300 likes | 316 Views
This article provides an overview of data protection laws and regulations in the Czech Republic, including legislation, supervision, sanctions, and harmonization with EU directives.
E N D
Data Protection in the NewEuropean Union Member StatesCzech Republic Karel Neuwirt The Office for Personal Data Protection BIICL, London, 15 February 2005
Historical Landscape BIICL, London, 15 February 2005
The Czech Republic • 10,2 million population • 78 866 sq. km • Borders with Germany, Poland, Austria, Slovakia • President (Vaclav Klaus) • Two chambers’ Parliament • Government – Prime Minister StanislavGross, 16 Ministers BIICL, London, 15 February 2005
Legislation • Czechoslovak Constitution (1920) • Czech Constitution + Charter of Fundamental Rights and Freedoms(1993) • Specific laws (regulate PD processing in specific areas) • Ratification of Human Rights Convention • Ratification of the Convention 108 (2001) • Ratification of the Additional Protocol to C108 (2003) BIICL, London, 15 February 2005
Data protection • 1992 – Act no.256 - on Protection of Personal Data in Information Systems • 2000 - Act no.101 - on Personal Data Protection (adopted April 4) • Harmonization with C108 and GeneralEU Directive – positions of CoE and EC BIICL, London, 15 February 2005
DP Act 1992 • First DP law in the CR (former Federal Czech and Slovak Republic Law) • Not harmonized with Convention 108 • Especially – no sanctions, no supervision • Art.24 – expected supervision body BIICL, London, 15 February 2005
Convention No.108 • The 1st legally binding international data protection instrument Ratification – „old“EU countries + Bulgaria,Estonia, Hungary, Poland, Romania, Slovenia,Slovakia, Lithuania, Latvia, Malta • Czech Republic – signature Sept. 8, 2000 ratification July 9, 2001 entry into force Nov.1, 2001 BIICL, London, 15 February 2005
Additional ProtocolNo. 181 • Additional Protocol to the Convention 108 regarding supervisory authorities and transborder data flows ETS no.181 – 8.11.2001(open for signature) • Signature – 28 countries Slovakia, Lithuania, Czech Republic (Apr.10, 2002), Poland • Ratification – 7 countries Slovakia, Lithuania, Czech Republic (Sept.24, 2003) BIICL, London, 15 February 2005
Czech DP activities in Europe • Council of Europe CJ-PD (till the end 2003) T-PD (1st vice-chair since 2003) member of the CoE’s expert missions (Russia, Bosnia & Herzegovina, Cyprus) • EuropeanCommission WP 29 Committee 31, Joint Supervisory Bodies (vice-chair of JSB Europol, Berlin Group (DP in telecommunication) • OECD BIICL, London, 15 February 2005
EU Directive Transposition BIICL, London, 15 February 2005
DP Act no.101 of 2000 • Application of the Law • Applies to any PD processing (unless special law otherwise specifies) • Applies to both public and private sectors • Applies to automatic and non-automatic processing • Exemptions (partly) for Third pillar processing BIICL, London, 15 February 2005
Competences of the Office • Act no. 101/2000 Coll., - data protection • Act no. 133/2000 Coll., - birth date certificate (identity number) • Act no. 480/2004 Coll., - unsolicited messages • CR cooperate in combat “spam” – see: European countries launch joint drive to combat “spam” EU Press release IP/05/146 BIICL, London, 15 February 2005
Supervision • Independent supervisory body – The Office for Personal Data Protection • Independence on the Government • Separate budget (independent on ministries) • Tasks given by law only, not by the Cabinet BIICL, London, 15 February 2005
Sanctions • The Office competence to give fines and sanctions • Fines up to EUR 312 000 (EUR 630 000 resp) • Sanctions to natural person up to EUR 1 500 Chapter VII of the Law BIICL, London, 15 February 2005
Amendment 2004 • Full harmonization with the General Directive • Solve problem with: definitions, exemptions, forms of consent, transborder data flows, notification to data subject • Biometric data as sensitive data BIICL, London, 15 February 2005
Harmonization issues • Processing of National identifier is not regulate by DP Law (but by Law on Population register and Date of birth – Act no. 133/1999 Coll.) • National identifier (Rodne cislo) is not under regime of special categories of data – article 8 • Codes of conduct (art.27) • Notification – art.20(1) as problem (prior examination) BIICL, London, 15 February 2005
DPA Approach BIICL, London, 15 February 2005
Activities Notification exemptions by DP law (low risks processing – small societies, processing by special laws) 21 700 controllers notified 25 000 processing of data (databases) BIICL, London, 15 February 2005
Legislation • The Office is responsible for DP legislation - common DP law - special sectorial legislation : according legislative rules it is obligation to submit bills to OPDP for comments BIICL, London, 15 February 2005
Specific problems • Application DP principles into practice • Conflicts with old legislation • Change meaningful of citizens, controllers, processors, low willingness change till today practices • Historical “stones” BIICL, London, 15 February 2005
Application DP principles • Consultations • Popularization • Written answers to questions • Web sites • Annual Report Position papers, opinions – regularly issued; no guidelines till now BIICL, London, 15 February 2005
Mass media Contacts with mass media - 354 in 2004 agencies newspapers TV Broadcasting BIICL, London, 15 February 2005
Publications • The Office Official Journal (36 issues) • Bulletin (quarterly) • Articles in magazines • Books (2) BIICL, London, 15 February 2005
Inquiries Year 2004 – 6 539 inquiries 975 by e-mail 5 207 by phone 357 by post • Complaints 641 (incl. 306 for unsolicited messages) BIICL, London, 15 February 2005
Changes ahead BIICL, London, 15 February 2005
DP and accession to EU • DP legislation – harmonized with Directive • EC Peer Review evaluation • Regular Reports on the CR progress toward accession … • International Conference Accreditation • European DP Commissioners Conference • EC Phare projects – co-operation with Spain (DP authority) BIICL, London, 15 February 2005
Changes • DP Act no.101 amended in 2004 • Directive 2002/58/EC implemented by - Act no. 480/2004 Coll., on some services in the information society ; - new law on electronic communications (Bill in the Parliament) BIICL, London, 15 February 2005
Changes cont. • Changes of special laws (sectorial) – permanent task • Need to change legislation on public registers • Need to change medical law (on care on people health) BIICL, London, 15 February 2005
The rights of men must be held sacred, however much sacrifice it may cost the ruling power. Immanuel Kant Perpetual Peace, 1795 BIICL, London, 15 February 2005
Contacts • The Office for Personal Data Protection Pplk. Sochora 27, CZ-170 00 Prague 7 Czech Republic tel.: +420 234 665 442 fax: +420 234 665 512 info@uoou.cz http://www.uoou.cz BIICL, London, 15 February 2005