Requirements on new data protection regulations and current changing needs from the view of the EDPS

Similar documents
A comprehensive approach on personal data protection in the European Union

DATA PROTECTION A GUIDE FOR USERS

Motorola Mobility Binding Corporate Rules (BCRs)

The Role of the Data Protection Officer

International Legal Regulation of Cybersecurity U.S.-German Standards Panel 2018

ENISA s Position on the NIS Directive

ENFORCEMENT POWERS. The EU Perspective. Olivier Proust. Associate Hunton & Williams LLP

COUNCIL OF THE EUROPEAN UNION. Brussels, 28 January 2003 (OR. en) 15723/02 TELECOM 78 JAI 307 PESC 593

STATEMENT OF STRATEGY

Exploring the European Commission s Network and Information Security Directive (NIS) What every CISO should know

The commission communication "towards a general policy on the fight against cyber crime"

LIMITE EN COUNCIL OF THE EUROPEAN UNION. Brussels, 26 September 2008 (30.09) (OR. fr) 13567/08 LIMITE ENFOPOL 170 CRIMORG 150

Breach Notification Form

10007/16 MP/mj 1 DG D 2B

Cybersecurity. Quality. security LED-Modul. basis. Comments by the electrical industry on the EU Cybersecurity Act. manufacturer s declaration

New cybersecurity landscape in the EU Sławek Górniak 9. CA-Day, Berlin, 28th November 2017

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)

etning_2015_web.pdf

NATIONAL CYBER SECURITY STRATEGY. - Version 2.0 -

Cybersecurity Considerations for GDPR

DATA PROTECTION POLICY THE HOLST GROUP

A Strategy for a secure Information Society Dialogue, Partnership and empowerment

CNPD Course: Data Protection Basics

INFORMATION TO BE GIVEN 2

Package of initiatives on Cybersecurity

EXAM PREPARATION GUIDE

Brussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER

General Data Protection Regulation April 3, Sarah Ackerman, Managing Director Ross Patz, Consultant

European Directives and reglements for Information security

Cybersecurity and Privacy Innovation Forum Brussels, 28 April Keynote address. Giovanni Buttarelli European Data Protection Supervisor

Commonwealth Cyber Declaration

Privacy Code of Conduct on mhealth apps the role of soft-law in enhancing trust ehealth Week 2016

ACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION

Resilience, Deterrence and Defence: Building strong cybersecurity for the EU

PUBLIC COUNCILOF THEEUROPEANUNION. Brusels,4April /2/14 REV2 InterinstitutionalFile: 2012/0011(COD) LIMITE

Comprehensive Study on Cybercrime

EU policy on Network and Information Security & Critical Information Infrastructures Protection

How the GDPR will impact your software delivery processes

CEN and CENELEC Position Paper on the draft regulation ''Cybersecurity Act''

13543/17 PhL/at 1 DG G 3 B

NATIONAL PROGRAMME Chapter 15 Telecommunication and Post. Telecommunication and Post

H2020 WP Cybersecurity PPP topics

DISCLOSURE ON THE PROCESSING OF PERSONAL DATA LAST REVISION DATE: 25 MAY 2018

Frequently asked questions on video-surveillance: prior checking

DEPARTMENT OF JUSTICE AND EQUALITY. Data Protection Policy

Introductory guide to data sharing. lewissilkin.com

***I DRAFT REPORT. EN United in diversity EN. European Parliament 2017/0225(COD)

Data Protection System of Georgia. Nina Sarishvili Head of International Relations Department

Arkadin Data protection & privacy white paper. Version May 2018

European Union Agency for Network and Information Security

Project CyberSouth Cooperation on cybercrime in the Southern Neighbourhood

Designing GDPR compliant software

How icims Supports. Your Readiness for the European Union General Data Protection Regulation

Privacy Policy... 1 EU-U.S. Privacy Shield Policy... 2

DRAFT Privacy Statement (19 July 2017)

Emergency Compliance DG Special Case DAMA INDIANA

Directive on security of network and information systems (NIS): State of Play

NEW INNOVATIONS NEED FOR NEW LAW ENFORCEMENT CAPABILITIES

INCEPTION IMPACT ASSESSMENT. A. Context, Problem definition and Subsidiarity Check

General Data Protection Regulation (GDPR) The impact of doing business in Asia

Guidelines 4/2018 on the accreditation of certification bodies under Article 43 of the General Data Protection Regulation (2016/679)

