PARIS - LONDRES. Commission. Mardi 23 octobre 2012 Tuesday 23 October 2012

Size: px
Start display at page:

Download "PARIS - LONDRES. Commission. Mardi 23 octobre 2012 Tuesday 23 October 2012"

Transcription

1 Commission PARIS - LONDRES Responsable : alain-christian monkam Mardi 23 octobre 2012 Tuesday 23 October 2012 Droit de la protection des données - approche comparée en droit français et en droit anglais Laws of the data protection - comparative approach in and UK law Intervenant / Speaker: Nathalie Moreno Avocat et solicitor spécialisée en droit des nouvelles technologies Avocat and solicitor specialising in the law of the new technologies

2 Speakers Profile Dr Nathalie Moreno, Partner of the UK international firm Speechly Bircham, IP, Technology & Data Protection A Harvard Law School graduate and a PhD in International law holder, Nathalie is an international technology commercial partner, with over twenty years experience in advising technology-enabled businesses across sectors in EMEA and globally. Nathalie is fluent in Spanish and French and has a working knowledge of Russian. Laurie-Anne Ancenys Laurie-Anne is a triple qualified lawyer advising clients under English, French and Spanish laws. Laurie-Anne graduated from the Universities Paris Pantheon-Sorbonne and Complutense of Madrid with a double degree programme in French and Spanish Law Dr Nathalie Moreno Member of: Paris Bar Solicitor (Law Society of England and Wales) International Technology Law Association (I-Tech) Society for Computers and Law (SCL)

3 Agenda 1.The legal framework At the EU level At the national level The role of the data protection authorities 2. Overview of some key themes Notifications International transfers Whistleblowing Hotlines Data protection breaches The right to be forgotten Offences and penalties 3. The proposed reform of the EU data protection framework Key measures Opinions of the Data Protection Authorities The EU legal framework European Directives Directive 95/46/CE of 24 Octobre 1995, on the protection of individuals with regard to the processing of personal data and on the free movement of such data Basis of current data protection legislation in all Member States of the European Union Directive 2002/58/EC «Directive on privacy and electronic communications» Directive 2006/24/EC on data retention Directive 2009/136/EC of 25 November 2009, modifying Directive 2002/22/EC «Universal Service Directive», Directive 2002/58/EC «Directive on privacy and electronic communications» and Regulation (EC) no.2006/2004 on cooperation between national authorities responsible for the enforcement of consumer protection laws Council Framework decision 2008/977/JHA on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters Regulation (EC) 45/2001 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data Charter of Fundamental Rights of the European Union of 7 December 2000

4 The national legal framework Law no of 6 January 1978 on Information Technology, Data Files and Civil Liberties Conditions for the lawfulness of data processing Formalities required prior to data processing Obligations of data controllers Rights of data subjects Sanctions and Penalties Other applicable laws Data Protection Act 1998 The eight principles The rights conferred by law Mandatory formalities and exceptions Offences and Penalties Other applicable laws The role of the data protection authorities The French national data protection agency (CNIL) Independent administrative body In charge of privacy and the protection of public or individual liberties Advisory and consultation role, in charge of keeping a register, audits, enforcement of sanctions and penalties Data Protection Act 1998 The eight principles The rights conferred by law Mandatory formalities and exceptions Offences and Penalties Other applicable laws

5 Notifications Key legal concept Data controllers have the obligation to notify the relevant authorities of their data processing activities unless an exemption applies Notifications: Simplified declaration Ordinary declaration Notifications: One single notification related to all data processing activities Authorisations Opinion requests Unless exemption applies to specific data processing International data transfers Key legal concept Prohibition of International data transfers towards countries that do not offer an adequate level of protection. International data transfers may be authorised in the following cases: Countries recognised as adequate by the European Commission Model clauses Safe Harbor Binding Corporate Rules (BCR) Exceptions In principle, the transfer must be authorised by the CNIL The transfer does not need to be authorised by the ICO

6 Whistleblowing hotlines Key legal concept Whistleblowing hotlines are subject to notifications. Unique Authorisation AU-004 (restrictive scope) Authorisation Covered by the general notification filed with the ICO Notification of the works council. Data protection breaches Key legal concept No general legal obligation for the data controllers to inform the authorities in case of breach For the providers of electronic communications services offered to the public: Obligation to inform the relevant authority (and the data subjects where appropriate) Exceptions Register of breaches No specific template ICO has put in place a template log for data breaches notifications Serious breaches must be notified Guidelines available Right to be forgotten Key legal point Perceived by some as a novelty part of for a long time The Data subject can request from the data controller that personal data related to him/her may be deleted (art. 40) No equivalent provision in the Data Protection Act of 1998

7 Offences and penalties Warning and notice Penalties up to Criminal offences: imprisonment and up to 1.5 million in fines for companies Injunction to stop data processing or withdrawal of authorisation Obstruction to CNIL s intervention - 1 year imprisonment + 15,000 in fines Warning and audits Penalties up to Liability of directors of the company involved Criminal offences The draft european reform proposal Key measures Published on 25 January 2012 by the EU Commission to modernise the legal system Consists of two documents: A «general regulation on data protection» which purpose is to replace the current Directive 95/46/ EC on «personal data protection»; and A directive on protecting personal data processed for the purposes of prevention, detection, investigation or prosecution of criminal offences and related judicial activities Overview of the key measures of the Regulation

