Key issues in data protection: a pan-european view
|
|
- Jeffery Peters
- 8 years ago
- Views:
Transcription
1 Key issues in data protection: a pan-european view 19 th March 2014 Nicola Fulford, Kemp Little LLP, UK Andreas Peschel-Mehner, SKW Schwarz, Germany Marco Bellezza, Portolano Cavallo, Italy Emmanuel Schulte, Bersay & Associes, France
2 Today s Session Transfer of personal data internationally and into the cloud SKW Schwarz Enforcement of data protection laws Kemp Little LLP EU Data Protection Regulation: update on the process / next steps Portolano Cavallo EU Data Protection Regulation: update on some specifics Bersay Associes
3 Berlin Düsseldorf Frankfurt/Main Hamburg München Titel der Präsentation oder Nennung des Fachbereichs Falls nötig Untertitel, Datum oder ähnliches 3 Transfer of personal data internationally and into the cloud -The German perspective Dr. Andreas Peschel-Mehner
4 Berlin Düsseldorf Frankfurt/Main Hamburg München Titel der Präsentation oder Nennung des Fachbereichs Falls nötig Untertitel, Datum oder ähnliches 4 4 International transfer and cloud 01 Warm up: What is personal data? relating to an identified or identifiable natural person IP address: yes Cookies: it depends on nature of cookie Smartphone identifier: presumably yes
5 Berlin Düsseldorf Frankfurt/Main Hamburg München Titel der Präsentation oder Nennung des Fachbereichs Falls nötig Untertitel, Datum oder ähnliches 5 5 International transfer and cloud 01 Warm up: Which law? easy: European principle of origin national law of controller decides also for controllers intending use of data without EEA relevance?
6 Berlin Düsseldorf Frankfurt/Main Hamburg München Titel der Präsentation oder Nennung des Fachbereichs Falls nötig Untertitel, Datum oder ähnliches 6 6 International transfer and cloud 01 Warm up: Which law? Example: UK service or company, data of German subjects involved, transferred to Ireland from a German perspective: UK data protection laws applicable! DE service or company, data of UK subjects involved, transferred to Ireland DE data protection law decides whether transfer legitimate.
7 Berlin Düsseldorf Frankfurt/Main Hamburg München Titel der Präsentation oder Nennung des Fachbereichs Falls nötig Untertitel, Datum oder ähnliches 7 7 International transfer and cloud 01 Warm up: Consent and third party Transfer to a third party any separate legal entity including all affiliates How to avoid transfer to third party? data processing agreement, where appropriate Caution: only viable for EU/EEA without further requirements Consent Always superseding all requirements but not realistic concept to rely on
8 Berlin Düsseldorf Frankfurt/Main Hamburg München Titel der Präsentation oder Nennung des Fachbereichs Falls nötig Untertitel, Datum oder ähnliches 8 8 International transfer and cloud 02 Prerequisites for international transfer: two step test First step: Permission for data use under applicable local law? any authorization under law (fulfillment of contract, mandatory obligations etc.)
9 Berlin Düsseldorf Frankfurt/Main Hamburg München Titel der Präsentation oder Nennung des Fachbereichs Falls nötig Untertitel, Datum oder ähnliches 9 9 International transfer and cloud 02 Prerequisites for international transfer: two step test Second step: equal level of protection? First alternative: EU/EEA-transfer? (+) Second alternative: non-eu/eea transfer non-eu/eea, but comparable level of protection: CH, AUS, CAN, Jersey, Guernsey, Isle of Man, Andorra, ARG, ISR, (scenario 1) USA and its safe harbors (scenario 2) transfer to all other countries (scenario 3)
10 Berlin Düsseldorf Frankfurt/Main Hamburg München Titel der Präsentation oder Nennung des Fachbereichs Falls nötig Untertitel, Datum oder ähnliches International transfer and cloud 03 International transfer: equal level of protection Scenario 2: USA and its safe harbors Requirements for safe harbor self certification adherence to principles declared by company towards US authority ( FAQs & Annexes )
11 Berlin Düsseldorf Frankfurt/Main Hamburg München Titel der Präsentation oder Nennung des Fachbereichs Falls nötig Untertitel, Datum oder ähnliches International transfer and cloud 03 International transfer: equal level of protection Scenario 2: USA and its safe harbors safe harbor really safe? post NSA scandal: authorities may suspend data transfer, if great likelihood that safe harbor principles or EU model clauses violated. DSK press release 24 July 2013: This is now the case. factual consequences?
