Data Privacy And Competition Law A View From The EU
|
|
- Marlene Fields
- 7 years ago
- Views:
Transcription
1 Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY Phone: Fax: Data Privacy And Competition Law A View From The EU Law360, New York (April 19, 2012, 1:19 PM ET) -- Data privacy in the digital age is increasingly attracting attention during competition law investigations. Despite elements of convergence, the differing approaches of authorities around the world toward the protection of privacy create challenges when developing standards and procedures that are accepted globally. The protection of personal data in the European Union and, specifically, how this impacts the rights of individuals and companies where personal data may be collected as part of a competition law investigation requires close review. There remain areas where a lack of congruence in the level of protection afforded presents challenges when navigating investigations and protection across multiple jurisdictions. Data Privacy in the EU Protection of Privacy in the EU The importance of protecting privacy and personal data is reflected in a number of legislative enactments and decisions in the EU: The Charter of Fundamental Rights provides fundamental rights for the protection of private life and personal data.[1] The Court of Justice of the European Union (CJEU) has decided that legislative enactments that violate the right to protection of private life and the protection of personal data can be rendered inapplicable. In Volker und Markus Schecke[2] the CJEU emphasized the fundamental right of data protection when invalidating part of EU legislation requiring publication of the names of persons that were the recipients of funds from the European Agricultural Guarantee Fund and the European Agricultural Fund for Rural Development.
2 In October 1995, Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data (data protection directive)[3] was adopted. Member states have all enacted their own local implementing legislation. As the data protection directive specified only the minimum measures to be put in place, and member states were therefore free to implement stricter requirements if they wished, this has resulted in inconsistencies between the national data protection laws. By way of example, the rules on data controller notification, the requirements for the transfer of data outside the European Economic Area, the rights of data subjects and the meaning of data subject consent (and/or the method by which it can be given) can vary significantly between EU countries. The data protection directive has, however, ensured that there is a framework for the protection of privacy in relation to the processing of personal data. The right to protection of private life and personal data is not absolute as will be seen by a number of measures that seek to balance potentially conflicting rights: Article 52(1) of the Charter of Fundamental Rights states that limitations may be imposed on the exercise of fundamental rights (including those in Articles 7 and 8 of the charter) where the limitations are provided for by law and respect the essence of those rights and freedoms. Subject to the principle of proportionality, limitations may be made only if they are necessary and genuinely meet objectives of general interest recognised by the Union or the need to protect the rights and freedoms of others. [4] Article 42 of the Charter of Fundamental Rights establishes a right of access to documents of the European Parliament, Council and Commission for [a]ny citizen of the Union, and any natural or legal person residing or having its registered office in a Member State. [5] Article 15 of the Treaty on the Functioning of the EU establishes a similar right of access to documents held by EU institutions.[6] Regulation 1049/2001[7] establishes substantive and procedural rules on access to public documents held by EU institutions. The principles of openness and transparency are enshrined in recitals 1 and 2 of the Access to Documents Regulation which reads as follows: (1) The second subparagraph of Article 1 of the Treaty on European Union enshrines the concept of openness, stating that the Treaty marks a new stage in the process of creating an ever closer union among the peoples of Europe, in which decisions are taken as openly as possible and as closely as possible to the citizen. (2) Openness enables citizens to participate more closely in the decision-making process and guarantees that the administration enjoys greater legitimacy and is more effective and more accountable to the citizen in a democratic system. Openness contributes to strengthening the principles of democracy and respect for fundamental rights as laid down in Article 6 of the EU Treaty and in the Charter of Fundamental Rights of the European Union..
3 It is nevertheless stated that there are circumstances that may justify limitations on public access to documents. In particular, Article 4(1)(b) provides that access may be refused where disclosure would undermine the privacy and the integrity of the individual, in particular in accordance with Community legislation regarding the protection of personal data. To what extent, therefire, have the EU institutions and courts determined where protection of privacy may justify limitations on disclosure of personal data in the context of a competition law investigation? The CJEU has ruled that Article 4(1)(b) should be interpreted as requiring the institution holding the data to apply the legislation regarding the protection of personal data, that is to say Regulation 45/2001.[8] The Bavarian Lager[9] case concerned a request for public access to minutes of a meeting between the European Commission, representatives of the U.K. government and the European beer sector relating to a commission investigation concerning whether U.K. law had the effect of hindering or preventing overseas suppliers from entering the U.K. brewing industry. The Commission ultimately decided to close the case, following which Bavarian Lager, a brewery that wanted the commission to pursue infringement proceedings, requested access to the minutes of the meeting. The commission provided access but decided to delete the names of five persons on the basis that two persons had not consented to disclosure of their names and that the commission was unable to contact the other three to obtain consent. The commission maintained that it was required to obtain the consent of the individuals named in the minutes on the basis that Article 4(1)(b) of the Access to Documents Regulation required the application of the Data Protection Regulation in all cases where a document contained personal data.[10] In short, the commission maintained that unless the data subject (the person to whom the data relates) consents to disclosure, the disclosure can only occur where the recipient (person requesting access) can demonstrate the necessity of the disclosure and that there is no reason to believe that the legitimate interests of the data subject will be prejudiced. The General Court held that publishing the names of the persons attending a meeting in their personal capacity would not harm the rights of privacy of those persons. However, the CJEU ruled that data privacy protection means that an express justification needed to be given for the refusal stating that: Where a request based on [the Access to Documents Regulation] seeks to obtain access to documents including personal data, the provisions of [the Data Protection Regulation] become applicable in their entirety, including Articles 8 [the provision requiring the recipient of personal data to establish the need for their disclosure] and 18 [the provision which confers on the data subject the right to object at any time, on compelling legitimate grounds relating to his or her particular situation] thereof.[11]
4 Privacy in Competition Law Investigations It must be recognized that the Access to Documents Regulation is not the only piece of EU legislation that may be relevant to disclosure of personal data in an EU competition law investigation. Article 16 of Regulation 773/2004[12] provides that business secrets or other confidential information of any person shall not be communicated or made accessible by the commission in competition law proceedings. There is also a requirement on a person or undertaking that submits documents to the commission to provide the commission with a separate nonconfidential version of the document and to identify any information which it considers to be confidential. [13] A question arises as to whether the commission would be obliged to grant access to any personal data contained in the documents in circumstances where the data subject had not identified the data as confidential information. It would appear to follow from Article 5 of the Access to Documents Regulation that personal data may be processed if the recipient demonstrates the necessity of the processing. It may be that, in certain circumstances, the necessity test is met where the commission transfers documents in order to meet its own legal obligation to ensure that investigated parties can exercise their rights of defense. Furthermore, pursuant to Article 15(4) of the Procedural Regulation, the parties that receive the data are only required to use that data for the purposes of the competition law proceedings. However, the precise boundaries of the relationship between the Access to Documents Regulation and competition law inquiries have not been tested and it is conceivable that circumstances may arise where the legitimate interests of the data subject might be detrimentally affected by the transfer of the personal data to third parties (including investigated parties or in a public decision). Protection of Privacy under National Law United Kingdom Data Protection In the U.K., the collection and protection of personal data is governed primarily by the Data Protection Act 1998, which came into force on March 1, The rights and duties set out in the Data Protection Act are designed to apply generally, but there are some exemptions. If an exemption applies, then depending on the circumstances a person will be exempt from the requirement: (1) to notify the Information commissioner; and/or (2) to grant the data subject access to personal data; and/or (3) to give privacy notices; and/or (4) not to disclose personal data to third parties. The following are some of the main exemptions that may be raised in the context of a competition or regulatory investigation.
