Panel 1. Greater Regulation of Special Threats to Privacy. Data Protection in the 21st Century

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Panel 1. Greater Regulation of Special Threats to Privacy. Data Protection in the 21st Century"

Transcription

1 Panel 1 Greater Regulation of Special Threats to Privacy Data Protection in the 21st Century

2 Questions for Panel 1 Greater Regulation of Special Threats to Privacy I. Need for reform What are currently the biggest threats to personal rights (e.g. profiling using cookies or exploiting all available data including those on the so-called dark web)? How can risk-adequate data protection be legally implemented? Is it true that, under applicable law, risk assessments are generally only carried out as part of the assessment of proportionality? If so, what yardsticks are applied? Should the data protection supervisory authorities essentially be responsible for risk assessment? Are they afforded a margin of appreciation or do, ultimately, the courts decide? II. Possible reforms 1. Points of reference Does it make sense and is it necessary to include special rules on specific threats to general personal rights (risk model)? Which protected legal interest should provide the point of reference for rules on specific threats: privacy 1, general personal rights 2 or the personal data per se 3? Should the right to the protection of confidentiality and integrity of technical information systems as described by the Federal Constitutional Court be included as a protected legal interest in data protection law and specified more precisely? Which specific threats need to be regulated and how could they be legally classified? Do the categories listed in Article 33 para. 2 of the Proposal for a General Data Protection Regulation already provide adequate points of reference for rules on high-risk data processing? Are the following possible (additional) classifications conceivable and how could they possibly with regard to the assumption of a specific threat be specified more precisely: Sensitivity of the data on account of their content (citing examples); Special legitimate expectation on account of the context during collection and processing (e.g. user has legitimate expectation of privacy enjoying special 1 Cf. Article 1 para. 1 of the EC Data Protection Directive 95/56 (German version), Article 7 of the EU Charter of Fundamental Rights; Article 1 of the Data Protection Convention 108 of the Council of Europe in the German version uses Recht auf einen Persönlichkeitsbereich, the English version uses privacy. 2 Cf. section 1(1) of the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) and the Federal Constitutional Court s derivation of the right to determine the use of one s personal data (BVerfGE 65, 1). 3 Cf. Article 8 of the EU Charter of Fundamental Rights and Article 16 para 1 of the Treaty on the Functioning of the EU (TFEU)

3 protection, for example in the case of the publication of personal data in closed circles of social network users, or when using search engines); Differentiation between the offline world and the Internet; Secret collection and processing; Particularly intensive data processing, for example on account of the purpose (profiling), increased risk of unauthorized processing (numerous people with authorized access/recipients, possibilities of combining data) or especially serious disadvantages (irreversible, potentially discriminatory, serious breach of privacy or personal honour)? 2. Limitations and special duties/rules Are cases conceivable in which the concrete data processing should be absolutely prohibited in the interests of protecting personal rights? If so, which cases? In which cases should data processing be made dependent on prior authorization by an authority 4? If so, by whom? Are cases conceivable in which the consent of the data subject should be ruled out as providing legitimacy for data processing? If so, which cases? Otherwise: How should the concept of protection be shaped in regard to specific threats? What should rules for specific data, industries, persons (children) etc. look like? Should they be part of a Special Part of data protection law? Would the following legal consequences be possible and sensible: Strict alignment to purpose or context, Restricted transmission, Restrictions on the coupling of services, Specific information obligations, Impact assessment, Anonymization and pseudonymization, Special technical or organizational measures, especially in relation to the integrity and confidentiality of IT systems, Requirements made of the developers and manufacturers of IT systems to guarantee system data protection, Authorization to enact service-specific or individualized measures (conditions, general terms and conditions), Assumed liability of the controller, Damages, Simplified injunctive relief, Increased monitoring, for example through additional general enforcement authorities in the Member States, Fines, criminal law? 4 Cf. for the public sphere the requirement of approval from the highest Land (federal state) authorities under section 10(3) of the Federal Data Protection Act.

4 3. Responsibilities Whom should which measures address? As regards responsibilities, should not only the Telemedia Act (Telemediengesetz, TMG) but also general data protection law, for example a new regulation, differentiate in a special part between providers and the (commercial) operators of IT systems and their users? Do we need rules governing joint responsibility? To whose responsibility should reference be made in regard to the publication of data on the Internet? Should the rules set out in the Telemedia Act regarding the responsibilities of providers be transferred to data protection law? Should the responsibility also be dependent on the extent to which the data processor or operator of an IT system (consciously) creates legitimate expectations? How can enforcement of the commitments at international level be guaranteed? Who is responsible?

5 Conference on Data Protection in the 21 st Century Panel 1 Suggestion Greater Regulation of Special Threats to Privacy The experts of the preparatory workshops held on August 28, 2012 suggest taking into consideration the following aspects when deliberating a European framework for data protection legislation: I. Need for regulation Data privacy laws in the 21 st century have to be adjusted to address the challenges of the information society. As has been customary in German law so far, there should be a broad application range for modern data protection legislation. It still seems more sensible to regulate individual issues via exceptional rule than to predefine an application area that might be too narrow and cannot be easily altered later on. The existing groundwork needs to be refined: The much discussed concept of protection goals seems to be particularly promising. Data processing companies today seem to be less interested in causalities than in correlations. Consequently, the private sector has a vested interest in creating large data pools ( Big Data ). Whether or not data avoidance should remain a legitimate protection goal remains controversial. System and self data protection constitute further potential building blocks for reform. Especially an obligation to make use of anonymity and pseudonyms should become part of the draft General Data Protection Regulation, as they allow for a differentiated application of data privacy laws to specific categories of data. In this case, conditions under which pseudonyms are revealed should also be specified. The concepts of protection goals and system data protection could be flanked by certification approaches such as data protection seals. A concretisation of pre-adjustments seems desirable. For instance, this could allow for the implementation of the rule no dissemination (addendum to Art. 23 of the draft General Data Protection Regulation). Concerns that the draft could lead to a degradation of consent could be countered by solutions proposed by consumer protection laws. For instance, the traffic-light solution could be one possible solution; a short summary of information relevant to consent would be desirable.

