Comparing EU and Council of Europe Data Protection Standards in the Context of Brexit
•Download as PPTX, PDF•
0 likes•204 views
In the event of Brexit, the UK will leave the EU Charter, the GDPR and related EU instruments. It will, however, remain committed not only to achieving EU ‘adequacy’ standard but doing this within the framework of Council of Europe’s Data Protection Convention 108+. These slides therefore explore the commonalities and contrasts between EU DP and Convention 108+. Both have a similar scope and common principles. However, Convention 108+'s transparency and sensitive data rules are considerably less stringent and there are many fewer compulsory controller discipline provisions. Whilst only modest change should be expected initially as the UK will essentially replicate the GDPR in the short-term, this less prescriptive and more flexible approach is likely to exert an influence on UK data protection should Brexit happen.
Report
Share
Report
Share
Recommended
The UK and EU Personal Data Regime After Brexit: Another Switzerland?
These slides provide an overview of the personal data relationship between the UK and EU after Brexit. Under the Trade and Cooperation Agreement, the UK will have the closest connection with the EU here outside the European Economic Area and Switzerland. This is especially clear in the area of justice and security where there is very extensive provision for data exchange based on common standards. However, in the general area of data protection the framework only points to mutual adequacy. Even with the evolving formulation of this as “essential equivalence”, significant flexibility is retained and this may ultimately result in more substantive divergence than EU-Switzerland given the UK’s more distinct data protection approach. Common bona fide implementation of the Council of Europe’s Data Protection Convention 108+ may provide a good lodestar in the medium term and I very tentatively map out what this may could mean for default standards in the UK related to sensitive data and integrity and also specific substantive restrictions to ensure a more graduated approach and reconciliation with other competing rights.
GDPR, DPAs and the Journalistic Media: Walking the Regulatory Tightrope
This document discusses the interface between data protection law and journalism. It notes that while EU law provides some exemptions for journalism, most countries still subject it to qualified data protection standards. It argues that data protection authorities (DPAs) should take a co-regulatory approach when setting standards and enforcing data protection in journalism. Specifically, DPAs should engage with self-regulatory bodies to help ensure protections for vulnerable groups while respecting press freedom. Enforcement should show deference to self-regulation but DPAs must ultimately make independent assessments.
Data Protection and Journalism: The Changing Landscape
These slides provide an overview of the changing landscape for data protection and journalism in decade or so since the Leveson Inquiry. As well as detailing the core public interest and incompatibility tests, they look at developments in case law, at the ICO and under the GDPR and DPA 2018. They are intended to provide background to the ICO consultation on a data protection and journalism code of practice which runs until 10 January 2022.
European Data Protection and Social Networking
These slides explore significant issues arising under data protection for both users and platforms as a result of the publication of third party personal data on such sites. Although the GDPR’s new wording of the household exemption could potentially exclude non-intrusive processing (e.g. sharing innocuous pictures taken in public), the Court of Justice of the EU (CJEU) is increasingly insistent that users acquire responsibilities when the publish such data to an indeterminate number. In principle, most EU Data Protection Authorities (DPAs) accept this although others including the UK and Irish have been very resistant. Many users could therefore have weighty data protection obligations here, although if contributing to a collective public debate they may be covered by the journalistic/special expression derogation and in any case there is a need for a balance with freedom of expression. CJEU ʻjoint controllerʼ case law also points to social networking sites have their own duties here, a proposition which has been backed by Working Party, the UK DPA and the UK courts. Whilst the e-Commerce ʻhostʼ shield should significantly limit ex ante responsibility here, this must be tempered by the ʻduty of careʼ which is inherent in being a ʻcontrollerʼ under data protection. In sum, data protection in principle remains central to the regulation of ʻonline harmsʼ here although ensuring effective and well-balanced regulation in practice remains a formidable challenge.
See further:
“Intermediary Publishers and European data protection: Delimiting the ambit of responsibility for third-party rights through a synthetic interpretation of the EU acquis”, International Journal of Law and Information Technology (Vol. 26(3), pp. 189-225) (2018) - https://academic.oup.com/ijlit/article/26/3/189/5033541
“Beyond ʻHaving a Domesticʼ? Regulatory Interpretation of European Data Protection Law and Individual Publication”, Computer Law and Security Review (Vol. 33 (3), pp. 275-297) (2017) - Pre-print https://www.repository.cam.ac.uk/handle/1810/263883
Constitutional Privacy and Data Protection in the EU
This document analyzes the historical development of privacy and data protection rights in the constitutions of EU member states. It finds that while privacy rights relating to the home and correspondence date back to the early 19th century, general privacy and data protection rights are more recent additions, emerging in the late 20th century. Currently, general privacy rights are recognized in most EU constitutions, while data protection rights are recognized in about half. Data protection rights also tend to be more specific than general privacy rights. The document concludes that while privacy and data protection rights have developed together, privacy rights remain more commonly adopted at the constitutional level.
Dead Ringers? Legal Persons & the Deceased in European Data Protection Law
Whilst it is sometimes suggested that the treatment of legal and deceased person data during European data protection’s development has been broadly comparable, this presentation demonstrates the stark divergences which are in fact apparent. Despite early fusion, legal persons have been increasingly seen to have lesser and, more importantly, qualitatively different information entitlements compared to natural persons, thereby leaving European data protection with a very limited and indirect role here. In contrast, natural persons and the deceased have not been conceived as normatively dichotomous and since the 1990s there has been growing interest both in establishing sui generis direct protection for deceased data and also indirect inclusion through a link with living natural persons. Whilst the case for some indirect inclusion is overwhelming, a broad approach to the inter-relational nature of data risks further destabilizing the personal data concept. Nevertheless, given that jurisdictions representing almost half of the EEA’s population now provide some direct protection and the challenges of managing digital data on death continue to grow, the time may be ripe for a ‘soft’ recommendation on direct protection in this area. Drawing on existing law and scholarship, such a recommendation could seek to specify the role of both specific control rights and diffuse confidentiality obligations, the criteria for time-limits in each case and the need for a balance with other rights and interests which recognises the significantly decreasing interest in protection over time. N.B. The full working paper accompanying these slides may be found at https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3599852
Data Protection and "Intermediary" Responsibility: An Historical Perspective
These slides look historically at the tension between being in "control" of personal data and benefiting from certain freedom of expression shields when acting as an “intermediary” between an original content producer and an end user. It is show that these tensions emerged as early as the 1980s in European data protection, with both the French and certain Scandinavian Data Protection Authorities (DPAs) adopting a strict construction of law vis-à-vis provides of interactive services on the Minitel and various news archive and other public databases respectively. By the late 1990s when the e-Commerce Directive 2000/31/EC was being negotiated a similar tension re-emerged in the form of the data protection “exemption” (art. 1(5)(b)) and the more general ambiguity as to whether “active” as opposed to “passive” services could benefit from the “host” shield (art. 14) in any case. A partial solution to the latter question was found in the reasonable “duties of care” preamble inserted in the instrument as recital 48. These early debates cast a new perspective on more contemporary developments in EU data protection and e-Commerce case law including C-131/12 Google Spain, C-507/17 Google v CNIL and C-18/18 Glawischnig-Piesczek.