8 The draft european reform opinions of the data protection authorities CNIL Acknowledges that the rights of EU citizens will be greatly reinforced with : Right to be forgotten Data portability Explicit consent Power of sanctions Expresses key reservations: In relation to art. 51 data protection authorities scope of jurisdiction In relation to the level of protection of EU data subjects - should be equivalent to EU consumers ICO Acknowledges improvement of rights for data subjects : Obligation to notify in case of breach Explicit consent Accountability principle Privacy by design Data protection impact assessment analysis List of its multiple concerns in a report

Presentation by: Dr. Nathalie Moreno Partner. Cloud Computing and Data Protection: an Update 4 October 2012

Presentation by: Dr. Nathalie Moreno Partner. Cloud Computing and Data Protection: an Update 4 October 2012 Presentation by: Dr. Nathalie Moreno Partner Cloud Computing and Data Protection: an Update 4 October 2012 Our team Speechly Bircham is an ambitious, international mid-size fullservice law firm head-quartered

More information

Privacy vs Data Protection. PRESENTATION TITLE GOES HERE Eric A. Hibbard, CISSP, CISA Hitachi Data Systems

Privacy vs Data Protection. PRESENTATION TITLE GOES HERE Eric A. Hibbard, CISSP, CISA Hitachi Data Systems Privacy vs Data Protection PRESENTATION TITLE GOES HERE Eric A. Hibbard, CISSP, CISA Hitachi Data Systems Introduction The terms privacy and data protection are often used interchangeable In reality they

More information

Article 29 Working Party Issues Opinion on Cloud Computing

Article 29 Working Party Issues Opinion on Cloud Computing Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,

More information

FRANCE. Chapter XX OVERVIEW

FRANCE. Chapter XX OVERVIEW Chapter XX FRANCE Merav Griguer 1 I OVERVIEW France has an omnibus privacy, data protection and cybersecurity framework law. As a member of the European Union, France has implemented the EU Data Protection

More information

Into the Cloud: How will the Draft EU Data Protection Regulation affect cloud computing service providers and users?

Into the Cloud: How will the Draft EU Data Protection Regulation affect cloud computing service providers and users? 10 Juni 2013 Taylor Wessing - Essay Competition 2013 Into the Cloud: How will the Draft EU Data Protection Regulation affect cloud computing service providers and users? by Katarina Kesselová, LLM. Introduction

More information

Ethical hotlines and whistleblowing ensuring businesses are not in conflict. with EU laws 10 May 2012. James Castro-Edwards, solicitor.

Ethical hotlines and whistleblowing ensuring businesses are not in conflict. with EU laws 10 May 2012. James Castro-Edwards, solicitor. James Castro-Edwards, solicitor and Alexia Zuber, solicitor Data Protection & Information Law Group Ethical hotlines and whistleblowing ensuring businesses are not in conflict with EU laws 10 May 2012

More information

Supported by. World Trademark Review. Anti-counterfeiting. Poland. Contributing firm Patpol Patent & Trademark Attorneys.

Supported by. World Trademark Review. Anti-counterfeiting. Poland. Contributing firm Patpol Patent & Trademark Attorneys. Supported by World Trademark Review Anti-counterfeiting 2012 Poland Contributing firm A Global Guide Poland Contributing firm Authors Jaromir Piwowar and Bartek Kochlewski Legal framework Rights holders

More information

BCS, The Chartered Institute for IT Consultation Response to:

BCS, The Chartered Institute for IT Consultation Response to: BCS, The Chartered Institute for IT Consultation Response to: A Comprehensive Approach to Personal Data Protection in the European Union Dated: 15 January 2011 BCS The Chartered Institute for IT First

More information

The Impact of EU Data Protection Legislation. Thomas Rivera Hitachi Data Systems

The Impact of EU Data Protection Legislation. Thomas Rivera Hitachi Data Systems Privacy PRESENTATION vs Data TITLE Protection: GOES HERE The Impact of EU Data Protection Legislation Thomas Rivera Hitachi Data Systems SNIA Legal Notice The material contained in this tutorial is copyrighted

More information

Cloud computing and personal data protection. Gwendal LE GRAND Director of technology and innovation CNIL

Cloud computing and personal data protection. Gwendal LE GRAND Director of technology and innovation CNIL Cloud computing and personal data protection Gwendal LE GRAND Director of technology and innovation CNIL 1 Data protection in Europe Directive 95/46/EC Loi 78-17 du 6 janvier 1978 amended in 2004 (France)

More information

OUTSOURCING, HOSTING AND DATA PRIVACY ISSUES

OUTSOURCING, HOSTING AND DATA PRIVACY ISSUES OUTSOURCING, HOSTING AND DATA PRIVACY ISSUES 4 April 2013 James Castro-Edwards Solicitor Monica Salgado Advogada / Portuguese Lawyer OUR TEAM Speechly Bircham is an ambitious, full-service law firm with

