Privacy: Legal European Framework
Revision as of 13:16, 11 February 2010 by <bdi>PhilippeTeuwen</bdi> (talk | contribs) (Created page with '==Data Protection related European legislation and initiatives== with some accents on RFID * European Convention for Human Rights (ECHR), 1953: ** Art 8: right to private li…')
with some accents on RFID
- European Convention for Human Rights (ECHR), 1953:
- Art 8: right to private life
- by Lisbon Treaty: EU is now also member of it, not only the MS (Member States).
- OECD Organization for Economic Cooperation & Development published in 1980:
- Recommendations of the Council Concerning Guidelines Governing the Protection of Privacy and Trans-Border Flows of Personal Data
- The Council of Europe Convention for the protection of individuals with regard to automatic processing of personal data (Convention 108), 1981
- Data Protection Directive (95/46/EC) & Regulation (EC) Nr. 45/2001 (~same as directive but for EU bodies)
- ePrivacy Directive (2002/58/EC)
- replaces 97/66/EC
- amended by 2009/136/EC, see below
- Data Retention Directive (2006/24/EC)
- MS can choose mandatory retention between 6 to 24 months
- to be implemented by 15/9/2007 (internet 15/3/2009) but still some MS fail
- Romania constitutional court declared it unconstitutional (8/10/2009) <> privacy rights & secrecy of correspondence
- Framework decision 2008/977/JHA of the Council
- data protection for police & judicial cooperation in criminal matters (only cross-border)
- former third pillar
- 31st annual International conference of data protection and privacy commissioners
- The Madrid Privacy Declaration, 3 November 2009, by Civil Society
- Urges for a data breach legal framework
- Recommends research on PETs (Privacy Enhancing Technique) such as anonymization
- Calls for moratorium on development of new systems of mass surveillance such as facial recognition, whole body scanners, biometric identifiers and embedded RFID tags
- The Madrid Resolution, 5 November 2009
- Joint proposal for a draft of international standards on the protection of privacy with regards to the processing of personal data
- Largely similar to main principles & rights of 95/46/EC + accountability principle
- The Madrid Privacy Declaration, 3 November 2009, by Civil Society
- Directive 2009/136/EC, 25 November 2009, to be transposed before May 2011
- modifying among others the ePrivacy directive 2002/58/EC
- urges for a data breach principle regardless of the sector, or the type, of data concerned (recital 59)
- mentions the directive is applicable also to RFID when such devices are connected to publicly available electronic communications networks or make use of electronic communication services as a basic infrastructure (recital 56)
- personal data breach notification principle
- if in connection with the provision of publicly available electronic communications service)
- covers also accidental destruction/loss/deterioration, not only unauthorized disclosure/access
- obligation without undue delay, to DPA, and to subjects if likely to adversely affect the personal data or privacy of a subject, unless security measures were properly implemented (=encryption)
- spam
- modifying among others the ePrivacy directive 2002/58/EC
- Treaty of Lisbon, entered into force on 1 december 2009
- Article 16 of the TFEU (Treaty on the Functioning of the European Union)
- Everyone has the right to the protection of personal data concerning him
- covers also justice/policy & EU bodies, only provisions are in Art 39 of the TEU (Treaty on the European Union): concerning CFSP (Common Foreign & Security Policy)
- Charter of Fundamental Rights of the European Union becomes binding (opt-out UK & Poland)
- Art 8 on protection of personal data
- Everyone has the right to the protection of personal data concerning him
- fairly, for specified purposes, on basis of consent or some legitimate basis
- right of access, right of rectification
- control by authority
- Article 16 of the TFEU (Treaty on the Functioning of the European Union)
- Stockolm Program
- sets framework 2010-2014 for cooperation in the area of justice & home affairs
- data protection principles are present
- New Commission
- now 2 commissioners for the former justice, freedom and security post:
- justice freedom & citizenship (Viviane Reding)
- foreign affairs & security (Catherine Ashton)
- Commission consultation on 95/46/EC
- general principles are still valid but we need clarification on consent, transparency and introduction of data breach & accountability principles
- now 2 commissioners for the former justice, freedom and security post: