Slajd 1 - gov.ru
Download
Report
Transcript Slajd 1 - gov.ru
NEW FRAMEWORK OF DATA PROTECTION IN
THE EUROPEAN UNION
14th Meeting of Central Eastern Europe Data Protection Authorities
(CEEDPA)
Kyiv, May 21-22th, 2012
WOJCIECH WIEWIÓROWSKI PhD
Inspector General for Personal Data Protection, Poland
Laboratory of Legal Informatics, Faculty of Law and Administration, University of Gdansk
Kyiv, May 21-22nd, 2012
Generalny Inspektor
Ochrony Danych Osobowych
ul. Stawki 2, 00-193 Warszawa
www.giodo.gov.pl
[email protected]
© M. Narojek for GIODO 2011
www.giodo.gov.pl
PRIVACY AND DATA PROTECTION
Convention for the Protection of Individuals with regard to
Automatic Processing of Personal Data
Recognising that it is necessary to reconcile the fundamental values
of the respect for privacy and the free flow of information between
peoples
Article 1 – Object and purpose
The purpose of this convention is to secure in the territory of each
Party for every individual, whatever his nationality or residence,
respect for his rights and fundamental freedoms, and in particular
his right to privacy, with regard to automatic processing of personal
data relating to him ("data protection").
Kyiv, May 21-22nd, 2012
www.giodo.gov.pl
PRIVACY AND DATA PROTECTION
Treaty on The Functioning Of The European Union
Article 16 (ex Article 286 TEC)
1. Everyone has the right to the protection of personal data concerning
them.
2. The European Parliament and the Council, acting in accordance with
the ordinary legislative procedure, shall lay down the rules relating to
the protection of individuals with regard to the processing of personal data
by Union institutions, bodies, offices and agencies, and by the Member
States when carrying out activities which fall within the scope of Union law,
and the rules relating to the free movement of such data. Compliance with
these rules shall be subject to the control of independent authorities.
The rules adopted on the basis of this Article shall be without prejudice to
the specific rules laid down in Article 39 of the Treaty on European Union.
Kyiv, May 21-22nd, 2012
www.giodo.gov.pl
PRIVACY AND DATA PROTECTION
Treaty on European Union
Article 286
1. From 1 January 1999, Community acts on the protection of individuals
with regard to the processing of personal data and the free movement of
such data shall apply to the institutions and bodies set up by, or on the
basis of, this Treaty.
2. Before the date referred to in paragraph 1, the Council, acting in
accordance with the procedure referred to in Article 251, shall establish an
independent supervisory body responsible for monitoring the application of
such Community acts to Community institutions and bodies and shall
adopt any other relevant provisions as appropriate.
Kyiv, May 21-22nd, 2012
www.giodo.gov.pl
PRIVACY AND DATA PROTECTION
• Treaty on the Functioning of the European Union
• Charter of Fundamental Rights of the European Union
• European Convention for the Protection of Human Rights and Fundamental
Freedoms (ECHR)
• Directive 95/46/EC on the protection of individuals with regard to the processing of
personal data and on the free movement of such data,
• Council Framework Decision 2008/977/JHA on the protection of personal data
processed in the framework of police and judicial cooperation in criminal matters,
• Regulation (EC) No 45/2001 on the protection of individuals with regard to the
processing of personal data by the Community institutions and bodies and on the
free movement of such data,
• Directive 2002/58/EC concerning the processing of personal data and the protection
of privacy in the electronic communications sector (Directive on privacy and
electronic communications)
• Council of Europe Convention 108 of 28 January 1981 for the Protection of
Individuals with regard to Automatic Processing of Personal Data
• Guidelines for the regulation of computerised personal data files issued by the
United Nations General Assembly in 1990,
Kyiv, May 21-22nd, 2012
www.giodo.gov.pl
PRIVACY AND DATA PROTECTION
• Commission communication to Parliament, the Council, the Economic and
Social Committee and the Committee of the Regions entitled ‘A
comprehensive approach on personal data protection in the European
Union’ (COM(2010)0609),
• Council conclusions concerning the Commission communication entitled ‘A
comprehensive approach on personal data protection in the European
Union’,
• opinion of the European Data Protection Supervisor (EDPS) of 14 January
2011 concerning the Commission communication entitled ‘A
comprehensive approach on personal data protection in the European
Union’,
• joint contribution by the Article 29 Data Protection Working Party and the
Working Party on Police and Justice to the consultation of the European
Commission on the legal framework for the fundamental right to protection
of personal data entitled ‘The Future of Privacy’,
Kyiv, May 21-22nd, 2012
www.giodo.gov.pl
KEY ISSUES FOR THE EUROPEAN DEBATE
Communication from
the Commission to the European Parliament and
the Council ”A comprehensive approach on personal data protection
in the European Union”
Kyiv, May 21-22nd, 2012
www.giodo.gov.pl
KEY ISSUES FOR THE EUROPEAN DEBATE
COM(2012) 11/4 draft
Proposal for a
REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE
COUNCIL
on the protection of individuals with regard to the processing of
personal data and on the free movement of such data
(General Data Protection Regulation)
Kyiv, May 21-22nd, 2012
www.giodo.gov.pl
KEY ISSUES FOR THE EUROPEAN DEBATE
COM(2012) 10 final
2012/0010 (COD)
Proposal for a
DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
on the protection of individuals with regard to the processing of
personal data by competent authorities for the purposes of
prevention, investigation, detection or prosecution of criminal
offences or the execution of criminal penalties,
and the free movement of such data
Kyiv, May 21-22nd, 2012
www.giodo.gov.pl
KEY ISSUES FOR THE EUROPEAN DEBATE
Norms derived from European law can be:
- directly binding
- directly applicable
- directly effective
vertically and/or horizontally
Kyiv, May 21-22nd, 2012
www.giodo.gov.pl
KEY ISSUES FOR THE EUROPEAN DEBATE
jurisdiction
applicable law
Kyiv, May 21-22nd, 2012
www.giodo.gov.pl
KEY ISSUES FOR THE EUROPEAN DEBATE
Co-ordination procedures
Panels ?
