needs of the individual There is already a trend in consumer protection legislation towards requiring banks to provide customers with so much information that the question arises whether it is more than they want or can understand. We would therefore have reservations about introducing even more information requirements if these resulted in a flood of information which customers were unable to process. A two-step approach would be more useful. It should initially be sufficient to provide customers with general information. Only if they then specifically ask for more should additional information be supplied in a manner tailored to the customer s needs. This means that statutory information requirements should be kept to a minimum and further details should be provided only on request. (Take, for example, an automated individual decision affecting a customer of a bank. It should be mandatory for the bank to inform its customer of this decision. But the bank should only have to give the customer further details if so requested.) It is also important to remember that all information requirements are ultimately paid for in part by the customer. A cost-benefit analysis should therefore be carried out before any new requirement is introduced.

5 - 5 - Transparency requirements should not only apply to companies in the private sector People often complain about the increasing amount of data in the hands of businesses and conclude that transparency requirements for the private sector should be increased. It is frequently forgotten, however, that public institutions also collect and process personal data on a large scale. Though the need to combat terrorism and other crime is beyond dispute, it must be recognised that, from the perspective of the data subject, there is a particular lack of transparency surrounding access by public authorities to payments data in the banking industry for these purposes. In Germany, automated access by law enforcement agencies to customer account details under Section 24c of the German Banking Act is not transparent to either banks as controllers or their customers as data subjects. Those affected are often not even informed after the event that their data have been accessed. The credibility of data protection is not enhanced if lawmakers use double standards and demand greater transparency from businesses while more or less excluding the public sector. The basic right to the protection of personal data enshrined in Article 8 of the EU Charter of Fundamental Rights demands the same level of transparency from the private and public sectors. 2.2 EU standard forms ( privacy information notices ) It would be particularly helpful for small and medium-sized firms if the Commission pursued the idea of drafting EU standard forms for privacy notices. This would facilitate the implementation of statutory information requirements and help to ensure a minimum level of quality in the content of the notices. 2.3 Obligation to notify personal data breaches We understand the Commission s desire to protect the interests of data subjects by requiring them to be notified in the event of a breach in the handling of their personal data. A requirement of this kind already exists in Germany. The following points should nevertheless be borne in mind: The notification requirement should be limited to serious breaches affecting more than one individual. There is otherwise a danger of triggering an avalanche of notifications with the potential to confuse and desensitise affected data subjects.

6 - 6 - Data controllers in both the public and the private sectors should have to comply with the requirements in equal measure. From the perspective of the data subject, it is immaterial whether the breach occurred at a public institution or a private company. Data protection legislation should, moreover, set data controllers the right incentives. The notification requirement should not apply, for example, if the loss of data poses no threat because the data involved were adequately encrypted. This would encourage the practice of encrypting personal data, especially prior to their transmission. It should also be possible to dispense with notification if measures are taken to adequately compensate those affected (e.g. by issuing new credit cards to replace cards whose details have been compromised). 3. Enhancing control over one s own data (section of the Communication) 3.1 Rectification, erasure or blocking of data by electronic means It would seem a logical step to make it easier for citizens to use electronic means to exercise their right to rectify, erase or block data. The question nevertheless arises as to how data subjects identity can be authenticated electronically so as to safeguard their personal data against manipulation by unauthorised persons. One possibility would be the electronic proof of identity feature used on German identity cards issued since 1 November Right to be forgotten Discussions about the right to be forgotten focus primarily on the internet and especially on online social network services. An open question is whether it is technically feasible to realise such a right. It should also be borne in mind that many companies in their capacity as controllers, particularly banks, collect and process personal data for the purpose of fulfilling contractual agreements with their customers. In addition, a number of national rules and regulations require the collection, processing and transmission of data, particularly in the banking industry. Data processing practices in banks are therefore essentially determined by contractual and statutory obligations. A bank s customers have a right to be forgotten only when these obligations no longer apply. And even then, record-keeping regulations have to be observed. In Germany, records must be kept for six or ten years to comply with commercial law and tax law respectively. It would greatly benefit both individuals and companies if at least statutory record-keeping requirements were harmonised across the EU.

7 Raising awareness (section of the Communication) Making citizens more sensitive to data protection issues is a matter that concerns society as a whole. The banking industry would warmly welcome more awareness-raising activities by public authorities. 5. Ensuring informed and free consent (section of the Communication) General legal principles and the Data Protection Directive already provide a basis for ensuring that consent can only be deemed effective when given freely and in possession of all the relevant facts. We therefore see no need for further action. In view of the doubts expressed by some data protection authorities about whether declarations of consent within a business relationship between a company and a customer are really given freely, it could be clarified that it is permissible to ask customers to authorise the processing and transmission of their personal data outside the scope of an existing contract. It must, for instance, remain possible for customers to agree to their bank transmitting their personal data to a credit bureau or to another company for advertising purposes. Free consent should not be interpreted so narrowly as to infringe on the right of a company or a customer to conclude an agreement. If, for instance, a customer withholds permission for a bank to obtain their credit history report from a credit bureau, the bank should be under no obligation to grant the customer a loan. Though a link then exists between consent and the conclusion of an agreement, this does not mean that the customer is being forced to consent. Both parties are simply exercising their right under the freedom of contract to determine the conditions for concluding the agreement. 6. Remedies and sanctions (section of the Communication) There is no need for a right to collective action along the lines outlined by the Commission. Under the existing data protection regime, responsibility for monitoring and imposing sanctions lies with the data protection authorities. Should a right for associations to bring collective action nevertheless be considered, it should be possible to bring such an action against both public and private-sector entities. As mentioned above, citizens right to protection should not depend on whether their data have been processed by a private-sector company or a public institution.

8 Increasing legal certainty and providing a level playing field for data controllers (section of the Communication) 7.1 Eliminating national differences We would welcome further harmonisation of data protection rules in the internal market. Considerable time has elapsed since the Data Protection Directive was implemented in member states national law. National data protection rules have moved on during this period. In Germany, for example, there have been several changes to the German Data Protection Act in the last two years alone. These changes affect, among other things, the use of data for advertising purposes, scoring practices, the transmission of data to credit bureaus and notification requirements in the event of breaches in the handling of personal data. Rules on data protection in the workplace are also to be overhauled in the near future. Since it may be assumed that data protection legislation has evolved in other member states as well, new differences across national jurisdictions cannot be ruled out. This development has the potential to impede the functioning of the internal market. The European Commission and its member states should therefore undertake a review of cross-border obstacles arising from data protection rules. The need for further harmonisation should then be tackled on the basis of the review s findings. 7.2 Facilitating the free flow of personal data in the internal market As a result of the Commission s standard clauses for the transfer of data to third countries, it is sometimes easier to arrange for personal data to be processed outside the EU than it is to have the data processed in another member state. This is because differing implementation of the Data Protection Directive in member states means that the relevant national rules and regulations first have to be ascertained and analysed. These differences in national legal regimes across member states impede the free flow of personal data in the internal market. There is an especially pressing need for improvements in the following areas: Rules for outsourcing data processing are not the same in all member states. While in Germany, for example, Section 11 (2) of the Data Protection Act requires the data controller and data processor to make detailed contractual arrangements concerning, among other things, technical and organisational measures to protect the data, other member states do not have a requirement of this kind or they have diverging requirements. In the interests of practicality, a standardised framework for outsourcing data processing within the EU is needed.

9 - 9 - Conditions governing the exchange of data within groups of affiliated companies within the EU should be further harmonised and simplified. This would take account of the trend towards an increasing division of labour within groups of affiliated companies in the internal market (e.g. concentrating data processing in one unit of a financial group). A legal framework facilitating the exchange of data within groups of affiliated companies acting on the same level of data protection would promote the internal market effectively and in the long term. 8. Reducing the administrative burden (section of the Communication) Differences in notification systems often generate red tape while delivering virtually no added value. A cost-benefit analysis of the existing regime should be carried out. Consideration should be given to the idea of dispensing with notification requirements as far as possible. Though a standard EU registration form would simplify notification for companies operating in more than one member state, an administrative burden would still remain. 9. The responsibility of data controllers (section of the Communication) We would welcome a clear legal framework governing data controllers obligations and responsibilities. When it comes to conventional forms of data processing, however, we consider the existing legal framework generally sufficient. In Germany, data protection officers already function as an effective internal control mechanism in companies. And data protection impact assessment is already ensured by the system of prior checking enshrined in Article 20 of the Data Protection Directive. New forms of data processing, however, especially cloud computing, require a modern legal framework which will enable companies and public authorities to exploit the potential of cloud computing while offering an appropriate level of data protection. The idea should be explored of redefining the term data controller to cover cloud service providers so that they have a share in the responsibility. Not only the company using the provider, but also the provider itself would then have an obligation to ensure data protection. The advantage for data subjects would be that they could enforce their rights against the provider of cloud services direct. 10. Encouraging self-regulatory initiatives and exploring EU certification schemes (section of the Communication) Data protection legislation, in Germany at any rate, already offers a basis for self-regulation and certification. Banks, however, have had some reservations about adopting such an approach up to now. This is mainly because banks have to comply with requirements of

10 banking supervisory law as well as data protection rules when processing personal data. The requirements set by banking regulators are not always consistent with objectives of data protection law take, for example, the measures banks have to implement to combat money laundering and fraud. This sandwiching effect on banks is exacerbated by the fact that different supervisory authorities are involved. Self-regulation measures might well help to remedy the problem, but they would need clearance from both banking supervisors and data protection authorities. It should also be borne in mind that self-regulatory action by industry associations frequently has antitrust implications. As a result, a self-regulatory initiative by a banking association can only function in practice if it is supported by banking supervisors, data protection authorities and the competition authorities. It will therefore be necessary to establish a procedural environment for self-regulation which accommodates all the regulatory regimes involved and in which the state speaks with a single voice when approving initiatives. 11. Revising data protection rules in the area of police and judicial cooperation in criminal matters (section 2.3 of the Communication) Not least with the aims of combating the increased threat of terrorism and solving serious crime, law enforcement agencies have been progressively increasing the degree and scope of their access to payments data in the banking industry 2. The banks legal position and the extent of their obligations to provide access are not always clear-cut. There is also sometimes a tendency, moreover, for law enforcement agencies to submit informal requests for information. There is little transparency for data subjects whose payments data have been accessed by the state. Affected persons often have no knowledge of what has occurred, even after the event. What is more, data are sometimes accessed from banks data processors (e.g. computer centres for processing card payments) with the result that the bank involved is either not informed at all or only informed at a later date. The SWIFT agreement adopted in summer 2010 also demonstrates the need for further action regarding state access to data on payments by bank customers. All in all, revised data protection rules will only have credibility for customers and banks if transparency requirements have to be met in equal measure by public and private entities. When adjusting the data protection regime, account should therefore also be taken of access to payments data by the police, law enforcement agencies and the intelligence services. 2 In connection with a series of murders in 2005, the Bavarian Office of Criminal Investigation requested around 2,100 banks, various computer centres and the operators of the German electronic-cash network to provide law enforcement agencies with data on card-based payments made during a specifically defined period. In autumn 2006, the public prosecutor s office in Halle carried out an investigation into child pornography (Operation Mikado). In the course of this investigation, banks and credit card companies were asked for information about cardholders who had used their card during a certain period to pay a certain amount to a provider of child pornography on the internet. Around 20 million credit cards were affected. More than 300 offenders were identified in Germany with the help of this data.

11 Clarifying and simplifying the rules for international data transfers (section 2.4 of the Communication) Given increasing globalisation and the rate of technical progress on the internet, the question arises as to whether the Data Protection Directive s regime for international data transfers is still a realistic approach. The Commission s standard clauses have proved extremely helpful for internationally active companies with operations outside the EU. Further streamlining is nevertheless needed, especially with respect to the approach of the responsible data protection authorities and the scope of an authorisation issued by one authority. Another issue needing to be addressed more fully in this context is how to ensure an adequate level of data protection in global groups and networks. Rules are required which enable groups and financial institutions belonging to the same institutional protection scheme to process personal data using relatively straightforward, standardised procedures and with minimum bureaucracy. Moreover, these rules should be formulated in such a way as to support those industries which take their responsibility for data protection seriously.