6 The catalogue of Art. 33 Par. 2 draft General Data Protection Regulation already offers sensible starting points for the regulation of risky data processing. This catalogue should, however, be supplemented by the following criteria: o Secrecy of data acquisition and processing o Specific confident expectations These specific criteria could potentially be translated into legally binding consideration guidelines. Video surveillance could be considered a separate corpus delicti constituting a particular risk. II. Additional opportunities for reform There is an ongoing need for discussion pertaining to special categories of individual-related data (Art. 9 Par. 1 draft General Data Protection Regulation). The types of data already mentioned in the draft should be maintained, but they do not comprise the risks in a complete and anticipatory manner. (1) The changing societal perception of what constitutes sensitive data would speak in favour of an opening. (2) Opponents to this idea counter that an open catalogue could lead to higher legal uncertainty. (3) Rule examples in criminal law have, however, demonstrated that open catalogues can be associated with dire legal consequences. (4) In the case of an opening, it needs to be clarified who decides whether new hazards should be equated with the aforementioned catalogue data of Art. 9 draft General Data Protection Regulation. The independent data protection authorities should do this in a concerted pan- European procedure. The relationship between the specific protection provided by Art. 9 draft General Data Protection Regulation and the general Art. 6 draft General Data Protection Regulation is to be clarified. Compilation: Anna-Bettina Kaiser Alexander Dix

Data Protection, Software Licenses and other Legal Issues in the Cloud

Data Protection, Software Licenses and other Legal Issues in the Cloud Data Protection, Software Licenses and other Legal Issues in the Cloud Dr. Hendrik Schöttle Rechtsanwalt, Fachanwalt für IT-Recht OSDC 2012, Nuremberg 26. April 2012 Overview Introduction Data Protection

More information

Position Paper: Berlin, 31 March 2014. Legislative intentions to increase IT Security

Position Paper: Berlin, 31 March 2014. Legislative intentions to increase IT Security Position Paper: Berlin, 31 March 2014 Legislative intentions to increase IT Security eco the Association of the sees itself as lobbyist and supporter of all companies that are involved in the economic

More information

eprivacy GmbH Criteria Catalogue "eprivacyapp" June 2015

eprivacy GmbH Criteria Catalogue eprivacyapp June 2015 eprivacy GmbH Criteria Catalogue "eprivacyapp" June 2015 The eprivacyapp seal for data security and data protection from eprivacy GmbH certifies the respective requester that his/her offer is compliant

More information

DER HESSISCHE DATENSCHUTZBEAUFTRAGTE

DER HESSISCHE DATENSCHUTZBEAUFTRAGTE DER HESSISCHE DATENSCHUTZBEAUFTRAGTE als Vorsitzender der Konferenz der Datenschutzbeauftragten des Bundes und der Länder 2015 Conference of the Data Protection Commissioners of the Federal Government

More information

Multi-Jurisdictional Study: Cloud Computing Legal Requirements. Julien Debussche Associate January 2015

Multi-Jurisdictional Study: Cloud Computing Legal Requirements. Julien Debussche Associate January 2015 Multi-Jurisdictional Study: Cloud Computing Legal Requirements Julien Debussche Associate January 2015 Content 1. General Legal Framework 2. Data Protection Legal Framework 3. Security Requirements 4.

More information

Legal session: copyright status of statistical data, privacy issues

Legal session: copyright status of statistical data, privacy issues Legal session: copyright status of statistical data, privacy issues JISC Usage Statistics Workshop Pr o f. Dr. Mic h ael S ead l e 1 Statistics as Facts Copyright protects expression, not fact. Facts per

More information

Personal data and cloud computing, the cloud now has a standard. by Luca Bolognini

Personal data and cloud computing, the cloud now has a standard. by Luca Bolognini Personal data and cloud computing, the cloud now has a standard by Luca Bolognini Lawyer, President of the Italian Institute for Privacy and Data Valorization, founding partner ICT Legal Consulting Last

More information

Code of Conduct. Corporate Data Protection. We make ICT strategies work

Code of Conduct. Corporate Data Protection. We make ICT strategies work Corporate Data Protection Code of Conduct for the Protection of the Individual s Right to Privacy in the Handling of Personal Data within the Deutsche Telekom Group 2010 / 04 We make ICT strategies work

More information

Cloud Computing and Privacy Laws! 17.7. 22.7. 2011 Prof. Dr. Thomas Fetzer, LL.M. Technische Universität Dresden Law School

Cloud Computing and Privacy Laws! 17.7. 22.7. 2011 Prof. Dr. Thomas Fetzer, LL.M. Technische Universität Dresden Law School DEUTSCH-FRANZÖSISCHE SOMMERUNIVERSITÄT! FÜR NACHWUCHSWISSENSCHAFTLER 2011! CLOUD COMPUTING : HERAUSFORDERUNGEN UND MÖGLICHKEITEN UNIVERSITÉ DʼÉTÉ FRANCO-ALLEMANDE POUR JEUNES CHERCHEURS 2011! CLOUD COMPUTING

More information

Data Protection Policy.