12 Berlin Düsseldorf Frankfurt/Main Hamburg München Titel der Präsentation oder Nennung des Fachbereichs Falls nötig Untertitel, Datum oder ähnliches International transfer and cloud 03 International transfer: equal level of protection Scenario 3: non-eu/eea transfer transfer to all other countries under EU model clauses works as well for Scenario 2, potential solution for German controller during clarification of safe harbor status
13 Berlin Düsseldorf Frankfurt/Main Hamburg München Titel der Präsentation oder Nennung des Fachbereichs Falls nötig Untertitel, Datum oder ähnliches International transfer and cloud 03 International transfer: Summary For the past, additionally self certification of processor under save harbor required, challenged now How to solve scenario 2: Integration of EU model clauses in any event (as standard practice for scenario 3 in the past) If not possible, only way out is consent (or binding corporate rules )
14 Berlin Düsseldorf Frankfurt/Main Hamburg München Titel der Präsentation oder Nennung des Fachbereichs Falls nötig Untertitel, Datum oder ähnliches International transfer and cloud 04 Cloud based services : Any difference? Very short answer: Same same, almost. Why? Any cloud is based somewhere through its provider through its server infrastructure Cloud services are mostly only processing data on behalf of the controller (with the cloud service operator being the processor) Does this data processing structure work in practice? written agreements, TOMs, factual powers/controls, etc.
15 International Data Protection Seminar Enforcement of Data Protection Laws NICOLA FULFORD Kemp Little Privacy & DP Partner 19 / 03 / 2014
16 Agenda Means of Enforcement? Role of the ICO The ICO s enforcement toolkit Changes / trends Rights of individuals Cookies enforcement International comparison and comments _16
17 Means of Enforcement in the UK? The Information Commissioner s Office ICO UK data protection regulator Mission to uphold information rights in the public interest Corporate objective enforcement powers are used proportionately to ensure improved information rights compliance issue penalties as appropriate Individuals have rights to bring action under the DPA (more limited in practice) _17
18 The ICO s enforcement toolkit Criminal Prosecution Monetary Penalty Notice Enforcement Notice Application for an Enforcement Order Audit Factors for enforcement action: Consistently failed to comply; or Significant detriment to individuals Undertaking Information Notice Publicity around bad practice / complaints outcomes (to promote good practice?) _18
19 Enforcement outcomes (from the ICO s website) Investigated; remedial action identified 1252 Investigated; insufficient evidence to prosecute 123 Undertaking obtained 22 Monetary Penalty Notice served 15 Enforcement notice served 8 Prosecuted _19
20 Monetary Penalties Maximum 500,000 S.55A-E DPA serious contravention, of a kind likely to cause substantial damage or substantial distress; deliberate or [reckless] ICO 2013 framework: relevant issues for the ICO to determine the appropriate amount CLCH v. ICO [2013] UKUT 551 (AAC) fine valid despite co-operation early payment discount scheme is lawful Scottish Borders v. ICO EA/2012/0212 what is the actual contravention of the DPA and was that contravention likely to directly cause substantial damage or distress? _20
21 Possible changes / trends in the ICO s approach? Indications: Public Private? Security Fairness / other principles? Advice Penalties? New approach for complaints and concerns (more proactive?) More co-ordinated enforcement with other regulators? Increased publicity? Changes to the law so imprisonment for unauthorised obtaining of personal data this year? _21
22 Rights of individuals to enforce the DPA Individuals rights under the DPA Section 13 of DPA (1) compensation for damage (2) compensation for distress if (a) damage is suffered or (b) contravention relates to processing for special purposes Vidal-Hall and Others v. Google Inc [2014] EWHC 13 (QB) _22
23 Final thoughts Cookies enforcement The first fine! International comparison and comments? Thank you _23
24 Coffee Break
25 EU Data Protection Regulation: update on the process / next steps LONDON, MARCH 19, 2014
26 MAIN TOPICS What happened till now? Update on current status One Stop Shop Is it really a big change? Next steps portolano.it 26
27 PREVIOUSLY ON THE GDP REGULATION Commission Proposal on January 2012 EU Parliament Compromise Amendments on October 2013 Text under discussion before the EU Council portolano.it 27
28 CURRENT STATUS (1/4) The Regulation is currently under 1 st reading at EU Council New timeline: end of 2014? portolano.it 28
29 CURRENT STATUS (2/4) One Stop Shop: lead supervisory authority in the State where controller/processor has "main establishment" - What is main establishment? - What are the roles of the leading authorities and other authorities? - Risk of forum shopping portolano.it 29
30 CURRENT STATUS (3/4) EU Parliament: - The lead authority supervises the processing activities of controller/processor in all Member States - It shall consult with authorities of the other Member States before taking measures EU Council: - Debate in the Eu Council - Legal service for the Eu Council: one-stop shop undermines EU citizens human rights - Criticism from Germany, Denmark, Hungary and Czech Republic portolano.it 30
31 CURRENT STATUS (4/4) Is it really a big change? - Yes, as to the scope of application (single law for Europe) - No (at least in Italy) as to the approach Risk assessment Accountability Documentation to demonstrate compliance with GDP Direct obligations on Processors - Yes, as to how the approach should be translated in practice Not a formalistic approach to compliance portolano.it 31
32 NEXT STEPS Priority for EU institutions Approval: end of 2014? portolano.it 32
33 EU DATA PROTECTION REGULATION Update on some specifics 33
34 1. T E R R I TO R I A L S COPE One Continent One Law Harmonization of all national legislations 1 Regulation instead of 28 Broad Territorial Scope Processing of personal data in the context of the activities of an establishment of a controller or processor in the EU, even if processing outside the EU Extraterritorial Effect When offering services to European consumers, non-european companies, will have to apply the same rules and adhere to the same levels of protection of personal data if: Offer goods or services in the EU (even for free) Monitor data subjects in the EU 34
35 2. R I G H T TO E R A S U R E From Controller Erasure and abstention of further dissemination if no longer needed for any legitimate purpose Take all reasonable steps to have the data erased (including by third parties) where it has made the personal data public without justification From Third Parties Erasure of any links to, copy or replication of personal data Exceptions Historical, statistical and scientific research, freedom of expression and press, public health, legal obligation of retention 35
36 3. P RO F I L I N G Profiling leading to measures producing legal effects or significantly affect the interests, rights or freedoms of individuals Allowed only if: - Necessary to conclude or perform a contract - Based on individual s consent - Expressly authorized by European or national law Shall include human assessment and not be based solely or predominantly on automated processing Profiling leading to discrimination is prohibited Profiling based solely on the processing of pseudonymous data is presumed not to significantly affect the interests, rights or freedoms Right to object and related information 36
37 4. OT H E R ITEMS DPOs DPOs required where the processing relates to more than 5000 data subjects in any consecutive 12-month period or the core activities consist of processing special categories of data, location data or data on children or employees in large filing system Sanctions 100M or up to 5% of the annual worldwide turnover Cookies and IP Addresses constitute personal data 37