The GDPR, Brexit, the UK and adequacy
If the UK leaves the EU and EEA, will it be "adequate" for data transfers from the EU? Evidemnce suggests not, especially following the passing of the IP Act and the Tele2/Watson CJEU decision.
Recommended
The UK and EU Personal Data Regime After Brexit: Another Switzerland?
These slides provide an overview of the personal data relationship between the UK and EU after Brexit. Under the Trade and Cooperation Agreement, the UK will have the closest connection with the EU here outside the European Economic Area and Switzerland. This is especially clear in the area of justice and security where there is very extensive provision for data exchange based on common standards. However, in the general area of data protection the framework only points to mutual adequacy. Even with the evolving formulation of this as “essential equivalence”, significant flexibility is retained and this may ultimately result in more substantive divergence than EU-Switzerland given the UK’s more distinct data protection approach. Common bona fide implementation of the Council of Europe’s Data Protection Convention 108+ may provide a good lodestar in the medium term and I very tentatively map out what this may could mean for default standards in the UK related to sensitive data and integrity and also specific substantive restrictions to ensure a more graduated approach and reconciliation with other competing rights.
GDPR, DPAs and the Journalistic Media: Walking the Regulatory Tightrope
This document discusses the interface between data protection law and journalism. It notes that while EU law provides some exemptions for journalism, most countries still subject it to qualified data protection standards. It argues that data protection authorities (DPAs) should take a co-regulatory approach when setting standards and enforcing data protection in journalism. Specifically, DPAs should engage with self-regulatory bodies to help ensure protections for vulnerable groups while respecting press freedom. Enforcement should show deference to self-regulation but DPAs must ultimately make independent assessments.
Data Protection and Journalism: The Changing Landscape
These slides provide an overview of the changing landscape for data protection and journalism in decade or so since the Leveson Inquiry. As well as detailing the core public interest and incompatibility tests, they look at developments in case law, at the ICO and under the GDPR and DPA 2018. They are intended to provide background to the ICO consultation on a data protection and journalism code of practice which runs until 10 January 2022.
European Data Protection and Social Networking
These slides explore significant issues arising under data protection for both users and platforms as a result of the publication of third party personal data on such sites. Although the GDPR’s new wording of the household exemption could potentially exclude non-intrusive processing (e.g. sharing innocuous pictures taken in public), the Court of Justice of the EU (CJEU) is increasingly insistent that users acquire responsibilities when the publish such data to an indeterminate number. In principle, most EU Data Protection Authorities (DPAs) accept this although others including the UK and Irish have been very resistant. Many users could therefore have weighty data protection obligations here, although if contributing to a collective public debate they may be covered by the journalistic/special expression derogation and in any case there is a need for a balance with freedom of expression. CJEU ʻjoint controllerʼ case law also points to social networking sites have their own duties here, a proposition which has been backed by Working Party, the UK DPA and the UK courts. Whilst the e-Commerce ʻhostʼ shield should significantly limit ex ante responsibility here, this must be tempered by the ʻduty of careʼ which is inherent in being a ʻcontrollerʼ under data protection. In sum, data protection in principle remains central to the regulation of ʻonline harmsʼ here although ensuring effective and well-balanced regulation in practice remains a formidable challenge.
See further:
“Intermediary Publishers and European data protection: Delimiting the ambit of responsibility for third-party rights through a synthetic interpretation of the EU acquis”, International Journal of Law and Information Technology (Vol. 26(3), pp. 189-225) (2018) - https://academic.oup.com/ijlit/article/26/3/189/5033541
“Beyond ʻHaving a Domesticʼ? Regulatory Interpretation of European Data Protection Law and Individual Publication”, Computer Law and Security Review (Vol. 33 (3), pp. 275-297) (2017) - Pre-print https://www.repository.cam.ac.uk/handle/1810/263883
Constitutional Privacy and Data Protection in the EU
This document analyzes the historical development of privacy and data protection rights in the constitutions of EU member states. It finds that while privacy rights relating to the home and correspondence date back to the early 19th century, general privacy and data protection rights are more recent additions, emerging in the late 20th century. Currently, general privacy rights are recognized in most EU constitutions, while data protection rights are recognized in about half. Data protection rights also tend to be more specific than general privacy rights. The document concludes that while privacy and data protection rights have developed together, privacy rights remain more commonly adopted at the constitutional level.
Dead Ringers? Legal Persons & the Deceased in European Data Protection Law
Whilst it is sometimes suggested that the treatment of legal and deceased person data during European data protection’s development has been broadly comparable, this presentation demonstrates the stark divergences which are in fact apparent. Despite early fusion, legal persons have been increasingly seen to have lesser and, more importantly, qualitatively different information entitlements compared to natural persons, thereby leaving European data protection with a very limited and indirect role here. In contrast, natural persons and the deceased have not been conceived as normatively dichotomous and since the 1990s there has been growing interest both in establishing sui generis direct protection for deceased data and also indirect inclusion through a link with living natural persons. Whilst the case for some indirect inclusion is overwhelming, a broad approach to the inter-relational nature of data risks further destabilizing the personal data concept. Nevertheless, given that jurisdictions representing almost half of the EEA’s population now provide some direct protection and the challenges of managing digital data on death continue to grow, the time may be ripe for a ‘soft’ recommendation on direct protection in this area. Drawing on existing law and scholarship, such a recommendation could seek to specify the role of both specific control rights and diffuse confidentiality obligations, the criteria for time-limits in each case and the need for a balance with other rights and interests which recognises the significantly decreasing interest in protection over time. N.B. The full working paper accompanying these slides may be found at https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3599852
Data Protection and "Intermediary" Responsibility: An Historical Perspective
These slides look historically at the tension between being in "control" of personal data and benefiting from certain freedom of expression shields when acting as an “intermediary” between an original content producer and an end user. It is show that these tensions emerged as early as the 1980s in European data protection, with both the French and certain Scandinavian Data Protection Authorities (DPAs) adopting a strict construction of law vis-à-vis provides of interactive services on the Minitel and various news archive and other public databases respectively. By the late 1990s when the e-Commerce Directive 2000/31/EC was being negotiated a similar tension re-emerged in the form of the data protection “exemption” (art. 1(5)(b)) and the more general ambiguity as to whether “active” as opposed to “passive” services could benefit from the “host” shield (art. 14) in any case. A partial solution to the latter question was found in the reasonable “duties of care” preamble inserted in the instrument as recital 48. These early debates cast a new perspective on more contemporary developments in EU data protection and e-Commerce case law including C-131/12 Google Spain, C-507/17 Google v CNIL and C-18/18 Glawischnig-Piesczek.
The GDPR, Brexit, the UK and adequacy
If the UK leaves the EU and EEA, will it be "adequate" for data transfers from the EU? Evidemnce suggests not, especially following the passing of the IP Act and the Tele2/Watson CJEU decision.
Brexit Data Protection Update: The EU, US and UK Perspective
On 31 January 2020, the United Kingdom left the European Union. For the first time since its creation, a member state has decided to leave the common market, and for now, it is uncertain what the future holds for current privacy legislation. The new relationship between the UK and the EU will be negotiated in the course of this year, with the agreed transition period ending on 31 December. During this period, GDPR will apply as if nothing has changed. But what will happen after?
