IAPP - ANS-International Association of Privacy Professionals - founded in 2000
GDPR - ANS-Global Data Privacy Regulation - May 2018
- states can make further legislation
- stronger rights for online environment
- SA have increased powers
- broader application - anyone targeting EU cust
- 173 recitals, 99 articles, 11 chapters
Rational for Data Protection - ANS-Increase in computers in 1970 and cross-border
trade
EEC - ANS-European Economic Community
Human Rights Declaration - ANS-1948 after WWII - right to private and family life and
freedom of expression (Art 12)
- created by Council of EU, adopted by United Nations
ECHR (Court) - ANS-European Court of Human Rights - binding decisions
- gives opinion on ECHR
- personal info to be private but not absolute right
ECHR - ANS-European Convention on Human Rights - 1953
- created by Council of EU (not just EU)
- open to member states (application)
- like HRD, recognizes the need for balance
- based on Universal Human Rights Declaration
OECD - ANS-Organization for Economic Cooperation and Development - 1980
- created OECD guidelines on transborder flow of personal data
- membership extends beyond Europe
- focused on economic growth, NOT BINDING
OECD Guidelines - ANS-(1) Collection Limitation (consent, fair, lawful)
(2) Data Quality (complete, accurate, update-to-date)
(3)Purpose Specification (specified at collection)
,(4) Use Limitation (consistent with purpose)
(5) Security Safeguards (against loss, destruction, modification, unauthorized access)
(6) Openness (use of info, Controller identity & loc)
(7) Individual Participation (entitled to receive from Controller)
(8) Accountability (controller complies with above)
OECD Guidelines - Member state considerations - ANS-- domestic processing &
re-export of data
- transborder flows are uninterrupted & secure
- don't engage with other members unless guidelines are observed
- member state can restrict if protection not provided
- avoid laws to restrict TB data flows
Convention 108 aka CoE Convention - ANS-- 1981 - worldwide scope
- Convention for the Protection of Individuals in regard to automatic processing (not
profiling) of PD
- first legally binding international instrument in the area of data protection.
- requires signatories to take steps to ensure fundamental human rights with regard to
the processing of personal information.
- US was not signatory
Global privacy day (1/28)
- same as OECD except: (1) preserve info to identify person for no longer than needed
(2) Special categories - race, religion, sex/health life, political views, criminal conv not
auto processed without safeguards
Transborder Special Rules - ANS-For countries not signatory parties
Mutual Assistance - ANS-designate SA to oversee compliance
Data Protection Directive - ANS-- Direction 95/46/EC
- not law, framework
- 1995
- fragmented implementation across states
- replaced by GDPR
- only applied to Controllers
- 78 recitals, 34 articles, 7 chapters
Charter of Fundamental Rights of EU - ANS-- 2000 in Nice
- created by EU
- Lisbon Treaty made this binding for EU states
,- Art 7 - private life, family, home, comm
- Art 8 - separate right to data protection
- promotes individual civil, political, economic, and social rights for European citizens
- similar principles as ECHR but refers to protection of personal data
Treaty of Lisbon - ANS-- Treaty signed in 2007 that made the European Parliament the
co-equal legislator for almost all European laws and also created the position of the
president of the European Council
- made Charter of Fundamental Rights binding
- Amended EU Treaty
Convention 108+ - ANS-Aligns with GDPR
ePrivacy Directive - ANS-- 2002 aka Cookie Directive
- Privacy & Electronic Communication Directive (2002/58/EC)
- processing data across public communication network (doesn't apply to private
network)
- telecomm, faxes, internet, email
- must get consent to store cookies
EU Institutions - ANS-1. European Parliament - Oversight - House of Rep - vote on
legislation, elected by EU citizens
2. European Council - Direction - set priorities & political direction for EU
3. Council of EU - Decisions - Senate - minister from each state, main decision making
body (works with Parliament)
4. European Commission - Executive - implements EU decisions, 1 commissioner per
state, most active
European Courts - ANS-1. CJEU - Court of Justice of European Union - decision on EU
laws - judicial body of EU
2. ECHR - European Court of Human Rights - not EU institution, intl court, applies
ECHR
Copeland vs UK - ANS-monitoring emails at work violates article 8 of ECHR
Google Spain vs AEPD & Mario Costeja) - ANS-Google Spain sold advertising space to
fund Google Search Engine - SE outside EEA whose activities are economically linked
to SE core activities - Google had refused to address complaints mainly on the basis
that Google entity responsible for the search engine was outside of the territorial scope
of EU data protection law and, therefore, beyond the reach of the AEPD.
, - ECJ ruled SEs are also controllers of PD contained in 3rd party web pages
- Mario - right to be forgotten - house foreclosure
Weltimmo - ANS-RE company - how laws protect citizens in cross-border activity
- Weltimmo found to be established in Hungary even though Slovakian company
because:
1. website targeting Hungary & using language
2. Rep in Hungary for court
3. letter box in Hungary
4. Hungarian bank account
Schrems - ANS-invalidated Safe Harbor for FB to transfer data to US
GDPR Chapters - ANS-1. General Provisions
2. Principles
3. DS Rights
4. Controller & Processor
5. Transfer of data to 3rd parties
6. Independent SA
7. Cooperation & Consistency
8. Remedies, liabilities, penalties
9. Provisions relating to specific process situations
10. Delegated acts and implementing acts
11. Final provisions
Consent - ANS-Freely Given
Specific
Informed
Unambiguous
- cannot be bundled with T&Cs
- clear and plain language
- main criteria for legitimate processing
Data Breach Reporting - ANS-Controllers and Processors have to report to DPA within
72 hours unless no risk to rights and freedoms
Main changes in GDPR from Directive - ANS-- directly applicable to all member states
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller lydiaomutho. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $7.99. You're not tied to anything after your purchase.