5 The Data Protection Act provides an exemption from the subject information provisions for processing personal data in connection with regulatory activities.[14] The exemption applies only to the core functions of bodies that perform public regulatory functions concerned with: (1) protecting members of the public from dishonesty, malpractice, incompetence or seriously improper conduct, or in connection with health and safety; (2) protecting charities; or (3) fair competition in business. For the exemption to apply, those functions must also be: (1) conferred by or under an enactment; (2) functions of the Crown, a Minister or government department; or (3) any other public function exercised in the public interest. The exemption would appear to apply to functions exercised by various regulators whose regulatory role is recognized by the public and the sector they oversee. Such regulators may be established by law or as a result of mutual agreement between the participants in their sector of business.[15] However, there is no automatic or general exemption for regulatory bodies. This reflects the rule that personal data that are processed to perform such activities are exempt from the subject information provisions only to the extent that applying those provisions would be likely to prejudice the proper performance of the activities. A further exemption from the first data protection principle provided for in the Data Protection Act (i.e., fair and lawful processing) applies where personal data is processed for the prevention or detection of crime.[16] In appropriate cases, this could be raised in the context of investigation into suspected cartel activity under the cartel offense contained in the U.K. Enterprise Act 2002, which established criminal liability for certain hardcore cartel activity. Freedom of Information Act A consideration of access to information in the U.K. would not be complete without a brief mention of the Freedom of Information Act 2000 (FOIA), which came into force in full on Jan. 1, This gives any person, including foreign nationals and companies, access to any information held by public authorities. There are two types of exemption from disclosure under FOIA: (1) absolute exemptions (where the only question is whether the exemption applies); and (2) qualified exemptions (where, even though the information falls within the terms of the exemption, the public authority has still to consider whether the public interest in maintaining the exemption is greater than that in confirming or denying the existence of the information requested and providing the information to the applicant). The sections of FOIA of most immediate relevance to competition investigations are sections 41 (exemption for information provided in confidence) and 43 (exemption to protect commercial interests). However, other exemptions may come into operation when businesses are seeking access to data during competition inquiries. For example, information may be lawfully withheld if it constitutes personal data that is subject to data protection laws.[17] The information commissioner has issued practical guidance to public authorities on how to apply the exemption.[18]
6 Protection of Privacy under National Law France Data Protection Legal Overview Data protection in France is governed by the (amended) Law on Computer Processing and Liberties (Informatique et Libertes), which came into force on Jan. 1, 1980.[19] This law states that data controllers must process data in compliance with the rules set out under its Article 6, as follows: data must be collected and processed fairly and lawfully; data must be collected for a determined, explicit and legitimate purpose and must not be subsequently processed in a manner incompatible with this purpose; the collected data must be adequate, relevant and nonexcessive as regards the purposes for which it was collected and subsequently processed; the data must be accurate, complete and up-to-date; and the data must be stored in a form that allows the identification of the data subjects for a period no longer than necessary for the purposes for which it was obtained and processed. Case Experience A recent case of the French Cour de Cassation has highlighted the tension between data protection and the powers of competition authorities.[20] On Nov. 30, 2011, the Cour de Cassation upheld a decision from Feb. 19, 2010 by the French Court of Appeals of Versailles relating to the search and seizure of s of employees of the company Janssen- Cilag. The French Commercial Code grants the French Competition Authority the power to inspect the premises of a company suspected of engaging in anti-competitive practices and to search and seize all documents and information relevant to the investigation. The Court of Appeals held that the officials of the French Competition Authority were authorized by a freedoms and custody judge to inspect the s as part of a competition investigation in the pharmaceutical market. Janssen-Cilag and its employees challenged the search on the basis that the French Competition Authority had violated the individuals rights to privacy, rights to secrecy of correspondence and rights to protection of personal data by searching all employee s including private correspondence and third party correspondence. The Court of Appeals held that the seizure of private s and correspondence, even information that was potentially irrelevant to the investigation, did not invalidate the search and seizure because the inspection had been sanctioned by a judge. The case raises the question about whether public (in this case competition) investigations should be conducted within the boundaries of data protection law and where, in the case of tension, an appropriate balance is to be struck. The case raises complex questions including some that do not have a clear-cut answer. In particular, central to the reasoning upholding the seizure appears to be that the investigation itself was not considered disproportionate and that employees would be permitted to reclaim documents that were private, confidential or irrelevant to the investigation.