38 Questions?
39 Contact Us Nicola Fulford Privacy & DP Partner, Kemp Little LLP Andreas Peschel-Mehner Partner, SKW Schwarz ddi +44 (0) ddi Emmanuel Schulte Partner, Bersay Associes Marco Bellezza Associate, Portolano Cavallo ddi + 33 (0) eschulte@bersay-associes.com ddi mbellezza@portolano.it
The Data Protection Landscape. Before and after GDPR: General Data Protection Regulation
The Data Protection Landscape Before and after GDPR: General Data Protection Regulation Data Protection regulations across Europe Current regulations & guidance European Directives 95/46/EC (Data Protection)
More informationOUTSOURCING, HOSTING AND DATA PRIVACY ISSUES
OUTSOURCING, HOSTING AND DATA PRIVACY ISSUES 4 April 2013 James Castro-Edwards Solicitor Monica Salgado Advogada / Portuguese Lawyer OUR TEAM Speechly Bircham is an ambitious, full-service law firm with
More informationtechnical factsheet 176
technical factsheet 176 Data Protection CONTENTS 1. Introduction 1 2. Register with the Information Commissioner s Office 1 3. Period protection rights and duties remain effective 2 4. The data protection
More informationPersonal information, for purposes of this Policy, includes any information which relates to an identified or an identifiable person.
PART I: INTRODUCTION AND BACKGROUND Purpose This Data Protection Binding Corporate Rules Policy ( Policy ) establishes the approach of Fluor to compliance with European data protection law and specifically
More informationInto the Cloud: How will the Draft EU Data Protection Regulation affect cloud computing service providers and users?
10 Juni 2013 Taylor Wessing - Essay Competition 2013 Into the Cloud: How will the Draft EU Data Protection Regulation affect cloud computing service providers and users? by Katarina Kesselová, LLM. Introduction
More informationPRACTICAL LAW DATA PROTECTION MULTI-JURISDICTIONAL GUIDE 2012/13. The law and leading lawyers worldwide
PRACTICAL LAW MULTI-JURISDICTIONAL GUIDE 2012/13 The law and leading lawyers worldwide Essential legal questions answered in 30 key jurisdictions Analysis of critical legal issues AVAILABLE ONLINE AT WWW.PRACTICALLAW.COM/DATAPROTECTION-MJG
More informationPrivacy & Data Security: The Future of the US-EU Safe Harbor
Privacy & Data Security: The Future of the US-EU Safe Harbor NAOMI MCBRIDE, LISA J. SOTTO AND BRIDGET TREACY, HUNTON & WILLIAMS LLP, WITH PRACTICAL LAW US INTELLECTUAL PROPERTY & TECHNOLOGY AND UK IP&IT
More informationUser tracking: Scope and Implementation eprivacy Directive Article 5(3)
User tracking: Scope and Implementation eprivacy Directive Article 5(3) Email Sender & Provider Coalition April 3, 2012 Presented By Karin Retzer 2012 Morrison & Foerster LLP All Rights Reserved mofo.com
More informationData Protection Avoiding Information Commissioner Fines. Caroline Egan 5 June 2014
Data Protection Avoiding Information Commissioner Fines Caroline Egan 5 June 2014 Why is data protection a hot topic in pensions? Pension schemes hold large amounts of personal data Individuals more aware
More informationAIRBUS GROUP BINDING CORPORATE RULES
1 AIRBUS GROUP BINDING CORPORATE RULES 2 Introduction The Binding Corporate Rules (hereinafter BCRs ) of the Airbus Group finalize the Airbus Group s provisions on the protection of Personal Data. These
More informationData and Cyber Laws Up-date 9 July 2015
Data and Cyber Laws Up-date 9 July 2015 Janine Regan Alexia Zuber Viktoria Protokova Simon Holdsworth charlesrussellspeechlys.com Topics Updates on the key aspects of, and commentary on, the proposed GDPR
More informationData Protection Policy
Data Protection Policy September 2015 Contents 1. Scope 2. Purpose 3. Data protection roles 4. Staff training and guidance 5. About the Data Protection Act 1998 6. Policy 7. The Information Commissioner's
More informationData Protection in Clinical Studies Implications of the New EU General Data Protection Regulation
June 19, 2012 Practice Group(s): Health Care Life Sciences Data Protection in Clinical Studies Implications of the New EU General Data Protection Regulation By Mathias Schulze Steinen and Daniela Bohn
More informationFactsheet on the Right to be
101010 100101 1010 101 Factsheet on the Right to be 100 Forgotten ruling (C-131/12) 101 101 1) What is the case about and what did 100 the Court rule? 10 In 2010 a Spanish citizen lodged a complaint against
More informationCorporate Policy. Data Protection for Data of Customers & Partners.
