180 likes | 381 Views
European Privacy and Data Protection Policy. Peter Hustinx 7 June 2007. ICT dependent society Fundamental rights Legal obligations Rising expectations Risks and realities Privacy governance. Why Privacy Matters. The Bridge to Reality Data Protection in action
E N D
European Privacy and Data Protection Policy Peter Hustinx 7 June 2007
ICT dependent society Fundamental rights Legal obligations Rising expectations Risks and realities Privacy governance Why Privacy Matters
The Bridge to Reality Data Protection in action “Delivering values” in practice Facing up to consequences Top down, planning & control? Measuring your effectiveness Need for a compliance strategy Why Compliance Matters
Privacy versus Security “Narrow vision” Preserving balance Monitoring safeguards Security and Privacy “Broader vision” Increased sensitivity Conditions for success “Surveillance society” Privacy by design Changing Context?
CoE Convention 108 Principles, subject rights, supervisory authorities EC Directives 95/46 and 97/66 (2002/58) Article 286 EC Treaty Regulation (EC) 45/2001 Community institutions and bodies Scope of Community law Österreichischer Rundfunk > PNR Cases EU Charter > Constitutional Treaty? EU Data Protection
Article 286 EC Treaty Regulation (EC) 45/2001 Independent authority Supervision Consultation Cooperation Intervention ECJ CMLR October 2006 Role of EDPS
Consultation Policy Article 28.2 of Regulation 45/2001 Inventory for 2007: relevant initiatives (16 > 36) First Pillar Better implementation of Directive 95/46/EC Communications on RFID and PET Revision of E-Privacy Directive 2002/58/EC Third Pillar Data Protection Framework Implementation of Prüm Treaty Consultation
Purpose of Directive Harmonisation of national law Free flow of personal data First Commission Report Work Program 2003-2004 Discussion with Member States Priority for enforcement Notification and information International transfers Promotion of PETs Directive 95/46/EC
Directive 95/46/EC – State of Play Implementation has improved Some countries should do better Directive is fulfilling objectives Rules are substantially appropriate Interaction with new technology Relationship with public interests Commission 2006
Directive 95/46/EC – Perspectives No proposals for amendment Focus on better implementation Infringement procedures Interpretation of provisions Work Program continues Contributions from WP29 Guidance on new technologies Reconsideration in due course Commission 2006
Provisions of Directive 95/46/EC Personal data Controller / processor Applicable law Incompatible use Unambiguous consent Legitimate interests Supervisory authority Interpretation
“Any information ….” content, nature, format “… relating to …” content, purpose, result “… an identified or identifiable …” reasonable means “… natural person” living individual, business data WP29 on Personal Data
Directive 2002/58/EC Revision of e-Privacy Security measures Communication on RFID Applicability Directive 95/46/EC Impact of key provisions Need for additional measures Communication on PETs Analysis and standards Supporting practical use Privacy & Technology
Data Protection Framework (I-II) Common standards of wide scope Consistency with Directive 95/46/EC Implementation of Prüm Treaty Cautious approach of availability Relies on existing national laws Need for minimum harmonisation Data Protection Framework (III) Condition for effective law enforcement Substantial improvement needed Opinions on Third Pillar
PNR cases Joint cases C-317/04 and C-318/04 before ECJ Public access to documents Cases T-170/03 (British American Tobacco), T-161/04 (Valero Jordano) and T-194/04 (Bavarian Lager) at CFI Data retention directive 2006/24/EC Case C-301/06 (Ireland vs Council and EP) at ECJ Scope of legal basis in first pillar? Court Interventions
Transatlantic Data Protection Values and Perspectives Safe Harbor, PNR and SWIFT Scope for a Common Framework Global Privacy and Data Protection Feasibility of Global Standards Developing Compliant Practices London Initiative (November 2006) “Making Data Protection More Effective” Global Privacy
More information: www.edps.europa.eu edps@edps.europa.eu Postal address: Rue Wiertz 60 - MO 63 B-1047 Brussels