7 However, this position raises a more fundamental issue in terms of the protection of personal data and the rights of defense of the company concerned pending and following resolution of the status of any disputed documents. A perennial problem that has been raised in other contexts is whether the prospect or actual return of disputed documents to their owners provides an acceptable remedy where unlawfully obtained documents have already been brought to the minds of investigating officials or the relevant case team. Even if such documents may not ultimately be used in evidence, there remains a risk that their disclosure to the investigating authority (and potentially other authorities where this is permitted under relevant law) can irretrievably prejudice the rights of individuals and corporations. Data Protection in the EU in Evolution While there is ample legislation that serves to protect personal data in Europe, the scope of protection at EU level and in the individual member states is far from settled. On Jan. 25, 2012, the commission published a proposal for a new General Data Protection Regulation. [21] The main proposed changes arising from this proposal are: a single set of rules on data protection, which will apply across the EU; increased responsibility and accountability for those processing personal data; subjects will have easier access to their own data and will be able to transfer personal data from one service provider to another more easily. This is likely to improve competition between services; the creation of a right to be forgotten whereby people will be able to require enterprises to delete their data if there are no legitimate grounds for retaining it; and national data protection authorities will be given greater powers to enforce the proposed regulation in their country. They will be able to impose penalties of up to 1 million or up to 2 percent of the annual global turnover of a company if they commit serious breaches of the new laws. It is likely to take at least a year to finalize the proposals and then a further one to two years until the new laws come into force. Concluding thoughts Although member states have implemented legislation at a national level, the law on data protection remains an evolving area in part as a result of new legislative proposals, but also owing to developing case law. Where competition cases are concerned, confidentiality and privacy are important since it is precisely the privacy of the process which facilitates investigated parties and competitors bringing forth information to the competition authorities. However, the authority may not fully address the competition issues adequately in the absence of wider disclosure and consultation with third parties that may raise privacy issues.
8 While the case law and legislation are developing, among the following would appear to be the main implications for practice: when submitting documents to a competition authority or regulator make an express claim, where relevant, for confidential treatment of business secrets and other confidential information including personal data; provide a nonconfidential version of documents submitted to a competition or regulatory authority; parties seeking access to personal data held by EU institutions should establish, at the very least, the "necessity" of the disclosure and that such disclosure would not prejudice the legitimate interests of the data subject; take account of differences between treatment of personal data in the EU and at member state level and the different cultural and legal traditions which may militate in favor of (or against) protection or disclosure; keep in mind that data protection laws do not exist in a vacuum and that a variety of national and supranational legislation may need to considered (including regulatory guidance on transparency) when determining whether a particular disclosure or access to documents is lawful in a particular case; and exercise caution where personal data is to be transferred outside the European Economic Area where specific rules apply. --By Suzanne Rab and Holly Murphy, King & Spalding LLP Suzanne Rab is a partner in the antitrust practice, and Holly Murphy is an associate in the employment practice, in King & Spalding's London office. The opinions expressed are those of the authors and do not necessarily reflect the views of the firm, its clients, or Portfolio Media Inc., or any of its or their respective affiliates. This article is for general information purposes and is not intended to be and should not be taken as legal advice. [1] Charter of Fundamental Rights of the European Union (2000/C 364/01). Article 7 provides that [e]veryone has the right to respect for his or her private and family life, home and communications. Article 8 provides that: 1. Everyone has the right to the protection of personal data concerning him or her. 2. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified. 3. Compliance with these rules shall be subject to control by an independent authority. [2] Joined cases C-92/09 and C-93/09, Volker und Markus Scheche, decision of Nov. 9, [3] Directive 95/46 EC of the European Parliament and of the Council of Oct. 24, 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data [1995] Official Journal L 281, 23/11/1995 p. 31. [4] Charter of Fundamental Rights, Article 52. [5] Charter of Fundamental Rights, Article 42. [6] Consolidated Version of the Treaty on the Functioning of the European Union [2008] OJ C115 (TFEU), Article 15.
9 [7] Council Regulation (EC) No 1049/2001 of the European Parliament and of the Council of May 30, 2001 regarding public access to European Parliament, Council and Commission documents [2001] Official Journal L 145, 31/05/2001 p. 43 (Access to Documents Regulation). [8] Council Regulation (EC) No. 45/2001 of the European Parliament and of the Council of Dec. 18, 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data [2001] (OJ 2001 L8, p.1) (Data Protection Regulation). [9] Case C-28/08P, Commission v. Bavarian Lager [2011] 1 C.M.L.R. 1. [10] Data Protection Regulation, Article 4(1)(b). [11] [2011] 1 C.M.L.R. 1. [12] Commission Regulation (EC) No 773/2004 of 7 April 2004 relating to the conduct of proceedings by the Commission pursuant to Articles 81 and 82 of the EC Treaty OJ [2004] OJ 123, Article 16. [13] Commission Regulation (EC) No 773/2004 (Procedural Regulation), Article 16 (2). [14] Data Protection Act 1998, c. 29, s.31(5)(ii) [15] However, the exemption does not apply to investigatory or complaint-handling functions that may benefit the public but which organizations undertake when investigating their own activities. [16] Data Protection Act 1998, c. 29, s. 29(1)(a). [17] Freedom of Information Act 2000, c. 36, part II, s.40(3)(b). [18] Information Commissioner s Office Guidance, The Exemption for Personal Information, [2011]. [19] Loi Informatique et Libertés, Act no of Jan. 6, 1978 Amended by the following laws : Act of Aug. 6, 2004 Relative to the Protection of Individuals with regard to the Processing of Personal Data and Act of May 13, 2009 Relative to the Simplification and Clarification of Law and Lighter Procedures [20] Cassation : la loi informatique et libertes inapplicable a la saisie de l Autorite de la concurrence. Jan. 17, [21] Proposal for Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), COM (2012) 11 final (Jan. 25, 2012). All Content , Portfolio Media, Inc.
