DATRET/EXPGRP (2009) 6 FINAL Document 6
|
|
- Hubert Pitts
- 8 years ago
- Views:
Transcription
1 DATRET/EXPGRP (2009) 6 FINAL EXPERTS GROUP "THE PLATFORM FOR ELECTRONIC DATA RETENTION FOR THE INVESTIGATION, DETECTION AND PROSECUTION OF SERIOUS CRIME" ESTABLISHED BY COMMISSION DECISION 2008/324/EC SERIES A: GUIDANCE DOCUMENTS Document 6 Closer understanding of the possibilities of providers to store traffic data in a Member State other than the Member State of origin of the data ( Central Data Storage ), in relation to its application in Directive 2006/24/EC version of 11 October 2010 (final) Scope The aim of this document is to discuss the situation where companies centralise the storage under Directive 2006/24 for commercial reasons and not the situation where national law of a MS requires central storage within that MS. The paper does not deal with the question of the applicable law to data retention which is closely linked to the centralised storage. This difficult legal issue will be the subject of a separate Position Paper Document. The issue is currently also discussed - but from a slightly different perspective - in the Article 29 Working Party on Data Protection. Date and Status This is the final version that was unanimously adopted by the Expert Group on Monday 11 October A disclaimer applies (see at the end of the document). Aspects of EU Directive 2006/24/EC covered in this paper Articles 1(1), 3 and 8 Retention and Storage The term "Central Data Storage will only be used in this paper in relation to the possibilities of providers to store traffic data in a Member State other than the Member State of origin of the data. Page 1 of 7 FINAL
2 Key Observations Directive 2006/24 is silent about the place of storage. Under those conditions, the principles of the Internal Market, must be applied, with the following result: a provider is allowed to store the data on the territory of another MS than the MS where the data were generated or processed, in the meaning of Article 3 of the Directive. Moreover: Any obligation imposed by a MS for the data to be retained on its own territory, is a restriction to the principle of free flow of data within the EU. Such a restriction is in principle not allowed for data protection considerations, but could be justified for reasons of public policy subject to the conditions imposed by the case law of the ECJ. The law of the originating Member State determines the storage period, i.e. the data retention legislation of the originating MS applies to the data. The providers wishing to store data in a central data base in EU should proceed to the (physical and[/or] logical) separation of the data originating from different MS, because of the lack of harmonisation of the directive (retention periods, different definitions of serious crime, etc) in order to ensure data security and to facilitate the application of the national legislation of each originating MS. In any case, national law must not only ensure the effectiveness of the Data Retention Directive but also of the Data Protection Directive. This means for instance that data should be stored only once except for back-up for security reasons and/or business continuity of the system (data minimisation), that the data subjects whose personal data are retained can effectively exercise their rights and that data protection authorities of the originating Member State can effectively fulfil their tasks. Specific attention is needed for data security measures. The rules on applicable law determine what MS must be considered as the MS where the data were generated or processed (further: 'originating MS). The main legal provisions relevant for applicable law are Article 4 of Directive 95/46, Article 15 of Directive 2002/58 and Article 3 of Directive 2006/24. Those legal provisions will be explained in a separate Guiding Document (see above). Page 2 of 7 FINAL
3 Central Data Storage within EU B.1. Objective and context of the Data Retention Directive The objective of the Data Retention Directive 2006/24/EC is to harmonise MSs' provisions concerning the obligation of the providers of publicly available electronic communications services to retain certain data in order to ensure that these data are available for the purpose of investigation of serious crime (art. 1). The data must be retained in such a way that they can be transmitted to the competent public authorities upon request (art. 8). Article 3 provides that data listed in Article 5 "are retained in accordance with the provisions [of Article 5], to the extent that those data are generated or processed by providers of publicly available electronic communications services or of a public communications network within their jurisdiction in the process of supplying the communications services concerned." The provisions of the Data Retention Directive apply without prejudice to the provisions of the Data Protection Directive 95/46. 1 The principles and provisions of the latter apply to any processing based on the Data Retention Directive unless the latter explicitly derogates from the former Directive. The provisions of the Data Retention Directive apply without prejudice to the provisions of Directive 2002/58. The Data Retention Direction is a specific derogation of an obligation under data protection law, in particular Article 6 of that directive. The Data Retention Directive does not contain a specific provision on the "territoriality" of storage of the relevant data. It does not prohibit the storage of data in different MSs. Article 4 of the Directive 95/46/EC has specific relevance: It provides that each MS shall apply its national provisions to the processing of personal data, where the processing is carried out in the context of the activities of an establishment of the controller (provider) on the territory of the MS. When the same controller is established on the territory of several MS, he must take the 1 In this context, several articles (2, 3, 7, 9, 13, 14) and recitals (1, 2, 15, 16, 18, 19, 25) of Directive 2006/24 are relevant. Page 3 of 7 FINAL