Data Protection Policy. Data Protection Policy. Data Protection Policy Foreword 2 Foreword Ladies and Gentlemen, In the information age, we offer customers the means to be always connected, even in their cars. This requires data

More information

The reform of the EU Data Protection framework - Building trust in a digital and global world. 9/10 October 2012

The reform of the EU Data Protection framework - Building trust in a digital and global world. 9/10 October 2012 The reform of the EU Data Protection framework - Building trust in a digital and global world 9/10 October 2012 Questionnaire addressed to national Parliaments Please, find attached a number of questions

More information

Binding Corporate Rules ( BCR ) Summary of Third Party Rights

Binding Corporate Rules ( BCR ) Summary of Third Party Rights Binding Corporate Rules ( BCR ) Summary of Third Party Rights This document contains in its Sections 3 9 all provision of the Binding Corporate Rules (BCR) for Siemens Group Companies and Other Adopting

More information

Legal Aspects of the MonIKA-Project - Privacy meets Cybersecurity

Legal Aspects of the MonIKA-Project - Privacy meets Cybersecurity Legal Aspects of the MonIKA-Project - Privacy meets Cybersecurity Sebastian Meissner Security Incident Information Sharing Workshop Berlin, 26.07.2013 Introduction Opening question Privacy & cybersecurity:

More information

A Study on the Lack of Enforcement of Data Protection Acts

A Study on the Lack of Enforcement of Data Protection Acts A Study on the Lack of Enforcement of Data Protection Acts Thorben Burghardt 1, Klemens Böhm 1, Erik Buchmann 1, Jürgen Kühling 2, and Anastasios Sivridis 2 1 Universität Karlsruhe (TH), 76131 Karlsruhe,

More information

Improving self-regulation through (law-based) Corporate Data Protection Officials *

Improving self-regulation through (law-based) Corporate Data Protection Officials * Improving self-regulation through (law-based) Corporate Data Protection Officials * Article by Christoph Klug ** The rise of globalization and multinational corporations is creating a pressing need for

More information

Personal Data Protection

Personal Data Protection Data Protection Personal Data Protection Protection of personal data Living in an area of freedom, security and justice Croatia and Turkey Screening Chapter 23 - Judiciary and fundamental rights Brussels,

More information

Declaration of Internet Rights Preamble

Declaration of Internet Rights Preamble Declaration of Internet Rights Preamble The Internet has played a decisive role in redefining public and private space, structuring relationships between people and between people and institutions. It

More information

Position of the retail and wholesale sector on the Draft Data Protection Regulation in view of the trilogue 2015

Position of the retail and wholesale sector on the Draft Data Protection Regulation in view of the trilogue 2015 2 September 2015 Position of the retail and wholesale sector on the Draft Data Protection Regulation in view of the trilogue 2015 We support the efforts of EU legislators to create a harmonised data protection

More information

POLICY FRAMEWORK AND STANDARDS INFORMATION SHARING BETWEEN GOVERNMENT AGENCIES

POLICY FRAMEWORK AND STANDARDS INFORMATION SHARING BETWEEN GOVERNMENT AGENCIES POLICY FRAMEWORK AND STANDARDS INFORMATION SHARING BETWEEN GOVERNMENT AGENCIES January 2003 CONTENTS Page 1. POLICY FRAMEWORK 1.1 Introduction 1 1.2 Policy Statement 1 1.3 Aims of the Policy 1 1.4 Principles

More information

CCBE RECOMMENDATIONS FOR THE IMPLEMENTATION OF THE DATA RETENTION DIRECTIVE

CCBE RECOMMENDATIONS FOR THE IMPLEMENTATION OF THE DATA RETENTION DIRECTIVE Représentant les avocats d Europe Representing Europe s lawyers CCBE RECOMMENDATIONS FOR THE IMPLEMENTATION OF THE DATA RETENTION DIRECTIVE CCBE RECOMMENDATIONS FOR THE IMPLEMENTATION OF THE DATA RETENTION

More information

DDV Declaration (VE 12/2009) Commissioned Data Processing and Data Treatment

DDV Declaration (VE 12/2009) Commissioned Data Processing and Data Treatment DDV Declaration (VE 12/2009) Commissioned Data Processing and Data Treatment Service provider: (in the following Service Provider ) Street, number: Country: ZIP code, city: E-mail address: Website: www...