This webinar will discuss the following topics:
-What does Brexit mean from a data protection perspective?
-What does it mean for the UK itself and for the position of the Information Commissioner’s Office?
-What will be the impact of Brexit for data flows to and from the remaining 27 EU Member States and the countries of the European Economic Area?
-And will there be any impact on the UK-US data flows?
Reconciling Humanities and Social Science Research With Data Protection
Humanities and social science research contribute enormously to collective public knowledge and discussion. Such activity will almost invariably involve the processing of personal information and will, therefore, trigger the application of EU data protection law including the forthcoming General Data Protection Regulation (GDPR). This presentation argues that the GDPR’s default provisions – especially as regards the presumption of consent for sensitive data, data subject notification rules and strict discipline provisions – pose an acute threat to such activity. Moreover, whilst the research derogations (Art. 89) ameliorate a few of the issues, they are principally designed for work based on a highly structured, predetermined and largely fiduciary model such as is common in bio-medicine. As recognised by a wide variety of research organizations during debate on the GDPR (including the Wellcome Trust and UK Economic and Social Research Council), given that social/humanities scholarship is intrinsically linked to public knowledge and discussion, it should in fact benefit not just from these research derogations but also from the more permissive (but not absolute) derogations for free speech. The GDPR now recognises this but granting free speech protection for “academic expression” alongside that of journalism, literature and art (Art. 85 (2)). (N.B. These slides are based on a talk given at the University of Hong Kong “Positioning Privacy and Transparency in Data-intensive Research and Data-drive Regulation” on 8 November 2016).
Data Protection and Academia: Fundamental Rights in Conflict
This keynote talk to Norwegian National Conference on Research Ethics on 18 September 2018 explored the tension between European data protection norms and the nature of much of academic work, focusing on problems as regards the basic model of data management, the notion of critical inquiry and the need in some circumstances to resort to covert methods. It argued that the "historical and scientific research purposes" provisions in Article 89 of the GDPR largely fail to address these difficulties and stressed the centrality of the protections for "academic expression" including alongside journalism in Article 89 which is correctly predicated on reconciling data protection with the fundamental right to freedom of expression.
Disclosure, Exposure and the "Right to be Forgotten" After Google Spain
*** N.B. For full working paper see https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3505921 ***
This paper argues that Google’s essentially blanket and unsafeguarded dissemination to webmasters of URLs deindexed under the Google Spain judgment involves the disclosure of the claimant’s personal data, cannot be justified either on the purported basis of their consent or that this is legally required but instead seriously infringes European data protection standards. Disclosure of this data would only be compatible with the initially contextually sensitive context of collection where it was (i) reasonably necessary and explicitly limited to the purposes of checking the legality of the initial decision and/or bona fide research and (ii) was subject to effective safeguards that prevented any unauthorised repurposing or other use. Strict necessity thresholds would need to apply where disclosure involved special category data or was subject to reasoned objection by a data subject and international transfers would require appropriate safeguards as provided by the European Commission’s standard contractual clauses. Disclosing identifiable data on removals to end users would directly and fundamentally undermine a data subject’s rights and, therefore, ipso facto violate purpose limitation and legality, irrespective of a data subject claims rights in data protection, defamation or civil privacy. The public’s legitimate interests in receiving information on personal data removals should be secured through safeguarded scientific research that the search engines should facilitate and promote.
UK GDPR: What New Direction?
These slides explore the reforms to the UK General Data Protection Regulation (GDPR) proposed by the UK Government in Data: A New Direction. It is argued that they are both significant and unbalanced against the data subject but (aside potentially from the e-privacy rules) not generally radical. The great bulk of the proposed substantive changes to data protection could plausibly be justified under the derogation clauses available to EU Member States within the GDPR itself. Reforms to the integrity duties of controllers and others are more far-reaching. Nevertheless, their broad structure remains compatible with even the revised version of the Council of Europe framework, Data Protection Convention 108+, which both the EU and UK remain strongly committed to. Finally, the proposals to shift ICO supervision de jure away from a priority focus on individual data subject rights and complaints are difficult to square even with Convention 108+. Nevertheless, de facto the ICO far from acts as a legal champion for the data subject today. Indeed, despite receiving over 36,000 complaints from individuals during 2020-21, it issued just three fines under the GDPR (all concerning data security breaches) and just one injunctive enforcement notice.
EU General Data Protection Regulation & Transborder Information Flow
This document discusses the European approach to data protection and reconciling it with other interests and rights. It outlines the key principles of European data protection law, including requirements for personal data processing, sensitive data rules, and transparency. It acknowledges tensions with economic, security and other interests. It analyzes rules governing international data transfers and derogations. While the law initially took a flexible approach, more recent court rulings have emphasized data protection as a fundamental right and imposed stricter standards for determining if non-EU countries ensure an adequate level of protection. The upcoming General Data Protection Regulation poses challenges in further restricting data transfers abroad.
DPA and GDPR
The Data Protection Act (2018) and General Data Protection Regulation (2016) establish rules for processing and handling personal data. The acts require consent for data use and sharing, ensure data accuracy, require secure data storage, and appoint a data protection officer for compliance. They protect individual privacy and require notifications for data breaches. The GDPR covers EU law while the DPA covers UK law, and both currently apply as the UK remains in the EU.
New Media Internet Expression and European Data Protection
The document discusses the expansive interpretations of EU data protection law adopted by the CJEU and European data protection authorities (DPAs) and their implications for internet actors. It notes that while the formal legal stance is broad, enforcement of data protection against expression has been limited and sporadic. It also discusses how an enforcement focus can lead DPAs to issue guidance that conflicts with their broad interpretative stance, as seen with guidelines on search engines after the Google Spain ruling.
Replacement standard contractual clauses
Describes the complex and murky path of international data transfers and what goes with them – yes, you guessed it – standard contractual clauses.
GDPR: A Threat or Opportunity? www.normanbroadbent.
With General Data Protection Regulation (GDPR) a legal requirement for all UK companies from May 2018, there have been numerous articles written either demonstrating the confusion surrounding the new regulations, or detailing the downsides of the legislation.
Data Protection Reform: What Businesses Need to know About GDPR and its Impac...
General Data Protection Regulation (“GDPR”) kicks in next year, and brands will be expected to comply with these consumer privacy rules. In this session, Claire Stockill, Solicitor at Irwin Mitchell LLP will explain what these rules mean for B2C email marketers. The presentation will explore the effects GDPR will have on consent, the need for increased transparency, fines associated with non-compliance and a look at the results of a recent YouGov survey on GDPR readiness.
Francesca Fanucci, Ppt
The UK Freedom of Information Act (FOIA) was adopted in 2000 and fully implemented in 2005 across all UK public authorities simultaneously. This led to initial problems with delays and backlogs in responding to requests. Lessons learned include the need for adequate resources for oversight bodies like the Information Commissioner's Office to promote awareness and compliance. Civil society played an important role through media involvement, advocacy, and litigation to support effective FOIA implementation over time.