4 necessary measures to ensure that each of these establishments complies with the obligations laid down by the national law applicable (see further under 'applicable law'). Any approach to the problem of central data storage should guarantee (a) that the obligations of the providers can be performed, (b) the aim of the Data Retention Directive is ensured and (c) the rights of the data subjects are efficiently and effectively protected. B.2. Data to be stored The provision of electronic communications services generates, at different stages, a large amount of information that the providers of communication services have to retain, often cooperating with each other. The meaning of Art. 3 of Directive 2006/24 is to delimit the scope of the retention obligation and minimize the economic and organisational burden on providers (see recital 23). Each provider has to store, when generated or processed, only the data necessary, within his jurisdiction, to provide his own communication service. Thus the provider is - in principle - not required to keep additional data generated or processed by other providers in the process of supplying a given communication service, nor to generate or process data for retention as a result of Directive 2006/24. B.3. May the data identified in Article 5 Directive 2006/24 be stored by parties other than the providers? The data can also be stored by parties other than the provider. Article 6(5) of Directive 2002/58 (read in the light of Articles 2, lett. e) and 16 of Directive 95/46) introduces particular guarantees for the processing of traffic data, restricting it "to persons acting under the authority of providers of the public communications networks and publicly available electronic communications services handling billing or traffic management, customer enquiries, fraud detection, Page 4 of 7 FINAL
5 marketing electronic communications services or providing a value added service" and only to the data "necessary for the purposes of such activities". These guarantees do not exclude that data are processed by a third party, provided that he acts under the authority of the provider. In the terminology of Directive 95/46, the third party must be considered to be a 'processor', not a 'controller'. 2 B.4. Could the data be stored within a MS other than that from which they originate? Neither Directive 2006/24/EC nor Directive 2002/58 contain specific provisions about the application of the law of the Member State where data are stored; as a consequence Directive 95/46 is applicable. The objective of Directive 95/46 is to ensure: free flow of such data within EU, and in that context; protection of individuals with regard to the processing of personal data. According to the above, any obligation imposed by a MS regarding the retention of the data within its own territory could be considered as a restriction of the principle of free flow of data within EU established by Directive 95/46. In principle, such restriction is not allowed. However, it is not excluded that MSs under national law introduce such restriction, provided that it proves that such restriction is necessary for a reason recognised in the Treaty (public policy; public security) or for another reason mentioned in Article 13 of Directive 95/46, and not disproportionate. 2 According to its Article 2, 'controller' shall mean the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by national or Community laws or regulations, the controller or the specific criteria for his nomination may be designated by national or Community law. 'Processor' shall mean a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller. Page 5 of 7 FINAL
6 B.5. Retention periods, security measures and supervision by DPA's. In case of different retention periods between the "originating MS" and the "storage MS", the legislation of the "originating MS" should apply. The storage provider must retain the data for the period required by the data retention legislation of the "originating MS", in order to be able to comply with its obligations to transmit them to the competent public authorities upon request. More concrete, he should take all the necessary measures (logical or physical) to keep separate the data originating from different MS and/or from different providers. Account should also be taken of Article 17 (3) of Directive 95/46, second indent, which makes reference to the security of processing, and which defines the law that has to be respected in this regard. As a consequence, storage provider will have to respect the law of the MS where the storage takes place, adopting the "appropriate technical and organizational measures to protect personal data". Moreover, the security measures provided for by Article 7 Directive 2006/24 should also be applied. The jurisdiction of the national Data Protection Authorities (DPAs) is determined by Article 28.6 of Directive 95/46: "[e]ach supervisory authority is competent, whatever the national law applicable to the processing in question, to exercise, on the territory of its own MS, the powers conferred on it in accordance with paragraph 3. (...)". Furthermore, cooperation among national DPAs is foreseen: "(...) Each authority may be requested to exercise its powers by an authority of another MS. The supervisory authorities shall cooperate with one another to the extent necessary for the performance of their duties, in particular by exchanging all useful information". In short, the competent authority is the authority of the MS in which the processing takes place, who checks the lawfulness of the processing in the State in which the data are stored. He may be requested to exercise its powers by the authority of the MS of origin of the data. Disclaimer Page 6 of 7 FINAL
