Introduction to EU Data Protection Regime: Key Legislation & GDPR Overview

topic 1 introduction to the european union data n.w
1 / 68
Embed
Share

This guide, produced by the STAR project co-funded by the European Union, provides an introduction to the European Union Data Protection Regime. It covers key legislation, definitions, GDPR concepts, and compliance requirements, tailored for beginners in the field.

  • EU Data Protection
  • GDPR Overview
  • European Union
  • Key Legislation
  • Data Protection Regime
rayaanacharya
teer225 Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Topic 1 - Introduction to the European Union Data Protection Regime This guide was produced by the STAR project (Support Training Activities on the data protection Reform; 2017-2019), which is co-funded by the European Union under the Rights, Equality and Citizenship Programme 2014-2020 (REC- RDAT-TRAI-AG-2016) under Grant Agreement No. 769138. More information, and other GDPR training resources can be found at: www.project-star.eu

  2. Guidance for using these slides (remove before delivering) These slides are meant to be easily adaptable to different audiences. To facilitate this, each slide is assigned to a specific audience (see relevant for: in the notes). In the notes-section below each slide, you find an indication of the slide s degree of difficulty [i.e. whether it is suited for data protection beginners or not], its target audience [everyone vs authorities, lawyers, data protection officers, etc.], and its degree of importance [whether it is essential that you deliver it, or if it can be removed without impacting the effectiveness of the training]. Prior to training delivery, please: Read the slides and the notes thoroughly Take a look at the reading materials they also serve to assist you in your preparation Remove/hide the slides that you consider unnecessary [right click on the slide miniature on the left and click hide slide ]. A provisional categorisation has been made based on the depth and importance of the respective content Adjust slides to national or sectoral requirements Add content that you consider essential for your particular audience Feel free to replace the default layout with your organisation s layout

  3. How to Read The Slides Colour Frames [Remove Before Delivering] Green Is a basic slide: we encourage you to keep it Yellow is a medium level slide: it is important, but does not jeopardise effectiveness if removed Red is an advanced slide: consider adapting it to your audience, preparing your audience for it, or removing it if you deem it unnecessary Purple advised adaptation: this slide should contain information regarding the national legislation complementing the EU Regulations; if the content regards a different Member State, we advise you replace it with the national, relevant content 3

  4. Speaker Name Title Department Contact details

  5. These slides serve as an introduction to EU Data Protection focused around the GDPR, assuming that recipients have no previous knowledge in this area. It provides a general overview of the field and introduce key legislation, definitions, as well as an overview of the GDPR concepts and its compliance requirements in terms of actions to be undertaken.

  6. Table of contents Concepts of privacy 1. The right to privacy in human rights catalogues 2. The Council of Europe and EU framework 3. The EU data protection regime the GDPR 4. The notion of personal data 5. Principles of processing personal data 6. Related rights and concepts 7.

  7. 1. Concepts of privacy

  8. Concepts of privacy (1) 19th century New technology instant photography New concepts in media: tabloids, gossip press, ambush journalism 1879 - U.S. Judge, Thomas Cooley spoke of the right to be let alone as a matter of personal security 1890 - Samuel Warren s and Louis Brandeis infamous article on the individual s right to privacy, coined as the right to be let alone /Harvard Law Review/ Strong relationship with human dignity and other personality rights Reflection to technological developments

  9. Concepts of privacy (3) Alan Westin Privacy is the claim of individuals, groups or institutions to determine for themselves when, how, and to what extent information about them is communicated to others. Privacy is the voluntary and temporary withdrawal of a person from the general society through physical or physiological means, either in a state of solitude or small- group intimacy or, when among larger groups, in a condition of anonymity or reserve.

  10. Concepts of privacy (2) - William Prosser Four kinds of invasion (torts) to privacy: Intrusion upon the plaintiff s seclusion or solitude, or into his private affairs, a) Public disclosure of embarrassing private facts about the plaintiff, b) Publicity which places the plaintiff in a false light in the public eye, c) Appropriation for the defendant s advantage, of the plaintiff s name or likeness. d)

  11. Concepts of privacy (4) Roger Clarke Privacy is the interest that individuals have in sustaining a personal space , free from interference by other people and organisations. Dimensions of privacy: Privacy of the person Privacy of personal behavior Privacy of personal communications Privacy of personal data Privacy of personal experience [2013]

  12. Concepts of privacy (5) Koops et.al.

  13. Questions?

  14. Table of contents Concepts of privacy 1. The right to privacy in human rights catalogues 2. The Council of Europe and EU framework 3. The EU data protection regime the GDPR 4. The notion of personal data 5. Principles of processing personal data 6. Related rights and concepts 7.

  15. 2. The right to privacy in human rights catalogues

  16. Human right catalogues (1) - Overview Art. 12 Universal Declaration of Human Rights (UDHR) Art. 8 European Convention on Human Rights (ECHR) Art. 7 & 8 Charter of fundamental rights of the European Union (CFR)

  17. Human right catalogues (2) - UDHR Art. 12 No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.

  18. Human right catalogues (3) - ECHR Art. 8 (1) Everyone has the right to respect for his private and familylife, his home and his correspondence. (2)There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.

  19. Human right catalogues (4) - CFR Art. 7 Everyone has the right to respect for his or her private and familylife, home and communications.

  20. Human right catalogues (5) - CFR Art. 8 (1) Everyone has the right to the protection of personal data concerning him or her. (2) Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified. (3) Compliance with these rules shall be subject to control by an independent authority.

  21. Human right catalogues (6) ECHR and the CFR Art. 52 (3) CFR In so far as this Charter contains rights which correspond to rights guaranteed by the Convention for the Protection of Human Rights and Fundamental Freedoms, the meaning and scope of those rights shall be the same as those laid down by the said Convention. This provision shall not prevent Union law providing more extensive protection.

  22. Human rights catalogues (7) - national legal framework Constitution Data protection framework Sectoral regulations

  23. Questions?

  24. Table of contents Concepts of privacy 1. The right to privacy in human rights catalogues 2. The Council of Europe and EU framework 3. The EU data protection regime the GDPR 4. The notion of personal data 5. Principles of processing personal data 6. Related rights and concepts 7.

  25. 3. The Council of Europe and EU framework

  26. Council of Europe 1949 Strasbourg, FR 47 member countries 1950 European Convention on Human Rights art. 8 1959 European Court of Human Rights 1981 ETS No. 108 - Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data 2001 ETS No. 181 - Additional Protocol to the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data regarding supervisory authorities and transborder data flows 2018 Modernised Convention of the Council of Europe Nr. 108 for the protection of individuals with regard to automatic processing of personal data

  27. Sectoral documents of Council of Europe Recommendation No. R (81) 1 on regulations for automated medical data banks (23 January 1981); Recommendation No. R (83) 10 on the protection of personal data used for scientific research and statistics (23 September 1983); Recommendation No. R (85) 20 on the protection of personal data used for the purposes of direct marketing (25 October 1985); Recommendation No. R (86) 1 on the protection of personal data used for social security purposes (23 January 1986); Recommendation No. R (87) 15 regulating the use of personal data in the police sector (17 September 1987) Recommendation No R (86) 1 on the protection of personal data used for social security purposes Recommendation No. R (89) 2 on the protection of personal data used for employment purposes Recommendation No R (97) 5 on the protection of data of a medical nature

  28. European Union est. 1952/1993 Brussels, BE 28 Member States 1952/2009 Court of Justice of the European Union, lu 1995 95/46/EC Data Protection Directive 1998 Council Framework Decision 2008/977/JHA 2000 Charter of the Fundamental Rights of the European Union art. 7-8 2001 45/2001 EU Data Protection Regulation 2016 2016/679 General Data Protection Regulation 2016 2016/680/EU Police and Criminal Justice Data Protection Directive multiple leges speciales [Schengen, Pr m, etc.] multiple international treaties [PNR, Umbrella Agreement, etc.]

  29. Sectoral documents of the European Union 2000/31/EC Directive on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (Directive on electronic commerce) 2002/58/EC Directive concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) 2006/24/EC Directive on the regulation of generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC (Data Retention Directive)

  30. Questions?

  31. Table of contents Concepts of privacy 1. The right to privacy in human rights catalogues 2. The Council of Europe and EU framework 3. The EU data protection regime the GDPR 4. The notion of personal data 5. Principles of processing personal data 6. Related rights and concepts 7.

  32. 4. The EU data protection regime the GDPR

  33. 4. The EU data protection regime the GDPR

  34. Novelties brought by the GDPR generally a regulation (=direct applicability) principle of accountability reduction of the red tape fines risk-based approach no risk risk high risk residual risk GDPR novelties obligations data protection officer (DPO) data protection impact assessment (DPIA) data protection by design (DPbD) data protection by default data breach notification new rights 'right to be forgotten' data portability

  35. Guidelines and best practices Article 29 Data Protection Working Party (WP29) European Data Protection Board (EDPB) Guidelines of national supervisory authorities

  36. Object of regulation Protect the fundamental rights and freedoms of natural persons Right to privacy with respect to the processing of personal data. Provide adequate and equal level of protection within the EU Member States shall neither restrict nor prohibit the free flow of personal data between Member States for reasons connected with the protection natural persons with regard to the processing of personal data.

  37. Scope of the GDPR Territorial scope Material scope Exceptions Establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not Processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to: The offering of goods and services The monitoring of their behaviour as far as their behaviour takes place within the Union Controller not established in the Union, but in a place where Member State law applies by virtue of public international law Processing of personal data wholly or partly by automated means Processing other than by automated means of personal data which form part of a filing system or are intended to form part of a filing system Processing of personal data: in the course of an activity which falls outside the scope of Union law; by Member States when carrying out activities which fall within the scope of the Union s external action on the common foreign and security policy by a natural person in the course of a purely personal or household activity By competent authorities for the purposes of the prevention, investigation, detection or prosecution of cirminal offences or the execution of criminal penalties

  38. Scope of national law Territorial scope Material scope Exceptions

  39. Pillars of compliant processing What? Personal data Why? Purpose limitation Based on what? Legitimate ground How? Further aspects of data processing

  40. Questions?

  41. Table of contents Concepts of privacy 1. The right to privacy in human rights catalogues 2. The Council of Europe and EU framework 3. The EU data protection regime the GDPR 4. The notion of personal data 5. Principles of processing personal data 6. Related rights and concepts 7.

