Data Protection in the Commonwealth Key Instruments and Current Practices

Similar documents
TRINIDAD & TOBAGO SECURITIES AND EXCHANGE COMMISSION

Cybersecurity Governance

Information and Observations on the Scope and Application of Universal Jurisdiction. Resolution 65/33 of the General Assembly

CYBERCRIME AND THE LAW

PIPEDA and Online Backup White Paper

An overview of UK data protection law

DATE: 1 APRIL Introduction

Privacy Law in Canada

The official nomination of national focal points for issues relating to statelessness in seven (7) States (commitment 22)

COUNCIL OF EUROPE COMMITTEE OF MINISTERS

CGU PROFESSIONAL RISKS

How To Understand The Data Protection Act

Minister Shatter presents Presidency priorities in the JHA area to European Parliament

LEGISLATION ON CYBERCRIME IN NIGERIA: IMPERATIVES AND CHALLENGES

Department of Communications. Enhancing Online Safety for Children Discussion Paper. Submission by the Australian Federal Police

Cybersecurity in the Commonwealth: Setting the Stage

Employee Data Privacy A Regional Overview

DATA PROTECTION POLICY

Harmonizing cyberlaws and regulations: the experience of the East African Community CTO Cybersecurity Forum April 2013 Yaoundé, Cameroon

NATIONAL PARTNERSHIP AGREEMENT ON E-HEALTH

CYBER SECURITY LEGISLATION AND POLICY INITIATIVES - UGANDA CASE

Accountability: Data Governance for the Evolving Digital Marketplace 1

Section 1: Development of the EU s competence in the field of police and judicial cooperation in criminal matters

Terms of Business for Registered Support Providers

KS 1 Activities Matching game. Flash Cards. KS2 Activities Sorting. Top Trumps.

Towards Effective Internet Governance

Australia s proposed accession to the Council of Europe Convention on Cybercrime

Data Protection Policy

Response of the Northern Ireland Human Rights Commission on the Health and Social Care (Control of Data Processing) NIA Bill 52/11-16

Fact sheet 2 Overview of the Extradition Process

PERSONAL INFORMATION PROTECTION ACT

Corporate ICT & Data Management. Data Protection Policy

Patrick Fair Partner, ITC and Data Security Specialist Baker & McKenzie. Developments in Security Regulation

Important aspects of the new Regulation third country data transfers

Legal protection of children from sexual exploitation: The Lanzarote Convention and the ONE in FIVE campaign

Strategic Priorities for the Cooperation against Cybercrime in the Eastern Partnership Region

COMMISSION OF THE EUROPEAN COMMUNITIES GREEN PAPER

(U) Appendix E: Case for Developing an International Cybersecurity Policy Framework

Entrepreneurs Programme - Business Growth Grants

SASKATCHEWAN OFFICE OF THE INFORMATION AND PRIVACY COMMISSIONER INVESTIGATION REPORT F Saskatchewan Workers Compensation Board

G20 HIGH-LEVEL PRINCIPLES ON FINANCIAL CONSUMER PROTECTION

CPA Roadshows Speaking Notes

APRA S FIT AND PROPER REQUIREMENTS

005ASubmission to the Serious Data Breach Notification Consultation

CYBERTERRORISM THE USE OF THE INTERNET FOR TERRORIST PURPOSES

OVERVIEW. stakeholder engagement mechanisms and WP29 consultation mechanisms respectively.

Office of the Data Protection Commissioner of The Bahamas. Data Protection (Privacy of Personal Information) Act, A Guide for Data Controllers

Principal Members. February 1, Review of Australia s Consumer Policy Framework Productivity Commission PO Box 1428 Canberra ACT 2616

Privacy Law in Canada

PRIVACY AND CREDIT REPORTING POLICY

Information Governance Framework. June 2015

The case for adoption of the UN Electronic Communications Convention

The Australian Privacy Foundation

QUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN better health cover shouldn t hurt

Self-Assessment of a Comprehensive Privacy Programme: A Tool for Practitioners

DATA PROTECTION POLICY

Asia Pacific Legislative Analysis: Current and Pending Online Safety and Cybercrime Laws. A Study by Microsoft.

BCS, The Chartered Institute for IT Consultation Response to:

Work programme

Thompson Jenner LLP Last revised April 2013 Standard Terms of Business

The Århus Convention by Jens Hamer, ERA

PRISONERS INTERNATIONAL TRANSFER (QUEENSLAND) ACT 1997

Data Protection Act. Privacy & Security in the Information Age. April 26, Ministry of Communications, Ghana

OBJECTS AND REASONS. (a) the regulation of the collection, keeping, processing, use or dissemination of personal data;

Commonwealth Approach to Cybergovernance and Cybersecurity. By the Commonwealth Telecommunications Organisation

1. THE IMMIGRATION PROCESS IN IRELAND

International Transfer of Prisoners (South Australia) Act 1998

HIPSSA Project. Support for Harmonization of the ICT Policies in Sub-Sahara Africa, Second Mission -Namibia