7 The views and opinions expressed in this document are not necessarily shared by all Members of the Expert Group "the Platform for Electronic Data Retention for the investigation, detection and prosecution of serious crime" and do not constitute legal advice. For details about the origin and status of the guidance contained in this document refer to the accompanying document "Introduction to the Series". The opinions expressed in this document do not necessarily reflect the views of the European Commission which accepts no responsibility or liability whatsoever with regard its contents. Page 7 of 7 FINAL
SERIES A : GUIDANCE DOCUMENTS. Document Nr 3
DATRET/EXPGRP (2009) 3 - FINAL EXPERTS GROUP "THE PLATFORM FOR ELECTRONIC DATA RETENTION FOR THE INVESTIGATION, DETECTION AND PROSECUTION OF SERIOUS CRIME" ESTABLISHED BY COMMISSION DECISION 2008/324/EC
More informationOfficial Journal of the European Communities
11. 6. 98 EN Official Journal of the European Communities L 166/45 DIRECTIVE 98/26/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 19 May 1998 on settlement finality in payment and securities settlement
More informationOption Table - Directive on Statutory Audits of Annual and Consolidated Accounts
Option Table - Directive on Statutory Audits of Annual and Consolidated Accounts The purpose of this document is to highlight the changes in the options available to Member States and Competent Authorities
More informationECB-PUBLIC OPINION OF THE EUROPEAN CENTRAL BANK. of 16 October 2015. on the central register of bank accounts (CON/2015/36)
EN ECB-PUBLIC OPINION OF THE EUROPEAN CENTRAL BANK of 16 October 2015 on the central register of bank accounts (CON/2015/36) Introduction and legal basis On 4 September 2015 the European Central Bank (ECB)
More informationEUROPEAN CENTRAL BANK
17.2.2005 C 40/9 EUROPEAN CTRAL BANK OPINION OF THE EUROPEAN CTRAL BANK of 4 February 2005 at the request of the Council of the European Union on a proposal for a directive of the European Parliament and
More informationCOMMISSION OF THE EUROPEAN COMMUNITIES. Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
COMMISSION OF THE EUROPEAN COMMUNITIES Brussels, 21.9.2005 COM(2005) 438 final 2005/0182 (COD) Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the retention of data processed
More informationPosition Paper 4. Closer understanding of the term third party networks and service providers" in relation to its application in Directive 2006/24/EC
DATRET/EXPGRP (2009) 4 FINAL EXPERTS GROUP "THE PLATFORM FOR ELECTRONIC DATA RETENTION FOR THE INVESTIGATION, DETECTION AND PROSECUTION OF SERIOUS CRIME" ESTABLISHED BY COMMISSION DECISION 2008/324/EC
More informationCouncil of the European Union Brussels, 28 July 2015 (OR. en)
Conseil UE Council of the European Union Brussels, 28 July 2015 (OR. en) PUBLIC 11243/15 LIMITE DRS 50 CODEC 1084 NOTE From: To: Subject: General Secretariat of the Council Delegations Proposal for a DIRECTIVE
More informationInsurance Europe key messages on the European Commission's proposed General Data Protection Regulation
Position Paper Insurance Europe key messages on the European Commission's proposed General Data Protection Regulation Our reference: SMC-DAT-12-064 Date: 3 September 2012 Related documents: Proposal for
More informationEUROPEAN PARLIAMENT 2009-2014. Committee on Industry, Research and Energy. of the Committee on Industry, Research and Energy
EUROPEAN PARLIAMT 2009-2014 Committee on Industry, Research and Energy 2012/0011(COD) 26.02.2013 OPINION of the Committee on Industry, Research and Energy for the Committee on Civil Liberties, Justice
More informationProposal of regulation Com 2012 11/4 Directive 95/46/EC Conclusion
Page 1 sur 155 Proposal of regulation Com 2012 11/4 Directive 95/46/EC Conclusion Legal nature of the instrument Règlement Directive Directly applicable act in internal law 91 articles 34 articles Art.
More informationREPORT ON. CONFIDENTIALITY AND DATA PROTECTION IN THE ACTIVITY OF FIUs 1. (Good practices)
EN EN EN Brussels, 28 April 2008 EU FINANCIAL INTELLIGENCE UNITS' PLATFORM REPORT ON CONFIDENTIALITY AND DATA PROTECTION IN THE ACTIVITY OF FIUs 1 (Good practices) The EU Financial Intelligence Units'
More informationEUROPEAN DATA PROTECTION SUPERVISOR
20.6.2012 Official Journal of the European Union C 177/1 I (Resolutions, recommendations and opinions) OPINIONS EUROPEAN DATA PROTECTION SUPERVISOR Opinion of the European Data Protection Supervisor on
More informationon the transfer of personal data from the European Union
on the transfer of personal data from the European Union BCRsseptembre 2008.doc 1 TABLE OF CONTENTS I. PRELIMINARY REMARKS 3 II. DEFINITIONS 3 III. DELEGATED DATA PROTECTION MANAGER 4 IV. MICHELIN GROUP
More informationCCBE POSITION ON THE PROPOSED ELECTRONIC IDENTITY AND
CCBE POSITION ON THE PROPOSED ELECTRONIC IDENTITY AND TRUST SERVICES REGULATION (COM(2012) 238/2) CCBE Position on the proposed electronic identity and trust services regulation (COM(2012) 238/2) The Council
More informationGENERAL LOGISTICS CONDITIONS
GENERAL LOGISTICS CONDITIONS (a free translation of the official Dutch wording) 1 DEFINITIONS Hereinafter the following conditions shall mean: 1.1 G.L. Conditions: General Logistics Conditions. 1.2. CC:
More informationBest execution under MIFID
THE COMMITTEE OF EUROPEAN SECURITIES REGULATORS Ref: CESR/07-050b Best execution under MIFID Public consultation February 2007 11-13 avenue de Friedland - 75008 PARIS - FRANCE - Tel.: 33.(0).1.58.36.43.21
More informationProcessor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries
Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries Sopra HR Software as a Data Processor Sopra HR Software, 2014 / Ref. : 20141120-101114-m 1/32 1.