Maeve Mc Donagh
The document outlines key aspects of Freedom of Information (FOI) legislation in Ireland, including both positive features and limitations. Positives included broad scope and coverage of public bodies, exemptions requiring a harm test, and independent review mechanisms. Limitations were narrower scope excluding some bodies, exemptions not all requiring harm tests, and subsequent amendments weakening the act by expanding exemptions and introducing fees. The FOI act has been used extensively by both individuals and journalists to reveal issues of public interest. Lessons for other countries include passing strong initial FOI laws and maintaining independent oversight to prevent backsliding.
Thomas M. Susman,Ppt
The document discusses freedom of information and open government. It summarizes the benefits of open government to the public, including businesses, and to the government. It also discusses how freedom of information laws affect businesses by requiring public disclosure of some information they submit to the government. While freedom of information laws protect trade secrets and confidential commercial information from disclosure, the meaning and scope of these exemptions has been interpreted by courts through many cases.
No Man is an Island: The Battle for Data Privacy
The document discusses upcoming changes to data protection legislation in Europe and the implications for companies. The EU General Data Protection Regulation (GDPR) will replace the 1995 Data Protection Directive in May 2018, imposing stricter rules around data collection, use, and transfers. It also discusses the replacement of the invalidated US-EU Safe Harbor agreement with the new EU-US Privacy Shield framework and the uncertainty caused by Brexit. The implications are that companies will need to devote more resources to data compliance and mobile ediscovery solutions may help address issues around cross-border data transfers and GDPR requirements.
Regulation of Medical Research under European Data Protection
Medical research provides unique and critical public benefits but also necessarily involves the processing of some of the most sensitive and private data - which European Data Protection is rightly concerned with safeguarding. Looking at the law across all European Economic Area (EEA) jurisdictions, this presentation outlines the barriers which application of default European data protection norms can pose to such work from requirements to obtain consent for sensitive personal data processing, to data subject notification rules and subject access. Drawing on a survey of Data Protection Authorities it also indicates that regulators are inclined to interpret the law strictly here although enforcement is often rather limited. The presentation then looks forward to the future under the General Data Protection Regulation (GDPR) arguing that the obstacles in the way of getting the law right here remain formidable and, in addition, there is a need for much greater engagement between DPAs and those involved in medical research. (N.B. These slides are based on talk given to the PHG Foundation at Hughes Hall on 13 October 2015 but have been updated in light of the finalization of the GDPR).
What does the Proposed EU General Data Protection Regulation (GDPR) mean for ...
We outline the proposed changes in the EU General Data Protection Regulation (GDPR) and its effect on the privacy of US-EU Data transfers.
Access the complete webinar on how the EU GDPR will affect your business https://info.truste.com/lp/truste/On-Demand-Webinar-Reg-Page.html?asset=J68IQUDK-565
Data Privacy Protection & Advisory - EY India
Read about the data privacy protection & advisory in India - evolving rights and obligations related to data privacy & the implementation of data protection reforms.
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
The document discusses the challenges facing public sector organizations in the EU in adopting cloud solutions due to concerns over privacy and data protection. Recent legal changes like the invalidation of the Safe Harbor agreement and the passage of CISA in the US have increased worries that personal data of EU citizens could be accessed by US intelligence agencies. The upcoming GDPR will also broaden the definition of personal data and increase responsibilities of organizations. To address these risks, the document proposes a "franchise" model where a local EU entity acts as the data processor and is contractually separated from the non-EU cloud provider to ensure data remains outside of US jurisdiction.
Legislation
This is a presentation for the new AQA AS level on computer legislation. The slide show was produced by members of Baines School ICT group
UK & EU Freedom of Information & Data Protection: Continuity & Change
This presentation explores continuities and changes in the interface between freedom of information and personal information protection at pan-EU level and in the UK under the amended law of the Data Protection Act 2018 and Regulation 2018/1725. Comparing both regimes, it especially focuses on fairness and balancing, the requirement to demonstrate the "necessity" of processing, the position of the deceased and the relationship between disclosure, transparency and sensitive personal data rules.
Will the GDPR Kibosh EU-US Discovery?
If you're a legal or security professional, the looming General Data Protection Regulation, or GDPR, is likely causing your blood pressure to rise. Expected to impose strict limitations on organizations that do business in the European Union, or otherwise collect the data of European citizens, the regulation is said to raise the stakes for privacy compliance as well as for transcontinental discovery. Organizations that don't meet its standards by May 2018 will be the subject of potentially business-rattling sanctions.
More Related Content
What's hot
Brexit Data Protection Update: The EU, US and UK Perspective
On 31 January 2020, the United Kingdom left the European Union. For the first time since its creation, a member state has decided to leave the common market, and for now, it is uncertain what the future holds for current privacy legislation. The new relationship between the UK and the EU will be negotiated in the course of this year, with the agreed transition period ending on 31 December. During this period, GDPR will apply as if nothing has changed. But what will happen after?
This webinar will discuss the following topics:
-What does Brexit mean from a data protection perspective?
-What does it mean for the UK itself and for the position of the Information Commissioner’s Office?
-What will be the impact of Brexit for data flows to and from the remaining 27 EU Member States and the countries of the European Economic Area?
-And will there be any impact on the UK-US data flows?
Reconciling Humanities and Social Science Research With Data Protection
Humanities and social science research contribute enormously to collective public knowledge and discussion. Such activity will almost invariably involve the processing of personal information and will, therefore, trigger the application of EU data protection law including the forthcoming General Data Protection Regulation (GDPR). This presentation argues that the GDPR’s default provisions – especially as regards the presumption of consent for sensitive data, data subject notification rules and strict discipline provisions – pose an acute threat to such activity. Moreover, whilst the research derogations (Art. 89) ameliorate a few of the issues, they are principally designed for work based on a highly structured, predetermined and largely fiduciary model such as is common in bio-medicine. As recognised by a wide variety of research organizations during debate on the GDPR (including the Wellcome Trust and UK Economic and Social Research Council), given that social/humanities scholarship is intrinsically linked to public knowledge and discussion, it should in fact benefit not just from these research derogations but also from the more permissive (but not absolute) derogations for free speech. The GDPR now recognises this but granting free speech protection for “academic expression” alongside that of journalism, literature and art (Art. 85 (2)). (N.B. These slides are based on a talk given at the University of Hong Kong “Positioning Privacy and Transparency in Data-intensive Research and Data-drive Regulation” on 8 November 2016).
Data Protection and Academia: Fundamental Rights in Conflict
This keynote talk to Norwegian National Conference on Research Ethics on 18 September 2018 explored the tension between European data protection norms and the nature of much of academic work, focusing on problems as regards the basic model of data management, the notion of critical inquiry and the need in some circumstances to resort to covert methods. It argued that the "historical and scientific research purposes" provisions in Article 89 of the GDPR largely fail to address these difficulties and stressed the centrality of the protections for "academic expression" including alongside journalism in Article 89 which is correctly predicated on reconciling data protection with the fundamental right to freedom of expression.