  42. 5. The notion of personal data

  43. What is personal data? any information relating to an identified or identifiable natural person

  44. Any information What kind of information? Relating to When you can consider information relate to a person? An identified or identifiable When is someone identified and when is he/she identifiable? Natural person Who is a natural person?

  45. Any information Any information collected or meant to be collected Relating to Relationship by content or by the scope An identified or identifiable Identified: Direct - person defined by name or characteristics. Identifiable: Indirect by means reasonably like to be used to identify the natural person Natural person Existing human being No post-mortem privacy (yet: cf. Switzerland)

  46. Special categories of personal data (sensitive data) Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, a natural person's sex life or sexual orientation Sensitive data is everything that personal data is and more. Sensitive data must be personal data. Non-personal data can not be sensitive. The concept of sensitive data represents a recognition that some categories of data carry with them more risks than others.

  47. Special categories of personal data (2) Sensitive data can occur through the combination of various forms of non-sensitive data The creation of a higher regulatory burden for those who process such data Processing is prohibited by default Further hurdles to such processing Processes that urge data processors to consider the harms that such processing can bring about 21-3- 2025 | 47 Titel van dia

  48. Genetic data relating to the inherited or acquired genetic characteristics of a natural person unique information about physiology health result from an analysis of a biological sample from the natural person

  49. Biometric data resulting from specific technical processing relating to the physical physiological behavioural characteristics of a natural person allow or confirm the unique identification of that natural person facial images dactyloscopic data

  50. Processing of personal data any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction

Related


Kenan Yildiz Rising Star for Germany Euro Cup

Kenan Yildiz Rising Star for Germany Euro Cup

WorldWide
Kenan Yildiz Rising Star for Germany Euro Cup

Kenan Yildiz Rising Star for Germany Euro Cup

WorldWide
❤Book⚡[PDF]✔ Star Maps: History, Artistry, and Cartography (Springer Praxis Book

❤Book⚡[PDF]✔ Star Maps: History, Artistry, and Cartography (Springer Praxis Book

aiyanaodom
Nutritional Benefits and Culinary Uses of Star Fruit

Nutritional Benefits and Culinary Uses of Star Fruit

sumayya
Buy Google 5-Star Reviews

Buy Google 5-Star Reviews

Tamim
How To Choose and Use North Star KPIs to Align Your Team’s Efforts

How To Choose and Use North Star KPIs to Align Your Team’s Efforts

gogrow
Exploring the World of Bioinformatics Databases

Exploring the World of Bioinformatics Databases

milan
Pi-Star and YSF with Yaesu FT-70DR

Pi-Star and YSF with Yaesu FT-70DR

eluned
Host Stars and Their Importance in Exoplanet Research

Host Stars and Their Importance in Exoplanet Research

annabell
Insights into Neutron Stars: Observations and Implications

Insights into Neutron Stars: Observations and Implications

kodi
Advanced D-STAR Technologies at InfoCon 2015

Advanced D-STAR Technologies at InfoCon 2015

timo_9
Energy Star Tools Showcase Event

Energy Star Tools Showcase Event

aper336
Evolution of Compact Star-Forming Galaxies and Quiescent Galaxies

Evolution of Compact Star-Forming Galaxies and Quiescent Galaxies

jace798
Acuity STAR User Training Overview

Acuity STAR User Training Overview

stig135
STAR Community Rating System

STAR Community Rating System

heavynwi
Three Phase Transformers and Connections in Power Systems

Three Phase Transformers and Connections in Power Systems

rin_fi
ENERGY STAR Laboratory Grade R/F Webinar Summary

ENERGY STAR Laboratory Grade R/F Webinar Summary

xaer886
Acuity STAR User Training Overview

Acuity STAR User Training Overview

thornburgh_t
Star Cluster Formation in Galaxies

Star Cluster Formation in Galaxies

zeniahme
Implications of Star Formation in the Central Parsec of Our Galaxy with Subaru Observations

Implications of Star Formation in the Central Parsec of Our Galaxy with Subaru Observations

baja
The Star of Bethlehem: An Intriguing Mystery in St. Matthew's Gospel

The Star of Bethlehem: An Intriguing Mystery in St. Matthew's Gospel

cshir
Star-AI for Genetic Data Analysis: Incorporating Knowledge in Statistical Modeling

Star-AI for Genetic Data Analysis: Incorporating Knowledge in Statistical Modeling

evi_i

More Related Content