A comprehensive approach on personal data protection in the European Union

Transcription

1 A comprehensive approach on personal data protection in the Justice Date 1

2 Main legal instruments on EU level Data Protection Directive 95/46/EC Directive 2002/58/EC on privacy and electronic communications Regulation 45/2001 (Union institutions and bodies) Council Framework Decision 2008/977/JHA on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters Justice Date 2

3 New challenges for the protection of personal data Challenge through technological developments and globalisation Globalisation Nanotechnology Ubiquous computing Internet Geo-location On-line social networking Video surveillance e-commerce Profiling on-line access to databases Scoring on-line storage services Behavioural advertising Modern information technologies Biometric data, DNA Electronic health records Access by law enforcement authorities Cloud computing Role of independent DPAs Radio frequency identification (RFID) Automatic face recognition Justice Date 3

4 Changes by the Lisbon Treaty Article 8 of the EU Charter of Fundamental Rights defines the basic principles for the protection of personal data Legally binding Article 16 TFEU new legal base ordinary legislative procedure (EP, Council) to adopt rules for the processing of personal data by Union institutions, bodies, offices and agencies, and Member States when carrying out activities which fall within the scope of Union law, and rules relating to the free movement of such data. includes ex-third pillar Article 39 TEU new legal base Common Foreign and Security Policy (CFSP) issues For processing by Member States only Justice Date 4

5 Main policy objectives Address the impact of new technologies and modernise the current framework Improve the clarity and coherence of the EU legal framework for personal data protection so to ensure a high level of protection throughout all Union policies Provide a stronger institutional arrangement for the effective enforcement of data protection rules Justice Date 5

6 Public consultations Reform webpage Data Protection Conference Public Consultation on the legal framework for the fundamental right to protection of personal data July - December 2009: ca. 150 replies Stakeholder Consultation Meetings on the Review of the Data Protection Regulatory Framework June, July Public Consultation on the proposals included in the Commission's CommunicationNovember January 2011: ca. 300 replies Justice Date 6

7 4. Communication of the Commission COM(2010) 609 A comprehensive approach on personal data protection in the Justice Date 7

8 Communication of the Commission COM(2010) 609 Main elements for a reform 1. Strengthening individuals rights 2. Enhancing the internal market dimension 3. Revising the rules on police and judicial cooperation in criminal matters 4. The global dimension of data protection 5. Better enforcement of data protection rules Justice Date 8

9 Strengthening the individuals rights 1. Ensuring appropriate protection for individuals in all circumstances 2. Increasing transparency for data subjects 3. Enhancing control over one's own data 4. Raising awareness 5. Ensuring informed and free consent 6. Protecting sensitive data 7. Making remedies and sanctions more effective Justice Date 9

10 Enhancing the internal market dimension 1. Increasing legal certainty and providing a level playing field for data controllers 2. Reducing the administrative burden 3. Clarifying the rules on applicable law and Member States' responsibility 4. Enhancing data controllers' responsibility 5. Encouraging self-regulatory initiatives and exploring EU certification schemes Justice Date 10

11 Revising the data protection rules in the area of police and judicial cooperation in criminal matters First step: Application of the general data protection rules to police and judicial cooperation in criminal matters, including for processing at domestic level Specific and harmonised provisions in data protection framework where necessary e.g. processing of genetic data Justice Date 11

12 Revising the data protection rules in the area of police and judicial cooperation in criminal matters Second step: Revising current supervision systems in police and judicial cooperation in criminal matters consultation of all concerned stakeholders Aligning existing sector-specific rules with the new general legal data protection framework Justice Date 12

13 The global dimension of data protection 1. Clarifying and simplifying the rules for international data transfers, including the adequacy procedure in the new general legal data protection framework 3. Promoting universal principles Justice Date 13

14 A stronger institutional arrangement for better enforcement of data protection rules 1. Strengthen, clarify and harmonise status and the powers of DPAs 3. Improve cooperation and coordination between Data Protection Authorities 1. Strengthen data protection supervisors, better coordination with Article 29 Working Party Justice Date 14

15 5. The way forward Evaluation and impact assessment Legislative proposals in early 2012 Proper monitoring of correct implementation of EU law infringement policy Second step: adaptation of other legal instruments to new general data protection framework Justice Date 15

16 Thank you for your attention!, DG JUSTICE Unit C3 Data protection Justice Date 16