More information

Ethical hotlines and whistleblowing ensuring businesses are not in conflict with local laws

Ethical hotlines and whistleblowing ensuring businesses are not in conflict with local laws Ethical hotlines and whistleblowing ensuring businesses are not in conflict with local laws 16 January 2014 Robert Bond, CCEP Partner and Notary Public Our Team Speechly Bircham is an ambitious, full-service

More information

LIMITE EN COUNCIL OF THE EUROPEAN UNION. Brussels, 3 February 2012 5999/12 LIMITE JAI 53 USA 2 DATAPROTECT 13 RELEX 76

LIMITE EN COUNCIL OF THE EUROPEAN UNION. Brussels, 3 February 2012 5999/12 LIMITE JAI 53 USA 2 DATAPROTECT 13 RELEX 76 COUNCIL OF THE EUROPEAN UNION Brussels, 3 February 2012 5999/12 LIMITE JAI 53 USA 2 DATAPROTECT 13 RELEX 76 NOTE from: Commission services to: JHA Counsellors No. prev. doc.: 17480/10 JAI 1049 USA 127

More information

The Data Protection Landscape. Before and after GDPR: General Data Protection Regulation

The Data Protection Landscape. Before and after GDPR: General Data Protection Regulation The Data Protection Landscape Before and after GDPR: General Data Protection Regulation Data Protection regulations across Europe Current regulations & guidance European Directives 95/46/EC (Data Protection)

More information

Data Protection Avoiding Information Commissioner Fines. Caroline Egan 5 June 2014

Data Protection Avoiding Information Commissioner Fines. Caroline Egan 5 June 2014 Data Protection Avoiding Information Commissioner Fines Caroline Egan 5 June 2014 Why is data protection a hot topic in pensions? Pension schemes hold large amounts of personal data Individuals more aware

More information

COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS

COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS EUROPEAN COMMISSION Brussels, XXX [ ](2011) XXX draft COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS

More information

HOW TO HANDLE A WHISTLEBLOWER REPORT IN THE EU

HOW TO HANDLE A WHISTLEBLOWER REPORT IN THE EU HOW TO HANDLE A WHISTLEBLOWER REPORT IN THE EU 10 April 2014 Monica Salgado Advogada registered with the Portuguese Ordem dos Advogados Registered European Lawyer with the SRA Kirsti Laird Solicitor, (qualified

More information

The reform of the EU Data Protection framework - Building trust in a digital and global world. 9/10 October 2012

The reform of the EU Data Protection framework - Building trust in a digital and global world. 9/10 October 2012 The reform of the EU Data Protection framework - Building trust in a digital and global world 9/10 October 2012 Questionnaire addressed to national Parliaments Please, find attached a number of questions

More information

GARANTE PER LA PROTEZIONE DEI DATI PERSONALI WHEREAS

GARANTE PER LA PROTEZIONE DEI DATI PERSONALI WHEREAS [doc. web n. 1589969] Spamming: How to Lawfully Email Advertising Messages GARANTE PER LA PROTEZIONE DEI DATI PERSONALI Prof. Stefano Rodotà, President, Prof. Giuseppe Santaniello, Vice-President, Prof.

More information

Protection. Code of Practice. of Personal Data RPC001147_EN_D_19

Protection. Code of Practice. of Personal Data RPC001147_EN_D_19 Protection of Personal Data RPC001147_EN_D_19 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Rules Responsibility

More information

slaughter and may The new EU Data Protection Regulation revolution or evolution?

slaughter and may The new EU Data Protection Regulation revolution or evolution? slaughter and may The new EU Data Protection Regulation revolution or evolution? BRIEFING April 2012 Reform of Europe s data protection regime moved one step closer this January with the publication of

More information

10227/13 GS/np 1 DG D 2B

10227/13 GS/np 1 DG D 2B COUNCIL OF THE EUROPEAN UNION Brussels, 31 May 2013 10227/13 Interinstitutional File: 2012/0011 (COD) DATAPROTECT 72 JAI 438 MI 469 DRS 104 DAPIX 86 FREMP 77 COMIX 339 CODEC 1257 NOTE from: Presidency

More information

Protection. Code of Practice. of Personal Data RPC001147_EN_WB_L_1

Protection. Code of Practice. of Personal Data RPC001147_EN_WB_L_1 Protection of Personal Data RPC001147_EN_WB_L_1 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Responsibility of Employees

More information

Data and Cyber Laws Up-date 9 July 2015

Data and Cyber Laws Up-date 9 July 2015 Data and Cyber Laws Up-date 9 July 2015 Janine Regan Alexia Zuber Viktoria Protokova Simon Holdsworth charlesrussellspeechlys.com Topics Updates on the key aspects of, and commentary on, the proposed GDPR

More information

Recommendations for companies planning to use Cloud computing services

Recommendations for companies planning to use Cloud computing services Recommendations for companies planning to use Cloud computing services From a legal standpoint, CNIL finds that Cloud computing raises a number of difficulties with regard to compliance with the legislation