Disclosure, Exposure and the "Right to be Forgotten" After Google Spain
*** N.B. For full working paper see https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3505921 ***
This paper argues that Google’s essentially blanket and unsafeguarded dissemination to webmasters of URLs deindexed under the Google Spain judgment involves the disclosure of the claimant’s personal data, cannot be justified either on the purported basis of their consent or that this is legally required but instead seriously infringes European data protection standards. Disclosure of this data would only be compatible with the initially contextually sensitive context of collection where it was (i) reasonably necessary and explicitly limited to the purposes of checking the legality of the initial decision and/or bona fide research and (ii) was subject to effective safeguards that prevented any unauthorised repurposing or other use. Strict necessity thresholds would need to apply where disclosure involved special category data or was subject to reasoned objection by a data subject and international transfers would require appropriate safeguards as provided by the European Commission’s standard contractual clauses. Disclosing identifiable data on removals to end users would directly and fundamentally undermine a data subject’s rights and, therefore, ipso facto violate purpose limitation and legality, irrespective of a data subject claims rights in data protection, defamation or civil privacy. The public’s legitimate interests in receiving information on personal data removals should be secured through safeguarded scientific research that the search engines should facilitate and promote.
UK GDPR: What New Direction?
These slides explore the reforms to the UK General Data Protection Regulation (GDPR) proposed by the UK Government in Data: A New Direction. It is argued that they are both significant and unbalanced against the data subject but (aside potentially from the e-privacy rules) not generally radical. The great bulk of the proposed substantive changes to data protection could plausibly be justified under the derogation clauses available to EU Member States within the GDPR itself. Reforms to the integrity duties of controllers and others are more far-reaching. Nevertheless, their broad structure remains compatible with even the revised version of the Council of Europe framework, Data Protection Convention 108+, which both the EU and UK remain strongly committed to. Finally, the proposals to shift ICO supervision de jure away from a priority focus on individual data subject rights and complaints are difficult to square even with Convention 108+. Nevertheless, de facto the ICO far from acts as a legal champion for the data subject today. Indeed, despite receiving over 36,000 complaints from individuals during 2020-21, it issued just three fines under the GDPR (all concerning data security breaches) and just one injunctive enforcement notice.
EU General Data Protection Regulation & Transborder Information Flow
This document discusses the European approach to data protection and reconciling it with other interests and rights. It outlines the key principles of European data protection law, including requirements for personal data processing, sensitive data rules, and transparency. It acknowledges tensions with economic, security and other interests. It analyzes rules governing international data transfers and derogations. While the law initially took a flexible approach, more recent court rulings have emphasized data protection as a fundamental right and imposed stricter standards for determining if non-EU countries ensure an adequate level of protection. The upcoming General Data Protection Regulation poses challenges in further restricting data transfers abroad.
DPA and GDPR
The Data Protection Act (2018) and General Data Protection Regulation (2016) establish rules for processing and handling personal data. The acts require consent for data use and sharing, ensure data accuracy, require secure data storage, and appoint a data protection officer for compliance. They protect individual privacy and require notifications for data breaches. The GDPR covers EU law while the DPA covers UK law, and both currently apply as the UK remains in the EU.
New Media Internet Expression and European Data Protection
The document discusses the expansive interpretations of EU data protection law adopted by the CJEU and European data protection authorities (DPAs) and their implications for internet actors. It notes that while the formal legal stance is broad, enforcement of data protection against expression has been limited and sporadic. It also discusses how an enforcement focus can lead DPAs to issue guidance that conflicts with their broad interpretative stance, as seen with guidelines on search engines after the Google Spain ruling.
Replacement standard contractual clauses
Describes the complex and murky path of international data transfers and what goes with them – yes, you guessed it – standard contractual clauses.
GDPR: A Threat or Opportunity? www.normanbroadbent.
With General Data Protection Regulation (GDPR) a legal requirement for all UK companies from May 2018, there have been numerous articles written either demonstrating the confusion surrounding the new regulations, or detailing the downsides of the legislation.
Data Protection Reform: What Businesses Need to know About GDPR and its Impac...
General Data Protection Regulation (“GDPR”) kicks in next year, and brands will be expected to comply with these consumer privacy rules. In this session, Claire Stockill, Solicitor at Irwin Mitchell LLP will explain what these rules mean for B2C email marketers. The presentation will explore the effects GDPR will have on consent, the need for increased transparency, fines associated with non-compliance and a look at the results of a recent YouGov survey on GDPR readiness.
Francesca Fanucci, Ppt
The UK Freedom of Information Act (FOIA) was adopted in 2000 and fully implemented in 2005 across all UK public authorities simultaneously. This led to initial problems with delays and backlogs in responding to requests. Lessons learned include the need for adequate resources for oversight bodies like the Information Commissioner's Office to promote awareness and compliance. Civil society played an important role through media involvement, advocacy, and litigation to support effective FOIA implementation over time.
Maeve Mc Donagh
The document outlines key aspects of Freedom of Information (FOI) legislation in Ireland, including both positive features and limitations. Positives included broad scope and coverage of public bodies, exemptions requiring a harm test, and independent review mechanisms. Limitations were narrower scope excluding some bodies, exemptions not all requiring harm tests, and subsequent amendments weakening the act by expanding exemptions and introducing fees. The FOI act has been used extensively by both individuals and journalists to reveal issues of public interest. Lessons for other countries include passing strong initial FOI laws and maintaining independent oversight to prevent backsliding.
Thomas M. Susman,Ppt
The document discusses freedom of information and open government. It summarizes the benefits of open government to the public, including businesses, and to the government. It also discusses how freedom of information laws affect businesses by requiring public disclosure of some information they submit to the government. While freedom of information laws protect trade secrets and confidential commercial information from disclosure, the meaning and scope of these exemptions has been interpreted by courts through many cases.
No Man is an Island: The Battle for Data Privacy
The document discusses upcoming changes to data protection legislation in Europe and the implications for companies. The EU General Data Protection Regulation (GDPR) will replace the 1995 Data Protection Directive in May 2018, imposing stricter rules around data collection, use, and transfers. It also discusses the replacement of the invalidated US-EU Safe Harbor agreement with the new EU-US Privacy Shield framework and the uncertainty caused by Brexit. The implications are that companies will need to devote more resources to data compliance and mobile ediscovery solutions may help address issues around cross-border data transfers and GDPR requirements.
Regulation of Medical Research under European Data Protection
Medical research provides unique and critical public benefits but also necessarily involves the processing of some of the most sensitive and private data - which European Data Protection is rightly concerned with safeguarding. Looking at the law across all European Economic Area (EEA) jurisdictions, this presentation outlines the barriers which application of default European data protection norms can pose to such work from requirements to obtain consent for sensitive personal data processing, to data subject notification rules and subject access. Drawing on a survey of Data Protection Authorities it also indicates that regulators are inclined to interpret the law strictly here although enforcement is often rather limited. The presentation then looks forward to the future under the General Data Protection Regulation (GDPR) arguing that the obstacles in the way of getting the law right here remain formidable and, in addition, there is a need for much greater engagement between DPAs and those involved in medical research. (N.B. These slides are based on talk given to the PHG Foundation at Hughes Hall on 13 October 2015 but have been updated in light of the finalization of the GDPR).
What does the Proposed EU General Data Protection Regulation (GDPR) mean for ...
We outline the proposed changes in the EU General Data Protection Regulation (GDPR) and its effect on the privacy of US-EU Data transfers.