Regulation of Insolvency Practitioners

EDRi s. January European Digital Rights Rue Belliard 20, 1040 Brussels tel. +32 (0)

The United Nations Convention on the Use of Electronic Communications in International Contracts: policy goals

Draft WGIG Issues Paper on E-Commerce

Disability Discrimination Act 1992

Table of Contents. Introduction 3 What is Title Insurance? What are mortgage processing and loan servicing services? 3 This Privacy Policy 3

ANZ Privacy Policy PROTECTING YOUR PRIVACY 07.15

Crimes (Computer Hacking)

2013 Africa Union Framework for Cyber security in Africa

The United States Federal Trade Commission ("FTC") and the Office of the Data Protection Commissioner of Ireland (collectively, "the Participants"),

Data Governance in-brief

ASEAN s Cooperation on Cybersecurity and against Cybercrime

South East Asia: Data Protection Update

ESTABLISHING A LEGAL FRAMEWORK FOR INTERNATIONAL TRADE SINGLE WINDOW

PRINCIPLES FOR ACCESSING AND USING PUBLICLY-FUNDED DATA FOR HEALTH RESEARCH

Practice Note. 10 (Revised) October 2010 AUDIT OF FINANCIAL STATEMENTS OF PUBLIC SECTOR BODIES IN THE UNITED KINGDOM

COMMISSION OF THE EUROPEAN COMMUNITIES. Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER

CONSULTATION PAPER NO

Expert Group Meeting on the Technical and Legal Obstacles to the Use of Videoconferencing

FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS

The guidance will be developed over time in the light of practical experience.

How To Support The Justice System In Canada

SURVEILLANCE AND PRIVACY

Meeting of Commonwealth Law Ministers and Senior Officials

POLICIES, RULES AND GUIDELINES

Under European law teleradiology is both a health service and an information society service.

Cyber Security Recommendations October 29, 2002

Queensland Training Assets Management Authority Bill 2014 Explanatory Notes

Information Commissioner s Office. ICO response to the discussion paper on the Rehabilitation of Offenders Act 1974

The Protocol to Eliminate Illicit Trade in Tobacco Products: an overview

Caedmon College Whitby

Transcription:

Data Protection in the Commonwealth Key Instruments and Current Practices Ad Hoc Expert Meeting on Data Protection and Privacy: Implications for Trade and Development 20 April 2016

The Commonwealth Charter

Data Protection in the Commonwealth-status quo Some Commonwealth jurisdictions have adequate laws and policies in place; others including small islands and developing states do not have law in a number of large Commonwealth countries, such as India, South Africa, and Nigeria, remains a work in progress small states such as the Bahamas, Lesotho, Mauritius and Trinidad and Tobago have data protection legislation while others, such as Guyana, Botswana and all small Commonwealth states in Asia and the Pacific have not enacted comprehensive data protection laws

Data Protection in the Commonwealth-regional initiatives Canada, UK, New Zealand and Australia (members of OECD) have developed advanced data protection regimes in line with the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data UK, Cyprus and Malta - bound by the EU Data Protection Directive Other regional regulatory initiatives: the African Union Convention on Cyber Security and Personal Data Protection, ECOWAS Supplementary Act on personal data protection, Council of Europe Convention for the Protection of Individuals with regard to the Automatic Processing of Personal Data and the APEC Privacy Framework.

A Commonwealth regime-interoperability and harmonisation? Shared legal tradition of common law in most jurisdictions No binding legal regime applicable to all Commonwealth jurisdictions. Recognition of diversity-promote 'best fit' and not 'best practice' In each of the 53 member countries, data protection is regulated by domestic laws, mainly constitutional and statutory law provisions, as well as common law principles. Commonwealth Secretariat provides technical assistance to member countries in response to requests Has provided model legal framework to member countries for control over collection, access to, use of, and dissemination of data stored in digital and in paper-based systems.

A Commonwealth regime-actions taken Commonwealth Law Ministers endorsed the Commonwealth Freedom of Information Principles which were subsequently noted by the Commonwealth Heads of Government (CHOGM) at their Durban Meeting in 1999. Normative basis: the Declaration of Commonwealth Singapore Principles, 1971, which recognises the liberty of the individual and to that end strives to promote in each of the member countries guarantees for personal freedom under the law Recognition of the fundamental importance both of the right of the public to access information held by government (in the form of freedom of information laws), as well as a need to protect the privacy of individuals whose personal information is held by a government or public institution (in the form of informational privacy and data protection guarantees)-conflicting rights

Commonwealth Initiatives These initiatives unfolded in three dimensions: a. the development of model laws on protection of personal information; b. the regulation of information privacy including freedom of information; c. and the establishment of mechanisms to combat cybercrime, including crimes that impact on informational privacy. Commonwealth s three-dimension approach addresses frameworks for cybersecurity, the update of data protection legislation (in particular the understanding of personal data in a cyber-environment), and the adoption of a core periphery approach to human rights (balancing access to information with the protection of informational privacy

Commonwealth Model Laws on Privacy and Data Protection In 2002, Law Ministers considered three inter-related model Bills on privacy and freedom of information namely: the Freedom of Information Bill; the Privacy Bill; and the Protection of Personal Information Bill to assist member countries which had yet to enact laws providing for access to, processing and protection of information. The Privacy Bill and the Protection of Personal Information Bill seek, in accordance with general practice in member countries, to deal only with information privacy, being the most common aspect of privacy regulated by statute. Other aspects of privacy such as privacy of communications, bodily privacy and territorial privacy are not dealt with in the two model Bills. Issues of privacy and data protection are also addressed in the Model Freedom of Information Bill and the Model Law on Computer and Computer Related Crime.

Commonwealth Model Laws on Privacy and Data Protection Draw largely from the OECD Guidelines core principles : right of access to information in documentary form in the possession of public authorities within established exceptions; recognition of the privacy of individuals by protecting personal information processed by private organisations; accuracy and security of information; involvement of the data subject; and limits to collection, use, retention and disclosure of personal information.

Model Protection of Personal Information Bill seeks to make provision for the recognition of the privacy of individuals by regulating processing of personal information or data by private sector organisations. does not apply to public authorities or to information processed for personal or domestic, journalistic, artistic or literary purposes. gives effect to core principles of data protection set out in OECD Guidelines. provides for the processing of personal information; requiring appropriateness of purpose, knowledge and consent; setting limits and conditions on use and disclosure of personal information within and outside the given member country. requires role occupants to ensure accuracy of the information; to secure personal information; to retain records and note all uses and disclosures without consent. regulates the procedure for access to information including for persons with disability and the manner in which complaints are received, investigated and disputes resolved. The role of a Privacy Commissioner is also set out, including the requirement to make an annual report to Parliament. regulates cross-border disclosures of information, requiring guarantees of protection.

Model Privacy Bill Aims to provide a model framework for protection of personal information held by public bodies, through ensuring that information is collected only for appropriate purposes and by appropriate means. Seeks to give effect to the OECD principles and to create a legal regime which could be administered by small and developing States without the need to create significant new structures. Provides for the collection, use, storage, security, disclosure and retention of personal information by public authorities; creates the office of Privacy Commissioner; and provides for investigation of complaints and accountability to Parliament. Provisions dealing with the creation of a Privacy Commissioner are included on an optional basis, with a view to assisting small and developing States that may not be able to create such an office and instead rely on courts or tribunals to deal with allegations of damage caused by breach of the privacy law. Another officer could be designated to perform certain critical functions relating to protection of personal privacy. Does not address cross-border transfers of personal information.

Model Freedom of Information Bill Prepared to assist those countries desiring to give effect to the Commonwealth Freedom of Information Principles. Creates a right of members of the public to access information held by public authorities with the aim of increasing transparency and accountability of government, and exemptions in the interest of privacy. Documents, disclosure of which would involve unreasonable disclosure of personal information of any individual are exempted from disclosure.

Model Law on Computer and Computer Related Crime Covers the offences of illegal access, interfering with data, interfering with computer systems, illegal interception of data, illegal data, among others. In comparison to the Convention on Cybercrime, the model law expanded criminal liability - so as to include reckless liabilityfor the offences of interfering with data, interfering with computer systems, and using illegal devices and addressed issues of dual criminality by stating that the act applied to an act done or an omission made by a national of a State outside its territory, if the person's conduct would also constitute an offence under a law of the country where the offence was committed. This may lead to prosecution or extradition based on dual criminality, but not extradition as it is provided in the Convention on Cybercrime which eases prosecution of offences.

Commonwealth Cybercrime Initiative (CCI) Established as a multi-stakeholder consortium to delivering institutional, human and technical capacity building support to member countries in combating cybercrime. Aims to promote the sharing of expertise and best practice from existent resources, for example, the Commonwealth Model Law on Computer and Computer Related Crime and the Commonwealth Model Bill on the Protection of Personal Information, and also drawing from other existent treaties, toolkits, and resources. Delivers bespoke assistance to member countries, following a national needs assessment. Such assistance has frequently focused on the need for improved data protection and information security frameworks. Instances where the Commonwealth Model Law has been used when drafting cybercrime legislation include, among others, Tonga s Computer Crimes Act of 2003, Ghana s Electronic Transactions Act of 2008, Antigua s Computer Misuse Act of 2006, Bahama s Computer Misuse Act (2003), St. Lucia s Electronic Crimes Act (2014).

Going forward Need to audit uptake of model laws amongst the 53 members of the Commonwealth Need to revise existing model laws (dated- >10 years old) to take into account new developments and weaknesses identified by the UNCTAD study New developments -such as focus on impacts on global trade; cross-border transfers; role of informal sector, etc. Conduct assessments to establish

Thank You Elizabeth Bakibinga-Gaswaga e.bakibinga@commonwealth.int Legal Adviser, Law Development Section Rule of Law Division

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information