More informationFederated Access Management
Federated Access Management Document Version: 2 DRAFT Date: Oct 2011 Author (Version 2): Andrew Cormack (JANET(UK)) Authors (Version 1): Andrew Cormack (JANET(UK)), Eva Kassenaar (SURFnet), Mikael Linden
More informationLEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT
LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT 2300 Pursuant to its authority from Article 59 of the Rules of Procedure of the Croatian Parliament, the Legislation Committee determined the revised text
More informationCESR Level 3 Guidelines on MiFID Transaction reporting
THE COMMITTEE OF EUROPEAN SECURITIES REGULATORS Ref: CESR/07-301 CESR Level 3 Guidelines on MiFID Transaction reporting May 2007 11-13 avenue de Friedland - 75008 PARIS - FRANCE - Tel.: 33.(0).1.58.36.43.21
More informationBasel Committee on Banking Supervision. Consolidated KYC Risk Management
Basel Committee on Banking Supervision Consolidated KYC Risk Management October 2004 Table of contents Introduction...4 Global process for managing KYC risks...5 Risk management...5 Customer acceptance
More informationAMENDMENTS TO THE DRAFT DATA PROTECTION REGULATION PROPOSED BY BITS OF FREEDOM
AMENDMENTS TO THE DRAFT DATA PROTECTION REGULATION PROPOSED BY BITS OF FREEDOM On 25 January 2012, the European Commission published a proposal to reform the European data protection legal regime. One
More information5419/16 ADD 1 VH/np 1 DGD 2C
Council of the European Union Brussels, 17 March 2016 (OR. en) Interinstitutional File: 2012/0011 (COD) 5419/16 ADD 1 DRAFT STATEMT OF THE COUNCIL'S REASONS Subject: DATAPROTECT 2 JAI 38 MI 25 DIGIT 21
More informationEXPLANATORY MEMORANDUM TO THE DATA RETENTION (EC DIRECTIVE) REGULATIONS 2007. 2007 No. 2199
EXPLANATORY MEMORANDUM TO THE DATA RETENTION (EC DIRECTIVE) REGULATIONS 2007 2007 No. 2199 1. This explanatory memorandum has been prepared by the Home Office and is laid before Parliament by Command of
More informationCCBE RESPONSE TO THE APRIL 2012 COMMISSION REPORT ON THE APPLICATION OF DIRECTIVE 2005/60/EC
CCBE RESPONSE TO THE APRIL 2012 COMMISSION REPORT ON THE APPLICATION OF DIRECTIVE 2005/60/EC CCBE Response to the April 2012 Commission Report on the application of Directive 2005/60/EC A: General Comments
More informationFederated Access Management
Federated Access Management Document Version: 10 DRAFT Date: Dec 2008 Authors: Andrew Cormack (JANET(UK)), Eva Kassenaar (formerly SURFnet), Mikael Linden (FUNET), Walter Martin Tveter (UNINETT), Abstract
More informationCouncil of the European Union Brussels, 26 June 2015 (OR. en)
Council of the European Union Brussels, 26 June 2015 (OR. en) Interinstitutional File: 2012/0011 (COD) 9985/1/15 REV 1 LIMITE DATAPROTECT 103 JAI 465 MI 402 DIGIT 52 DAPIX 100 FREMP 138 COMIX 281 CODEC
More informationCOUNCIL OF THE EUROPEAN UNION. Brussels, 15 April 2010. 8173/10 Interinstitutional File: 2008/0140 (CNS) SOC 240 JAI 270 MI 94
COUNCIL OF THE EUROPEAN UNION Brussels, 15 April 2010 8173/10 Interinstitutional File: 2008/0140 (CNS) SOC 240 JAI 270 MI 94 NOTE from : The Presidency to : The Working Party on Social Questions No. prev.
More informationDIRECTIVE 2006/95/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL. of 12 December 2006
L 374/10 EN Official Journal of the European Union 27.12.2006 DIRECTIVE 2006/95/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 12 December 2006 on the harmonisation of the laws of Member States relating
More informationCOUNCIL OF THE EUROPEAN UNION. Brussels, 24 February 2005 6566/05 LIMITE COPEN 35 TELECOM 10
COUNCIL OF THE EUROPEAN UNION Brussels, 24 February 2005 6566/05 LIMITE COPEN 35 TELECOM 0 REPORT from : Working Party on cooperation in criminal matters to : Article 36 Committee No. prev. doc. : 5098/04
More information5581/16 AD/NC/ra DGE 2
Council of the European Union Brussels, 21 April 2016 (OR. en) Interinstitutional File: 2013/0027 (COD) 5581/16 LEGISLATIVE ACTS AND OTHER INSTRUMTS Subject: TELECOM 7 DATAPROTECT 6 CYBER 4 MI 37 CSC 15
More informationExplanatory notes VAT invoicing rules
Explanatory notes VAT invoicing rules (Council Directive 2010/45/EU) Why explanatory notes? Explanatory notes aim at providing a better understanding of legislation adopted at EU level and in this case
More informationMessage 791 Communication from the Commission - SG(2012) D/50777 Directive 98/34/EC Notification: 2011/0188/D
Message 791 Communication from the Commission - SG(2012) D/50777 Directive 98/34/EC Notification: 2011/0188/D Reaction of the Commission to the response of a Member State notifying a draft regarding a
More informationEBA FINAL draft Regulatory Technical Standards
EBA/RTS/2015/03 03 July 2015 EBA FINAL draft Regulatory Technical Standards on resolution colleges under Article 88(7) of Directive 2014/59/EU Contents 1. Executive summary 3 2. Background and rationale
More informationAuthorisation Requirements and Standards for Debt Management Firms
2013 Authorisation Requirements and Standards for Debt Management Firms 2 Contents Authorisation Requirements and Standards for Debt Management Firms Contents Chapter Part A: Authorisation Requirements
More informationData Protection. Processing and Transfer of Personal Data in Kvaerner. Binding Corporate Rules Public Document
Data Protection Processing and Transfer of Personal Data in Kvaerner Binding Corporate Rules Public Document 1 of 19 1 / 19 Table of contents 1 Introduction... 4 1.1 Scope... 4 1.2 Definitions... 4 1.2.1
More informationTechnical Questions on Data Retention
Technical Questions on Data Retention 1) The list of data in the annex of the proposed Directive on Data retention is practically identical to the information required in the Council draft Framework Decision.