Access the complete webinar on how the EU GDPR will affect your business https://info.truste.com/lp/truste/On-Demand-Webinar-Reg-Page.html?asset=J68IQUDK-565
Data Privacy Protection & Advisory - EY India
Read about the data privacy protection & advisory in India - evolving rights and obligations related to data privacy & the implementation of data protection reforms.
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
The document discusses the challenges facing public sector organizations in the EU in adopting cloud solutions due to concerns over privacy and data protection. Recent legal changes like the invalidation of the Safe Harbor agreement and the passage of CISA in the US have increased worries that personal data of EU citizens could be accessed by US intelligence agencies. The upcoming GDPR will also broaden the definition of personal data and increase responsibilities of organizations. To address these risks, the document proposes a "franchise" model where a local EU entity acts as the data processor and is contractually separated from the non-EU cloud provider to ensure data remains outside of US jurisdiction.
Legislation
This is a presentation for the new AQA AS level on computer legislation. The slide show was produced by members of Baines School ICT group
What's hot (20)
Brexit Data Protection Update: The EU, US and UK Perspective
Brexit Data Protection Update: The EU, US and UK Perspective
Reconciling Humanities and Social Science Research With Data Protection
Reconciling Humanities and Social Science Research With Data Protection
Data Protection and Academia: Fundamental Rights in Conflict
Data Protection and Academia: Fundamental Rights in Conflict
Disclosure, Exposure and the "Right to be Forgotten" After Google Spain
Disclosure, Exposure and the "Right to be Forgotten" After Google Spain
EU General Data Protection Regulation & Transborder Information Flow
EU General Data Protection Regulation & Transborder Information Flow
New Media Internet Expression and European Data Protection
New Media Internet Expression and European Data Protection
GDPR: A Threat or Opportunity? www.normanbroadbent.
GDPR: A Threat or Opportunity? www.normanbroadbent.
Data Protection Reform: What Businesses Need to know About GDPR and its Impac...
Data Protection Reform: What Businesses Need to know About GDPR and its Impac...
Regulation of Medical Research under European Data Protection
Regulation of Medical Research under European Data Protection
What does the Proposed EU General Data Protection Regulation (GDPR) mean for ...
What does the Proposed EU General Data Protection Regulation (GDPR) mean for ...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Similar to Comparing EU and Council of Europe Data Protection Standards in the Context of Brexit
UK & EU Freedom of Information & Data Protection: Continuity & Change
This presentation explores continuities and changes in the interface between freedom of information and personal information protection at pan-EU level and in the UK under the amended law of the Data Protection Act 2018 and Regulation 2018/1725. Comparing both regimes, it especially focuses on fairness and balancing, the requirement to demonstrate the "necessity" of processing, the position of the deceased and the relationship between disclosure, transparency and sensitive personal data rules.
Will the GDPR Kibosh EU-US Discovery?
If you're a legal or security professional, the looming General Data Protection Regulation, or GDPR, is likely causing your blood pressure to rise. Expected to impose strict limitations on organizations that do business in the European Union, or otherwise collect the data of European citizens, the regulation is said to raise the stakes for privacy compliance as well as for transcontinental discovery. Organizations that don't meet its standards by May 2018 will be the subject of potentially business-rattling sanctions.
Companies, digital transformation and information privacy: the next steps
Companies, digital transformation and information privacy: the next stepsThe Economist Media Businesses
The internet and sovereign privacy laws have been on a collision course for decades, with growing tensions from all jurisdictions.Att. patrizia giannini fordham university new york 19 july 2013 - electroni...
Att. patrizia giannini fordham university new york 19 july 2013 - electroni...Amministratore Bluefactor
This document discusses the differences between electronic discovery (e-discovery) in the European Union and United States. EU data protection laws strictly regulate personal data as a fundamental right and impose limitations on processing and transferring personal data outside of the EU. In contrast, US civil discovery rules allow for broad collection of relevant information. This creates conflicts for US companies with EU affiliates involved in US litigation. Potential solutions include anonymizing personal data, obtaining protective orders, and following EU data transfer requirements.Comments on Draft Philippine FOI Law
This document provides comments on a draft Freedom of Information law in the Philippines. It summarizes key issues and recommendations for improving the draft. Key points include expanding the scope of information covered beyond matters of public concern; strengthening exceptions; including an oversight body; and imposing a duty on public bodies to proactively publish certain information without requiring a request.
[REPORT PREVIEW] GDPR Beyond May 25, 2018
The document provides an overview of the General Data Protection Regulation (GDPR) that goes into effect in the European Union on May 25, 2018. Some key points:
- GDPR strengthens data protection rights for EU citizens and applies to any organization that collects data from EU individuals, regardless of location.
- It establishes high fines for noncompliance (up to 4% of global revenue or 20 million euros) and requires clear and easy-to-withdraw consent for data collection and use.
- Individuals have new rights regarding their data, including rights to access, correct, and delete personal data, and object to automated decision making. Organizations must also notify about data breaches.
- While
Gvca internet jurisdiction_ssrn
This document discusses jurisdiction in international law as it relates to regulating the internet and the EU's "right to be forgotten" ruling. It makes the following key points:
1) Jurisdiction in international law is traditionally based on a state's territory and sovereignty, but modern economic law has challenged this through the "effects doctrine."
2) The EU's "right to be forgotten" ruling in Google Spain concerned private litigation between individuals and corporations, falling under private international law.
3) Orders to extend compliance with the ruling to Google's global domains raise questions about the territorial reach of the ruling under public and private international law.
4) The document aims to clarify concepts of jurisdiction in public and private
TrustArc Webinar: UK's Post-Brexit GDPR Reforms
On January 1 2021, the UK formally and effectively left the European Union. As a result, the EU GDPR no longer applies in the UK. Currently, the UK DPA 2018 sets out the data protection framework in the UK.
Are you UK-DPA compliant? What are some of the expected data protection reforms from UK authorities?
Join our panel in this webinar as we explore the current rules on transfers of personal data between the UK and the EU and how your company can comply.
This webinar will review:
- What the Brexit changes in terms of data privacy
- The main differences between the UK-DPA and the EU-GDPR
- How to become compliant in both the EU and the UK
DRAFT 2 - The Internet has effectively rendered privacy as a thing of the past
This document discusses privacy rights in the UK and how the internet has impacted privacy. It begins by outlining that the UK does not have an overarching right to privacy but does have a qualified right to respect for private life under Article 8 of the ECHR. It then examines how public bodies like the GCHQ and NSA conduct mass surveillance online through programs like PRISM and Tempora. This raises issues of whether such surveillance violates privacy rights and is proportionate. The document also analyzes a legal case brought by Liberty challenging GCHQ's surveillance activities. While the tribunal found GCHQ's actions lawful, their decision is still subject to scrutiny regarding whether enough safeguards truly exist.
Cross-Border E-discovery: Navigating Rules and Regulations Across Multiple J...
This document discusses the complexities of cross-border e-discovery due to varying privacy and data protection laws across jurisdictions. It outlines key concepts like what constitutes personal data, differences between common law and civil law approaches to discovery and disclosure, and challenges of collecting electronic evidence located outside the US due to blocking statutes and criminal penalties in some countries. Practical suggestions are provided for how to navigate these issues, including tailoring legal holds, obtaining consent where possible, and educating courts on foreign law considerations.