More information

Data, Privacy, Cookies and the FTC in 2013. Kevin Stark - ExactTarget Maltie Maraj - ExactTarget Nicholas Merker - Ice Miller

Data, Privacy, Cookies and the FTC in 2013. Kevin Stark - ExactTarget Maltie Maraj - ExactTarget Nicholas Merker - Ice Miller Data, Privacy, Cookies and the FTC in 2013 Kevin Stark - ExactTarget Maltie Maraj - ExactTarget Nicholas Merker - Ice Miller BIOS Kevin Stark: Product Manager at ExactTarget. Focused on data security,

More information

Enforced subject access (section 56)

Enforced subject access (section 56) ICO lo Enforced subject access (section 56) Data Protection Act Contents Introduction... 2 Overview.3 The criminal offence.... 3 Exceptions and penalties.... 7 Relevant records....... 8 Other considerations

More information

EU Data Protection Reform. Interpretations at GP level

EU Data Protection Reform. Interpretations at GP level EU Data Protection Reform Interpretations at GP level EU Data Protection Reform Why GDPR BREXIT implications EU GDP Reform key aspects GPs getting ready Further resources, help and advice Why the DP reform?

More information

PRIVACY SEALS ON PRIVACY GOVERNANCE PROCEDURES

PRIVACY SEALS ON PRIVACY GOVERNANCE PROCEDURES PRIVACY SEALS ON PRIVACY GOVERNANCE PROCEDURES SUMMARY Deliberation No. 2014-500 of 11 December 2014 on the Adoption of a Standard for the Deliverance of Privacy Seals on Privacy Governance Procedures....

More information

The EU Data Protection Law Reform and Scientific Research: What s new? ----

The EU Data Protection Law Reform and Scientific Research: What s new? ---- 1 The EU Data Protection Law Reform and Scientific Research: What s new? ---- ECRD 2014 Gauthier Chassang Lawyer INSERM, UMR 1027/US 013 BIOBANQUES National Infrastructure European Conference on Rare Diseases

More information

Employee monitoring in France. January 2010. Contents. Legal Framework 1

Employee monitoring in France. January 2010. Contents. Legal Framework 1 Employee monitoring in France January 2010 Contents Legal Framework 1 Principal situations where an individual's privacy is restricted in the workplace 1 Potential disciplinary sanctions applied to employees

More information

ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY

ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY Originated by: Data Protection Working Group: November 2008 Impact Assessment: (to be confirmed) Recommended by Senate: 28 January 2009 Approved by Council:

More information

South East Asia: Data Protection Update

South East Asia: Data Protection Update Data Privacy and Security Team To: Our Clients and Friends September 2013 South East Asia: Data Protection Update Europe has had data protection laws in place for over a decade. Such laws regulate how

More information

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL EUROPEAN COMMISSION Brussels, XXX COM(2012) 11/3 draft Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of individuals with regard to the processing of personal

More information

Emerging Data Protection regulations in Africa. Christophe Fichet

Emerging Data Protection regulations in Africa. Christophe Fichet Emerging Data Protection regulations in Africa Christophe Fichet 19 May 2015 Topics Development of data protection laws in Africa Key expectations over the next year Data Protection landscape African organizations

More information

Section 1: Development of the EU s competence in the field of police and judicial cooperation in criminal matters

Section 1: Development of the EU s competence in the field of police and judicial cooperation in criminal matters CALL FOR EVIDENCE ON THE GOVERNMENT S REVIEW OF THE BALANCE OF COMPETENCES BETWEEN THE UNITED KINGDOM AND THE EUROPEAN UNION Police and Criminal Justice LEGAL ANNEX Section 1: Development of the EU s competence

More information

COAG National Legal Profession Reform Discussion Paper: Trust money and trust accounting

COAG National Legal Profession Reform Discussion Paper: Trust money and trust accounting COAG National Legal Profession Reform Discussion Paper: Trust money and trust accounting Purpose The purpose of this Paper is to outline the Taskforce s preferred approach to regulation of trust money

More information

The potential legal consequences of a personal data breach

The potential legal consequences of a personal data breach The potential legal consequences of a personal data breach Tue Goldschmieding, Partner 16 April 2015 The potential legal consequences of a personal data breach 15 April 2015 Contents 1. Definitions 2.

More information

Information Management Compliance and Data protection.

Information Management Compliance and Data protection. Information Management Compliance and Data protection. Technology, Media & Telecommunications Information is the life blood of every business. Yet how you use that information is increasingly regulated.

More information

Running your business and trading.