K REDITAUSSCHUSS. Consultation paper CEBS Guidelines on Liquidity Cost Benefit Allocation (CP36)

K REDITAUSSCHUSS. Consultation paper CEBS Guidelines on Liquidity Cost Benefit Allocation (CP36) Z ENTRALER K REDITAUSSCHUSS MITGLIEDER: BUNDESVERBAND DER DEUTSCHEN VOLKSBANKEN UND RAIFFEISENBANKEN E.V. BERLIN BUNDESVERBAND DEUTSCHER BANKEN E.V. BERLIN BUNDESVERBAND ÖFFENTLICHER BANKEN DEUTSCHLANDS

More information

K R E D I T A U S S C H U S S

K R E D I T A U S S C H U S S Z E N T R A L E R K R E D I T A U S S C H U S S MITGLIEDER: BUNDESVERBAND DER DEUTSCHEN VOLKSBANKEN UND RAIFFEISENBANKEN E.V. BERLIN BUNDESVERBAND DEUTSCHER BANKEN E.V. BERLIN BUNDESVERBAND ÖFFENTLICHER

More information

Comments of the Zentraler Kreditausschuss 1 on Working Document ESC/23/2005-rev1

Comments of the Zentraler Kreditausschuss 1 on Working Document ESC/23/2005-rev1 Z ENTRALER K R E D I T A U S S C H U S S MITGLIEDER: BUNDESVERBAND DER DEUTSCHEN VOLKSBANKEN UND RAIFFEISENBANKEN E.V. BERLIN BUNDESVERBAND DEUTSCHER BANKEN E.V. BERLIN BUNDESVERBAND ÖFFENTLICHER BANKEN

More information

BCS, The Chartered Institute for IT Consultation Response to:

BCS, The Chartered Institute for IT Consultation Response to: BCS, The Chartered Institute for IT Consultation Response to: A Comprehensive Approach to Personal Data Protection in the European Union Dated: 15 January 2011 BCS The Chartered Institute for IT First

More information

COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS

COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS EUROPEAN COMMISSION Brussels, XXX [ ](2011) XXX draft COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS

More information

The reform of the EU Data Protection framework - Building trust in a digital and global world. 9/10 October 2012

The reform of the EU Data Protection framework - Building trust in a digital and global world. 9/10 October 2012 The reform of the EU Data Protection framework - Building trust in a digital and global world 9/10 October 2012 Questionnaire addressed to national Parliaments Please, find attached a number of questions

More information

5419/16 ADD 1 VH/np 1 DGD 2C

5419/16 ADD 1 VH/np 1 DGD 2C Council of the European Union Brussels, 17 March 2016 (OR. en) Interinstitutional File: 2012/0011 (COD) 5419/16 ADD 1 DRAFT STATEMT OF THE COUNCIL'S REASONS Subject: DATAPROTECT 2 JAI 38 MI 25 DIGIT 21

More information

Factsheet on the Right to be

Factsheet on the Right to be 101010 100101 1010 101 Factsheet on the Right to be 100 Forgotten ruling (C-131/12) 101 101 1) What is the case about and what did 100 the Court rule? 10 In 2010 a Spanish citizen lodged a complaint against

More information

OVERVIEW. stakeholder engagement mechanisms and WP29 consultation mechanisms respectively.

OVERVIEW. stakeholder engagement mechanisms and WP29 consultation mechanisms respectively. Joint work between experts from the Article 29 Working Party and from APEC Economies, on a referential for requirements for Binding Corporate Rules submitted to national Data Protection Authorities in

More information

EUROPEAN PARLIAMENT 2009-2014. Committee on Industry, Research and Energy. of the Committee on Industry, Research and Energy

EUROPEAN PARLIAMENT 2009-2014. Committee on Industry, Research and Energy. of the Committee on Industry, Research and Energy EUROPEAN PARLIAMT 2009-2014 Committee on Industry, Research and Energy 2012/0011(COD) 26.02.2013 OPINION of the Committee on Industry, Research and Energy for the Committee on Civil Liberties, Justice

More information

I. EBF KEY PRIORITIES. A. Data breach notification

I. EBF KEY PRIORITIES. A. Data breach notification D1391E-2012 29.10.2012 EUROPEAN BANKING FEDERATION PROPOSED AMENDMENTS TO THE EUROPEAN COMMISSION PROPOSAL FOR A REGULATION ON THE PROTECTION OF INDIVIDUALS WITH REGARD TO THE PROCESSING OF PERSONAL DATA

More information

Comments and proposals on the Chapter IV of the General Data Protection Regulation

Comments and proposals on the Chapter IV of the General Data Protection Regulation Comments and proposals on the Chapter IV of the General Data Protection Regulation Ahead of the trialogue negotiations later this month, EDRi, Access, Panoptykon Bits of Freedom, FIPR and Privacy International

More information

The Data Protection Landscape. Before and after GDPR: General Data Protection Regulation

The Data Protection Landscape. Before and after GDPR: General Data Protection Regulation The Data Protection Landscape Before and after GDPR: General Data Protection Regulation Data Protection regulations across Europe Current regulations & guidance European Directives 95/46/EC (Data Protection)

More information

Insurance Europe key messages on the European Commission's proposed General Data Protection Regulation

Insurance Europe key messages on the European Commission's proposed General Data Protection Regulation Position Paper Insurance Europe key messages on the European Commission's proposed General Data Protection Regulation Our reference: SMC-DAT-12-064 Date: 3 September 2012 Related documents: Proposal for

More information

technical factsheet 176

technical factsheet 176 technical factsheet 176 Data Protection CONTENTS 1. Introduction 1 2. Register with the Information Commissioner s Office 1 3. Period protection rights and duties remain effective 2 4. The data protection

More information

Comments of the Zentraler Kreditausschuss on CESR s Consultation Paper Guidance to report transactions on OTC derivative instruments

