Samenvatting
Summary Privacy and Data Protection Lecture 7
- Instelling
- Tilburg University (UVT)
Law and Technology master, course Privacy and Data Protection 2016/2017 Lecture 7
[Meer zien]Voorbeeld 1 van de 4 pagina's
Voorbeeld 1 van de 4 pagina's
In winkelwagengesponsord bericht van onze partner
Voorbeeld van de inhoud
Lecture 7There has to be done something to help the data subject controlling its data when the data is being
transferred from one country to another. The EU started with the idea that control rights need to
follow wherever the data goes, which was followed by the CoE. The world needs to be a controlled
entity. Take back the additional protocol of Convention 108 with you to the exam. The 2001
additional protocol mainly on transborder issues. Article 25/26 of the Directive are copied without
too many changes in the regulation regarding these issues.
Case body Linguis about hosting, blogging, about the contemporary use of the internet and how the
law relates to this. The 1995 Directive was looked at by the ECJ and the judgment was okay for data
protection purposes as everyone was afraid of judges not understanding data protection. Everyone
was afraid of a far worse judgment. It is about this woman that has a little blog saying that her
college broke his leg. If you publish something on the internet which is worldwide accessible, is that
an international transfer of data? One could say yes, I put my data on the worldwide web and
everyone can have it, but the court said no, saying that in 1995 internet use was less developed so
the Directive does not really address this. We should see this not as a transfer to third countries
because if not we would confuse and mess up the whole logic of the Directive itself. This logic is to
distinguish between processing within Europe and transferring outside Europe. Art. 25 and 26 on
international transfers.
There is to hypotheses/scenarios about transferring:
I. Transfer to EU MS or states within the EEA. The CoE Convention art. 12 and art. 1 Directive
say that it should be free flow. Data protection after the directive should be more or less the
same, so transfers are no taboo anymore. You can pull your data, Europe is one space for
data so it can free flow everywhere. Page 132. Free transfer from Slovenia to France, but you
can’t allow Slovenia then to transfer it to the US as it is not an EU country, so a third country.
So it is a very simple, typical internal market idea. If the data goes to Slovenia you can ask
your local DPA to intervene, they will contact the Slovenian DPA and data protection justice
will be done. Europe can control national DPA’s, by stating that they should be independent
and effective. We should have some trust in the functioning of DPA’s elsewhere as there was
a lot of suspicion about the Irish DPA. We need to accept some cultural differences but make
also sure that we have some apparatus to make sure that foreign (Irish) DPA’s will function
well. The DPA’s get firm administrative powers after the regulation so there should be at
least some trust in each other’s DPA’s and court systems.
II. Transfer of data to third countries, so outside the EU or the EEA. In this case it is about the
adequacy. A factor of having this could be that you have an independent DPA (not an
effective one per se). In practice, if there is no independent body on the other side of the
line, you won’t get adequacy. Brussels determines the standards, countries ask could you
check us out and check whether the data protection system is adequate. You’re actually
saying your legal system is not adequate, so Brussels determines the standards and adequacy
is a slow process. In practice having control from Europe comes down to the question
whether you have a DPA and do you have a body of law that has a general scope? For
example, Australia could only obtain adequacy for its private sector processing if that has an
accurate body of enforceable norms around. You can also ask adequacy for bits of your
system, instead of a whole. The Safe Harbour principles are replaced by the Privacy Shield
principles but they are more or less the same. If a company accepts these principles, it can
freely transfer data between the EU and the US. EU citizens can then exercise their right of
access and at the side of the US, overside is guaranteed by the Federal Trade Commission
Voordelen van het kopen van samenvattingen bij Stuvia op een rij:
Verzekerd van kwaliteit door reviews
Stuvia-klanten hebben meer dan 700.000 samenvattingen beoordeeld. Zo weet je zeker dat je de beste documenten koopt!
Snel en makkelijk kopen
Je betaalt supersnel en eenmalig met iDeal, creditcard of Stuvia-tegoed voor de samenvatting. Zonder lidmaatschap.
Focus op de essentie
Samenvattingen worden geschreven voor en door anderen. Daarom zijn de samenvattingen altijd betrouwbaar en actueel. Zo kom je snel tot de kern!
Veelgestelde vragen
Wat krijg ik als ik dit document koop?
Je krijgt een PDF, die direct beschikbaar is na je aankoop. Het gekochte document is altijd, overal en oneindig toegankelijk via je profiel.
Tevredenheidsgarantie: hoe werkt dat?
Onze tevredenheidsgarantie zorgt ervoor dat je altijd een studiedocument vindt dat goed bij je past. Je vult een formulier in en onze klantenservice regelt de rest.
Van wie koop ik deze samenvatting?
Stuvia is een marktplaats, je koop dit document dus niet van ons, maar van verkoper Safari. Stuvia faciliteert de betaling aan de verkoper.
Zit ik meteen vast aan een abonnement?
Nee, je koopt alleen deze samenvatting voor €2,99. Je zit daarna nergens aan vast.
Is Stuvia te vertrouwen?
4,6 sterren op Google & Trustpilot (+1000 reviews)
Afgelopen 30 dagen zijn er 82871 samenvattingen verkocht
Opgericht in 2010, al 14 jaar dé plek om samenvattingen te kopen