Add to collection(s) Add to saved
  1. Social Science
  2. Political Science

ppt - Terena

advertisement 
Agencia de Protección de Datos - Comunidad de Madrid
International Transfer of Personal Data
International transfer of
personal data. Regulations
Advanced EuroCAMP
Moving towards Confederations
(18 - 19 October 2006, Málaga, Spain)
Málaga, 19th October 2006
Agencia de Protección de Datos - Comunidad de Madrid
International Transfer of Personal Data
Personal data: definitions
and their consequences
Málaga, 19th October 2006
Agencia de Protección de Datos - Comunidad de Madrid
International Transfer of Personal Data
Background
- Privacy, the right “to be let alone”
- Protection facing risks from automated
processing of information (French CNIL
1.978, Spanish Constitution 1.978, etc…)
- Fundamental right different from privacy,
European-wide and other countries.
Málaga, 19th October 2006
Agencia de Protección de Datos - Comunidad de Madrid
International Transfer of Personal Data
Legal framework (1)
- European Convention for the Protection of Human
Rights and Fundamental Freedoms – Council of
Europe – 1.950 (article 8)*
1. Everyone has the right to respect for his private and
family life, his home and his correspondence.
2. There shall be no interference by a public authority with
the exercise of this right except such as is in
accordance with the law and is necessary in a
democratic society in the interests of national security,
public safety or the economic well-being of the country,
for the prevention of disorder or crime, for the
protection of health or morals, or for the protection of
the rights and freedoms of others.
* http://conventions.coe.int/Treaty/en/Treaties/Html/005.htm
Málaga, 19th October 2006
Agencia de Protección de Datos - Comunidad de Madrid
International Transfer of Personal Data
Legal framework (2)
-
European Union Charter of Fundamental Rights (Dec
2000); protection of personal data (article 8)*:
1. Everyone has the right to the protection of personal
data concerning him or her.
2. Such data must be processed fairly for specified
purposes and on the basis of the consent of the person
concerned or some other legitimate basis laid down by
law. Everyone has the right of access to data which has
been collected concerning him or her, and the right to
have it rectified.
3. Compliance with these rules shall be subject to control
by an independent authority.
* http://www.europarl.europa.eu/charter/pdf/text_en.pdf
Málaga, 19th October 2006
Agencia de Protección de Datos - Comunidad de Madrid
International Transfer of Personal Data
Legal framework (3)
- Convention of 28 January 1981 of the Council of
Europe for the protection of individuals as regards
automated processing of personal data.
- Directive 95/46/EC of the European Parliament
and of the Council of 24 October 1995 on the
protection of individuals with regard to the
processing of personal data and on the free
movement of such data *
* http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:EN:NOT
Málaga, 19th October 2006
Agencia de Protección de Datos - Comunidad de Madrid
International Transfer of Personal Data
Legal framework (4)
- Directive 2002/58/EC of the European Parliament
and of the Council of 12 July 2002 concerning the
processing of personal data and the protection of
privacy in the electronic communications sector
(Directive on privacy and electronic communications)
- Directive 97/66/EC of the European Parliament and
of the Council of 15 December 1997 concerning the
processing of personal data and the protection of
privacy in the telecommunications sector
Málaga, 19th October 2006
Agencia de Protección de Datos - Comunidad de Madrid
International Transfer of Personal Data
Extent of Directive 95/46/EC
- ‘Personal data‘: ANY INFORMATION relating
to an identified or identifiable natural person
('data subject'); an identifiable person is one
who can be identified, directly or indirectly, in
particular by reference to an identification
number or to one or more factors specific to
his physical, physiological, mental, economic,
cultural or social identity.
- Exceptions: public security, defence, State
security, Criminal Law, purely personal or
household activity.
Málaga, 19th October 2006
Agencia de Protección de Datos - Comunidad de Madrid
International Transfer of Personal Data
International Transfer of Personal
Data (EU-Centric view) *
* See CHAPTER IV “TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES” of Directive 95/46/EC
at http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:EN:HTML
Málaga, 19th October 2006
Agencia de Protección de Datos - Comunidad de Madrid
International Transfer of Personal Data
EU-EEA countries
- 25
EU Member States + 3 EEA member
countries (Norway, Liechtenstein and Iceland):
no further safeward necessary
- That means national regulations apply, as if
“national” data transfer (data subject consent
or legal provision)
- Coming from “single market” (1st EU pillar),
going to Justice and Home Affairs (3rd EU
pillar).
Málaga, 19th October 2006
Agencia de Protección de Datos - Comunidad de Madrid
International Transfer of Personal Data
“Third” countries (non EU-EEA)
- “Adecuate
level of protection” to personal
data by third countries
- On the basis of National Law or International
Commitments
- Decision by European Commission, with
participation of Member States, European
DPAs (art. 29WP), EU Parliament
Málaga, 19th October 2006
Agencia de Protección de Datos - Comunidad de Madrid
International Transfer of Personal Data
List of “Third” countries with ALP
- Switzerland,
Canada, Argentina, Guernsey,
Isle of Man, the US Department of Commerce's
Safe harbor Privacy Principles, and the transfer
of Air Passenger Name Record to the United
States' Bureau of Customs and Border
Protection
- Detailed information at:
http://ec.europa.eu/justice_home/fsj/priv
acy/thirdcountries/index_en.htm
Málaga, 19th October 2006
Agencia de Protección de Datos - Comunidad de Madrid
International Transfer of Personal Data
Some ongoing issues
- Ruling
by the European Court of Justice
of 30 May 2006 in Joined Cases C-317/04
and C-318/04 on the transmission of
Passenger Name Records to the United
States (May 2006)
- SWIFT transfer to the US
Málaga, 19th October 2006
Agencia de Protección de Datos - Comunidad de Madrid
International Transfer of Personal Data
Countries without ALP (1):
- International PD transfer may still (legally)
happen if:
1.There is consent of the data subject
2. Required by a contract between the data subject
and the controller or third party, or to protect her
vital interests
3. Legally required for public interest
4. Public register following access conditions (public
or interested parties)
5. Adequate safeguards aduced by the controller
(i.e. Binding Corporate Rules)
Málaga, 19th October 2006
Agencia de Protección de Datos - Comunidad de Madrid
International Transfer of Personal Data
Countries without ALP (2):
- Check national Law and regulations and
national DPA
- List of European DPA’s at:
http://ec.europa.eu/justice_home/fsj/priv
acy/nationalcomm/index_en.htm
- Why not a consent management
infraestructure?
Málaga, 19th October 2006
Agencia de Protección de Datos - Comunidad de Madrid
International Transfer of Personal Data
Francisco José López Carmona
Deputy Director for the Register of Data Files
and Consulting Services
jose.lopezcarmona@madrid.org
Málaga, 19th October 2006
Related documents
Ekip Europa
Ekip Europa
Linguistic Game Tester Company based in Málaga looking for
Linguistic Game Tester Company based in Málaga looking for
Registration_files/registration form
Registration_files/registration form
American Studies Harrison Daily Life In Cities The American Nation
American Studies Harrison Daily Life In Cities The American Nation
Essay Questions
Essay Questions
19th century military intro
19th century military intro
Download
advertisement