Comments of the Zentraler Kreditausschuss on CESR s Consultation Paper Guidance to report transactions on OTC derivative instruments Z E N T R A L E R K R E D I T A U S S C H U S S MEMBERS: BUNDESVERBAND DER DEUTSCHEN VOLKSBANKEN UND RAIFFEISENBANKEN E.V. BERLIN BUNDESVERBAND DEUTSCHER BANKEN E.V. BERLIN BUNDESVERBAND ÖFFENTLICHER BANKEN

More information

2. CEBS Consultation Paper Standards on Outsourcing CP02 revised 1

2. CEBS Consultation Paper Standards on Outsourcing CP02 revised 1 Z E N T R A L E R K R E D I T A U S S C H U S S MITGLIEDER: BUNDESVERBAND DER DEUTSCHEN VOLKSBANKEN UND RAIFFEISENBANKEN E.V. BERLIN BUNDESVERBAND DEUTSCHER BANKEN E.V. BERLIN BUNDESVERBAND ÖFFENTLICHER

More information

REGULATION (EU) No XXX/2016 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

REGULATION (EU) No XXX/2016 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL REGULATION (EU) No XXX/2016 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General

More information

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 114 thereof,

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 114 thereof, 28.8.2014 Official Journal of the European Union L 257/73 REGULATION (EU) No 910/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 23 July 2014 on electronic identification and trust services for electronic

More information

E U R O P E A N E C O N O M I C A R E A

E U R O P E A N E C O N O M I C A R E A E U R O P E A N E C O N O M I C A R E A S T A N D I N G C O M M I T T E E O F T H E E F T A S T A T E S Distribution: EEA EFTA 20 March 2012 SUBCOMMITTEE I ON THE FREE MOVEMENT OF GOODS EEA EFTA Comment

More information

10178 Berlin Burgstraße 28 27 November 2008 Ref. ZKA: BASEL Ref. BdB: C17 Ga/To

10178 Berlin Burgstraße 28 27 November 2008 Ref. ZKA: BASEL Ref. BdB: C17 Ga/To Z ENTRALER K R E D I T A U S S C H U S S MITGLIEDER: BUNDESVERBAND DER DEUTSCHEN VOLKSBANKEN UND RAIFFEISENBANKEN E.V. BERLIN BUNDESVERBAND DEUTSCHER BANKEN E.V. BERLIN BUNDESVERBAND ÖFFENTLICHER BANKEN

More information

Article 29 Working Party Issues Opinion on Cloud Computing

Article 29 Working Party Issues Opinion on Cloud Computing Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,

More information

Application of Data Protection Concepts to Cloud Computing

Application of Data Protection Concepts to Cloud Computing Application of Data Protection Concepts to Cloud Computing By Denitza Toptchiyska Abstract: The fast technological development and growing use of cloud computing services require implementation of effective

More information

Privacy in the Cloud: Data Protection and Security in Cloud Computing

Privacy in the Cloud: Data Protection and Security in Cloud Computing SPEECH/11/859 Viviane REDING Vice-President of the European Commission, EU Justice Commissioner Privacy in the Cloud: Data Protection and Security in Cloud Computing Round-table High Level conference on

More information

Data Protection. Processing and Transfer of Personal Data in Kvaerner. Binding Corporate Rules Public Document

Data Protection. Processing and Transfer of Personal Data in Kvaerner. Binding Corporate Rules Public Document Data Protection Processing and Transfer of Personal Data in Kvaerner Binding Corporate Rules Public Document 1 of 19 1 / 19 Table of contents 1 Introduction... 4 1.1 Scope... 4 1.2 Definitions... 4 1.2.1

More information

Policy Statement. Employee privacy, data protection and human resources. Prepared by the Commission on E-Business, IT and Telecoms. I.

Policy Statement. Employee privacy, data protection and human resources. Prepared by the Commission on E-Business, IT and Telecoms. I. International Chamber of Commerce The world business organization Policy Statement Employee privacy, data protection and human resources Prepared by the Commission on E-Business, IT and Telecoms I. Introduction

More information

ARTICLE 29 DATA PROTECTION WORKING PARTY

ARTICLE 29 DATA PROTECTION WORKING PARTY ARTICLE 29 DATA PROTECTION WORKING PARTY 00658/13/EN WP 204 Explanatory Document on the Processor Binding Corporate Rules Adopted on 19 April 2013 This Working Party was set up under Article 29 of Directive

More information

HIPSSA Project. Support for Harmonization of the ICT Policies in Sub-Sahara Africa, Second Mission -Namibia

HIPSSA Project. Support for Harmonization of the ICT Policies in Sub-Sahara Africa, Second Mission -Namibia HIPSSA Project Support for Harmonization of the ICT Policies in Sub-Sahara Africa, Second Mission -Namibia PRESENTATION OF THE DRAFT DATA PROTECTION POLICY FOR NAMIBIA Pria Chetty, ITU International Legal

More information

Response of the German Medical Association

Response of the German Medical Association Response of the German Medical Association To the Green Paper on mobile Health ( mhealth ) of the European Commission Berlin, 3 July 2014 Bundesärztekammer Herbert-Lewin-Platz 1 10623 Berlin We are grateful

More information

PRACTICAL LAW DATA PROTECTION MULTI-JURISDICTIONAL GUIDE 2012/13. The law and leading lawyers worldwide

PRACTICAL LAW DATA PROTECTION MULTI-JURISDICTIONAL GUIDE 2012/13. The law and leading lawyers worldwide PRACTICAL LAW MULTI-JURISDICTIONAL GUIDE 2012/13 The law and leading lawyers worldwide Essential legal questions answered in 30 key jurisdictions Analysis of critical legal issues AVAILABLE ONLINE AT WWW.PRACTICALLAW.COM/DATAPROTECTION-MJG

More information

Binding Corporate Rules ( BCR ) Summary of Third Party Rights

Binding Corporate Rules ( BCR ) Summary of Third Party Rights Binding Corporate Rules ( BCR ) Summary of Third Party Rights This document contains in its Sections 3 9 all provision of the Binding Corporate Rules (BCR) for Siemens Group Companies and Other Adopting

