Differences Between DPD and GDPR Draft Law
Explore the key variances between the Data Protection Directive (DPD) and the General Data Protection Regulation (GDPR) draft law, focusing on the structure, scope of application to law enforcement authorities, definitions, and main elements of the draft. Learn about the DPD's inception in April 2016 alongside GDPR, its implementation on May 6, 2018, and its impact on the protection of personal data by competent authorities in the context of criminal activities. Discover how the DPD provides more possibilities for restrictions in the law enforcement domain and the limitations it imposes on data subjects' rights.
Uploaded on | 0 Views
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
EU Twinning Project Expert: Julia Antonova Project Activity: 1.3 Date: April 3, 2018 This project is funded by the European Union
Introduction: what is the DPD What are are differences between the DPD and GDPR Draft law on data protection: structure and scope of application to the law eneforcement authorities Definition of the law enforcement authorities Main elementst of te draft Chapter 9a
Adopted in April 2016 together with the GDPR Date of implementation: May 6, 2018 Rules relating to the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security
Different scope More possibilities for restrictions under the DPD special nature of the law enforcement area Especially possibilities to limit following rights of the data subject: - Right to access - Right to rectification - Right to erasure Also limitations to information abut data breaches
Chapters 1 to 9 + 10 general part (lex generalis) Chapter 9a special part for law enforcement (lex specialis) General part is applicable to the law enforcement sector, taking into account derogations in Chapter 9a Chapter 9a is applicable only to the activities related to the law enforcement (meaning administrative activities are subject to general rules)
Chapters 1 to 9 + 10 general part (lex generalis) Chapter 9a special part for law enforcement (lex specialis) General part is applicable to the law enforcement sector, taking into account derogations in Chapter 9a Chapter 9a is applicable only to the activities related to the law enforcement (meaning administrative activities are subject to general rules)
Law nr 133 main law on data protection Important to remember: - there are sectoral laws that have to be in line with law 133 - law 133 refers to sectoral laws - sectoral laws have to implement law 133 in specific area Example: law 133 lays down general data protection rules, law on police say how police act in their work, incliding data processing
law enforcement authority in the meaning of this law is: A) a public authority or a subdivision of such authority, competent for the prevention, investigation, detection of criminal offences with the aim of conducting criminal proceedings, prosecution of criminal offences or execution of criminal penalties, including safeguarding against and the prevention of threats to public security, for example but not limited to police, prosecutor s office bodies, customs, penitenciary institutions, bodies for preventing and figting corruption, money laundering, terrorism financing, recovery of criminal assets, probation bodies. B) a public authority or a subdivision of such authority acting in the area of national or state security, when carrying out special investigative measures.
WHO? Controller ot processor is a law enforcement authority WHEN? Law enforcement authority processes data for law enforcement purposes, such as: - prevention, investigation, detection and/or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public order; - using special investigative measures in national or state security area
When does NOT apply? Authority is not a law enforcement authority Law enforcement authority is carrying out other activities, such as: - organisational tasks (statistics, journalistic purposes, research etc) - administrative tasks (human resources, finance et) - participating in administrative, disciplinary etc procedure (administrative fines, disciplinary measures, background checks etc) - THEN GENERAL RULES APPLY! THEN GENERAL RULES APPLY!
Main differences from the general part more possibilities for restictions and limitations Reason: need to balance interests of law enforcement with fundamentaal right to privacy Processing in the area of law enforcement is always considered to be risky processing Reason: bigger risks to data subject rights
Law enforcement authority can only process data on the basis of law Article 482 Legal ground for processing has to come from specific law: police law, criminal procedure law, prisons law etc Important: law enforcement authority can not process data on the basis of contract, consent, legitimate interest, vital interests or legal obligation
(Almost) same principles as for other areas 1) Lawfullness and fairness (NB! Transparency does not apply!) 2) Purpose limitation 3) Data minimization 4) Accuracy 5) Storage limitation 6) Integrity and confidentiality
Personal data shall be stored for limited time Always have to determine the time-limit Mostly: time-limit provided by specific law If the law does not provide: controller establishes the time limit (+ opinion of the Center) NB! After time-limit is over, data to be deleted!
Data subjects have the right to: - access data (Art 4811) - Request rectification (Art 4813) - Request deletion of data (Art 4813) - NB! Where allowed by specific legislation, rights can be restricted, wholly or partially - Restriction shall be applied only for as l ng as necessary - Restriction has to be justifies, proportionate and necessary
Articles Art 4812, Art 4813(4) avoid obstructing official or legal inquiries, investigations or procedures; avoid prejudicing the prevention, detection, investigation or prosecution of criminal offences or the execution of criminal penalties; protect public security; protect national security; protect state security; protect the rights and freedoms of others.
Obligation to notify the Center about the personal data breach (Art 4815) Obligation to notify the data subject (Art 4816) procedure in accordance with Article 332 Possibilities to limit notification of data subject (Art 4816 (2) and (3)
The law enforcement authority shall keep the logs for the following processing operations: - collectin, recording, consultation, alteration, disclosure, printing, transfers, combinations and erasure - Logs have to be made available to the Center
The NCPDP is the competent independent supervisory to supervise data processing by the law enforcement authorities Law enforcement authority has to cooperate with the NCPDP Law enforcement authorities have to provide information to the NCPDP in case the NCPDP is investigating a complaint or carrying out checks Information to data subject limited
Articles 4820 -4822 Normally either on the basis of decision by the Center or on basis of law (International agreements etc) Derogations for specific situations Article 4821(1)