Corporate Policy. Data Protection for Data of Customers & Partners. 02 Preamble Ladies and gentlemen, Dear employees, The electronic processing of virtually all sales procedures, globalization and growing
More informationCorporate Compliance: A Global Perspective
Corporate Compliance: A Global Perspective 6/27/2012 37 Offices in 18 Countries Current Compliance Environment Ever-intensifying regulatory burden new areas of regulation existing regulations becoming
More informationThe eighth data protection principle and international data transfers
Data Protection Act 1998 The eighth data protection principle and international data transfers The Information Commissioner s recommended approach to assessing adequacy including consideration of the issue
More informationA guide for in-house lawyers
A guide for in-house lawyers June 2015 The Proposed EU General Data Protection Regulation Index Introduction to the Regulation - 3 Progress of the Regulation - 4 Using this Guide - 5 Conceptual Overview
More informationCorporate ICT & Data Management. Data Protection Policy
90 Corporate ICT & Data Management Data Protection Policy Classification: Unclassified Date Created: January 2012 Date Reviewed January Version: 2.0 Author: Owner: Data Protection Policy V2 1 Version Control
More informationInhouse Masterclass: Data Developments - Cyber Security & the Right to be Forgotten. MHC.ie
Inhouse Masterclass: Data Developments - Cyber Security & the Right to be Forgotten MHC.ie Rewriting the Past Oisin Tobin otobin@mhc.ie Agenda 1. Background 2. Findings and impact: a) Jurisdiction b) A
More informationData Protection, Software Licenses and other Legal Issues in the Cloud
Data Protection, Software Licenses and other Legal Issues in the Cloud Dr. Hendrik Schöttle Rechtsanwalt, Fachanwalt für IT-Recht OSDC 2012, Nuremberg 26. April 2012 Overview Introduction Data Protection
More informationWatch Special. Making sense of European Data Protection Regulations as they relate to the storage and management of content in the Cloud
AIIM Market Intelligence Delivering the priorities and opinions of AIIM s 80,000 community Making sense of European Data Protection Regulations as they relate to the storage and management of content in
More informationCorporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data
Corporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data *) For the purposes of these Corporate Guidelines, Third Countries are all those countries, which do not
More informationOverview. Data protection in a swirl of change 28.03.2014. Cloud computing. Software as a service. Infrastructure as a service. Platform as a service
Data protection in a swirl of change Overview 1 Data protection issues in cloud computing 2 Consent for mobile applications Security Seminar 2014: Privacy Radboud University Nijmegen 3 The WhatsApp case
More informationSummary of Data Protection Requirements When transferring Data Outside the UK End Users
Summary of Data Protection Requirements When transferring Data Outside the UK End Users 14 May 2010 Background to transfers of the Data outside the UK Data can be transferred in a couple of ways in relation
More informationOVERVIEW. stakeholder engagement mechanisms and WP29 consultation mechanisms respectively.
Joint work between experts from the Article 29 Working Party and from APEC Economies, on a referential for requirements for Binding Corporate Rules submitted to national Data Protection Authorities in
More informationSouth East Asia: Data Protection Update
Data Privacy and Security Team To: Our Clients and Friends September 2013 South East Asia: Data Protection Update Europe has had data protection laws in place for over a decade. Such laws regulate how
More informationData Protection Policy.
Data Protection Policy. Data Protection Policy Foreword 2 Foreword Ladies and Gentlemen, In the information age, we offer customers the means to be always connected, even in their cars. This requires data
More informationPrivacy in the cloud. DNB has indicated that it considers cloud computing a form of outsourcing.
Privacy in the cloud computing, and the company concerned is required to submit a risk analysis to DNB. 3 Cloud computing entails the saving, processing and using of company data on the servers of a cloud
More informationAn overview of UK data protection law
An overview of UK data protection law Our team Vinod Bange Partner +44 (0)20 7300 4600 v.bange@taylorwessing.com Graham Hann Partner +44 (0)20 7300 4839 g.hann@taylorwessing.com Chris Jeffery Partner +44
More informationEU Data Protection Directive and U.S. Safe Harbor Framework: An Employer Update. By Stephen H. LaCount, Esq.