More information

Strategic Priorities for the Cooperation against Cybercrime in the Eastern Partnership Region

Strategic Priorities for the Cooperation against Cybercrime in the Eastern Partnership Region CyberCrime@EAP EU/COE Eastern Partnership Council of Europe Facility: Cooperation against Cybercrime Strategic Priorities for the Cooperation against Cybercrime in the Eastern Partnership Region Adopted

More information

CCBE RESPONSE REGARDING THE EUROPEAN COMMISSION PUBLIC CONSULTATION ON CLOUD COMPUTING

CCBE RESPONSE REGARDING THE EUROPEAN COMMISSION PUBLIC CONSULTATION ON CLOUD COMPUTING CCBE RESPONSE REGARDING THE EUROPEAN COMMISSION PUBLIC CONSULTATION ON CLOUD COMPUTING CCBE response regarding the European Commission Public Consultation on Cloud Computing The Council of Bars and Law

More information

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction LEEDS BECKETT UNIVERSITY Information Security Policy 1.0 Introduction 1.1 Information in all of its forms is crucial to the effective functioning and good governance of our University. We are committed

More information

The potential legal consequences of a personal data breach

The potential legal consequences of a personal data breach The potential legal consequences of a personal data breach Tue Goldschmieding, Partner 16 April 2015 The potential legal consequences of a personal data breach 15 April 2015 Contents 1. Definitions 2.

More information

FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS

FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS As a world leader in electronic commerce and payment services, First Data Corporation and its subsidiaries ( First Data entity or entities ),

More information

Comments of the Zentraler Kreditausschuss 1 on EU Commission Consultation Paper Responsible Lending and Borrowing in the EU

Comments of the Zentraler Kreditausschuss 1 on EU Commission Consultation Paper Responsible Lending and Borrowing in the EU Z E N T R A L E R K R E D I T A U S S C H U S S Members: BUNDESVERBAND DER DEUTSCHEN VOLKSBANKEN UND RAIFFEISENBANKEN E.V. BERLIN BUNDESVERBAND DEUTSCHER BANKEN E.V. BERLIN BUNDESVERBAND ÖFFENTLICHER BANKEN

More information

Caedmon College Whitby

Caedmon College Whitby Caedmon College Whitby Data Protection and Information Security Policy College Governance Status This policy was re-issued in June 2014 and was adopted by the Governing Body on 26 June 2014. It will be

More information

slaughter and may The new EU Data Protection Regulation revolution or evolution?

slaughter and may The new EU Data Protection Regulation revolution or evolution? slaughter and may The new EU Data Protection Regulation revolution or evolution? BRIEFING April 2012 Reform of Europe s data protection regime moved one step closer this January with the publication of

More information

1 Data Protection Principles

1 Data Protection Principles Today, our personal information is being collected, shared, stored and analysed everywhere. Whether you are browsing the internet, talking to a friend or making an online purchase, personal data collection

More information

***I DRAFT REPORT. EN United in diversity EN 2012/0011(COD) 17.12.2012

***I DRAFT REPORT. EN United in diversity EN 2012/0011(COD) 17.12.2012 EUROPEAN PARLIAMT 2009-2014 Committee on Civil Liberties, Justice and Home Affairs 17.12.2012 2012/0011(COD) ***I DRAFT REPORT on the proposal for a regulation of the European Parliament and of the Council

More information

REDUCTION OF BUREAUCRATIC BARRIERS FOR SUCCESSFUL PV DEPLOYMENT IN THE EU KEY RECOMMENDATIONS

REDUCTION OF BUREAUCRATIC BARRIERS FOR SUCCESSFUL PV DEPLOYMENT IN THE EU KEY RECOMMENDATIONS REDUCTION OF BUREAUCRATIC BARRIERS FOR SUCCESSFUL PV DEPLOYMENT IN THE EU KEY RECOMMENDATIONS September 2011 THE PV LEGAL PROJECT Many countries have already recognised the potential of solar energy and

More information

Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries

Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries Sopra HR Software as a Data Processor Sopra HR Software, 2014 / Ref. : 20141120-101114-m 1/32 1.

More information

Peer Review on Supervisory Practices in respect of Article 9 of Directive 2003/41/EC ( Conditions of operation ) Final Report

Peer Review on Supervisory Practices in respect of Article 9 of Directive 2003/41/EC ( Conditions of operation ) Final Report EIOPA-BoS-14/262 12 March 2015 Peer Review on Supervisory Practices in respect of Article 9 of Directive 2003/41/EC ( Conditions of operation ) Final Report EIOPA Westhafen Tower, Westhafenplatz 1-60327

More information

Council of the European Union Brussels, 26 June 2015 (OR. en)

Council of the European Union Brussels, 26 June 2015 (OR. en) Council of the European Union Brussels, 26 June 2015 (OR. en) Interinstitutional File: 2012/0011 (COD) 9985/1/15 REV 1 LIMITE DATAPROTECT 103 JAI 465 MI 402 DIGIT 52 DAPIX 100 FREMP 138 COMIX 281 CODEC

More information

BEREC Monitoring quality of Internet access services in the context of Net Neutrality

BEREC Monitoring quality of Internet access services in the context of Net Neutrality BEREC Monitoring quality of Internet access services in the context of Net Neutrality BEUC statement Contact: Guillermo Beltrà - digital@beuc.eu Ref.: BEUC-X-2014-029 28/04/2014 BUREAU EUROPÉEN DES UNIONS

More information

Corporate Policy. Data Protection for Data of Customers & Partners.

