1 / 9

Opinion about the draft privacy regulation of the EC

Opinion about the draft privacy regulation of the EC. Frank Robben General manager eHealth-platform Willebroekkaai 38 B-1000 Brussels E-mail: Frank.Robben@ehealth.fgov.be Website eHealth-platform: https://www.ehealth.fgov.be Personal website: www.law.kuleuven.be/icri/frobben. About me.

sheena
Download Presentation

Opinion about the draft privacy regulation of the EC

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Opinion about thedraft privacy regulation of the EC Frank Robben General manager eHealth-platform Willebroekkaai 38 B-1000 Brussels E-mail: Frank.Robben@ehealth.fgov.be Website eHealth-platform: https://www.ehealth.fgov.be Personal website: www.law.kuleuven.be/icri/frobben

  2. About me general manager of the Belgian Crossroads Bank for Social Security since 1991 responsible for the organisation of secure personal data exchange between 3.000 social security institutions with a good balance between privacy and information security on one hand and effective and efficient social protection on the other best practice awards from UN, EPSA and foreign DPA general manager of the Belgian eHealth Platform since 2008 responsible for the organisation of secure personal health data exchange between 100.000 health care institutions and health care providers with a good balance between privacy and information security on the one hand and effective and efficient health care on the other life time achievement award for information security from LSEC, the most important Belgian association for information security member of the Belgian DPA since 1991

  3. Regulation: no suitable legal instrument • need for an adequate balance between fundamental rights, a.o. • right to privacy and information security • right to health and effective and efficient health care • adequate balance is not universal • depends on historical and cultural differences • can be attained in several ways: different mixes of • structural measures • organisational measures • legal measures

  4. Regulation: no suitable legal instrument • most suitable legal instrument in this respect • not a regulation that implements a unique balance throughout the whole European Union • but a directive that contains common goals and principles, and permits Member States to attain adequate balances accepted by their citizens

  5. Proposal for a regulation • the “one stop shop” has primarily advantages for companies having activities in several Member States (because they do not have to deal anymore with the several laws of several Member States), but not for the citizen • does not install a powerful European DPA that deals with privacy and information security issues of multinational companies • is too complex, too detailed and too unclear (too vague concepts, too much interpretation possibilities) • does not seem to respect the principle of subsidiarity

  6. Proposal for a regulation • delegates too many decisions to the European Commission without any democratic control • implies huge supplementary costs for data controllers, especially PME’s and government institutions • to maintain documentation of all processing operations • enormous information duty • to conduct a data protection impact assessment for more risky processing • to notify any personal data breach to the DPA without undue delay • creates huge problems for DPA’s • interpretation problems • resource problems

  7. Proposal for a regulation • denial of the principle of the separation of powers • limits unnecessarily the possibility for Member States to attain balances between the right to privacy and other fundamental rights that match with the historical and cultural specificities, e.g. • field of application of specific rules for health data • information duties • authorisation of exchange of personal data by the DPA instead of explicit consent of the data subject • will, at the end, not be favourable for data subjects either: more theoretical rights, but real execution of rights will be more difficult

  8. Proposal • limitation of the European legal framework to basic objectives and principles that foster confidence of citizens in ICT rather than a very extensive regulation primarily in the economic interest of multinational companies • adaptation of the actual directive to the ICT-evolution • no increase of costs and administrative burden for governments, PME’s and DPA’s • if a regulation is necessary for multinational companies • limitation of the field of application to those companies • installation of a powerful European DPA that deals with those companies

  9. Th@nk you !Any questions ?

More Related