1 / 12

Privacy, Data Protection and Lex Informatica -- lecture 6

Privacy, Data Protection and Lex Informatica -- lecture 6. Dr. Lee A. Bygrave, 27.2.2006. Lecture overview. Core principles of data protection laws I nformation quality Data subject participation and control Disclosure limitation Information security Sensitivity Other new principles?

vesta
Download Presentation

Privacy, Data Protection and Lex Informatica -- lecture 6

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Privacy, Data Protection and Lex Informatica -- lecture 6 Dr. Lee A. Bygrave, 27.2.2006

  2. Lecture overview • Core principles of data protection laws • Information quality • Data subject participation and control • Disclosure limitation • Information security • Sensitivity • Other new principles? • Monitoring and enforcement mechanisms

  3. Information quality • DPD Art 6(1)(c), 6(1)(d)) • Multi-facetted; variation in terminology • key criteria: validity, relevance, completeness • variation in terms of stringency of monitoring requirements • insufficient focus on quality of information systems?

  4. Data subject participation and control • duties of information/orientation (DPD Art 10-11) • NB special rule in Norwegian and Icelandic laws with respect to profile use and video surveillance • duties to collect data directly from data subject • duties of consent (DPD Art 7 & 8) • opt-in vs opt-out issue; explicit vs implicit consent • access and rectification rights (DPD Art 12) • NB access to logic in automated decisions • rights to object to direct marketing and automated decision making (DPD Art 14 & 15)

  5. Disclosure limitation • Minimum rule: data should not be disclosed except with consent of data subject or by authority of law • Not separate principle in DPD but o/wise important (see, eg, OECD Guidelines – “use limitation” principle)

  6. Information security • DPD Art 17 • Does Art 17 encourage usage of PETs? • Cf special rule on wartime planning in Danish law

  7. Sensitivity • DPD Art 8 • A principle in its own right? • A practicable principle? • Not strongly manifested in all jurisdictions, particularly those o/side Europe (but this is changing a little)

  8. Other principles? • Anonymity? • Automated decision making?

  9. Monitoring/enforcement • Monitoring and enforcement mechanisms • Data Protection Authorities (DPAs) • Licensing / notification schemes • Role of judiciary and quasi-judicial bodies?

  10. Data Protection Authorities • Main requirements (see DPD Art 28; CoE Convention Additional Protocol Art 1): • functional independence • variety of tasks with broad discretionary powers • reporting, monitoring, complaints handling, rule development, enforcement; intervention • must be more than mere ombudsmen (?) • Increasing need for cross-jurisdictional expertise (DPD Art 28(6))

  11. Licensing/notification schemes • Licensing = prior approval req’d from DPA • Notification = prior notification req’d • Rationales: • Ex ante control • Transparency • Contact between controllers and DPAs • Learning / sensory mechanisms

  12. Licensing/notification (2) • Balance under DPD (Arts 18-20) • notification = main rule; licensing = exception (recital 54) • Cf earlier regimes (eg Norway, Sweden, France) • exemption from notification if internal data protection officer appointed (Art 18(2)) • Problems with licensing • Divergence in EU/EEA • eg, Norway vs Sweden

More Related