Corporate Policy. Data Protection for Data of Customers & Partners. Corporate Policy. Data Protection for Data of Customers & Partners. 02 Preamble Ladies and gentlemen, Dear employees, The electronic processing of virtually all sales procedures, globalization and growing

More information

Mitigating and managing cyber risk: ten issues to consider

Mitigating and managing cyber risk: ten issues to consider Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed

More information

COMMISSION REGULATION (EU) No /.. of XXX

COMMISSION REGULATION (EU) No /.. of XXX EUROPEAN COMMISSION Brussels, XXX [ ](2013) XXX draft COMMISSION REGULATION (EU) No /.. of XXX on the measures applicable to the notification of personal data breaches under Directive 2002/58/EC on privacy

More information

EDRi s. January 2015. European Digital Rights Rue Belliard 20, 1040 Brussels www.edri.org @EDRi tel. +32 (0) 2 274 25 70

EDRi s. January 2015. European Digital Rights Rue Belliard 20, 1040 Brussels www.edri.org @EDRi tel. +32 (0) 2 274 25 70 EDRi s Red lines on TTIP January 2015 European Digital Rights Rue Belliard 20, 1040 Brussels www.edri.org @EDRi tel. +32 (0) 2 274 25 70 ABOUT EDRI European Digital Rights is a network of 34 privacy and

More information

Mexico. Rodolfo Trampe, Jorge Díaz, José Palomar and Carlos López. Von Wobeser y Sierra, S.C.

Mexico. Rodolfo Trampe, Jorge Díaz, José Palomar and Carlos López. Von Wobeser y Sierra, S.C. Mexico Rodolfo Trampe, Jorge Díaz, José Palomar and Carlos López Market overview 1 What kinds of outsourcing take place in your jurisdiction? In Mexico, a subcontracting regime (understood as the regime

More information

We take the opportunity of the proposal to stress the following specific points where we think there is room for improvement.

We take the opportunity of the proposal to stress the following specific points where we think there is room for improvement. D0208G 22/05/2012 Set up in 1960, the European Banking Federation is the voice of the European banking sector (European Union & European Free Trade Association countries). The EBF represents the interests

More information

AMENDMENTS TO THE DRAFT DATA PROTECTION REGULATION PROPOSED BY BITS OF FREEDOM

AMENDMENTS TO THE DRAFT DATA PROTECTION REGULATION PROPOSED BY BITS OF FREEDOM AMENDMENTS TO THE DRAFT DATA PROTECTION REGULATION PROPOSED BY BITS OF FREEDOM On 25 January 2012, the European Commission published a proposal to reform the European data protection legal regime. One

More information

Proposal of regulation Com 2012 11/4 Directive 95/46/EC Conclusion

Proposal of regulation Com 2012 11/4 Directive 95/46/EC Conclusion Page 1 sur 155 Proposal of regulation Com 2012 11/4 Directive 95/46/EC Conclusion Legal nature of the instrument Règlement Directive Directly applicable act in internal law 91 articles 34 articles Art.

More information

Z E N T R A L E R K R E D I T A U S S C H U S S

Z E N T R A L E R K R E D I T A U S S C H U S S Z E N T R A L E R K R E D I T A U S S C H U S S MITGLIEDER: BUNDESVERBAND DER DEUTSCHEN VOLKSBANKEN UND RAIFFEISENBANKEN E.V. BERLIN BUNDESVERBAND DEUTSCHER BANKEN E.V. BERLIN BUNDESVERBAND ÖFFENTLICHER

More information

Comparison of the Parliament and Council text on the General Data Protection Regulation

Comparison of the Parliament and Council text on the General Data Protection Regulation Comparison of the Parliament and Council text on the General Data Protection Regulation General comments The Council text and the Parliament text are both based on the Commission's proposal and as such

More information

Personal Data Protection Policy

Personal Data Protection Policy Personal Data Protection Policy Please take a moment to read the following Policy. If there is anything you do not understand then please contact us. We are committed to protecting privacy. This Personal

More information

ECSA EuroCloud Star Audit Data Privacy Audit Guide

ECSA EuroCloud Star Audit Data Privacy Audit Guide ECSA EuroCloud Star Audit Data Privacy Audit Guide Page 1 of 15 Table of contents Introduction... 3 ECSA Data Privacy Rules... 4 Governing Law... 6 Sub processing... 6 A. TOMs: Cloud Service... 7 TOMs:

More information

Minister Shatter presents Presidency priorities in the JHA area to European Parliament

Minister Shatter presents Presidency priorities in the JHA area to European Parliament Minister Shatter presents Presidency priorities in the JHA area to European Parliament 22 nd January 2013 The Minister for Justice, Equality and Defence, Alan Shatter TD, today presented the Irish Presidency

More information

CONSULTATION PAPER ON HIGH LEVEL PRINCIPLES ON OUTSOURCING COVER NOTE

CONSULTATION PAPER ON HIGH LEVEL PRINCIPLES ON OUTSOURCING COVER NOTE CEBS CP 02 April 2004 COMMITTEE OF EUROPEAN BANKING SUPERVISORS CONSULTATION PAPER ON HIGH LEVEL PRINCIPLES ON OUTSOURCING COVER NOTE Introduction 1. European banking supervisors began work in 2002 on

More information

COMMISSION OF THE EUROPEAN COMMUNITIES. Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

COMMISSION OF THE EUROPEAN COMMUNITIES. Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL COMMISSION OF THE EUROPEAN COMMUNITIES Brussels, 21.9.2005 COM(2005) 438 final 2005/0182 (COD) Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the retention of data processed

More information

Protection. Code of Practice. of Personal Data RPC001147_EN_WB_L_1

Protection. Code of Practice. of Personal Data RPC001147_EN_WB_L_1 Protection of Personal Data RPC001147_EN_WB_L_1 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Responsibility of Employees

More information

PUBLIC PROCUREMENT CONTRACTS

PUBLIC PROCUREMENT CONTRACTS PUBLIC PROCUREMENT CONTRACTS Public authorities conclude contracts to ensure the supply of works and delivery of services. These contracts, concluded in exchange for remuneration with one or more operators,

More information

Corporate Compliance: A Global Perspective

Corporate Compliance: A Global Perspective Corporate Compliance: A Global Perspective 6/27/2012 37 Offices in 18 Countries Current Compliance Environment Ever-intensifying regulatory burden new areas of regulation existing regulations becoming

More information

FAQs Organised Crime and Anti-corruption Legislation Bill

FAQs Organised Crime and Anti-corruption Legislation Bill FAQs Organised Crime and Anti-corruption Legislation Bill What is organised crime? Organised crime normally refers to an organisation of criminals who engage in illegal activity on a large, centralised