Running your business and trading. Running your business and trading. Supporting you on your business journey. When setting up a new business, it s essential that you re familiar with the relevant aspects of the law. Breaking a law because

More information

Securing safe, clean drinking water for all

Securing safe, clean drinking water for all Securing safe, clean drinking water for all Enforcement policy Introduction The Drinking Water Inspectorate (DWI) is the independent regulator of drinking water in England and Wales set up in 1990 by Parliament

More information

PRIVACY CHECKLIST FOR CLOUD SERVICE CONTRACTS

PRIVACY CHECKLIST FOR CLOUD SERVICE CONTRACTS PRIVACY CHECKLIST FOR CLOUD SERVICE CONTRACTS CIRRUS WORSHOP 28 February 2013, The Interna

More information

The HR Skinny: Effectively managing international employee data flows

The HR Skinny: Effectively managing international employee data flows The HR Skinny: Effectively managing international employee data flows Topics we will cover today Laws affecting HR data flows HR international data protection challenges and strategic solutions Case study

More information

Mitigating and managing cyber risk: ten issues to consider

Mitigating and managing cyber risk: ten issues to consider Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed

More information

Security breaches: A regulatory overview. Jonathan Bamford Head of Strategic Liaison

Security breaches: A regulatory overview. Jonathan Bamford Head of Strategic Liaison Security breaches: A regulatory overview Jonathan Bamford Head of Strategic Liaison Security breaches and the DPA Data controllers security obligation - principle 7 of the DPA o Appropriate technical and

More information

RESTREINT UE/EU RESTRICTED

RESTREINT UE/EU RESTRICTED COUNCIL OF THE EUROPEAN UNION Brussels, 9 April 2014 8761/14 RESTREINT UE/EU RESTRICTED JAI 220 USA 9 DATAPROTECT 56 RELEX 319 NOTE from : Commission Services to : JHA Counsellors No. prev. doc. : 5999/12

More information

CCBE questionnaire on professional indemnity insurance for lawyers requesting registration under the Establishment directive (98/5/CE)

CCBE questionnaire on professional indemnity insurance for lawyers requesting registration under the Establishment directive (98/5/CE) Représentant les avocats d Europe Representing Europe s lawyers CCBE questionnaire on professional indemnity insurance for lawyers requesting registration under the Establishment directive (98/5/CE) Introduction

More information

Pensions. Data protection and pensions. Briefing. Application Data Controller v Data Processor

Pensions. Data protection and pensions. Briefing. Application Data Controller v Data Processor Financial institutions Energy Infrastructure, mining and commodities Transport Technology and innovation Life sciences and healthcare Pensions Data protection and pensions Briefing January 2016 Trustees

More information

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL EUROPEAN COMMISSION Brussels, 25.1.2012 COM(2012) 11 final 2012/0011 (COD) Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of individuals with regard to the processing

More information

1 September /552

1 September /552 Foreword from the Chair of the ICC Commission on the Digital Economy Paris, 1 April 2016 The International Chamber of Commerce (ICC) policy inventory on the European Union (EU) General Data Protection

More information

ANTI-SPAM LAWS IN WESTERN COUNTRIES: A COMPARISON

ANTI-SPAM LAWS IN WESTERN COUNTRIES: A COMPARISON PRB 09-24E ANTI-SPAM LAWS IN WESTERN COUNTRIES: A COMPARISON Alysia Davies Legal and Legislative Affairs Division 18 January 2010 PARLIAMENTARY INFORMATION AND RESEARCH SERVICE SERVICE D INFORMATION ET

More information

Overview. Data protection in a swirl of change 28.03.2014. Cloud computing. Software as a service. Infrastructure as a service. Platform as a service

Overview. Data protection in a swirl of change 28.03.2014. Cloud computing. Software as a service. Infrastructure as a service. Platform as a service Data protection in a swirl of change Overview 1 Data protection issues in cloud computing 2 Consent for mobile applications Security Seminar 2014: Privacy Radboud University Nijmegen 3 The WhatsApp case

More information

Hacks, apps and espionage - how protected are you against cyber crime? Top 10 Legal Need-to-Knows

Hacks, apps and espionage - how protected are you against cyber crime? Top 10 Legal Need-to-Knows Hacks, apps and espionage - how protected are you against cyber crime? Top 10 Legal Need-to-Knows 24 February 2015 Callum Sinclair Faith Jayne Agenda Top 10 legal need-to-knows, including: What is cyber

More information

Data Security and Extranet

Data Security and Extranet Data Security and Extranet Derek Crabtree Schools ICT Support Manager derek.crabtree@merton.gov.uk Target Operating Model 2011 Merton Audit Organisation name: London Borough of Merton Periodic plan date:

More information

Privacy in the cloud. DNB has indicated that it considers cloud computing a form of outsourcing.

Privacy in the cloud. DNB has indicated that it considers cloud computing a form of outsourcing. Privacy in the cloud computing, and the company concerned is required to submit a risk analysis to DNB. 3 Cloud computing entails the saving, processing and using of company data on the servers of a cloud

More information

Version 56 (29/11/2011)

Version 56 (29/11/2011) EUROPEAN COMMISSION Brussels, XXX [ ](2011) XXX draft Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of individuals with regard to the processing of personal

More information

Draft Model Legislative text on Privacy and Data Protection

Draft Model Legislative text on Privacy and Data Protection The views expressed in this presentation are those of the author and do not necessarily reflect the opinions of the ITU or its Membership. This document has been produced with the financial assistance

More information

CLOUD COMPUTING Contractual and data protection aspects

CLOUD COMPUTING Contractual and data protection aspects CLOUD COMPUTING Contractual and data protection aspects Cloudscape VI 25 February 2014, Bruxelles Paolo Balboni Ph.D., Founding Partner, ICT Legal Consulting Domenico Converso LL.M., Senior Associate,

More information

DATA PROTECTION LAWS OF THE WORLD. UAE - General

DATA PROTECTION LAWS OF THE WORLD. UAE - General DATA PROTECTION LAWS OF THE WORLD UAE - General Date of Download: 10 January 2017 UAE - GENERAL Last modified 21 March 2016 LAW IN UAE - GENERAL Note: Please also see 'UAE Dubai (DIFC)'. In December 2015

More information

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 February 2005 6566/05 LIMITE COPEN 35 TELECOM 10

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 February 2005 6566/05 LIMITE COPEN 35 TELECOM 10 COUNCIL OF THE EUROPEAN UNION Brussels, 24 February 2005 6566/05 LIMITE COPEN 35 TELECOM 0 REPORT from : Working Party on cooperation in criminal matters to : Article 36 Committee No. prev. doc. : 5098/04

More information

Personal data and cloud computing, the cloud now has a standard. by Luca Bolognini

Personal data and cloud computing, the cloud now has a standard. by Luca Bolognini Personal data and cloud computing, the cloud now has a standard by Luca Bolognini Lawyer, President of the Italian Institute for Privacy and Data Valorization, founding partner ICT Legal Consulting Last

More information

Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries

Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries Sopra HR Software as a Data Processor Sopra HR Software, 2014 / Ref. : 20141120-101114-m 1/32 1.

More information

Response of the Northern Ireland Human Rights Commission on the Health and Social Care (Control of Data Processing) NIA Bill 52/11-16

Response of the Northern Ireland Human Rights Commission on the Health and Social Care (Control of Data Processing) NIA Bill 52/11-16 Response of the Northern Ireland Human Rights Commission on the Health and Social Care (Control of Data Processing) NIA Bill 52/11-16 Summary The Northern Ireland Human Rights Commission (the Commission):

More information

Acquia Comments on EU Recommendations for Data Processing in the Cloud

Acquia Comments on EU Recommendations for Data Processing in the Cloud Acquia Comments on EU Recommendations for Data Processing in the Cloud Executive Summary On July 1, 2012, European Union (EU) data protection regulators provided guidelines for service providers processing

More information

Factsheet on the Right to be

Factsheet on the Right to be 101010 100101 1010 101 Factsheet on the Right to be 100 Forgotten ruling (C-131/12) 101 101 1) What is the case about and what did 100 the Court rule? 10 In 2010 a Spanish citizen lodged a complaint against

More information

Oliver Brettle London. Employee Monitoring in the UK and Generally: Concerns Beyond the EU Data Protection Directive

Oliver Brettle London. Employee Monitoring in the UK and Generally: Concerns Beyond the EU Data Protection Directive Oliver Brettle London Employee Monitoring in the UK and Generally: Concerns Beyond the EU Data Protection Directive 6 th Annual Privacy Law Symposium April 27, 2006 The Focus Part I an overview on data

More information

OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions

OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions Preamble The Parties, Considering that bribery is a widespread phenomenon in international business

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY Reference number Approved by Information Management and Technology Board Date approved 14 th May 2012 Version 1.1 Last revised N/A Review date May 2015 Category Information Assurance Owner Data Protection

More information

Fire Safety Policy Directive ENFORCEMENT POLICY STATEMENT. Index. 1. Introduction. 2. Advice and Guidance. 3. The Purpose and Method of Enforcement

Fire Safety Policy Directive ENFORCEMENT POLICY STATEMENT. Index. 1. Introduction. 2. Advice and Guidance. 3. The Purpose and Method of Enforcement Fire Safety Policy Directive ENFORCEMENT POLICY STATEMENT Index 1. Introduction 2. Advice and Guidance 3. The Purpose and Method of Enforcement 4. The Principles of Enforcement 5. Audit and Inspection

More information

Linde Integrity Line. Process and Data Protection Policy. 1 July 2007

Linde Integrity Line. Process and Data Protection Policy. 1 July 2007 Linde Integrity Line Process and Data Protection Policy 1 July 2007 Page 2 of 10 Table of Contents Preamble 3 1 Scope of application 3 2 Definitions 3 3 Submitting Reports Regular Channels 3 4 Submitting

More information

MODEL DECLARATION FORM A

MODEL DECLARATION FORM A MODEL DECLARATION FORM A Guidance for applicants The position you have applied for is exempt from the Rehabilitation of Offenders Act 1974 (as amended in England and Wales). When South Central Ambulance

More information

Privacy Implications of Cloud Computing in Israel

Privacy Implications of Cloud Computing in Israel January 2012 Privacy Implications of Cloud Computing in Israel Adv. Naomi Assia Co-chairman of the Data Protection Committee -ITECHLAW www.computer-law.co.il Cloud Computing One widely accepted definition

More information

235.1. Federal Act on Data Protection (FADP) Aim, Scope and Definitions

235.1. Federal Act on Data Protection (FADP) Aim, Scope and Definitions English is not an official language of the Swiss Confederation. This translation is provided for information purposes only and has no legal force. Federal Act on Data Protection (FADP) 235.1 of 19 June

More information

Data Protection & Cyber Security Law Update 1 st October 2015

Data Protection & Cyber Security Law Update 1 st October 2015 Data Protection & Cyber Security Law Update 1 st October 2015 Robert Bond, Partner Janine Regan, Associate Viktoria Protokova, Data Protection Executive charlesrussellspeechlys.com Brief introduction to

More information

Work programme 2016 2018

Work programme 2016 2018 ARTICLE 29 Data Protection Working Party 417/16/EN WP235 Work programme 2016 2018 Adopted on 2 February 2016 This Working Party was set up under Article 29 of Directive 95/46/EC. It is an independent European

More information

UK Data Protection Newsletter June 2015

UK Data Protection Newsletter June 2015 UK Data Protection Newsletter June 2015 Headlines this month: n Data Protection reform update n New regulation must not lower data protection standards n Raid on Manchester Call Centre n Recent data breaches

More information

COMMISSION RECOMMENDATION. of XXX. on the right to legal aid for suspects or accused persons in criminal proceedings

COMMISSION RECOMMENDATION. of XXX. on the right to legal aid for suspects or accused persons in criminal proceedings EUROPEAN COMMISSION Brussels, XXX C(2013) 8179/2 COMMISSION RECOMMENDATION of XXX on the right to legal aid for suspects or accused persons in criminal proceedings EN EN COMMISSION RECOMMENDATION of XXX

More information

EU Regulatory Trends in Data Protection & Cybersecurity What should be on the industry s agenda?

EU Regulatory Trends in Data Protection & Cybersecurity What should be on the industry s agenda? EU Regulatory Trends in Data Protection & Cybersecurity What should be on the industry s agenda? Dr. Jörg Hladjk Counsel European Data Protection & Privacy Practice Hunton & Williams, Brussels Cyber Security

More information

Tilburg University. U.S. Subpoenas and European data protection legislation Moerel, Lokke; Jansen, Nani; Koëter, Jeroen

Tilburg University. U.S. Subpoenas and European data protection legislation Moerel, Lokke; Jansen, Nani; Koëter, Jeroen Tilburg University U.S. Subpoenas and European data protection legislation Moerel, Lokke; Jansen, Nani; Koëter, Jeroen Published in: International Data Privacy Law Document version: Preprint (usually an

More information

2015 No. 0000 FINANCIAL SERVICES AND MARKETS. The Small and Medium Sized Businesses (Credit Information) Regulations 2015

2015 No. 0000 FINANCIAL SERVICES AND MARKETS. The Small and Medium Sized Businesses (Credit Information) Regulations 2015 Draft Regulations to illustrate the Treasury s current intention as to the exercise of powers under clause 4 of the the Small Business, Enterprise and Employment Bill. D R A F T S T A T U T O R Y I N S

More information

Minister Shatter presents Presidency priorities in the JHA area to European Parliament

Minister Shatter presents Presidency priorities in the JHA area to European Parliament Minister Shatter presents Presidency priorities in the JHA area to European Parliament 22 nd January 2013 The Minister for Justice, Equality and Defence, Alan Shatter TD, today presented the Irish Presidency

More information

Data protection issues on an EU outsourcing

Data protection issues on an EU outsourcing Data protection issues on an EU outsourcing Saam Golshani, Alastair Gorrie and Diego Rigatti, Orrick Herrington & Sutcliffe www.practicallaw.com/8-380-8496 Outsourcing can mean subcontracting a process

More information

The eighth data protection principle and international data transfers

The eighth data protection principle and international data transfers Data Protection Act 1998 The eighth data protection principle and international data transfers The Information Commissioner s recommended approach to assessing adequacy including consideration of the issue

More information

Cyber Security : preventing and mitigating incidents. Alexander Brown Robert Allen

Cyber Security : preventing and mitigating incidents. Alexander Brown Robert Allen Cyber Security : preventing and mitigating incidents Alexander Brown Robert Allen 07 & 08 October 2015 Cyber Security context of the threat The magnitude and tempo of [cyber security attacks], basic or

More information

Safe Harbor 2.0 on it's Way

Safe Harbor 2.0 on it's Way D&I Alert Data Protection, Marketing & Consumers 2016 Safe Harbor 2.0 on it's Way D&I Alert 3 February 2016» Data Protection, Marketing & Consumers D&I Alert Data Protection, Marketing & Consumers 2016

More information

INFORMATION SECURITY POLICY. Contents. Introduction 2. Policy Statement 3. Information Security at RCA 5. Annexes

INFORMATION SECURITY POLICY. Contents. Introduction 2. Policy Statement 3. Information Security at RCA 5. Annexes INFORMATION SECURITY POLICY Ratified by RCA Senate, February 2007 Contents Introduction 2 Policy Statement 3 Information Security at RCA 5 Annexes A. Applicable legislation and interpretation 8 B. Most

More information

EUROITCOUNSEL QUESTIONNAIRE ON INTERNET AND E-MAIL MONITORING RESTRICTIONS ACROSS EUROPE SPAIN

EUROITCOUNSEL QUESTIONNAIRE ON INTERNET AND E-MAIL MONITORING RESTRICTIONS ACROSS EUROPE SPAIN EUROITCOUNSEL QUESTIONNAIRE ON INTERNET AND E-MAIL MONITORING RESTRICTIONS ACROSS EUROPE Factual background SPAIN 1. Is it usual for employers to provide a corporate e-mail account to their employees?

More information

Federal Act on Combating Money Laundering and Terrorist Financing in the Financial Sector 1

Federal Act on Combating Money Laundering and Terrorist Financing in the Financial Sector 1 English is not an official language of the Swiss Confederation. This translation is provided for information purposes only and has no legal force. Federal Act on Combating Money Laundering and Terrorist

More information

TABLE OF CONTENTS. Maintaining the Quality and Integrity of Information. Notification of an Information Security Incident

TABLE OF CONTENTS. Maintaining the Quality and Integrity of Information. Notification of an Information Security Incident AGREEMENT BETWEEN THE UNITED STATES OF AMERICA AND THE EUROPEAN UNION ON THE PROTECTION OF PERSONAL INFORMATION RELATING TO THE PREVENTION, INVESTIGATION, DETECTION, AND PROSECUTION OF CRIMINAL OFFENSES

More information

15 Principles on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters

15 Principles on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters 15 Principles on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters Principle 1 (Protection of rights and freedoms) 1. Personal data must

More information

Council of the European Union Brussels, 12 September 2014 (OR. en)

Council of the European Union Brussels, 12 September 2014 (OR. en) Council of the European Union Brussels, 12 September 2014 (OR. en) Interinstitutional File: 2013/0409 (COD) 13132/14 NOTE From: To: Presidency DROIPEN 104 COPEN 218 CODEC 1799 Working Party on Substantive

More information

IDENTITY ASSURANCE PRINCIPLES

IDENTITY ASSURANCE PRINCIPLES IDENTITY ASSURANCE PRINCIPLES PRIVACY AND CONSUMER ADVISORY GROUP (PCAG) V3.1 (for publication) CONTENTS 1. Introduction 3 2. The Context of the Principles 4 3. Definitions 6 4. The Nine Identity Assurance

More information

Council Tax Reduction Anti-Fraud Policy

Council Tax Reduction Anti-Fraud Policy Council Tax Reduction Anti-Fraud Policy Richard Davies Head of Revenues and Benefits, Torfaen Head of Benefits, Monmouthshire April 2015 1 Contents Section 1. 3 Background 3 Legislation and Governance

More information

3. Structuring your company in the UK

3. Structuring your company in the UK 3. Structuring your company in the UK 3.1 Making sure the law is on your side The legal framework governing company registration in the UK The primary legislation governing the incorporation and registration

More information

Legal Aspects of the MonIKA-Project - Privacy meets Cybersecurity

Legal Aspects of the MonIKA-Project - Privacy meets Cybersecurity Legal Aspects of the MonIKA-Project - Privacy meets Cybersecurity Sebastian Meissner Security Incident Information Sharing Workshop Berlin, 26.07.2013 Introduction Opening question Privacy & cybersecurity:

More information

OVERVIEW. stakeholder engagement mechanisms and WP29 consultation mechanisms respectively.

OVERVIEW. stakeholder engagement mechanisms and WP29 consultation mechanisms respectively. Joint work between experts from the Article 29 Working Party and from APEC Economies, on a referential for requirements for Binding Corporate Rules submitted to national Data Protection Authorities in

More information

COUNCIL TAX REDUCTION, DISCOUNT & EXEMPTION ANTI- FRAUD POLICY

COUNCIL TAX REDUCTION, DISCOUNT & EXEMPTION ANTI- FRAUD POLICY COUNCIL TAX REDUCTION, DISCOUNT & EXEMPTION ANTI- FRAUD POLICY December 2014 1 Contents Section Page Council Tax Reduction, Discount & Exemption Anti-Fraud Policy 1 Introduction 3 2 Definition of Council

More information

Insurance Europe key messages on the European Commission's proposed General Data Protection Regulation

Insurance Europe key messages on the European Commission's proposed General Data Protection Regulation Position Paper Insurance Europe key messages on the European Commission's proposed General Data Protection Regulation Our reference: SMC-DAT-12-064 Date: 3 September 2012 Related documents: Proposal for

More information

Intellectual Property & Data Protection 2015: Legal developments you need to know about

Intellectual Property & Data Protection 2015: Legal developments you need to know about Intellectual Property & Data Protection 2015: Legal developments you need to know about Welcome This is a short guide to some of the key legal developments for intellectual property and data protection

More information

HIGHLIGHTS OF MAJOR CHANGES IN NEW COMPANIES ORDINANCE

HIGHLIGHTS OF MAJOR CHANGES IN NEW COMPANIES ORDINANCE HIGHLIGHTS OF MAJOR CHANGES IN NEW COMPANIES ORDINANCE Kevin Wong ( 黃 河 ) -- China-Appointed Attesting Officer ( 中 國 委 托 公 証 人 ) -- Hong Kong Solicitor -- England & Wales Solicitor -- Consultant of S.T.

More information