More information

Article 29 Working Party Issues Opinion on Cloud Computing

Article 29 Working Party Issues Opinion on Cloud Computing Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,

More information

BRING YOUR OWN DEVICE

BRING YOUR OWN DEVICE BRING YOUR OWN DEVICE Legal Analysis & Practical TIPs for an effective BYOD corporate Policy CONTENTS 1. What is BYOD? 2. Benefits and risks of BYOD in Europe 3. BYOD and existing Policies 4. Legal issues

More information

29 October 2015 Conference of the Independent Data Protection Authorities of the Federation and the Federal States

29 October 2015 Conference of the Independent Data Protection Authorities of the Federation and the Federal States 29 October 2015 Conference of the Independent Data Protection Authorities of the Federation and the Federal States Key data protection points for the trilogue on the data protection directive in the field

More information

7.0 Information Security Protections The aggregation and analysis of large collections of data and the development

7.0 Information Security Protections The aggregation and analysis of large collections of data and the development 7.0 Information Security Protections The aggregation and analysis of large collections of data and the development of interconnected information systems designed to facilitate information sharing is revolutionizing

More information

GUIDE ON DATA PROTECTION REQUIREMENTS IN THE CONTEXT OF CLOUD COMPUTING SERVICES

GUIDE ON DATA PROTECTION REQUIREMENTS IN THE CONTEXT OF CLOUD COMPUTING SERVICES GUIDE ON DATA PROTECTION REQUIREMENTS IN THE CONTEXT OF CLOUD COMPUTING SERVICES CONTENT 1. WHY A CLOUD COMPUTING GUIDE?... 2 2. WHAT IS CLOUD COMPUTING?... 4 3. WHAT ARE THE ROLES OF THE CLOUD SERVICES

More information

Act on Background Checks

Act on Background Checks NB: Unofficial translation Ministry of Justice, Finland Act on Background Checks (177/2002) Chapter 1 General provisions Section 1 Scope of application (1) This Act applies to background checks, which

More information

E-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY

E-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY E-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY Oana Dolea 7 th Annual Leg@l.IT Conference March 26th, 2013 Montreal, Canada INTRODUCTION Mobile e-commerce vs. E-commerce Mobile e-commerce:

More information

Matthias Hauss- SRC Security Research & Consulting GmbH October 2011. PCI DSS Requirements in the Context of European Data Protection Law

Matthias Hauss- SRC Security Research & Consulting GmbH October 2011. PCI DSS Requirements in the Context of European Data Protection Law Matthias Hauss- SRC Security Research & Consulting GmbH October 2011 PCI DSS Requirements in the Context of European Data Protection Law About SRC Two pillars: Card-based Payment Systems and IT security

More information

Align Technology. Data Protection Binding Corporate Rules Processor Policy. 2014 Align Technology, Inc. All rights reserved.

Align Technology. Data Protection Binding Corporate Rules Processor Policy. 2014 Align Technology, Inc. All rights reserved. Align Technology Data Protection Binding Corporate Rules Processor Policy Confidential Contents INTRODUCTION TO THIS POLICY 3 PART I: BACKGROUND AND ACTIONS 4 PART II: PROCESSOR OBLIGATIONS 6 PART III:

More information

Corporate Policy. Data Protection for Data of Customers & Partners.

Corporate Policy. Data Protection for Data of Customers & Partners. Corporate Policy. Data Protection for Data of Customers & Partners. 02 Preamble Ladies and gentlemen, Dear employees, The electronic processing of virtually all sales procedures, globalization and growing

More information

DEFINITIONS. "this web site" means www.vericredonline.com. "user" means any person accessing any part of this web site DISCLAIMER

DEFINITIONS. this web site means www.vericredonline.com. user means any person accessing any part of this web site DISCLAIMER DEFINITIONS VeriCred Collections means VeriCred Credit Bureau (Pty) Ltd, a private company, with limited liability, duly registered and incorporated as such in accordance with the laws of the Republic

More information

Do you have a private life at your workplace?

Do you have a private life at your workplace? Do you have a private life at your workplace? Privacy in the workplace in EC institutions and bodies Giovanni Buttarelli In the course of his supervisory activities, the EDPS has published positions on

More information

Insurance Europe key messages on the European Commission's proposed General Data Protection Regulation

Insurance Europe key messages on the European Commission's proposed General Data Protection Regulation Position Paper Insurance Europe key messages on the European Commission's proposed General Data Protection Regulation Our reference: SMC-DAT-12-064 Date: 3 September 2012 Related documents: Proposal for

More information

Overview of Employment and Employee Privacy Laws and Key Trends in Austria

Overview of Employment and Employee Privacy Laws and Key Trends in Austria P a g e 1 Privacy Interviews with Experts August 2011 Toronto / Washington DC / Brussels www.nymity.com Rainer Knyrim Attorney and Partner Preslmayr Attorneys at Law Vienna, Austria Overview of Employment

More information

CROATIAN PARLIAMENT 1364

CROATIAN PARLIAMENT 1364 CROATIAN PARLIAMENT 1364 Pursuant to Article 88 of the Constitution of the Republic of Croatia, I hereby pass the DECISION PROMULGATING THE ACT ON PERSONAL DATA PROTECTION I hereby promulgate the Act on

More information

FRANCE. Chapter XX OVERVIEW

FRANCE. Chapter XX OVERVIEW Chapter XX FRANCE Merav Griguer 1 I OVERVIEW France has an omnibus privacy, data protection and cybersecurity framework law. As a member of the European Union, France has implemented the EU Data Protection

More information

Under European law teleradiology is both a health service and an information society service.

Under European law teleradiology is both a health service and an information society service. ESR statement on the European Commission Staff Working Document on the applicability of the existing EU legal framework to telemedicine services (SWD 2012/413). The European Society of Radiology (ESR)

More information

Privacy Policy (as of 02.2015)

Privacy Policy (as of 02.2015) Privacy Policy (as of 02.2015) We want you to feel secure when visiting our websites, viewing our Online Shop and during all bidding and purchasing processes and their handling, when you engage Auctionata

More information

EU Data Protection Directive and U.S. Safe Harbor Framework: An Employer Update. By Stephen H. LaCount, Esq.

EU Data Protection Directive and U.S. Safe Harbor Framework: An Employer Update. By Stephen H. LaCount, Esq. EU Data Protection Directive and U.S. Safe Harbor Framework: An Employer Update By Stephen H. LaCount, Esq. Overview The European Union Data Protection Directive 95/46/EC ( Directive ) went effective in

More information

Institute for Judicial and Legal Studies

Institute for Judicial and Legal Studies Institute for Judicial and Legal Studies «The Data Protection Reform for Mauritius» Presented by Mrs Drudeisha Madhub (Data Protection Commissioner) Email: pmo-dpo@mail.gov.mu Tel:+230 201 36 04 Helpdesk:+230

More information

IP/IT (Intellectual Property/Information Technology)

IP/IT (Intellectual Property/Information Technology) IP/IT (Intellectual Property/Information Technology) European Court of Justice declares US Safe Harbor invalid Special Newsletter II Legal advice. Tax advice. Luther. Special newsletter II IP/IT European

More information

Guidelines on Data Protection. Draft. Version 3.1. Published by

Guidelines on Data Protection. Draft. Version 3.1. Published by Guidelines on Data Protection Draft Version 3.1 Published by National Information Technology Development Agency (NITDA) September 2013 Table of Contents Section One... 2 1.1 Preamble... 2 1.2 Authority...

More information

Appendix 11 - Swiss Data Protection Act

Appendix 11 - Swiss Data Protection Act GLEIF- LOU Restricted Appendix 11 - Swiss Data Protection Act GLEIF Revision Version: 1.0 2015-09-23 Master Copy page 2 of 11 Applicable Provisions of the Swiss Data Protection Act (DPA) including the

More information

BCS, The Chartered Institute for IT Consultation Response to:

BCS, The Chartered Institute for IT Consultation Response to: BCS, The Chartered Institute for IT Consultation Response to: A Comprehensive Approach to Personal Data Protection in the European Union Dated: 15 January 2011 BCS The Chartered Institute for IT First

More information

Online Ads: A new challenge for privacy? Jörg Polakiewicz*

Online Ads: A new challenge for privacy? Jörg Polakiewicz* 31st International Conference of Data Protection and Privacy Commissioners, Madrid Thursday 5 November 2009, 15.00-16.30 Parallel Session A Smile! There s a camera behind the ad or Send it to a friend

More information

Summary of the Dutch Data Protection Authority s guidelines for the Data Breach Notification Act

Summary of the Dutch Data Protection Authority s guidelines for the Data Breach Notification Act Summary of the Dutch Data Protection Authority s guidelines for the Data Breach Notification Act On 1 January 2016, the Dutch Data Breach Notification Act will enter into force. The Dutch DPA issued Guidelines

More information

Factsheet on the Right to be

Factsheet on the Right to be 101010 100101 1010 101 Factsheet on the Right to be 100 Forgotten ruling (C-131/12) 101 101 1) What is the case about and what did 100 the Court rule? 10 In 2010 a Spanish citizen lodged a complaint against

More information

Office of the Data Protection Commissioner of The Bahamas. Data Protection (Privacy of Personal Information) Act, 2003. A Guide for Data Controllers

Office of the Data Protection Commissioner of The Bahamas. Data Protection (Privacy of Personal Information) Act, 2003. A Guide for Data Controllers Office of the Data Protection Commissioner of The Bahamas Data Protection (Privacy of Personal Information) Act, 2003 A Guide for Data Controllers 1 Acknowledgement Some of the information contained in

More information

Surveying with CustomerGauge - Legal Considerations:

Surveying with CustomerGauge - Legal Considerations: Resource Sheet Surveying with CustomerGauge - Legal Considerations: Adam Dorrell Please Note this is not a legal document, and should be used for guidance only. You are advised to seek legal advice before

More information

A buyer can buy either the shares of the company that owns the target business or simply buy the assets which make up that business:

A buyer can buy either the shares of the company that owns the target business or simply buy the assets which make up that business: Buying a business This briefing highlights the main legal risks to consider when buying another business or enterprise. A buyer should always take legal advice at the outset of any acquisition. Structuring

More information

The potential legal consequences of a personal data breach

The potential legal consequences of a personal data breach The potential legal consequences of a personal data breach Tue Goldschmieding, Partner 16 April 2015 The potential legal consequences of a personal data breach 15 April 2015 Contents 1. Definitions 2.

More information

Draft Guidelines under the Competition Ordinance. Comments by Hong Kong Cable Television Limited

Draft Guidelines under the Competition Ordinance. Comments by Hong Kong Cable Television Limited Draft Guidelines under the Competition Ordinance Comments by Hong Kong Cable Television Limited Two overarching points The Hong Kong Competition Commission ( Commission ) s draft guidelines ( Guidelines

More information

slaughter and may The new EU Data Protection Regulation revolution or evolution?

slaughter and may The new EU Data Protection Regulation revolution or evolution? slaughter and may The new EU Data Protection Regulation revolution or evolution? BRIEFING April 2012 Reform of Europe s data protection regime moved one step closer this January with the publication of

More information

Merchants and Trade - Act No 28/2001 on electronic signatures

Merchants and Trade - Act No 28/2001 on electronic signatures This is an official translation. The original Icelandic text published in the Law Gazette is the authoritative text. Merchants and Trade - Act No 28/2001 on electronic signatures Chapter I Objectives and