The guidance will be developed over time in the light of practical experience.
Freedom of Information Act Awareness Guidance No. 14 International Relations The Information Commissioner s Office (ICO) has produced this guidance as part of a series of good practice guidance designed
More informationDATA PROTECTION POLICY
Reference number Approved by Information Management and Technology Board Date approved 14 th May 2012 Version 1.1 Last revised N/A Review date May 2015 Category Information Assurance Owner Data Protection
More informationLiechtenstein. Heinz Frommelt. Sele Frommelt & Partners Attorneys at Law Ltd
Sele Frommelt & Partners Attorneys at Law Ltd Heinz Frommelt Sele Frommelt & Partners Attorneys at Law Ltd Legislation and jurisdiction 1 What is the relevant legislation and who enforces it? is a member
More informationInsurance Europe key messages on the European Commission's proposed General Data Protection Regulation
Position Paper Insurance Europe key messages on the European Commission's proposed General Data Protection Regulation Our reference: SMC-DAT-12-064 Date: 3 September 2012 Related documents: Proposal for
More informationOBJECTS AND REASONS. (a) the regulation of the collection, keeping, processing, use or dissemination of personal data;
OBJECTS AND REASONS This Bill would provide for (a) the regulation of the collection, keeping, processing, use or dissemination of personal data; (b) the protection of the privacy of individuals in relation
More informationon the Proposal for a Regulation of the European Parliament and of the Council laying
Opinion of the European Data Protection Supervisor on the Proposal for a Regulation of the European Parliament and of the Council laying down measures concerning the European single market for electronic
More informationAlign Technology. Data Protection Binding Corporate Rules Controller Policy. 2014 Align Technology, Inc. All rights reserved.
Align Technology Data Protection Binding Corporate Rules Controller Policy Contents INTRODUCTION 3 PART I: BACKGROUND AND ACTIONS 4 PART II: CONTROLLER OBLIGATIONS 6 PART III: APPENDICES 13 2 P a g e INTRODUCTION
More informationPersonal information, for purposes of this Policy, includes any information which relates to an identified or an identifiable person.
PART I: INTRODUCTION AND BACKGROUND Purpose This Data Protection Binding Corporate Rules Policy ( Policy ) establishes the approach of Fluor to compliance with European data protection law and specifically
More informationResponse of the Northern Ireland Human Rights Commission on the Health and Social Care (Control of Data Processing) NIA Bill 52/11-16
Response of the Northern Ireland Human Rights Commission on the Health and Social Care (Control of Data Processing) NIA Bill 52/11-16 Summary The Northern Ireland Human Rights Commission (the Commission):
More information***I DRAFT REPORT. EN United in diversity EN 2012/0011(COD) 17.12.2012
EUROPEAN PARLIAMT 2009-2014 Committee on Civil Liberties, Justice and Home Affairs 17.12.2012 2012/0011(COD) ***I DRAFT REPORT on the proposal for a regulation of the European Parliament and of the Council
More information235.1. Federal Act on Data Protection (FADP) Aim, Scope and Definitions
English is not an official language of the Swiss Confederation. This translation is provided for information purposes only and has no legal force. Federal Act on Data Protection (FADP) 235.1 of 19 June
More informationFreedom of information guidance Exemptions guidance Section 41 Information provided in confidence
Freedom of information guidance Exemptions guidance Section 41 Information provided in confidence 14 May 2008 Contents Introduction 2 What information may be covered by this exemption? 3 Was the information
More informationFREEDOM OF INFORMATION ACT
FREEDOM OF INFORMATION ACT PREAMBLE Recognizing that access to information is a fundamental right guaranteed by the Constitution of Liberia and the Universal Declaration of Human Rights as well as the
More informationCOMMISSION RECOMMENDATION. of XXX. on the right to legal aid for suspects or accused persons in criminal proceedings
EUROPEAN COMMISSION Brussels, XXX C(2013) 8179/2 COMMISSION RECOMMENDATION of XXX on the right to legal aid for suspects or accused persons in criminal proceedings EN EN COMMISSION RECOMMENDATION of XXX
More informationBCS, The Chartered Institute for IT Consultation Response to:
BCS, The Chartered Institute for IT Consultation Response to: A Comprehensive Approach to Personal Data Protection in the European Union Dated: 15 January 2011 BCS The Chartered Institute for IT First
More informationAIRBUS GROUP BINDING CORPORATE RULES
1 AIRBUS GROUP BINDING CORPORATE RULES 2 Introduction The Binding Corporate Rules (hereinafter BCRs ) of the Airbus Group finalize the Airbus Group s provisions on the protection of Personal Data. These
More informationEU Competition Law. Article 101 and Article 102. January 2010. Contents
EU Competition Law January 2010 Contents Article 101 The requirements of Article 101(1) Exemptions under Article 101(3) Article 102 Dominant position Abuse of a dominant position Procedural issues Competition
More informationTHE EUROPEAN UNION AND FRANCHISING
THE EUROPEAN UNION AND FRANCHISING (A) HISTORY The European Union has to date limited its activities in relation to franchising to the field of competition law. (i) Pronuptia The examination of franchising
More informationHaving regard to the Charter of Fundamental Rights of the European Union, and in particular Articles 7 and 8 thereof,
Opinion of the European Data Protection Supervisor on the Commission Proposal for a Directive of the European Parliament and of the Council amending Directive 2007/36/EC as regards the encouragement of
More informationDIFC LAW NO. 1 OF 2007
DATA PROTECTION LAW DIFC LAW NO. 1 OF 2007 Consolidated Version (December 2012) Amended by Data Protection Law Amendment Law DIFC Law No. 5 of 2012 CONTENTS PART 1: GENERAL... 4 1. Title... 4 2. Legislative
More informationSouth East Asia: Data Protection Update
Data Privacy and Security Team To: Our Clients and Friends September 2013 South East Asia: Data Protection Update Europe has had data protection laws in place for over a decade. Such laws regulate how
More informationAlixPartners, LLP. General Data Protection Statement
AlixPartners, LLP General Data Protection Statement GENERAL DATA PROTECTION STATEMENT 1. INTRODUCTION 1.1 AlixPartners, LLP ( AlixPartners ) is committed to fulfilling its obligations under the data protection
More informationCCBE RECOMMENDATIONS FOR THE IMPLEMENTATION OF THE DATA RETENTION DIRECTIVE
Représentant les avocats d Europe Representing Europe s lawyers CCBE RECOMMENDATIONS FOR THE IMPLEMENTATION OF THE DATA RETENTION DIRECTIVE CCBE RECOMMENDATIONS FOR THE IMPLEMENTATION OF THE DATA RETENTION
More informationCouncil of the European Union Brussels, 12 September 2014 (OR. en)
Council of the European Union Brussels, 12 September 2014 (OR. en) Interinstitutional File: 2013/0409 (COD) 13132/14 NOTE From: To: Presidency DROIPEN 104 COPEN 218 CODEC 1799 Working Party on Substantive
More informationData protection issues on an EU outsourcing
Data protection issues on an EU outsourcing Saam Golshani, Alastair Gorrie and Diego Rigatti, Orrick Herrington & Sutcliffe www.practicallaw.com/8-380-8496 Outsourcing can mean subcontracting a process
More informationAct on Background Checks
NB: Unofficial translation Ministry of Justice, Finland Act on Background Checks (177/2002) Chapter 1 General provisions Section 1 Scope of application (1) This Act applies to background checks, which
More information4-column document Net neutrality provisions (including recitals)
4-column document Net neutrality provisions (including recitals) [Text for technical discussions. It does not express any position of the Commission or its services] Proposal for a REGULATION OF THE EUROPEAN
More informationFreedom of Information Act 2000 (FOIA) Decision notice
Freedom of Information Act 2000 (FOIA) Decision notice Date: 26 January 2016 Public Authority: Address: Foreign and Commonwealth Office King Charles Street London SW1A 2AH Decision (including any steps
More informationSUPPLEMENTARY INTERNAL RULES IMPLEMENTING REGULATION (EC) N 45/2001 IN RELATION TO THE DATA PROTECTION OFFICER
SUPPLEMENTARY INTERNAL RULES IMPLEMENTING REGULATION (EC) N 45/2001 IN RELATION TO THE DATA PROTECTION OFFICER 10 September 2009 page 1 / 8 SUPPLEMENTARY INTERNAL RULES IMPLEMENTING REGULATION (EC) N 45/2001
More information29 October 2015 Conference of the Independent Data Protection Authorities of the Federation and the Federal States
29 October 2015 Conference of the Independent Data Protection Authorities of the Federation and the Federal States Key data protection points for the trilogue on the data protection directive in the field
More informationGovernment of Bermuda. The Personal Information Protection Act (PIPA) Draft Model For Consultation
Government of Bermuda The Personal Information Protection Act (PIPA) Draft Model For Consultation Table of contents Section Page Explanatory notes... 4 Personal Information Protection Act (PIPA) Draft
More informationCorporate ICT & Data Management. Data Protection Policy
90 Corporate ICT & Data Management Data Protection Policy Classification: Unclassified Date Created: January 2012 Date Reviewed January Version: 2.0 Author: Owner: Data Protection Policy V2 1 Version Control
More informationProcessor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries
Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries Sopra HR Software as a Data Processor Sopra HR Software, 2014 / Ref. : 20141120-101114-m 1/32 1.
More informationCOUNCIL OF THE EUROPEAN UNION. Brussels, 22 November 2006 15644/06 DATAPROTECT 45 EDPS 3
COUNCIL OF THE EUROPEAN UNION Brussels, 22 November 2006 15644/06 DATAPROTECT 45 EDPS 3 COVER NOTE from: Secretary-General of the European Commission, signed by Mr Jordi AYET PUIGARNAU, Director date of
More informationTRANSPOSITION NOTE. Directive 2013/11/EU on alternative dispute resolution for consumer disputes
TRANSPOSITION NOTE Directive 2013/11/EU on alternative dispute resolution for consumer disputes 1. This note describes the implementation in the United Kingdom of parts of the Directive 2013/11/EU of the
More information(Legislative acts) DECISIONS
4.11.2011 Official Journal of the European Union L 287/1 I (Legislative acts) DECISIONS DECISION No 1104/2011/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 25 October 2011 on the rules for access
More informationA D V O C A T E S A C T (12 December 1958/496)
1 THE FINNISH BAR ASSOCIATION July 2005 A D V O C A T E S A C T (12 December 1958/496) Section 1 An advocate is a person who is registered in the Roll of Advocates as a member of the general Finnish Bar
More informationComments and proposals on the Chapter IV of the General Data Protection Regulation
Comments and proposals on the Chapter IV of the General Data Protection Regulation Ahead of the trialogue negotiations later this month, EDRi, Access, Panoptykon Bits of Freedom, FIPR and Privacy International
More informationEUROPEAN DATA PROTECTION SUPERVISOR
20.6.2012 Official Journal of the European Union C 177/1 I (Resolutions, recommendations and opinions) OPINIONS EUROPEAN DATA PROTECTION SUPERVISOR Opinion of the European Data Protection Supervisor on
More informationAn overview of UK data protection law
An overview of UK data protection law Our team Vinod Bange Partner +44 (0)20 7300 4600 v.bange@taylorwessing.com Graham Hann Partner +44 (0)20 7300 4839 g.hann@taylorwessing.com Chris Jeffery Partner +44
More informationData Protection A Guide for Users
Data Protection A Guide for Users EUROPEAN PARLIAMENT Contents Contents 3 Introduction 4 Data protection standards making a difference in the European Parliament 5 Data protection the actors 6 Data protection
More informationComments and proposals on the Chapter II of the General Data Protection Regulation
Comments and proposals on the Chapter II of the General Data Protection Regulation Ahead of the trialogue negotiations in September, EDRi, Access, Panoptykon Bits of Freedom, FIPR and Privacy International
More informationEuropean Union Law and Online Gambling by Marcos Charif
With infringement proceedings, rulings by the European Court of Justice (ECJ) and the ongoing lack of online gambling regulation at EU level, it is important to understand the extent to which member states
More informationArkansas State Board of Public Accountancy
APPENDIX ONE PHYSICAL ADDRESS The principle office and official address of the Board is as follows: Arkansas State Board of Public Accountancy, 101 East Capitol Avenue, Suite 450, Little Rock, AR 72201.