More information

Jan Philipp Albrecht Rapporteur, Committee on Civil Liberties, Justice and Home Affairs European Parliament

Jan Philipp Albrecht Rapporteur, Committee on Civil Liberties, Justice and Home Affairs European Parliament September 5, 2012 Jan Philipp Albrecht Rapporteur, Committee on Civil Liberties, Justice and Home Affairs European Parliament Lara Comi Rapporteur, Committee on Internal market and Consumer Protection

More information

Comments. on the Leverage Ratio in follow-up to the lcr-lr-hearing of the EU- Commission on 10 March 2014

Comments. on the Leverage Ratio in follow-up to the lcr-lr-hearing of the EU- Commission on 10 March 2014 Comments on the Leverage Ratio in follow-up to the lcr-lr-hearing of the EU- Commission Register of Interest Representatives Identification number in the register: 52646912360-95 Contact: Frank Bouillon

More information

Council of the European Union Brussels, 24 November 2014 (OR. en)

Council of the European Union Brussels, 24 November 2014 (OR. en) Council of the European Union Brussels, 24 November 2014 (OR. en) 15701/1/14 REV 1 "I/A" ITEM NOTE From: To: General Secretariat of the Council No. prev. doc.: 11153/2/14 REV 2 Subject: JAI 897 DAPIX 175

More information

Guidance for Data Users on the Collection and Use of Personal Data through the Internet 1

Guidance for Data Users on the Collection and Use of Personal Data through the Internet 1 Guidance for Data Users on the Collection and Use of Personal Data through the Internet Introduction Operating online businesses or services, whether by commercial enterprises, non-government organisations

More information

Personal data and cloud computing, the cloud now has a standard. by Luca Bolognini

Personal data and cloud computing, the cloud now has a standard. by Luca Bolognini Personal data and cloud computing, the cloud now has a standard by Luca Bolognini Lawyer, President of the Italian Institute for Privacy and Data Valorization, founding partner ICT Legal Consulting Last

More information

Cloud Computing. Introduction

Cloud Computing. Introduction Cloud Computing Introduction This information leaflet aims to advise organisations which are considering engaging cloud computing on the factors they should consider. It explains the relationship between

More information

ACT on Payment Services 1 ) 2 ) of 19 August 2011. Part 1 General Provisions

ACT on Payment Services 1 ) 2 ) of 19 August 2011. Part 1 General Provisions ACT on Payment Services 1 ) 2 ) of 19 August 2011 Part 1 General Provisions Article 1. This Act sets out rules for the provision of payment services, including: 1) the conditions for provision of payment

More information

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL EUROPEAN COMMISSION Brussels, 25.1.2012 COM(2012) 11 final 2012/0011 (COD) Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of individuals with regard to the processing

More information

Outsourcing Risk Guidance Note for Banks

Outsourcing Risk Guidance Note for Banks Outsourcing Risk Guidance Note for Banks Part 1: Definitions Guideline 1 For the purposes of these guidelines, the following is meant by: a) outsourcing: an authorised entity s use of a third party (the

More information

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL EUROPEAN COMMISSION Brussels, XXX COM(2012) 11/3 draft Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of individuals with regard to the processing of personal

More information

235.1. Federal Act on Data Protection (FADP) Aim, Scope and Definitions

235.1. Federal Act on Data Protection (FADP) Aim, Scope and Definitions English is not an official language of the Swiss Confederation. This translation is provided for information purposes only and has no legal force. Federal Act on Data Protection (FADP) 235.1 of 19 June

More information

EUROPEAN UNION. Brussels, 12 July 2002 (OR. en) PE-CONS 3636/02 2000/0189 (COD) LEX 365 ECO 217 CODEC 778

EUROPEAN UNION. Brussels, 12 July 2002 (OR. en) PE-CONS 3636/02 2000/0189 (COD) LEX 365 ECO 217 CODEC 778 EUROPEAN UNION THE EUROPEAN PARLIAMT THE COUNCIL Brussels, 12 July 2002 (OR. en) 2000/0189 (COD) LEX 365 PE-CONS 3636/02 ECO 217 CODEC 778 DIRECTIVE 2002/58/EC OF THE EUROPEAN PARLIAMT AND OF THE COUNCIL

More information

ANZ Expense Manager TERMS AND CONDITIONS 03.10

ANZ Expense Manager TERMS AND CONDITIONS 03.10 ANZ Expense Manager TERMS AND CONDITIONS 03.10 Contents 1 Introduction 4 2 Defined Terms 4 2.1 Interpretation 7 2.2 Customer More Than One Person 8 3 Provision of ANZ Expense Manager 8 4 ANZ Expense Manager

More information

(a) the kind of data and the harm that could result if any of those things should occur;

(a) the kind of data and the harm that could result if any of those things should occur; Cloud Computing This information leaflet aims to advise organisations on the factors they should take into account in considering engaging cloud computing. It explains the relevance of the Personal Data

More information

Align Technology. Data Protection Binding Corporate Rules Controller Policy. 2014 Align Technology, Inc. All rights reserved.

Align Technology. Data Protection Binding Corporate Rules Controller Policy. 2014 Align Technology, Inc. All rights reserved. Align Technology Data Protection Binding Corporate Rules Controller Policy Contents INTRODUCTION 3 PART I: BACKGROUND AND ACTIONS 4 PART II: CONTROLLER OBLIGATIONS 6 PART III: APPENDICES 13 2 P a g e INTRODUCTION

More information

COUNCIL OF EUROPE COMMITTEE OF MINISTERS

COUNCIL OF EUROPE COMMITTEE OF MINISTERS COUNCIL OF EUROPE COMMITTEE OF MINISTERS Recommendation Rec(2006)8 of the Committee of Ministers to member states on assistance to crime victims (Adopted by the Committee of Ministers on 14 June 2006 at

More information

Key issues in data protection: a pan-european view

Key issues in data protection: a pan-european view Key issues in data protection: a pan-european view 19 th March 2014 Nicola Fulford, Kemp Little LLP, UK Andreas Peschel-Mehner, SKW Schwarz, Germany Marco Bellezza, Portolano Cavallo, Italy Emmanuel Schulte,