More information

ECB-PUBLIC OPINION OF THE EUROPEAN CENTRAL BANK. of 16 October 2015. on the central register of bank accounts (CON/2015/36)

ECB-PUBLIC OPINION OF THE EUROPEAN CENTRAL BANK. of 16 October 2015. on the central register of bank accounts (CON/2015/36) EN ECB-PUBLIC OPINION OF THE EUROPEAN CENTRAL BANK of 16 October 2015 on the central register of bank accounts (CON/2015/36) Introduction and legal basis On 4 September 2015 the European Central Bank (ECB)

More information

International Privacy and Data Security Requirements. Benedict Stanberry, LLB LLM MRIN Director, Centre for Law Ethics and Risk in Telemedicine

International Privacy and Data Security Requirements. Benedict Stanberry, LLB LLM MRIN Director, Centre for Law Ethics and Risk in Telemedicine International Privacy and Data Security Requirements Benedict Stanberry, LLB LLM MRIN Director, Centre for Law Ethics and Risk in Telemedicine Aims of this Presentation. To provide a brief overview of

More information

Response from REGLEG to the Consultation on the Common Strategic Framework

Response from REGLEG to the Consultation on the Common Strategic Framework 1 Response from REGLEG to the Consultation on the Common Strategic Framework REGLEG welcomes the early publication of the Commission Staff Working Document Elements for a Common Strategic Framework 2014

More information

New EU Data Protection legislation comes into force today. What does this mean for your business?

New EU Data Protection legislation comes into force today. What does this mean for your business? 24 th May 2016 New EU Data Protection legislation comes into force today. What does this mean for your business? After years of discussion and proposals, the General Data Protection Regulation ( GDPR )

More information

Privacy Policy. February, 2015 Page: 1

Privacy Policy. February, 2015 Page: 1 February, 2015 Page: 1 Revision History Revision # Date Author Sections Altered Approval/Date Rev 1.0 02/15/15 Ben Price New Document Rev 1.1 07/24/15 Ben Price Verify Privacy Grid Requirements are met

More information

Align Technology. Data Protection Binding Corporate Rules Controller Policy. 2014 Align Technology, Inc. All rights reserved.

Align Technology. Data Protection Binding Corporate Rules Controller Policy. 2014 Align Technology, Inc. All rights reserved. Align Technology Data Protection Binding Corporate Rules Controller Policy Contents INTRODUCTION 3 PART I: BACKGROUND AND ACTIONS 4 PART II: CONTROLLER OBLIGATIONS 6 PART III: APPENDICES 13 2 P a g e INTRODUCTION

More information

OVERVIEW. stakeholder engagement mechanisms and WP29 consultation mechanisms respectively.

OVERVIEW. stakeholder engagement mechanisms and WP29 consultation mechanisms respectively. Joint work between experts from the Article 29 Working Party and from APEC Economies, on a referential for requirements for Binding Corporate Rules submitted to national Data Protection Authorities in

More information

Response of the Northern Ireland Human Rights Commission on the Health and Social Care (Control of Data Processing) NIA Bill 52/11-16

Response of the Northern Ireland Human Rights Commission on the Health and Social Care (Control of Data Processing) NIA Bill 52/11-16 Response of the Northern Ireland Human Rights Commission on the Health and Social Care (Control of Data Processing) NIA Bill 52/11-16 Summary The Northern Ireland Human Rights Commission (the Commission):

More information

Data, Privacy, Cookies and the FTC in 2013. Kevin Stark - ExactTarget Maltie Maraj - ExactTarget Nicholas Merker - Ice Miller

Data, Privacy, Cookies and the FTC in 2013. Kevin Stark - ExactTarget Maltie Maraj - ExactTarget Nicholas Merker - Ice Miller Data, Privacy, Cookies and the FTC in 2013 Kevin Stark - ExactTarget Maltie Maraj - ExactTarget Nicholas Merker - Ice Miller BIOS Kevin Stark: Product Manager at ExactTarget. Focused on data security,

More information

The European Union as a Constitutional Guardian of Internet Privacy and Data Protection: the Story of Article 16 TFEU

The European Union as a Constitutional Guardian of Internet Privacy and Data Protection: the Story of Article 16 TFEU The European Union as a Constitutional Guardian of Internet Privacy and Data Protection: the Story of Article 16 TFEU SHORT SUMMARY There is a wide perception that governments are losing control over societal

More information

Main characteristics of EU Law Relations between EU Law and National Legal Systems

Main characteristics of EU Law Relations between EU Law and National Legal Systems European Institute of Public Administration - Institut européen d administration publique Main characteristics of EU Law Relations between EU Law and National Legal Systems Tomasz KRAMER Lecturer European

More information

Corporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data

Corporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data Corporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data *) For the purposes of these Corporate Guidelines, Third Countries are all those countries, which do not

More information

Data protection compliance checklist

Data protection compliance checklist Data protection compliance checklist What is this checklist for? This checklist is drawn up on the basis of analysis of the relevant provisions of European law. Although European law aims at harmonizing

More information

DDV Declaration Commissioned Data Processing and Data Treatment (Version: 09/2009)

DDV Declaration Commissioned Data Processing and Data Treatment (Version: 09/2009) DDV Declaration Commissioned Data Processing and Data Treatment (Version: 09/2009) Service provider: (in the following Service Provider ) Street, number ZIP code, city E-mail address Internet addresses