PECB Webinar: The End of Safe Harbour! What happens Next?
The webinar covers:
• What is Safe Harbour, and how companies were relied on it
• How the end of it will affect US firms
• What will happen next
• How companies will react
• The implications of this act
• What is the solution to this
Presenter:
This session was hosted by Mr. Graeme Parker, Managing Director of Parker Solutions Group, a PECB representative in UK. Mr. Parker has more than 20 years of experience in information security, and data privacy, and was also involved with many companies that were relied on Safe Harbour.
Link of the recorded session published on YouTube: https://youtu.be/cbPUTVtxem0
FINAL REPORT
The document discusses the ongoing negotiations between the EU and US to establish a new framework for transatlantic data transfers, called the EU-US Privacy Shield, to replace the invalidated Safe Harbor agreement. Key points:
- A political agreement was reached on February 2nd but many details still need to be worked out. The EU Commission hopes to have it finalized in 3 months.
- The proposed Privacy Shield would establish new limitations and oversight mechanisms for US government access to data for national security purposes. It would also provide redress mechanisms for EU citizens.
- However, the final legal status and long-term viability remain unclear. Max Schrems has said he may challenge it in court as he did
"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...
Cédric Laurant: Presentation at the SecureWorld Web Conference: "Incident Response: Clean Up on Aisle Nine" (29 Nov. 2012)
Presentation can be downloaded at http://cedriclaurant.com/about/presentations/, http://blog.cedriclaurant.org and http://security-breaches.com.
Hrr article 8
Article 8 of the European Convention on Human Rights provides for the right to respect for private and family life, home, and correspondence. It protects against arbitrary interference by public authorities and private organizations. Article 8 covers four areas: private life, family life, home, and correspondence. It is a qualified right, meaning public authorities can interfere in certain circumstances if it is proportionate, necessary, and aims to protect national security, public safety, or the rights of others. The document provides details on the scope and interpretation of Article 8 rights in various contexts like data privacy, immigration cases, and extradition cases. It also discusses how Article 8 relates and interacts with other Convention rights.
Evertio Schrems II
The document provides an overview of the Schrems II case which invalidated the EU-US Privacy Shield framework for international data transfers. It summarizes that Max Schrems, an Austrian privacy activist, filed complaints challenging Facebook's data transfers to the US due to inadequate protections from US surveillance programs. The CJEU ruled the Privacy Shield inadequate and set strict standards requiring equivalent protection to the EU for any data transfer mechanism. The ruling significantly impacts companies reliant on transatlantic data transfers and sets a precedent for other nations' data exchange agreements with the EU.
Transatlantic data flows following the Schrems II judgment
Brief summary of Ian Brown and Douwe Korff’s study for the European Parliament Civil Liberties Committee, presented at a committee hearing on 9 November 2021
Att. patrizia giannini ggi lisbon conference 19 april 2013 - electronic dis...
Att. patrizia giannini ggi lisbon conference 19 april 2013 - electronic dis...Amministratore Bluefactor
Electronic discovery (e-discovery) procedures differ significantly between the EU and US. In the EU, data protection is considered a human right and the Data Protection Directive 95/46/EC strictly regulates processing of personal data. E-Discovery of personal data requires consent or legitimate interest balanced with individual rights. In contrast, US civil procedures allow broad discovery of relevant information. This creates conflicts for US companies with EU affiliates subject to both rules. Potential solutions include filtering personal data, anonymization, and protective orders, but companies may still face risks under both regulatory regimes."The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018TRA - Tax Representative Alliance
The document discusses the EU General Data Protection Regulation (GDPR), which took effect in May 2018. It provides the following key points:
- The GDPR replaced the previous EU data protection directive and directly applies across all EU member states. It aims to give individuals more control over their personal data.
- Key aspects of the GDPR include expanded territorial reach, requirements for data protection officers, increased accountability and privacy by design principles, strengthened rights for data subjects, and larger maximum fines for noncompliance.
- Companies need to review their data processing activities, legal bases for processing, consent mechanisms, security, breach response plans, and privacy notices to ensure compliance with the extensive new obligations and standards introduced by the GDUia presentation Eng
i. Cross-border healthcare is a growing market valued at over $400 billion annually, but raises privacy concerns as patient data may pass through countries with differing privacy laws.
ii. The EU has strong directives on sensitive data protection, including healthcare data, and allows cross-border data transfer if an adequate privacy level exists in the receiving country.
iii. The EU and US had an agreement called "Safe Harbor" for data sharing, but it was struck down and replaced with the "Privacy Shield", which allows transfer with certain new protections and oversight.
iv. Trade agreements like the TPP and TTIP aim to facilitate electronic commerce but also recognize the importance of data privacy and protection. There are calls for
European Data Protection, the Right to be Forgotten and Search Engines
Provides background and explores the interpretation and enforcement of search engines' obligations under European data protection almost four years on from Google Spain (2014) and on the cusp of the new GDPR era. Focuses on four ongoing controversies: (i) the scope of such responsibilities under DP, (ii) the regulation of sensitive persona data, (iii) the legitimacy of webmaster notification and (iv) the geographical scope of action required.
Similar to Comparing EU and Council of Europe Data Protection Standards in the Context of Brexit (20)
UK & EU Freedom of Information & Data Protection: Continuity & Change
UK & EU Freedom of Information & Data Protection: Continuity & Change
Companies, digital transformation and information privacy: the next steps
Companies, digital transformation and information privacy: the next steps
Att. patrizia giannini fordham university new york 19 july 2013 - electroni...
Att. patrizia giannini fordham university new york 19 july 2013 - electroni...
DRAFT 2 - The Internet has effectively rendered privacy as a thing of the past
DRAFT 2 - The Internet has effectively rendered privacy as a thing of the past
Cross-Border E-discovery: Navigating Rules and Regulations Across Multiple J...
Cross-Border E-discovery: Navigating Rules and Regulations Across Multiple J...
PECB Webinar: The End of Safe Harbour! What happens Next?
PECB Webinar: The End of Safe Harbour! What happens Next?
"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...
"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...
Transatlantic data flows following the Schrems II judgment
Transatlantic data flows following the Schrems II judgment
Att. patrizia giannini ggi lisbon conference 19 april 2013 - electronic dis...
Att. patrizia giannini ggi lisbon conference 19 april 2013 - electronic dis...