EU Data Protection Directive and U.S. Safe Harbor Framework: An Employer Update By Stephen H. LaCount, Esq. Overview The European Union Data Protection Directive 95/46/EC ( Directive ) went effective in
More informationArticle 29 Working Party Issues Opinion on Cloud Computing
Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,
More informationProcessor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries
Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries Sopra HR Software as a Data Processor Sopra HR Software, 2014 / Ref. : 20141120-101114-m 1/32 1.
More informationUK Data Protection Newsletter June 2015
UK Data Protection Newsletter June 2015 Headlines this month: n Data Protection reform update n New regulation must not lower data protection standards n Raid on Manchester Call Centre n Recent data breaches
More informationThe reform of the EU Data Protection framework - Building trust in a digital and global world. 9/10 October 2012
The reform of the EU Data Protection framework - Building trust in a digital and global world 9/10 October 2012 Questionnaire addressed to national Parliaments Please, find attached a number of questions
More informationThe prospects for data breach laws in 22 European countries
The prospects for data breach laws in 22 European countries Stewart Dresner, Chief Executive Privacy Laws & Business Wednesday, 4 November 2009 16 30-17 45: PARALLEL SESSION A: Ooopsss!!!!! Where did I
More informationBinding Corporate Rules ( BCR ) Summary of Third Party Rights
Binding Corporate Rules ( BCR ) Summary of Third Party Rights This document contains in its Sections 3 9 all provision of the Binding Corporate Rules (BCR) for Siemens Group Companies and Other Adopting
More informationData Transfer Policy London Borough of Barnet
London Borough of Barnet DATA PROTECTION 11 Document Control Document Description Data Transfer Policy Version v.2 Date Created December 2010 Status Authorisation Name Signature Date Prepared By: IS Checked
More informationData Protection Act. Privacy & Security in the Information Age. April 26, 2013. Ministry of Communications, Ghana
Data Protection Act Privacy & Security in the Information Age April 26, 2013 Agenda Privacy in The Information Age The right to privacy Why We Need Legislation Purpose of the Act The Data Protection Act
More informationBRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS
BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS Mat Wright www.britishcouncil.org CONTENTS Purpose of the code 1 Scope of the code 1 The British Council s data protection commitment and
More informationNavigating the Privacy Law Landscape - US and Europe
21 January, 2015 Navigating the Privacy Law Landscape - US and Europe Roberta Anderson, Partner, K&L Gates, Pittsburgh Friederike Gräfin von Brühl, Senior Associate, K&L Gates, Berlin Etienne Drouard,
More informationData Protection and Cloud Computing: an Overview of the Legal Issues
Data Protection and Cloud Computing: an Overview of the Legal Issues Christopher Kuner Partner, Hunton & Williams, Brussels Research Assistant, University of Copenhagen Nordic IT Law Conference Copenhagen,
More informationCouncil of the European Union Brussels, 26 June 2015 (OR. en)
Council of the European Union Brussels, 26 June 2015 (OR. en) Interinstitutional File: 2012/0011 (COD) 9985/1/15 REV 1 LIMITE DATAPROTECT 103 JAI 465 MI 402 DIGIT 52 DAPIX 100 FREMP 138 COMIX 281 CODEC
More informationData Protection HEADLINE PART Developments: Implications HEADLINE for the PART Insurance 2 Sector Strategies for Compliance
Data Protection HEADLINE PART Developments: 1 Implications HEADLINE for the PART Insurance 2 Sector Strategies for Compliance Sub-headline Arial 18pt dark gray Optional Name Arial 13pt italic white Venue
More informationMulti-Jurisdictional Study: Cloud Computing Legal Requirements. Julien Debussche Associate January 2015
Multi-Jurisdictional Study: Cloud Computing Legal Requirements Julien Debussche Associate January 2015 Content 1. General Legal Framework 2. Data Protection Legal Framework 3. Security Requirements 4.
More informationAlign Technology. Data Protection Binding Corporate Rules Controller Policy. 2014 Align Technology, Inc. All rights reserved.