More information

technical factsheet 176

technical factsheet 176 technical factsheet 176 Data Protection CONTENTS 1. Introduction 1 2. Register with the Information Commissioner s Office 1 3. Period protection rights and duties remain effective 2 4. The data protection

More information

Data Protection. Processing and Transfer of Personal Data in Kvaerner. Binding Corporate Rules Public Document

Data Protection. Processing and Transfer of Personal Data in Kvaerner. Binding Corporate Rules Public Document Data Protection Processing and Transfer of Personal Data in Kvaerner Binding Corporate Rules Public Document 1 of 19 1 / 19 Table of contents 1 Introduction... 4 1.1 Scope... 4 1.2 Definitions... 4 1.2.1

More information

Slide 1 Presentation is on two other key principles of Environmental Law

Slide 1 Presentation is on two other key principles of Environmental Law Slide 1 Presentation is on two other key principles of Environmental Law 1 Slide 2 The following presentation gives a general overview on the background, the functions and the implementation of the preventive

More information

Astaro Services AG Rheinweg 7, CH-8200 Schaffhausen. Supplementary data protection agreement. to the license agreement for license ID: between

Astaro Services AG Rheinweg 7, CH-8200 Schaffhausen. Supplementary data protection agreement. to the license agreement for license ID: between Astaro Services AG Rheinweg 7, CH-8200 Schaffhausen Supplementary data protection agreement to the license agreement for license ID: between...... represented by... Hereinafter referred to as the "Client"

More information

Qualified Electronic Signatures Act (SFS 2000:832)

Qualified Electronic Signatures Act (SFS 2000:832) Qualified Electronic Signatures Act (SFS 2000:832) The following is hereby enacted 1 Introductory provision 1 The purpose of this Act is to facilitate the use of electronic signatures, through provisions

More information

Version 56 (29/11/2011)

Version 56 (29/11/2011) EUROPEAN COMMISSION Brussels, XXX [ ](2011) XXX draft Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of individuals with regard to the processing of personal

More information

Data Processing Agreement for Oracle Cloud Services

Data Processing Agreement for Oracle Cloud Services Data Processing Agreement for Oracle Cloud Services Version December 1, 2013 1. Scope and order of precedence This is an agreement concerning the Processing of Personal Data as part of Oracle s Cloud Services

More information

4-column document Net neutrality provisions (including recitals)

4-column document Net neutrality provisions (including recitals) 4-column document Net neutrality provisions (including recitals) [Text for technical discussions. It does not express any position of the Commission or its services] Proposal for a REGULATION OF THE EUROPEAN

More information

Comments and proposals on the Chapter IV of the General Data Protection Regulation

Comments and proposals on the Chapter IV of the General Data Protection Regulation Comments and proposals on the Chapter IV of the General Data Protection Regulation Ahead of the trialogue negotiations later this month, EDRi, Access, Panoptykon Bits of Freedom, FIPR and Privacy International

More information

235.1. Federal Act on Data Protection (FADP) Aim, Scope and Definitions

235.1. Federal Act on Data Protection (FADP) Aim, Scope and Definitions English is not an official language of the Swiss Confederation. This translation is provided for information purposes only and has no legal force. Federal Act on Data Protection (FADP) 235.1 of 19 June

More information

1. Consultation of the Committee (SCFCAH)

1. Consultation of the Committee (SCFCAH) GUIDELINES FOR THE DEVELOPMENT OF COMMUNITY GUIDES TO GOOD PRACTICE FOR HYGIENE OR FOR THE APPLICATION OF THE HACCP PRINCIPLES, IN ACCORDANCE WITH ARTICLE 9 OF REGULATION (EC) NO 852/2004 ON THE HYGIENE

More information

THE TRANSFER OF PERSONAL DATA ABROAD

THE TRANSFER OF PERSONAL DATA ABROAD THE TRANSFER OF PERSONAL DATA ABROAD MARCH 2014 THIS NOTE CONSIDERS THE SITUATION OF AN IRISH ORGANISATION OR BUSINESS SEEKING TO TRANSFER PERSONAL DATA ABROAD FOR STORAGE OR PROCESSING, IN LIGHT OF THE

More information

PRESIDENT S DECISION No. 40. of 27 August 2013. Regarding Data Protection at the European University Institute. (EUI Data Protection Policy)

PRESIDENT S DECISION No. 40. of 27 August 2013. Regarding Data Protection at the European University Institute. (EUI Data Protection Policy) PRESIDENT S DECISION No. 40 of 27 August 2013 Regarding Data Protection at the European University Institute (EUI Data Protection Policy) THE PRESIDENT OF THE EUROPEAN UNIVERSITY INSTITUTE, Having regard

More information

Section 1: Development of the EU s competence in the field of police and judicial cooperation in criminal matters

Section 1: Development of the EU s competence in the field of police and judicial cooperation in criminal matters CALL FOR EVIDENCE ON THE GOVERNMENT S REVIEW OF THE BALANCE OF COMPETENCES BETWEEN THE UNITED KINGDOM AND THE EUROPEAN UNION Police and Criminal Justice LEGAL ANNEX Section 1: Development of the EU s competence

More information

Information Technology - Switzerland

Information Technology - Switzerland Newsletters Law Directory Deals News Subscribe Home Information Technology - Switzerland Data Protection - Key Issues Contributed by Homburger December 2 2003 Introduction No Free Flow of Data within a

More information

Mr Ronald S Boster Acting Secretary Public Company Accounting Oversight Board 1666 K Street, NW USA-Washington, DC 20006-2803.