Commission Action Plan on Environmental Compliance and Governance

Data Protection Policy

Guidelines. on the security measures for operational and security risks of payment services under Directive (EU) 2015/2366 (PSD2) EBA/GL/2017/17

Islam21c.com Data Protection and Privacy Policy

Committee on the Internal Market and Consumer Protection

COMMISSION STAFF WORKING DOCUMENT EXECUTIVE SUMMARY OF THE IMPACT ASSESSMENT. Accompanying the document

13967/16 MK/mj 1 DG D 2B

Netherlands Cyber Security Strategy. Michel van Leeuwen Head of Cyber Security Policy Ministry of Security and Justice

15412/16 RR/dk 1 DGD 1C

USER CORPORATE RULES. These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy.

ARTICLE 29 DATA PROTECTION WORKING PARTY

RESOLUTION 45 (Rev. Hyderabad, 2010)

The EU Cybersecurity Package: Implications for ENISA Dr. Steve Purser Head of ENISA Core Operations Athens, 30 th January 2018

Cyber Security Strategy

Data Protection in Switzerland Update Following the Safe Harbor Decision. 21 October 2015 / 6 February 2016 Christian Wyss

THE NEW GENERAL DATA PROTECTION REGULATION IMPLICATIONS FOR ENTERPRISES. Forum financier du Brabant wallon

CONCLUSIONS OF THE WESTERN BALKANS DIGITAL SUMMIT APRIL, SKOPJE

Guidelines on the use of cloud computing services. by the European institutions and bodies

QBPC s Mission and Objectives

THE CYBER SECURITY ENVIRONMENT IN LITHUANIA

PS Mailing Services Ltd Data Protection Policy May 2018

Cybersecurity & Digital Privacy in the Energy sector

National Communications Authority

ehealth Ministerial Conference 2013 Dublin May 2013 Irish Presidency Declaration

Privacy Notice. General Information Protection Regulation ( GDPR )

Security and resilience in Information Society: the European approach

Information sharing in the EU policy on NIS & CIIP. Andrea Servida European Commission DG INFSO-A3

Plan a Pragmatic Approach to the new EU Data Privacy Regulation

UWC International Data Protection Policy

IDENTITY ASSURANCE PRINCIPLES

Do you handle EU residents personal data? The GDPR update is coming May 25, Are you ready?

Council of the European Union Brussels, 23 November 2016 (OR. en)

Data Processing Clauses

GDPR compliance: some basics & practical to do list

NOTIFICATION FOR PRIOR CHECKING INFORMATION TO BE GIVEN(2)

Strasbourg, 21 December / décembre 2017

DATA PROTECTION POLICY

Directive on Security of Network and Information Systems

This Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) ( GDPR ).

Transcription:

Requirements on new data protection regulations and current changing needs from the view of the EDPS 10/11/2015, Berlin Wojciech Wiewiórowski ISSE 2015. Making Europe a safer place to do business

M. Narojek for GIODO 2011

EDPS The EDPS is an independent supervisory authority devoted to protecting personal data and privacy and promoting good practice in the EU institutions and bodies. A number of specific duties of the EDPS are laid down in Regulation 45/2001. The three main fields of work are Supervisory tasks Consultative tasks: to advise EU legislator on proposals for new legislation as well as on implementing measures. Technical advances, notably in the IT sector, with an impact on data protection are monitored. Cooperative tasks: involving work in close collaboration with national data protection authorities (Article 29 Working Party) 3

The role of European Data Protection Supervisor The European Data Protection Supervisor (EDPS) is the independent supervisory authority for the processing of personal data by the EU administration; Privacy and data protection are fundamental rights see Articles 7 and 8 of the Charter of Fundamental Rights; Independent supervision is an integral part of the right to data protection see Article 16(2) TFEU and 8(3) Charter; What we do: monitoring and verifying compliance with Regulation (EC) 45/2001, giving advice to controllers, advising the co-legislators on new legislation, cooperating with Member States DPAs, handling complaints, conducting inspections Monitoring technological developments Promoting data protection aware design and development 4

Our objectives I. Data protection goes digital II. Forging global partnerships III. Opening a new chapter for EU data protection 5

Reform of Data Protection Law in the European Union Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data (Data Protection Directive), OJ 1995 L 281 6

Reform of Data Protection Law in the European Union Communication from the Commission to the European Parliament and the Council - A comprehensive approach on personal data protection in the European Union 7

8 Reform of Data Protection Law in the European Union

Reform of Data Protection Law in the European Union COM(2012) 11/4 draft Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) 9