Align Technology Data Protection Binding Corporate Rules Controller Policy Contents INTRODUCTION 3 PART I: BACKGROUND AND ACTIONS 4 PART II: CONTROLLER OBLIGATIONS 6 PART III: APPENDICES 13 2 P a g e INTRODUCTION
More informationHow To Protect Your Data In European Law
Corporate Data Protection Code of Conduct for the Protection of the Individual s Right to Privacy in the Handling of Personal Data within the Deutsche Telekom Group 2010 / 04 We make ICT strategies work
More informationInformation Commissioner s Office. ICO response to the discussion paper on the Rehabilitation of Offenders Act 1974
Information Commissioner s Office ICO response to the discussion paper on the Rehabilitation of Offenders Act 1974 14 November 2013 1 Contents Introduction Response Further issues About the ICO The ICO
More informationon the transfer of personal data from the European Union
on the transfer of personal data from the European Union BCRsseptembre 2008.doc 1 TABLE OF CONTENTS I. PRELIMINARY REMARKS 3 II. DEFINITIONS 3 III. DELEGATED DATA PROTECTION MANAGER 4 IV. MICHELIN GROUP
More informationData protection compliance checklist
Data protection compliance checklist What is this checklist for? This checklist is drawn up on the basis of analysis of the relevant provisions of European law. Although European law aims at harmonizing
More informationEU Data Protection Reforms Challenges for Business
www.pwc.com Contents EU Data Protection Reforms Challenges for Business July 2014 1. Introduction 2. The need for change 3. Changes and challenges 4. Recommendations 5. Conclusion 6. For a deeper conversation
More informationAlign Technology. Data Protection Binding Corporate Rules Processor Policy. 2014 Align Technology, Inc. All rights reserved.
Align Technology Data Protection Binding Corporate Rules Processor Policy Confidential Contents INTRODUCTION TO THIS POLICY 3 PART I: BACKGROUND AND ACTIONS 4 PART II: PROCESSOR OBLIGATIONS 6 PART III:
More informationHow To Understand The Data Protection Act
DATA PROTECTION ACT 2002 The Basics Purpose of the Act Balance the rights of an individual with an organisation s legitimate need to process personal data Promote openness and transparency Establish and
More informationSafe Harbour Agreement no longer a valid basis for EEA to US transfers of personal data
Jisc Safe Harbour NOTE ON THE COURT OF JUSTICE OF THE EUROPEAN UNION'S JUDGMENT ON 'SAFE HARBOUR' ARRANGEMENTS FOR THE TRANSFER OF PERSONAL DATA FROM THE EEA TO THE USA KEY POINTS Safe Harbour Agreement
More informationInternational Privacy and Data Security Requirements. Benedict Stanberry, LLB LLM MRIN Director, Centre for Law Ethics and Risk in Telemedicine
International Privacy and Data Security Requirements Benedict Stanberry, LLB LLM MRIN Director, Centre for Law Ethics and Risk in Telemedicine Aims of this Presentation. To provide a brief overview of
More informationData Protection Policy
Data Protection Policy Document Ref: DPA20100608-001 Version: 1.3 Classification: UNCLASSIFIED (IL 0) Status: ISSUED Prepared By: Ian Mason Effective From: 4 th January 2011 Contact: Governance Team ICT
More informationRecruitment Sector. Consultation on prohibiting employment agencies and employment businesses from advertising jobs exclusively in other EEA countries
Recruitment Sector Consultation on prohibiting employment agencies and employment businesses from advertising jobs exclusively in other EEA countries JULY 2014 Contents Contents... 2 Prohibiting employment
More informationAlixPartners, LLP. General Data Protection Statement
AlixPartners, LLP General Data Protection Statement GENERAL DATA PROTECTION STATEMENT 1. INTRODUCTION 1.1 AlixPartners, LLP ( AlixPartners ) is committed to fulfilling its obligations under the data protection
More informationOSRAM BCR Binding Corporate Rules ( BCR ) for OSRAM Group Companies and Adopting Companies for the protection of personal data
OSRAM BCR Binding Corporate Rules ( BCR ) for OSRAM Group Companies and Adopting Companies for the protection of personal data Terms Adopting company an OSRAM associated company in Germany or overseas
More informationBig Data for Mutuals. Marc Dautlich 25 November 2013
Big Data for Mutuals Marc Dautlich 25 November 2013 Agenda BIG DATA What is it? OPPORTUNITIES What are they? LEGAL CHALLENGES How do we overcome them? LEGAL REFORM What can we do now to minimise impact?
More informationPrivacy Level Agreement Outline for the Sale of Cloud Services in the European Union
Privacy Level Agreement Working Group Privacy Level Agreement Outline for the Sale of Cloud Services in the European Union February 2013 The PLA Outline has been developed within CSA by an expert working
More information235.1. Federal Act on Data Protection (FADP) Aim, Scope and Definitions
English is not an official language of the Swiss Confederation. This translation is provided for information purposes only and has no legal force. Federal Act on Data Protection (FADP) 235.1 of 19 June
More informationThe Impact of EU Data Protection Legislation. Thomas Rivera Hitachi Data Systems
Privacy PRESENTATION vs Data TITLE Protection: GOES HERE The Impact of EU Data Protection Legislation Thomas Rivera Hitachi Data Systems SNIA Legal Notice The material contained in this tutorial is copyrighted
More informationCloud Software Services for Schools
Cloud Software Services for Schools Supplier self-certification statements with service and support commitments Supplier name Address Contact name Contact email Contact telephone Parent Teacher Online
More informationINTERNATIONAL SOS. Data Protection Policy. Version 1.05
INTERNATIONAL SOS Data Protection Policy Document Owner: LCIS Division Document Manager: Group General Counsel Effective: December 2008 Revised: 2015 All copyright in these materials are reserved to AEA
More informationAuditing data protection a guide to ICO data protection audits
Auditing data protection a guide to ICO data protection audits Contents Executive summary 3 1. Audit programme development 5 Audit planning and risk assessment 2. Audit approach 6 Gathering evidence Audit
More informationDirective. for the transfer of personal data. to third countries outside the EEA
Directive for the transfer of personal data to third countries outside the EEA (Munich Re reinsurance group directive on third-country data transfer) Information correct at 1 July 2013 - 2 - Contents 1
More informationE-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY
E-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY Oana Dolea 7 th Annual Leg@l.IT Conference March 26th, 2013 Montreal, Canada INTRODUCTION Mobile e-commerce vs. E-commerce Mobile e-commerce:
More informationNew EU Data Protection legislation comes into force today. What does this mean for your business?
24 th May 2016 New EU Data Protection legislation comes into force today. What does this mean for your business? After years of discussion and proposals, the General Data Protection Regulation ( GDPR )
More information1 Data Protection Principles
Today, our personal information is being collected, shared, stored and analysed everywhere. Whether you are browsing the internet, talking to a friend or making an online purchase, personal data collection
More informationBriefly summarised, SURFmarket has submitted the following questions to the Dutch DPA:
UNOFFICIAL TRANSLATION Written opinion on the application of the Wet bescherming persoonsgegevens [Dutch Data Protection Act] in the case of a contract for cloud computing services from an American provider
More informationWhat's Up with Apps in Hong Kong July 2013
What's Up with Apps in Hong Kong July 2013 In May this year, the Hong Kong Privacy Commissioner for Personal Data ("Privacy Commissioner") joined the Global Privacy Enforcement Network ("GPEN") to conduct
More informationComments and proposals on the Chapter IV of the General Data Protection Regulation
Comments and proposals on the Chapter IV of the General Data Protection Regulation Ahead of the trialogue negotiations later this month, EDRi, Access, Panoptykon Bits of Freedom, FIPR and Privacy International
More informationInternational E-Discovery E-Discovery vs. German Data Protection
International E-Discovery E-Discovery vs. German Data Protection ABA Tech Committee April 28 30, 2010 New York, LL.M. CMS Hasche Sigle Kranhaus 1 / Im Zollhafen 18 50678 Cologne Germany Tel: +49 221 7716-140
More informationDealing With Information Rights Concerns
I Data Protection Act How we deal with complaints and concerns A guide for data controllers 1 Data Protection Act How we deal with complaints and concerns The ICO is the UK s independent public authority
More informationPRINCIPLES OF THE TRANSFER OF PERSONAL DATA TO A THIRD COUNTRY. Introduction
PRINCIPLES OF THE TRANSFER OF PERSONAL DATA TO A THIRD COUNTRY Introduction The continuous globalization of the world economy influences the international transfer of personal data. The transfer of personal
More informationMONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY
MONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY Page 1 of 16 Contents Policy Information 3 Introduction 4 Responsibilities 7 Confidentiality 9 Data recording and storage 11 Subject Access 12 Transparency
More informationCompliance guide: Data protection. A practical guide to meeting your regulatory and best practice obligations
Compliance guide: Data protection A practical guide to meeting your regulatory and best practice obligations Contents Introduction 3 5 Principle 1: Data must be fairly and lawfully processed 4 5 Principle
More informationGuidelines on Data Protection. Draft. Version 3.1. Published by
Guidelines on Data Protection Draft Version 3.1 Published by National Information Technology Development Agency (NITDA) September 2013 Table of Contents Section One... 2 1.1 Preamble... 2 1.2 Authority...
More informationEU Competition Law. Article 101 and Article 102. January 2010. Contents
EU Competition Law January 2010 Contents Article 101 The requirements of Article 101(1) Exemptions under Article 101(3) Article 102 Dominant position Abuse of a dominant position Procedural issues Competition
More informationOBJECTS AND REASONS. (a) the regulation of the collection, keeping, processing, use or dissemination of personal data;
OBJECTS AND REASONS This Bill would provide for (a) the regulation of the collection, keeping, processing, use or dissemination of personal data; (b) the protection of the privacy of individuals in relation
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY Version 1.3 April 2014 Contents 1 POLICY STATEMENT...2 2 PURPOSE....2 3 LEGAL CONTEXT AND DEFINITIONS...2 3.1 Data Protection Act 1998...2 3.2 Other related legislation.....4 3.3
More informationBinding Corporate Rules Privacy (BCRP) personal Telekom Group rights in the handling of personal data within the Deutsche Telekom Group
Binding Corporate Rules Privacy (BCRP) Binding Corporate corporate Rules rules Privacy for (BCRP) the protection of personal Telekom Group rights in the handling of personal data within the Deutsche Telekom
More informationApplication of Data Protection Concepts to Cloud Computing
Application of Data Protection Concepts to Cloud Computing By Denitza Toptchiyska Abstract: The fast technological development and growing use of cloud computing services require implementation of effective
More informationData Protection Policy
Data Protection Policy Prepared By: Malkiat Thiarai Head of Corporate Information Management Date of Publication: 23/01/2013 Version: 5.0 Classification: Not Protectively Marked Page 1 Table of Contents
More informationA list of CIArb subsidiaries relevant to this notice and their activities is set out below.