More informationWhat is a Contracting Authority?
Brief 3 January 2011 Public Procurement What is a Contracting Authority? CONTENTS General definitions: a public authority; a body governed by public law Joint purchasing and central purchasing Contracting
More informationComments and proposals on the Chapter II of the General Data Protection Regulation
Comments and proposals on the Chapter II of the General Data Protection Regulation Ahead of the trialogue negotiations in September, EDRi, Access, Panoptykon Bits of Freedom, FIPR and Privacy International
More informationThe reform of the EU Data Protection framework - Building trust in a digital and global world. 9/10 October 2012
The reform of the EU Data Protection framework - Building trust in a digital and global world 9/10 October 2012 Questionnaire addressed to national Parliaments Please, find attached a number of questions
More informationCOUNCIL OF THE EUROPEAN UNION. Brussels, 23 June 2010 (OR. en) 10858/10 Interinstitutional File: 2009/0009 (CNS) FISC 60
COUNCIL OF THE EUROPEAN UNION Brussels, 23 June 2010 (OR. en) 10858/10 Interinstitutional File: 2009/0009 (CNS) FISC 60 LEGISLATIVE ACTS AND OTHER INSTRUMTS Subject: COUNCIL DIRECTIVE amending Directive
More informationEUROPEAN UNION. Brussels, 12 July 2002 (OR. en) PE-CONS 3636/02 2000/0189 (COD) LEX 365 ECO 217 CODEC 778
EUROPEAN UNION THE EUROPEAN PARLIAMT THE COUNCIL Brussels, 12 July 2002 (OR. en) 2000/0189 (COD) LEX 365 PE-CONS 3636/02 ECO 217 CODEC 778 DIRECTIVE 2002/58/EC OF THE EUROPEAN PARLIAMT AND OF THE COUNCIL
More informationCCBE RECOMMENDATIONS FOR THE IMPLEMENTATION OF THE DATA RETENTION DIRECTIVE
Représentant les avocats d Europe Representing Europe s lawyers CCBE RECOMMENDATIONS FOR THE IMPLEMENTATION OF THE DATA RETENTION DIRECTIVE CCBE RECOMMENDATIONS FOR THE IMPLEMENTATION OF THE DATA RETENTION
More informationARTICLE 29 DATA PROTECTION WORKING PARTY
ARTICLE 29 DATA PROTECTION WORKING PARTY 00658/13/EN WP 204 Explanatory Document on the Processor Binding Corporate Rules Adopted on 19 April 2013 This Working Party was set up under Article 29 of Directive
More informationDisclaimer REGULATION (EU) 2015/[XX*] OF THE EUROPEAN CENTRAL BANK. of [date Month YYYY] on the collection of granular credit and credit risk data
ECB-PUBLIC Disclaimer This Regulation has not yet been approved by the Governing Council of the ECB; it is still in a draft format. While its legal basis (Council Regulation (EC) No 2533/98 of 23 November
More informationon the Proposal for a Regulation of the European Parliament and of the Council laying
Opinion of the European Data Protection Supervisor on the Proposal for a Regulation of the European Parliament and of the Council laying down measures concerning the European single market for electronic
More informationAct on Investment Firms 26.7.1996/579
Please note: This is an unofficial translation. Amendments up to 135/2007 included, May 2007. Act on Investment Firms 26.7.1996/579 CHAPTER 1 General provisions Section 1 Scope of application This Act
More informationMapping of outsourcing requirements
Mapping of outsourcing requirements Following comments received during the first round of consultation, CEBS and the Committee of European Securities Regulators (CESR) have worked closely together to ensure
More informationThe transfer of personal data to third countries and international organisations by EU institutions and bodies. Position paper
The transfer of personal data to third countries and international organisations by EU institutions and bodies Position paper Brussels, 14 July 2014 1 Executive summary This paper provides guidance to
More informationHow To Write A Letter To The European Commission On A Number Of Issues
PEOPIL The Pan-European Organisation of Personal Injury Lawyers www.peopil.com PEOPIL RESPONSE TO THE EUROPEAN COMMISSION «GREEN PAPER ON THE REVIEW OF COUNCIL REGULATION (EC) NO 44/2001 ON JURISDICTION
More informationCOMMISSION REGULATION (EU) / of XXX
EUROPEAN COMMISSION Brussels, XXX [ ](2015) XXX draft COMMISSION REGULATION (EU) / of XXX establishing common guidelines on deactivation standards and techniques for ensuring that deactivated firearms
More information4-column document Net neutrality provisions (including recitals)
4-column document Net neutrality provisions (including recitals) [Text for technical discussions. It does not express any position of the Commission or its services] Proposal for a REGULATION OF THE EUROPEAN
More informationCOMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS
EUROPEAN COMMISSION Brussels, XXX [ ](2011) XXX draft COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS
More informationThe eighth data protection principle and international data transfers
Data Protection Act 1998 The eighth data protection principle and international data transfers The Information Commissioner s recommended approach to assessing adequacy including consideration of the issue
More informationCROATIAN PARLIAMENT 242
Important Disclaimer The English language text below has been provided by the Translation Centre of the Ministry for European Integration for information only; it confers no rights and imposes no obligations
More informationARTICLE 29 - DATA PROTECTION WORKING PARTY
ARTICLE 29 - DATA PROTECTION WORKING PARTY 11639/02/EN WP 74 Working Document: Transfers of personal data to third countries: Applying Article 26 (2) of the EU Data Protection Directive to Binding Corporate
More informationI. EBF KEY PRIORITIES. A. Data breach notification
D1391E-2012 29.10.2012 EUROPEAN BANKING FEDERATION PROPOSED AMENDMENTS TO THE EUROPEAN COMMISSION PROPOSAL FOR A REGULATION ON THE PROTECTION OF INDIVIDUALS WITH REGARD TO THE PROCESSING OF PERSONAL DATA
More informationRegulations concerning measures to combat money laundering and the financing of terrorism, etc.
Regulations concerning measures to combat money laundering and the financing of terrorism, etc. Translation as of April 2009. This translation is for information purposes only. Legal authenticity remains
More informationHaving regard to the Charter of Fundamental Rights of the European Union, and in particular Articles 7 and 8 thereof,
Opinion of the European Data Protection Supervisor on the Commission Proposal for a Directive of the European Parliament and of the Council amending Directive 2007/36/EC as regards the encouragement of
More informationGeneral Protocol relating to the collaboration of the insurance supervisory authorities of the Member States of the European Union March 2008
CEIOPS-DOC-07/08 General Protocol relating to the collaboration of the insurance supervisory authorities of the Member States of the European Union March 2008 CEIOPS e.v. - Westhafenplatz 1 60327 Frankfurt
More informationARTICLE 29 DATA PROTECTION WORKING PARTY
ARTICLE 29 DATA PROTECTION WORKING PARTY 00264/10/EN WP 169 Opinion 1/2010 on the concepts of "controller" and "processor" Adopted on 16 February 2010 This Working Party was set up under Article 29 of
More informationECB-PUBLIC. OPINION OF THE EUROPEAN CENTRAL BANK of 3 February 2016 on the deposit guarantee scheme (CON/2016/6)
EN ECB-PUBLIC OPINION OF THE EUROPEAN CENTRAL BANK of 3 February 2016 on the deposit guarantee scheme (CON/2016/6) Introduction and legal basis On 12 January 2016, the European Central Bank (ECB) received
More informationAt its meeting held on 11 and 12 February 2004 the Working Party completed the third reading of the above Proposal.
Conseil UE COUNCIL OF THE EUROPEAN UNION Brussels, 25 February 2004 PUBLIC Interinstitutional File: 2002/0242 (CNS) DOCUMT PARTIALLY ACCESSIBLE TO THE PUBLIC 6681/04 LIMITE MIGR 10 OUTCOME OF PROCEEDINGS
More information10227/13 GS/np 1 DG D 2B
COUNCIL OF THE EUROPEAN UNION Brussels, 31 May 2013 10227/13 Interinstitutional File: 2012/0011 (COD) DATAPROTECT 72 JAI 438 MI 469 DRS 104 DAPIX 86 FREMP 77 COMIX 339 CODEC 1257 NOTE from: Presidency
More informationECB-PUBLIC OPINION OF THE EUROPEAN CENTRAL BANK. of 12 November 2015. on the regulation of companies acquiring credit (CON/2015/45)
EN ECB-PUBLIC OPINION OF THE EUROPEAN CENTRAL BANK of 12 November 2015 on the regulation of companies acquiring credit (CON/2015/45) Introduction and legal basis On 5 November 2015 the European Central
More informationDRAFT GUIDANCE DOCUMENT ON THE LOW VOLTAGE DIRECTIVE TRANSITION
EUROPEAN COMMISSION Directorate-General for Internal Market, Industry, Entrepreneurship and SMEs Industrial Transformation and Advanced Value Chains Advanced Engineering and Manufacturing Systems DRAFT
More informationAIRBUS GROUP BINDING CORPORATE RULES
1 AIRBUS GROUP BINDING CORPORATE RULES 2 Introduction The Binding Corporate Rules (hereinafter BCRs ) of the Airbus Group finalize the Airbus Group s provisions on the protection of Personal Data. These
More informationCENTRAL BANK OF MALTA
CENTRAL BANK OF MALTA DIRECTIVE NO 2 in terms of the CENTRAL BANK OF MALTA ACT (CAP. 204) PAYMENT AND SECURITIES SETTLEMENT SYSTEMS Ref: CBM/02 DIRECTIVE NO 2 PAYMENT AND SECURITIES SETTLEMENT SYSTEMS
More informationINERTIA ETHICS MANUAL
SEVENTH FRAMEWORK PROGRAMME Smart Energy Grids Project Title: Integrating Active, Flexible and Responsive Tertiary INERTIA Grant Agreement No: 318216 Collaborative Project INERTIA ETHICS MANUAL Responsible
More informationPRESIDENT S DECISION No. 40. of 27 August 2013. Regarding Data Protection at the European University Institute. (EUI Data Protection Policy)
PRESIDENT S DECISION No. 40 of 27 August 2013 Regarding Data Protection at the European University Institute (EUI Data Protection Policy) THE PRESIDENT OF THE EUROPEAN UNIVERSITY INSTITUTE, Having regard
More informationMerchants and Trade - Act No 28/2001 on electronic signatures
This is an official translation. The original Icelandic text published in the Law Gazette is the authoritative text. Merchants and Trade - Act No 28/2001 on electronic signatures Chapter I Objectives and
More informationPROVISIONAL REQUEST TO CESR FOR TECHNICAL ADVICE
Ref. Ares(2010)892960-02/12/2010 PROVISIONAL REQUEST TO CESR FOR TECHNICAL ADVICE ON POSSIBLE LEVEL 2 MEASURES CONCERNING THE FUTURE DIRECTIVE ON ALTERNATIVE INVESTMENT FUND MANAGERS Table of Contents
More informationInsolvency of members of a group of companies
Comments to the new EU regulation on insolvency proceedings Insolvency of members of a group of companies Alberto Díaz Moreno Professor of Corporate & Commercial Law, Universidad de Sevilla Academic Counsel,
More informationGuidelines on data protection in EU financial services regulation
Guidelines on data protection in EU financial services regulation 1 Contents Table of Contents 10-point checklist for analysing data protection and privacy...4 1. Data protection and financial services
More informationEBA/GL/2012/06 22 November 2012. Guidelines. on the assessment of the suitability of members of the management body and key function holders
EBA/GL/2012/06 22 November 2012 Guidelines on the assessment of the suitability of members of the management body and key function holders Guidelines on the assessment of the suitability of members of
More informationGUIDANCE NOTE ON THE CONCEPT OF RELIANCE
Final version of 23/02/2009 COCOF 09/0002/01-EN EUROPEAN COMMISSION DIRECTORATE-GENERAL REGIONAL POLICY GUIDANCE NOTE ON THE CONCEPT OF RELIANCE ON THE WORK OF OTHER AUDITORS DISCLAIMER This is a Working
More informationCOMMISSION OF THE EUROPEAN COMMUNITIES. Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
COMMISSION OF THE EUROPEAN COMMUNITIES Brussels, 26.7.2005 COM(2005) 343 final 2005/0138 (COD) Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on information on the payer accompanying
More informationCouncil of the European Union Brussels, 5 March 2015 (OR. en)
Council of the European Union Brussels, 5 March 2015 (OR. en) Interinstitutional File: 2013/0027 (COD) 6788/15 LIMITE TELECOM 59 DATAPROTECT 23 CYBER 13 MI 139 CSC 55 CODEC 279 NOTE From: Presidency To:
More informationMonitoring and Reporting Drafting Team Monitoring Indicators Justification Document
INSPIRE Infrastructure for Spatial Information in Europe Monitoring and Reporting Drafting Team Monitoring Indicators Justification Document Title Creator Justification document Creation date 2008-12-15
More informationComments and proposals on the Chapter IV of the General Data Protection Regulation
Comments and proposals on the Chapter IV of the General Data Protection Regulation Ahead of the trialogue negotiations later this month, EDRi, Access, Panoptykon Bits of Freedom, FIPR and Privacy International
More informationEuropean Public Sector Information Platform Topic Report No. 2012 / 3. The amendment of the PSI directive: where are we heading?
European Public Sector Information Platform Topic Report No. 2012 / 3 The amendment of the PSI directive: where are we heading? Author: Katleen Janssen Published: April 2012 Keywords PSI re-use, European
More informationINFORMATION AND CONDITIONS CONCERNING THE USE OF PAYMENT SERVICES ACCORDING TO THE PAYMENT SERVICES LAW OF 2009 (L.128(I)/2009)
INFORMATION AND CONDITIONS CONCERNING THE USE OF PAYMENT SERVICES ACCORDING TO THE PAYMENT SERVICES LAW OF 2009 (L.128(I)/2009) The Payment Services law is applied to payment services provided in EURO
More informationEBA s Proposed Definition of Shadow Banking poses Risks to the Real Economy
EBA s Proposed Definition of Shadow Banking poses Risks to the Real Economy Non-Financial Companies and their In-House Financial Services Companies Must Not Be Regarded as Shadow Banks by Supervisory Authorities
More informationCommunication for undertakings that distribute nonmainstream financial products (such as CFD s, binary options, etc.) online
Communication FSMA_2014_05 of 25/07/2014 Communication for undertakings that distribute nonmainstream financial products (such as CFD s, binary options, etc.) online Scope: This Communication is addressed
More informationE U R O P E A N E C O N O M I C A R E A
E U R O P E A N E C O N O M I C A R E A S T A N D I N G C O M M I T T E E O F T H E E F T A S T A T E S Distribution: EEA EFTA 20 March 2012 SUBCOMMITTEE I ON THE FREE MOVEMENT OF GOODS EEA EFTA Comment
More informationCCBE POSITION ON THE COMMISSION S PROPOSAL FOR A DIRECTIVE AMENDING DIRECTIVE 2005/36/EC
CCBE POSITION ON THE COMMISSION S PROPOSAL FOR A DIRECTIVE AMENDING DIRECTIVE 2005/36/EC CCBE position on the Commission s proposal for a Directive amending Directive 2005/36/EC I. Introduction The Council
More informationUnder European law teleradiology is both a health service and an information society service.
ESR statement on the European Commission Staff Working Document on the applicability of the existing EU legal framework to telemedicine services (SWD 2012/413). The European Society of Radiology (ESR)
More informationGuidelines on operational functioning of colleges
EIOPA-BoS-14/146 EN Guidelines on operational functioning of colleges EIOPA Westhafen Tower, Westhafenplatz 1-60327 Frankfurt Germany - Tel. + 49 69-951119-20; Fax. + 49 69-951119-19; email: info@eiopa.europa.eu
More informationECB-PUBLIC. 2. General observations
EN ECB-PUBLIC OPINION OF THE EUROPEAN CENTRAL BANK of 1 February 2016 on the recovery and resolution of credit institutions and investment firms (CON/2016/5) Introduction and legal basis On 22 December
More informationOfficial Journal of the European Union
L 132/32 COMMISSION IMPLEMTING REGULATION (EU) No 447/2014 of 2 May 2014 on the specific rules for implementing Regulation (EU) No 231/2014 of the European Parliament and of the Council establishing an
More informationCOMMISSION DELEGATED REGULATION (EU) /... of 10.6.2016
EUROPEAN COMMISSION Brussels, 10.6.2016 C(2016) 3446 final COMMISSION DELEGATED REGULATION (EU) /... of 10.6.2016 supplementing Regulation (EU) No 648/2012 of the European Parliament and of the Council
More informationGuideline on good pharmacovigilance practices (GVP)
1 2 20 February 2012 EMA/541760/2011 3 4 Guideline on good pharmacovigilance practices (GVP) Module I Pharmacovigilance systems and their quality systems Draft finalised by the Agency in collaboration
More informationSUPPLEMENTARY INTERNAL RULES IMPLEMENTING REGULATION (EC) N 45/2001 IN RELATION TO THE DATA PROTECTION OFFICER
SUPPLEMENTARY INTERNAL RULES IMPLEMENTING REGULATION (EC) N 45/2001 IN RELATION TO THE DATA PROTECTION OFFICER 10 September 2009 page 1 / 8 SUPPLEMENTARY INTERNAL RULES IMPLEMENTING REGULATION (EC) N 45/2001
More informationADDITIONAL TERMS AND CONDITIONS FOR 800/900 SERVICES AND FACILITIES
ADDITIONAL TERMS AND CONDITIONS FOR 800/900 SERVICES AND FACILITIES ARTICLE 1 DEFINITIONS Definitions of the following terms as they are used in these Additional Terms and Conditions: 800/900 Service :
More informationEUROPEAN PARLIAMENT AND COUNCIL DIRECTIVE. on a common framework for electronic signatures
COMMISSION OF THE EUROPEAN COMMUNITIES Brussels, 29.04.1999 COM(1999) 195 fmal 98/0191(COD) Amended proposal for a EUROPEAN PARLIAMENT AND COUNCIL DIRECTIVE on a common framework for electronic signatures
More informationMulti-Jurisdictional Study: Cloud Computing Legal Requirements. Julien Debussche Associate January 2015
Multi-Jurisdictional Study: Cloud Computing Legal Requirements Julien Debussche Associate January 2015 Content 1. General Legal Framework 2. Data Protection Legal Framework 3. Security Requirements 4.
More informationGuideline on good pharmacovigilance practices (GVP)
22 June 2012 EMA/541760/2011 Guideline on good pharmacovigilance practices (GVP) Module I Pharmacovigilance systems and their quality systems Draft finalised by the Agency in collaboration with Member
More informationThis Amendment consists of two parts. This is part 1 of 2 and must be accompanied by and signed with part 2 of 2 (Annex 1) to be valid.
Microsoft Online Subscription Agreement Amendment adding Office 365 Data Processing Agreement (with EU Standard Contractual Clauses) Amendment ID Proposal ID MOSA number Microsoft to complete This Amendment
More information(Legislative acts) DIRECTIVES
1.7.2011 Official Journal of the European Union L 174/1 I (Legislative acts) DIRECTIVES DIRECTIVE 2011/61/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 8 June 2011 on Alternative Investment Fund
More information