More informationThe Future Of UK Pharmaceutical Best Practices --By Lincoln Tsang and Silvia Valverde, Arnold & Porter LLP
Published by Life Sciences Law360 on January 26, 2015. Also ran in Health Law360. The Future Of UK Pharmaceutical Best Practices --By Lincoln Tsang and Silvia Valverde, Arnold & Porter LLP Law360, New
More informationThe Immigration (European Economic Area) Regulations 2006
STATUTORY INSTRUMENTS 2006 No. 1003 IMMIGRATION The Immigration (European Economic Area) Regulations 2006 Made - - - - - 30th March 2006 Laid before Parliament 4th April 2006 Coming into force - - 30th
More informationTHOMSON REUTERS HUMAN RIGHTS LAW CONFERENCE 2014. Privacy, data retention and state surveillance: Digital Rights Ireland.
THOMSON REUTERS HUMAN RIGHTS LAW CONFERENCE 2014 Privacy, data retention and state surveillance: Digital Rights Ireland Jessica Simor QC Matrix chambers 1. Anya has spoken about Costeja. That case raises
More informationLondon Borough of Brent Joint Regulatory Services ENFORCEMENT POLICY
London Borough of Brent Joint Regulatory Services ENFORCEMENT POLICY Date of implementation: 01/11/05 Issue No:01 Issued by: Stephen Moore Executive approval: 12/09/2005 INTRODUCTION 1. This document sets
More informationMONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY
MONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY Page 1 of 16 Contents Policy Information 3 Introduction 4 Responsibilities 7 Confidentiality 9 Data recording and storage 11 Subject Access 12 Transparency
More informationBinding Corporate Rules ( BCR ) Summary of Third Party Rights
Binding Corporate Rules ( BCR ) Summary of Third Party Rights This document contains in its Sections 3 9 all provision of the Binding Corporate Rules (BCR) for Siemens Group Companies and Other Adopting
More informationGENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS
GENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS December 2005 2 GENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS I. OBJECTIVE... 1 II. SCOPE... 1 III. APPLICATION OF LOCAL LAWS...
More informationRECOMMENDATIONS. COMMISSION RECOMMENDATION of 7 March 2014 on strengthening the principle of equal pay between men and women through transparency
L 69/112 Official Journal of the European Union 8.3.2014 RECOMMENDATIONS COMMISSION RECOMMENDATION of 7 March 2014 on strengthening the principle of equal pay between men and women through transparency
More information1 Data Protection Principles
Today, our personal information is being collected, shared, stored and analysed everywhere. Whether you are browsing the internet, talking to a friend or making an online purchase, personal data collection
More informationAct CLXV of 2013. on Complaints and Public Interest Disclosures. 1. Complaint and public interest disclosure
Act CLXV of 2013 on Complaints and Public Interest Disclosures The National Assembly, committed to increasing public confidence in the functioning of public bodies, recognising the importance of complaints
More informationSummary of Data Protection Requirements When transferring Data Outside the UK End Users
Summary of Data Protection Requirements When transferring Data Outside the UK End Users 14 May 2010 Background to transfers of the Data outside the UK Data can be transferred in a couple of ways in relation
More informationThis document is meant purely as a documentation tool and the institutions do not assume any liability for its contents
2004R0550 EN 04.12.2009 001.001 1 This document is meant purely as a documentation tool and the institutions do not assume any liability for its contents B REGULATION (EC) No 550/2004 OF THE EUROPEAN PARLIAMENT
More informationCPI Antitrust Chronicle February 2014 (2)
CPI Antitrust Chronicle February 2014 (2) The Discoverability of Leniency Documents and the Proposed Directive on Damages Actions for Antitrust Infringements Kristina Nordlander & Marc Abenhaïm Sidley
More informationProposal for a COUNCIL REGULATION (EU) implementing enhanced cooperation in the area of the law applicable to divorce and legal separation
EUROPEAN COMMISSION Proposal for a Brussels, 24.3.2010 COM(2010) 105 final 2010/0067 (CNS) C7-0315/10 COUNCIL REGULATION (EU) implementing enhanced cooperation in the area of the law applicable to divorce
More informationTilburg University. U.S. Subpoenas and European data protection legislation Moerel, Lokke; Jansen, Nani; Koëter, Jeroen
Tilburg University U.S. Subpoenas and European data protection legislation Moerel, Lokke; Jansen, Nani; Koëter, Jeroen Published in: International Data Privacy Law Document version: Preprint (usually an
More informationTHE PRINCIPLE OF SUBSIDIARITY
THE PRINCIPLE OF SUBSIDIARITY In areas which do not fall within the Union s exclusive competence, the principle of subsidiarity, laid down in the Treaty on European Union, defines the circumstances in
More informationDeclaration of Internet Rights Preamble
Declaration of Internet Rights Preamble The Internet has played a decisive role in redefining public and private space, structuring relationships between people and between people and institutions. It
More information7 August 2015. I. Introduction
Suggestions for privacy-related questions to be included in the list of issues on Hungary, Human Rights Committee, 115th session, October-November 2015 I. Introduction 7 August 2015 Article 17 of the International
More information7.08.2 Privacy Rules for Customer, Supplier and Business Partner Data. Directive 7.08 Protection of Personal Data
Akzo Nobel N.V. Executive Committee Rules 7.08.2 Privacy Rules for Customer, Supplier and Business Partner Data Source Directive Content Owner Directive 7.08 Protection of Personal Data AkzoNobel Legal
More informationOVERVIEW. stakeholder engagement mechanisms and WP29 consultation mechanisms respectively.
Joint work between experts from the Article 29 Working Party and from APEC Economies, on a referential for requirements for Binding Corporate Rules submitted to national Data Protection Authorities in
More informationDecision 131/2008 Mr N and East Ayrshire Council. Tender Documents. Reference No: 200800298 Decision Date: 7 October 2008
Decision 131/2008 Tender Documents Reference No: 200800298 Decision Date: 7 October 2008 Kevin Dunion Scottish Information Commissioner Kinburn Castle Doubledykes Road St Andrews KY16 9DS Tel: 01334 464610
More informationFood Law and Due Diligence Defence
The Society of Food Hygiene and Technology INTRODUCTION This document explains the general requirements of food law and covers the main EC and UK legislation on food imports and exports, safety, traceability,
More informationTABLE OF CONTENTS. Maintaining the Quality and Integrity of Information. Notification of an Information Security Incident
AGREEMENT BETWEEN THE UNITED STATES OF AMERICA AND THE EUROPEAN UNION ON THE PROTECTION OF PERSONAL INFORMATION RELATING TO THE PREVENTION, INVESTIGATION, DETECTION, AND PROSECUTION OF CRIMINAL OFFENSES
More informationCOUNCIL OF THE EUROPEAN UNION. Brussels, 4 May 2012. 9441/12 Interinstitutional File: 2008/0090 (COD) LIMITE INF 75 API 56 JUR 253 CODEC 1153
COUNCIL OF THE EUROPEAN UNION Brussels, 4 May 2012 9441/12 Interinstitutional File: 2008/0090 (COD) LIMITE INF 75 API 56 JUR 253 CODEC 1153 NOTE from: Presidency to Permanent Representatives Committee
More informationCode of Practice on the discharge of the obligations of public authorities under the Environmental Information Regulations 2004 (SI 2004 No.
Code of Practice on the discharge of the obligations of public authorities under the Environmental Information Regulations 2004 (SI 2004 No. 3391) Issued under Regulation 16 of the Regulations, Foreword
More informationFramework-Document of 10 February 2012 on Antitrust Compliance Programmes
RÉPUBLIQUE FRANÇAISE Framework-Document of 10 February 2012 on Antitrust Compliance Programmes Compliance programmes are instruments that enable economic players to increase their chances of avoiding breaches
More informationClient Update A New Ruling by the French Data Protection Authority: Is the Right to Be Forgotten Crossing the Atlantic to the U.S.?
1 Client Update A New Ruling by the French Data Protection Authority: Is the Right to Be Forgotten Crossing the Atlantic to the U.S.? NEW YORK Jeremy Feigelson jfeigelson@debevoise.com PARIS Frederick
More informationEU- US NGO Letter on 1 To Secretary Pritzker
November 13, 2015 Secretary Penny Pritzker U.S. Department of Commerce 1401 Constitution Ave., NW Washington, D.C. 20230 Commissioner Věra Jourová Justice, Consumers and Gender Equality European Commission
More informationGuidelines on data protection in EU financial services regulation
Guidelines on data protection in EU financial services regulation 1 Contents Table of Contents 10-point checklist for analysing data protection and privacy...4 1. Data protection and financial services
More informationOffice of the Data Protection Commissioner of The Bahamas. Data Protection (Privacy of Personal Information) Act, 2003. A Guide for Data Controllers
Office of the Data Protection Commissioner of The Bahamas Data Protection (Privacy of Personal Information) Act, 2003 A Guide for Data Controllers 1 Acknowledgement Some of the information contained in
More informationDo you have a private life at your workplace?
Do you have a private life at your workplace? Privacy in the workplace in EC institutions and bodies Giovanni Buttarelli In the course of his supervisory activities, the EDPS has published positions on
More informationTransparency and disclosure: Statement of the CMA s policy and approach
Transparency and disclosure: Statement of the CMA s policy and approach January 2014 CMA6 Crown copyright 2014 You may reuse this information (not including logos) free of charge in any format or medium,
More informationProposal of regulation Com 2012 11/4 Directive 95/46/EC Conclusion
Page 1 sur 155 Proposal of regulation Com 2012 11/4 Directive 95/46/EC Conclusion Legal nature of the instrument Règlement Directive Directly applicable act in internal law 91 articles 34 articles Art.
More informationFreedom of Information Act 2000 (FOIA) Decision notice
Freedom of Information Act 2000 (FOIA) Decision notice Date: 29 May 2014 Public Authority: Address: The Gambling Commission Victoria Square House Victoria Square Birmingham B2 4BP Decision (including any
More informationEXPLANATORY MEMORANDUM TO THE DATA RETENTION (EC DIRECTIVE) REGULATIONS 2007. 2007 No. 2199
EXPLANATORY MEMORANDUM TO THE DATA RETENTION (EC DIRECTIVE) REGULATIONS 2007 2007 No. 2199 1. This explanatory memorandum has been prepared by the Home Office and is laid before Parliament by Command of
More information(Legislative acts) DIRECTIVES
6.11.2013 Official Journal of the European Union L 294/1 I (Legislative acts) DIRECTIVES DIRECTIVE 2013/48/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 22 October 2013 on the right of access to
More informationSupported by. World Trademark Review. Anti-counterfeiting. Poland. Contributing firm Patpol Patent & Trademark Attorneys.
Supported by World Trademark Review Anti-counterfeiting 2012 Poland Contributing firm A Global Guide Poland Contributing firm Authors Jaromir Piwowar and Bartek Kochlewski Legal framework Rights holders
More informationFreedom of Information Act 2000
ch3600a00a 02-12-00 01:13:30 ACTA Unit: PAGA Rev RA Proof, 29.11.2000 Freedom of Information Act 2000 CHAPTER 36 ARRANGEMENT OF SECTIONS Part I Access to information held by public authorities Right to
More informationThe Amendment of the Loan Agreement (for Business)/ Overdraft Facility Agreement (for Consumption)/ Money Mortgage Agreement*
The Amendment of the Loan Agreement (for Business)/ Overdraft Facility Agreement (for Consumption)/ Money Mortgage Agreement* No. Clause Reference Amendment Sanctions 1. Important notice Standard Chartered
More informationThe reform of the EU Data Protection framework - Building trust in a digital and global world. 9/10 October 2012
The reform of the EU Data Protection framework - Building trust in a digital and global world 9/10 October 2012 Questionnaire addressed to national Parliaments Please, find attached a number of questions
More informationFactsheet on the Right to be
101010 100101 1010 101 Factsheet on the Right to be 100 Forgotten ruling (C-131/12) 101 101 1) What is the case about and what did 100 the Court rule? 10 In 2010 a Spanish citizen lodged a complaint against
More information2015 No. 2059 PROFESSIONAL QUALIFICATIONS. The European Union (Recognition of Professional Qualifications) Regulations 2015
S T A T U T O R Y I N S T R U M E N T S 2015 No. 2059 PROFESSIONAL QUALIFICATIONS The European Union (Recognition of Professional Qualifications) Regulations 2015 Made - - - - 17th December 2015 Laid before
More informationTHE TRADE SECRETS DIRECTIVE THE NEW COUNCIL PROPOSAL 1 WOUTER PORS. Bird & Bird The Hague. 1. Introduction and general issues
THE TRADE SECRETS DIRECTIVE THE NEW COUNCIL PROPOSAL 1 WOUTER PORS Bird & Bird The Hague 1. Introduction and general issues The law on trade secrets varies widely even among EU Member States. For instance,
More information2015 No. 1392 CONSUMER PROTECTION. The Alternative Dispute Resolution for Consumer Disputes (Amendment) Regulations 2015
S T A T U T O R Y I N S T R U M E N T S 2015 No. 1392 CONSUMER PROTECTION The Alternative Dispute Resolution for Consumer Disputes (Amendment) Regulations 2015 Made - - - - 18th June 2015 Laid before Parliament
More informationTHE FORTY RECOMMENDATIONS OF THE FINANCIAL ACTION TASK FORCE ON MONEY LAUNDERING
THE FORTY RECOMMENDATIONS OF THE FINANCIAL ACTION TASK FORCE ON MONEY LAUNDERING 1990 A. GENERAL FRAMEWORK OF THE RECOMMENDATIONS 1. Each country should, without further delay, take steps to fully implement
More informationThe Employment Tribunals Rules of Procedure 2013
The Employment Tribunals Rules of Procedure 2013 (as subsequently amended up to 17 th February 2015) This document shows the Employment Tribunal Rules of Procedure contained in Schedule 1 of the Employment
More informationPersonal Data Act (1998:204);
Personal Data Act (1998:204); issued 29 April 1998. Be it enacted as follows. General provisions Purpose of this Act Section 1 The purpose of this Act is to protect people against the violation of their
More informationOption Table - Directive on Statutory Audits of Annual and Consolidated Accounts
Option Table - Directive on Statutory Audits of Annual and Consolidated Accounts The purpose of this document is to highlight the changes in the options available to Member States and Competent Authorities
More informationARTICLE 29 DATA PROTECTION WORKING PARTY
ARTICLE 29 DATA PROTECTION WORKING PARTY 3211/15/EN WP 233 Opinion 03/2015 on the draft directive on the protection of individuals with regard to the processing of personal data by competent authorities
More informationDrafting and enforcing non-compete agreements in the European Union: the examples of France, Germany and Italy
Drafting and enforcing non-compete agreements in the European Union: the examples of France, Germany and Italy Yasmine Tarasewicz Partner June 17, 2010 1 Introduction Non-competition in the relations between
More informationRegulation of Investigatory Powers Act 2000
Regulation of Investigatory Powers Act 2000 Consultation: Equipment Interference and Interception of Communications Codes of Practice 6 February 2015 Ministerial Foreword The abilities to read or listen
More informationLOI INFORMATIQUE ET LIBERTES ACT N 78-17 OF 6 JANUARY 1978
LOI INFORMATIQUE ET LIBERTES ACT N 78-17 OF 6 JANUARY 1978 ON INFORMATION TECHNOLOGY, DATA FILES AND CIVIL LIBERTIES AMENDED BY THE FOLLOWING LAWS: ACT OF 6 AUGUST 2004 RELATIVE TO THE PROTECTION OF INDIVIDUALS
More informationCrimes (Computer Hacking)
2009-44 CRIMES (COMPUTER HACKING) ACT 2009 by Act 2011-23 as from 23.11.2012 Principal Act Act. No. 2009-44 Commencement except ss. 15-24 14.1.2010 (LN. 2010/003) Assent 3.12.2009 Amending enactments Relevant
More informationCOMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS
EUROPEAN COMMISSION Brussels, XXX [ ](2011) XXX draft COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS
More informationCOMMISSION OF THE EUROPEAN COMMUNITIES GREEN PAPER
EN EN EN COMMISSION OF THE EUROPEAN COMMUNITIES Brussels, 11.11.2009 COM(2009) 624 final GREEN PAPER on obtaining evidence in criminal matters from one Member State to another and securing its admissibility
More informationCorporate Policy. Data Protection for Data of Customers & Partners.
Corporate Policy. Data Protection for Data of Customers & Partners. 02 Preamble Ladies and gentlemen, Dear employees, The electronic processing of virtually all sales procedures, globalization and growing
More information