The need for effective protection in practice - PowerPoint PPT Presentation

1 / 9
About This Presentation
Title:

The need for effective protection in practice

Description:

European Data Protection Supervisor. Data Retention Conference, BRUSSELS 14 ... which providers does directive apply: services and network providers (Article 1) ... – PowerPoint PPT presentation

Number of Views:47
Avg rating:3.0/5.0
Slides: 10
Provided by: jba133
Category:

less

Transcript and Presenter's Notes

Title: The need for effective protection in practice


1
The need for effective protection in practice
  • Hielke HIJMANS
  • Coordinator Consultation EDPS

2
Starting Point
  • The need for balance, confirmed by S and Marper.
  • Effective protection A parameter for evaluation.
  • Directive is exception to Article 15 of 2002/58
  • Relation confirmed by ECJ in Irish Case

3
Data retention and protection in a complex context
  • HOW GIVE EFFECTIVE PROTECTION IN THIS CONTEXT?
  • On which providers does directive apply services
    and network providers (Article 1).
  • Centralised storage storage in another Member
    State.
  • Security measures, required by Article 7.
  • Limitations on access.

4
Service providers, network providers, etc.
  • Art 1 is clear both are responsible.
  • Expert Group shows this is not so easy webmail,
    transit providers, third party networks.
  • Coherence with data protection law who is
    controller? Who is processor?
  • Defining responsibilities needed also for
    supervision by DPAs

5
Centralised storage and applicable law
  • 2 options
  • company centralises its storage in 1
    establishment (cross border)
  • Different providers in 1 M.S. centralise the
    storage.
  • Shows problems directive.
  • No full harmonisation.
  • Free flow of information and police environment.
  • Point of departure Directive No additional
    databases.
  • How to supervise cross border and cross pillar.

6
Applicable law in a complex context
  • Art 3 data generated/processed by providers
    within their jurisdiction.
  • Relation with Art 4 of Data Protection Directive
  • So, which law applies?
  • The law of the country where the communication
    took place
  • The law of the establishment of provider.
  • Internet, g-mail?

7
Security measures
  • Article 7
  • It copies elements of Directive 95/46
  • It specifies for instance access only to
    specially authorised personnel (could be more
    precise?)
  • It adds obligation to destroy (but is this a
    security measure?)
  • Is this enough in complex environment?

8
What about access?
  • Article 4 extends to access. Access to the
    retained data, only in specific cases.
  • Indispensible element of directive
  • No use for data mining, profiling etc.
  • No use for other purposes Article 15 can no
    longer be used.
  • National law has to implement Article 4 .
  • Should be important part of evaluation and of
    control Commission.

9
Conclusion
  • EVALUATION should take account of these
    complexities and focus on their minimisation
  • THANK YOU!!!!
Write a Comment
User Comments (0)
About PowerShow.com