Mr Ronald S Boster Acting Secretary Public Company Accounting Oversight Board 1666 K Street, NW USA-Washington, DC 20006-2803. Date Secrétariat Fédération Rue de la Loi 83 Général des Experts 1040 Bruxelles 31 March 2003 Comptables Tél. 32 (0) 2 285 40 85 Européens Fax: 32 (0) 2 231 11 12 E-mail: secretariat@fee.be Mr Ronald S

More information

Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries

Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries Sopra HR Software as a Data Processor Sopra HR Software, 2014 / Ref. : 20141120-101114-m 1/32 1.

More information

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL EUROPEAN COMMISSION Brussels, 25.1.2012 COM(2012) 11 final 2012/0011 (COD) Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of individuals with regard to the processing

More information

OUTSOURCING, HOSTING AND DATA PRIVACY ISSUES

OUTSOURCING, HOSTING AND DATA PRIVACY ISSUES OUTSOURCING, HOSTING AND DATA PRIVACY ISSUES 4 April 2013 James Castro-Edwards Solicitor Monica Salgado Advogada / Portuguese Lawyer OUR TEAM Speechly Bircham is an ambitious, full-service law firm with

More information

eprivacyseal GmbH Criteria catalogue EU November 2013

eprivacyseal GmbH Criteria catalogue EU November 2013 eprivacyseal GmbH Criteria catalogue EU November 2013 The EPS data privacy seal certifies for the respective applicant that its product or service is in line with the detailed criteria in the following

More information

EDS Innovation Research Programme DISCUSSION PAPER SERIES. No.005 Media, Connectivity, Literacies and Ethics

EDS Innovation Research Programme DISCUSSION PAPER SERIES. No.005 Media, Connectivity, Literacies and Ethics EDS Innovation Research Programme DISCUSSION PAPER SERIES No.005 Media, Connectivity, Literacies and Ethics Security Challenges of Networks: Cyber Trust and Cyber Crime Robin Mansell March 2006 EDS Innovation

More information

The State as a Platform and France Connect

The State as a Platform and France Connect The State as a Platform and France Connect or, a new approach to the design of digital public services https://references.modernisation.gouv.fr/appel-public-%c3%a0-commentaires-epfc Service Architecture

More information

Privacy in the electronic communication sector: insights from the ISP industry

Privacy in the electronic communication sector: insights from the ISP industry Privacy in the electronic communication sector: insights from the ISP industry Innocenzo Genna Genna Cabinet Bruxelles FIA Conference Ghent, 16 November 2010 The opinions expressed in this presentation

More information

1 September /552

1 September /552 Foreword from the Chair of the ICC Commission on the Digital Economy Paris, 1 April 2016 The International Chamber of Commerce (ICC) policy inventory on the European Union (EU) General Data Protection

More information

THE FORTY RECOMMENDATIONS OF THE FINANCIAL ACTION TASK FORCE ON MONEY LAUNDERING

THE FORTY RECOMMENDATIONS OF THE FINANCIAL ACTION TASK FORCE ON MONEY LAUNDERING THE FORTY RECOMMENDATIONS OF THE FINANCIAL ACTION TASK FORCE ON MONEY LAUNDERING 1990 A. GENERAL FRAMEWORK OF THE RECOMMENDATIONS 1. Each country should, without further delay, take steps to fully implement

More information

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL EUROPEAN COMMISSION Brussels, XXX COM(2012) 11/3 draft Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of individuals with regard to the processing of personal

More information

Information Security Risks when going cloud. How to deal with data security: an EU perspective.

Information Security Risks when going cloud. How to deal with data security: an EU perspective. Separating fact from fiction about new software licensing /SaaS/ cloud computing models: advantages, disadvantages and ethical implications. Information Security Risks when going cloud. How to deal with

More information

EUROPEAN UNION. Brussels, 12 July 2002 (OR. en) PE-CONS 3636/02 2000/0189 (COD) LEX 365 ECO 217 CODEC 778

EUROPEAN UNION. Brussels, 12 July 2002 (OR. en) PE-CONS 3636/02 2000/0189 (COD) LEX 365 ECO 217 CODEC 778 EUROPEAN UNION THE EUROPEAN PARLIAMT THE COUNCIL Brussels, 12 July 2002 (OR. en) 2000/0189 (COD) LEX 365 PE-CONS 3636/02 ECO 217 CODEC 778 DIRECTIVE 2002/58/EC OF THE EUROPEAN PARLIAMT AND OF THE COUNCIL

More information

Data protection at the cost of economic growth?

Data protection at the cost of economic growth? Data protection at the cost of economic growth? Elina Pyykkö* ECRI Commentary No. 11/November 2012 The Data Protection Regulation proposed by the European Commission contains important elements to facilitate

More information

Table of contents: ***

Table of contents: *** Table of contents: *** In Europe the issue of personal data protection is settled by European Parliament s and European Council s Directive 95/46/WE of October 24, 1995 (which is basis of Polish regulations)

More information

Against this background, would like to emphasise the following points:

Against this background, would like to emphasise the following points: Frankfurt am Main, 31 August 2012 BVI s Position Paper on the Commission s Proposal for a Directive of the European Parliament and of the Council amending the Directive 2009/65/EC (UCITS V) BVI 1 welcomes

More information