Reform of Data Protection Law in the European Union COM(2012) 10 final 2012/0010 (COD) Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data 10

Reform of Data Protection Law in the European Union Council DAPIX Group - Working Party on Information Exchange and Data Protection Member States represented by governments: Minister (usually Justice or Interior, but in PL Digitisation) Experts: Some governments invite Data Protection Authority Instruction: Council of Ministers 11

Reform of Data Protection Law in the European Union European Parliament The European Parliament voted the draft in plenary with 621 votes in favour, 10 against and 22 abstentions for the Regulation and 371 votes in favour, 276 against and 30 abstentions for the Directive). "The message the European Parliament is sending is unequivocal: This reform is a necessity, and now it is irreversible. Europe's directly elected parliamentarians have listened to European citizens and European businesses and, with this vote, have made clear that we need a uniform and strong European data protection law, which will make life easier for business and strengthen the protection of our citizens," said Vice-President Viviane Reding, the EU's Justice Commissioner. "Data Protection is made in Europe. Strong data protection rules must be Europe's trade mark. Following the U.S. data spying scandals, data protection is more than ever a competitive advantage. I want to thank Mr Albrecht and Mr Droutsas for their committed and tireless work on the data protection reform. Today's vote is the strongest signal that it is time to deliver this reform for our citizens and our businesses. 12

Reform of Data Protection Law in the European Union Trilogue Discussion on final text by Council, Parliament and Commission 13

Reform of Data Protection Law in the European Union Norms derived from European law can be: - directly binding - directly applicable - directly effective 15 vertically and/or horizontally

Reform of Data Protection Law in the European Union 1. Where a type of processing in particular using new technologies, and taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk for the rights and freedoms of individuals, such as discrimination, identity theft or fraud, financial loss, damage to the reputation, unauthorised reversal of pseudonymisation, loss of confidentiality of data protected by professional secrecy or any other significant economic or social disadvantage, the controller shall, prior to the processing, carry out an assessment of the impact of the envisaged processing operations on the protection of personal data. 16

Adequacy Suitability is the measure suitable and adequate to the purposes to be achieved Necessity is it necessary to use this kind of intervention in order to achieve goal Non-excessivness (proportionality senso stricto) is not the measure too intrusive More on adequacy and consent: L.A.Bygrave, D.W.Schartum: Consent, Proportionality and Collective Power [in:] S.Gutwirth, Y.Poullet, P.De Hert, C.de Tervangne, S.Nouwt [ed.] Reinventing Data Protection, Springer 2009, p. 157 17

18 Big Data = Big Responsibility

Ethics While the law is a powerful element, it cannot address the many nuanced scenarios that arise in the digital market. The EDPS calls upon organisations to be accountable, to have a new ethical approach to handling the personal data they collect. By developing internal codes and policies which safeguard human dignity, organisations can self-police, ensure their compliance with data protection laws and demonstrate a respect for the persons whose personal data they use - just because an organisation can piece together a customer s life from their data trail does not mean it always should. 19

Privacy by Design Privacy by Design and Accountability: More robust anonymisation techniques will not, by themselves, solve the challenges Big Data presents to privacy. There is a need for additional solutions. Privacy by Design and accountability are also important to help alleviate the privacy challenges. Use of Big Data technologies should be based on the seven principles of Privacy by Design. Privacy by Design entails taking into account protection of privacy at all stages of system development, in procedures and in business practices. 20

Thank you for your attention! www.edps.europa.eu edps@edps.europa.eu @EU_EDPS

International co-operation of data protection authorities (DPAs) The IPEN initiative was founded in 2014. It supports the creation of engineer groups working on (re)-usable building blocks, design patterns and other tools for selected Internet use cases where privacy is at stake. IPEN invites participants from different areas such as data protection authorities, academia, open source and business development, and other individuals who are committed to the finding engineering solutions to privacy challenges. The objective of the work should be to integrate data protection and privacy into all phases of the development process, from the requirements phase to production, as it is most appropriate for the development model and the application environment. It supports networking between engineer groups and existing initiatives for engineering privacy into the Internet. This network facilitates exchange in order to coordinate work and avoid duplication, in addition to discussing which privacy oriented use cases should be addressed with priority. IPEN is building a repository of relevant resources, making its findings and knowledge base accessible to all participants, developers and privacy experts. A core group takes care of collection and distribution of information, liaises with other relevant initiatives, facilitates the dialogue on engineering solutions, and organises online and offline events. 22

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback