70 likes | 83 Views
Practical experience of cooperation and coordination during DP investigations and audits. Ultan O’Carroll Technology Advisor Office of Data Protection Commissioner. Outline. Background to IE legislation and office Toolbox Experience. Background.
E N D
Practical experience of cooperation and coordination during DP investigations and audits Ultan O’CarrollTechnology AdvisorOffice of Data Protection Commissioner
Outline • Background to IE legislation and office • Toolbox • Experience
Background • IE small – population and economic weight. Office of Data Protection Commissioner is small, but budget increasing, commitment to more. • Increasing numbers of IT multinationals in IE • IE transposed EU 95/46/EC in 1988 (2003) and ePrivacy in 2011. • Roles of enforcer, ombudsman, education, transparency (registration) • proactive : audit and outreach, code of practice • reactive : complaints, investigation, breach
Toolbox • Audit - "may carry out or cause to be carried out" - identify areas of concern related to protection of personal data, make recommendations. Audit generally non-adversarial, best-practice • Education - guidance notes, help desk, compliance, speaking/presentation, annual report, schools visits. • Enforcement – soft and hard, corrective rather than punitive. Non adversarial, no fines. Threat of offence for non-compliance. • And….
Authorised Officers • Powerful tool from Article 24 of IE legislation • can second Individuals or organisations, other DPAs • Shared resources in government • May request organisations to nominate 3rd parties • Have used for specialist resources – eg legal and technology; but means officers act under Irish regulation • But also – GPEN, OECD, International Conf of DP Comms, MoU, “Coordinated” actions, standards & seals
Experience • Audit reports on FB and LI made reference to previous DPA activity, and communications with EU WP29. Communications and consistency important. • Confidentiality remains to be observed. EU 28.6 and 28.7, (CoE Convention 108, Article 13, 15). Open to challenge ? • For future audits IE will need more cooperation between DPAs and to make use of 3rd parties. • New EU Regs - One-stop-shop ? Jurisdiction, secondment, resourcing
Summary Small office, lots to do. Cooperation and resource allocation important, useful Good experience, with some limits Future will require more cooperation !