More information

OUTSOURCING, HOSTING AND DATA PRIVACY ISSUES

OUTSOURCING, HOSTING AND DATA PRIVACY ISSUES OUTSOURCING, HOSTING AND DATA PRIVACY ISSUES 4 April 2013 James Castro-Edwards Solicitor Monica Salgado Advogada / Portuguese Lawyer OUR TEAM Speechly Bircham is an ambitious, full-service law firm with

More information

BHF Southern African Conference

BHF Southern African Conference BHF Southern African Conference Navigating the complexities of the new legislative framework Peter Hill, Director: IT Governance Network TOPICS TO BE COVERED The practical implementation of the PPI Act

More information

005ASubmission to the Serious Data Breach Notification Consultation

005ASubmission to the Serious Data Breach Notification Consultation 005ASubmission to the Serious Data Breach Notification Consultation (Consultation closes 4 March 2016 please send electronic submissions to privacy.consultation@ag.gov.au) Your details Name/organisation

More information

CCBE RECOMMENDATIONS FOR THE IMPLEMENTATION OF THE DATA RETENTION DIRECTIVE

CCBE RECOMMENDATIONS FOR THE IMPLEMENTATION OF THE DATA RETENTION DIRECTIVE Représentant les avocats d Europe Representing Europe s lawyers CCBE RECOMMENDATIONS FOR THE IMPLEMENTATION OF THE DATA RETENTION DIRECTIVE CCBE RECOMMENDATIONS FOR THE IMPLEMENTATION OF THE DATA RETENTION

More information

Organisation de Coopération et de Développement Economiques Organisation for Economic Co-operation and Development

Organisation de Coopération et de Développement Economiques Organisation for Economic Co-operation and Development Organisation de Coopération et de Développement Economiques Organisation for Economic Co-operation and Development RECOMMENDATION OF THE OECD COUNCIL CONCERNING GUIDELINES FOR CONSUMER PROTECTION IN THE

More information

9565/15 CHS/VH/np 1 DGD2C

9565/15 CHS/VH/np 1 DGD2C Council of the European Union Brussels, 11 June 2015 (OR. en) Interinstitutional File: 2012/0011 (COD) 9565/15 NOTE From: To: Presidency Council No. prev. doc.: 9398/15 Subject: DATAPROTECT 97 JAI 420

More information

LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT

LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT 2300 Pursuant to its authority from Article 59 of the Rules of Procedure of the Croatian Parliament, the Legislation Committee determined the revised text

More information

Position of the retail and wholesale sector on the Draft Data Protection Regulation in view of the trilogue 2015

Position of the retail and wholesale sector on the Draft Data Protection Regulation in view of the trilogue 2015 2 September 2015 Position of the retail and wholesale sector on the Draft Data Protection Regulation in view of the trilogue 2015 We support the efforts of EU legislators to create a harmonised data protection

More information

Federal Act on Combating Money Laundering and Terrorist Financing in the Financial Sector 1

Federal Act on Combating Money Laundering and Terrorist Financing in the Financial Sector 1 English is not an official language of the Swiss Confederation. This translation is provided for information purposes only and has no legal force. Federal Act on Combating Money Laundering and Terrorist

More information

Protection. Code of Practice. of Personal Data RPC001147_EN_D_19

Protection. Code of Practice. of Personal Data RPC001147_EN_D_19 Protection of Personal Data RPC001147_EN_D_19 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Rules Responsibility

More information

Privacy and Transparency for Consumer Trust and Consumer Centrality

Privacy and Transparency for Consumer Trust and Consumer Centrality 1 1 2 2 Ecommerce Europe is the association representing around 5000+ companies selling products and/or services online to consumers in Europe. Ecommerce Europe is a major stakeholder in policy issues

More information

Final Draft Guidelines

Final Draft Guidelines EBA/GL/2015/04 20 May 2015 Final Draft Guidelines on factual circumstances amounting to a material threat to financial stability and on the elements related to the effectiveness of the sale of business

More information

Under European law teleradiology is both a health service and an information society service.

Under European law teleradiology is both a health service and an information society service. ESR statement on the European Commission Staff Working Document on the applicability of the existing EU legal framework to telemedicine services (SWD 2012/413). The European Society of Radiology (ESR)

More information

Overview. Data protection in a swirl of change 28.03.2014. Cloud computing. Software as a service. Infrastructure as a service. Platform as a service

Overview. Data protection in a swirl of change 28.03.2014. Cloud computing. Software as a service. Infrastructure as a service. Platform as a service Data protection in a swirl of change Overview 1 Data protection issues in cloud computing 2 Consent for mobile applications Security Seminar 2014: Privacy Radboud University Nijmegen 3 The WhatsApp case

More information

Council of the European Union Brussels, 27 November 2015 (OR. en)

Council of the European Union Brussels, 27 November 2015 (OR. en) Council of the European Union Brussels, 27 November 2015 (OR. en) Interinstitutional File: 2012/0011 (COD) 14481/15 LIMITE DATAPROTECT 215 JAI 914 MI 755 DIGIT 100 DAPIX 223 FREMP 276 COMIX 622 CODEC 1569

More information

The Cloud and Cross-Border Risks - Singapore

The Cloud and Cross-Border Risks - Singapore The Cloud and Cross-Border Risks - Singapore February 2011 What is the objective of the paper? Macquarie Telecom has commissioned this paper by international law firm Freshfields Bruckhaus Deringer in

More information

10227/13 GS/np 1 DG D 2B

10227/13 GS/np 1 DG D 2B COUNCIL OF THE EUROPEAN UNION Brussels, 31 May 2013 10227/13 Interinstitutional File: 2012/0011 (COD) DATAPROTECT 72 JAI 438 MI 469 DRS 104 DAPIX 86 FREMP 77 COMIX 339 CODEC 1257 NOTE from: Presidency

More information

GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT. CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4

GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT. CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4 GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4 PREFACE The following provides general guidance on data protection

More information