Role of lead DPA?
Role of the European Commission
Kyiv, May 21-22nd, 2012
www.giodo.gov.pl
KEY ISSUES FOR THE EUROPEAN DEBATE
• 'data subject' means an identified natural person or a natural person who
can be identified, directly or indirectly, by means reasonably likely to be
used by the controller or by any other natural or legal person, in particular
by reference to an identification number, location data, online identifier or
to one or more factors specific to the physical, physiological, genetic,
mental, economic, cultural or social identity of that person;
• 'genetic data' means all data, of whatever type, concerning the
characteristics of an individual which are inherited or acquired during early
prenatal development;
• 'biometric data' means any data relating to the physical, physiological or
behavioural characteristics of an individual which allow their unique
identification, such as facial images, or dactyloscopic data;
• ‘data concerning health’ means any information which relates to the
physical or mental health of an individual, or to the provision of health
services to the individual;
• 'child' means any person below the age of 18 years;
Kyiv, May 21-22nd, 2012
www.giodo.gov.pl
KEY ISSUES FOR THE EUROPEAN DEBATE
”Old style” notification is out
Kyiv, May 21-22nd, 2012
www.giodo.gov.pl
KEY ISSUES FOR THE EUROPEAN DEBATE
risky processing instead of sensitive data
Kyiv, May 21-22nd, 2012
www.giodo.gov.pl
KEY ISSUES FOR THE EUROPEAN DEBATE
Unification of enforcement powers do DPAs
Kyiv, May 21-22nd, 2012
www.giodo.gov.pl
KEY ISSUES FOR THE EUROPEAN DEBATE
DPA as an independent authority
with sufficient powers and resources
Kyiv, May 21-22nd, 2012
www.giodo.gov.pl
KEY ISSUES FOR THE EUROPEAN DEBATE
explicit consent
Kyiv, May 21-22nd, 2012
www.giodo.gov.pl
KEY ISSUES FOR THE EUROPEAN DEBATE
Mandatory data protection officer
Kyiv, May 21-22nd, 2012
www.giodo.gov.pl
KEY ISSUES FOR THE EUROPEAN DEBATE
Right to be forgotten
Data portablity
Kyiv, May 21-22nd, 2012
www.giodo.gov.pl
KEY ISSUES FOR THE EUROPEAN DEBATE
Profiling
Kyiv, May 21-22nd, 2012
www.giodo.gov.pl
KEY ISSUES FOR THE EUROPEAN DEBATE
Privacy by design
Privacy impact assessments
Kyiv, May 21-22nd, 2012
www.giodo.gov.pl
KEY ISSUES FOR THE EUROPEAN DEBATE
Enforcement authorities
How much can we import form the Regulation
to the former III Pilar
Bilaterial and multilateral agreements of the Memebr States
Kyiv, May 21-22nd, 2012
www.giodo.gov.pl
OTHER DEMANDS
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Retention directive
Open data package and new rules of PSI reuse
Smart metering and smart grids
RFID
Video surveillance
Profiling
Biometrics
Genetic data and biobanking
Geolocalisation oraz geospatial services
Street View
Cloud computing
Passenger Name Records
Medical records and e-Health
Public registers
Kyiv, May 21-22nd, 2012
www.giodo.gov.pl
OFFICIAL AND REAL AGENDA
according to C.Bowden
C.Bowden: Privacy and Surveillance on Internet. What Happened and What Will Happen Next, Panoptykon.
Internet at the Crossroads, Warsaw, September 20 th, 2011 r.
Kyiv, May 21-22nd, 2012
www.giodo.gov.pl
THANKS FOR YOUR
ATTENTION
[email protected]
http://edugiodo.giodo.gov.pl
www.giodo.gov.pl