CHARTERED INSTITUTE OF ARBITRATORS DATA PRIVACY NOTICE INTRODUCTION This data protection notice explains what personal data will be collected by the Chartered Institute of Arbitrators and its subsidiary
More informationEU Data Protection and Information Security for Banking & Financial Service sectors 4 th December 2014
EU Data Protection and Information Security for Banking & Financial Service sectors 4 th December 2014 Janine Regan, Associate George Willis, Associate charlesrussellspeechlys.com Janine Regan Associate
More information4. We understand this to mean that each provider state will need to ensure indemnity arrangements are in place to cover healthcare provided in that
Medical Defence Union response to consultation on European Commission s proposals for Directive on the application of patients rights in cross-border healthcare Introduction 1. The Medical Defence Union
More informationCloud Computing and Data Protection Compliance - Experiences from Norway
Cloud Computing and Data Protection Compliance - Experiences from Norway PhD Thomas Olsen Legal Aspects of Cloud Computing, UiO, 27 January 2015 www.svw.no Overview Cloud Computing Introduction to EU and
More informationCLOUD COMPUTING FOR ehealth DATA PROTECTION ISSUES
CLOUD COMPUTING FOR ehealth DATA PROTECTION ISSUES GLOBAL FORUM 2009 ICT & The Future of the Internet - Monday, October 19 th 2009 paolo.balboni@bakernet.com Introduction & Structure ENISA Working Group
More informationFRANCE. Chapter XX OVERVIEW
Chapter XX FRANCE Merav Griguer 1 I OVERVIEW France has an omnibus privacy, data protection and cybersecurity framework law. As a member of the European Union, France has implemented the EU Data Protection
More informationContext. To cloud or not to cloud, that is a very serious question. Legal challenges in a post Safe Harbour and pre GDPR cloud world
To cloud or not to cloud, that is a very serious question EEMA / TrustCore Legal challenges in a post Safe Harbour and pre GDPR cloud world 18 November 2015 hans.graux@timelex.eu Context Major cloud providers
More informationMerthyr Tydfil County Borough Council. Data Protection Policy
Merthyr Tydfil County Borough Council Data Protection Policy 2014 Cyfarthfa High School is a Rights Respecting School, we recognise the importance of ensuring that the United Nations Convention of the
More informationCABINET OFFICE THE CIVIL SERVICE NATIONALITY RULES
ANNEX A CABINET OFFICE THE CIVIL SERVICE NATIONALITY RULES Introduction The Civil Service Nationality Rules concern eligibility for employment in the Civil Service on the grounds of nationality and must
More informationCHANGES IN THE WORLD OF CLAIMS MANAGEMENT FROM DEBTORS TO CUSTOMERS
CHANGES IN THE WORLD OF CLAIMS MANAGEMENT FROM DEBTORS TO CUSTOMERS Andreas Aumüller, President of FENCA Federation of European National Collection Associations CONSUMER CREDIT INDUSTRY Annual Convention
More informationEU Regulatory Trends in Data Protection & Cybersecurity What should be on the industry s agenda?
EU Regulatory Trends in Data Protection & Cybersecurity What should be on the industry s agenda? Dr. Jörg Hladjk Counsel European Data Protection & Privacy Practice Hunton & Williams, Brussels Cyber Security
More informationGUIDE ON DATA PROTECTION REQUIREMENTS IN THE CONTEXT OF CLOUD COMPUTING SERVICES
GUIDE ON DATA PROTECTION REQUIREMENTS IN THE CONTEXT OF CLOUD COMPUTING SERVICES CONTENT 1. WHY A CLOUD COMPUTING GUIDE?... 2 2. WHAT IS CLOUD COMPUTING?... 4 3. WHAT ARE THE ROLES OF THE CLOUD SERVICES
More informationAppendix 11 - Swiss Data Protection Act
GLEIF- LOU Restricted Appendix 11 - Swiss Data Protection Act GLEIF Revision Version: 1.0 2015-09-23 Master Copy page 2 of 11 Applicable Provisions of the Swiss Data Protection Act (DPA) including the
More information12 January 2011. Register of Interest Representatives Identification number in the register: 52646912360-95
Z E N T R A L E R K R E D I T A U S S C H U S S MITGLIEDER: BUNDESVERBAND DER DEUTSCHEN VOLKSBANKEN UND RAIFFEISENBANKEN E.V. BERLIN BUNDESVERBAND DEUTSCHER BANKEN E.V. BERLIN BUNDESVERBAND ÖFFENTLICHER
More informationData Protection Working Group. Final Report on the Draft Data Protection Bill
Data Protection Working Group Final Report on the Draft Data Protection Bill Background In August 2009, upon a request from the Hon. Attorney General, the Governor-in-Cabinet established a Data Protection
More information