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018
European Data Protection, the Right to be Forgotten and Search Engines
European Data Protection, the Right to be Forgotten and Search Engines
More from David Erdos
Regulatory Enforcement of UK Data Protection
These slides show that, although the (UK) GDPR mandates strong enforcement and a prioritisation of this by the regulator including through the handling of data subject complaints, severe limitations exist in practice. Indeed, in 2022-23 the Information Commissioner’s Office (ICO) did not serve a single GDPR enforcement notice, secured no criminal convictions and issued only 4 GDPR fines totalling (after later adjustment) less than £0.2M. The Tribunal has removed any substantive bite to the individual order to progress complaints remedy and the Parliamentary Committees have failed to provide effective holistic scrutiny. There is a case for some of the legislative reforms now proposed including reconstituting the ICO as a corporate board and increasing transparency. However, others risk providing a de jure entrenchment of the ICO’s positioning away from being a comprehensive upholder of core data protection rights. None directly address the serious challenges present here but a two-fold approach would do so. The order to progress complaints should police the appropriateness of the ICO’s substantive as well as procedural response and not-for-profit representative complaints should be permitted even without the mandate of data subjects in order to encourage well-argued, strategically important cases. Second, and at least as importantly, the Equality and Human Rights Commission should be obliged to periodically provide holistic scrutiny of the ICO’s enforcement track-record from a human rights perspective within which data protection rights must ultimately sit. These slides are based on a full Working Paper which may be viewed here: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4284602
Generative AI, Search Engines and GDPR
These slides explore the interface between generative AI services such as ChatGPT and Google Bard and the GDPR in light of the experience of search engine indexing under the EU framework. In contrast to search engines, EU data protection authorities have responded promptly to the emergence of generative AI and, in principle, have stressed the need for full data protection compliance. However, in reality a host of legal problems remain live including an absence of a clear legal basis at least for sensitive personal data, uncertainty about whether data quality standards and data subject rights at least as regards background processing are or even can be met and failures of transparency as regards the categories, sources and storage periods for the personal data under processing. There is a serious likelihood, and indeed even present indications, that generative AI services will seek to claim the extra- and even contra-legislative derogations crafted in case law for search engines which limit duties to situations where processing is liable to affect fundamental rights “significantly and additionally” and to actions which are deemed to fall within the “responsibilities, powers and capabilities” of the service operators. Such derogations grant operators too much discretion and pay insufficient attention to the highly active manner in which generative AI services process personal data.
Google Spain and its Aftermath 2014-2023: An EU and UK GDPR Perspective
These slides explore how EU and UK data protection as applied to search engine indexing has evolved in the nine years following the Google Spain (2014) judgment. This judgment has provided a very real and valuable remedy for hundreds of thousands of data subjects but the working out of its rather ad hoc limitations concerning “significant and additional” rights effect and action only in the context of “responsibilities, powers and capabilities” have raised many questions as regards legal certainty, the role of courts as opposed to legislatures and whether “effective and complete protection” is really being secured (an issue which is especially heightened in jurisdictions such as the UK given limited action by the UK DPA in a number of areas). The slides are based my book chapter in Peter Coe and Paul Wragg (eds.), Landmark Cases in Privacy Law (Hart, 2023).as well as talks given at the Universities of Belfast, Cambridge, Leeds, Manchester and Public Service Budapest.
The Brexit Isles Alter Ego? Revisiting Ireland's Commonwealth Exit 1948-49
This slides reexplore the discussions and outcome surrounding Ireland’s Commonwealth exit in 1948-49 in light of the those which surrounded the UK-EU negotiations vis-à-vis Brexit. In each case it may be argued that a reluctant Member hastily committed to an exit which critics argued put a range of links, especially as regards trade and citizenship, at risk. Nevertheless, Ireland was more akin to a semi-detached Associate as opposed to a full Commonwealth Member at the time of its final exit in the late 1940s and had thereby already taken a number of steps to protect its position. Compared to Brexit, Ireland’s Commonwealth exit was also more concerned with symbolism as opposed to practical change. These factors, as well as decentralisation in the Commonwealth itself and significant support for Ireland from Commonwealth Members with large Irish diaspora populations, limited the trade-offs associated with exit in the Irish case. Nevertheless, similarly to Brexit, the remaining Members were keen safeguard their existing legal obligations, ensure the continuing cohesion of the group and protect their own interests. Costs to the departing Member remained evident. In the case of Ireland, this was apparent in terms of a tightening of links between Northern Ireland and Great Britain, a requirement to commit to more secure and broader reciprocal migration ties and exclusion from full participation in the institutions which shaped the Sterling and Commonwealth Preference Areas which it continued to be a part. Whilst far from a doppleganger, Ireland’s exit can, at least at the time of secession itself, usefully be seen as the Brexit Isles’ alter ego. For the accompanying full Working Paper see https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4437102
Data Protection Post-Brexit: Can the UK Craft a Credible New Approach?
These slides, based on a talk given to the Society of Legal Scholars’ Conference 2022, finds that the current Data Protection and Digital Information Bill is substantively wide-ranging but not radical. Many of the changes could be considered a plausible gloss on the General Data Protection Regulation (GDPR) or achieve a result which could be justified under its restrictions/derogations clause. Those which go further such as the changes to the solely automated decision-making rights remain well within the parameters of the Data Protection Convention 108+. There is a danger that the Bill’s substantive modifications may be insufficiently innovative to address concerns about the scope and depth of the GDPR’s rules. On the other hand, the Bill’s regulatory changes do little to confront the limited enforcement of data protection and the new de jure flexibility offered to the Information Commissioner may further entrench the existing “soft” supervisory approach.
The GDPR and Journalism: Enforcement and Beyond
The interface and indeed tension between GDPR rights and journalism freedom of expression is profound. These slides, prepared for the EDPS Enforcement Conference 2022 (https://www.edpsconference2022.eu/en/press-media/media) explore the attempt to ensure a legal reconciliation across the EU Member States and how Data Protection Authorities (DPAs) might address their legal, resource and epistemic challenges here through facilitating meta/co-regulatory strategies including in the area of citizen media.
Data Protection and Academic Research: The New GDPR Framework
These slides provide an overview of the new data protection framework for academic research under the GDPR, situating this within the broader context of ethical review. After outlining the broad scope and default duties of the GDPR, the slides look at the critical issue of distinguishing processing for “academic purposes” - common in humanities and social studies – from processing only for “research” – common in the biomedical and other “hard” sciences. Whilst the former is subject to wide and liberal derogations akin to journalism, the latter is subject to mandatory safeguards and limited (and often further safeguarded) derogations. The implications of all this for ensuring lawful processing is outlined focusing on purposes specification, transparency, legal vires, data export and discipline duties as regards processors and co-controllers. It is finally noted that article 23 of the GDPR could permit further flexibility in future through secondary legislation.
More from David Erdos (7)
Google Spain and its Aftermath 2014-2023: An EU and UK GDPR Perspective
Google Spain and its Aftermath 2014-2023: An EU and UK GDPR Perspective
The Brexit Isles Alter Ego? Revisiting Ireland's Commonwealth Exit 1948-49
The Brexit Isles Alter Ego? Revisiting Ireland's Commonwealth Exit 1948-49
Data Protection Post-Brexit: Can the UK Craft a Credible New Approach?
Data Protection Post-Brexit: Can the UK Craft a Credible New Approach?
Data Protection and Academic Research: The New GDPR Framework
Data Protection and Academic Research: The New GDPR Framework
Recently uploaded
It's the Law: Recent Court and Administrative Decisions of Interest
2024 Idaho Water Users Association, Sun Valley, Idaho - June 11, 2024. Presented by Payton Hampton and Garrett Kitamura
Lifting the Corporate Veil. Power Point Presentation
"Lifting the Corporate Veil" is a legal concept that refers to the judicial act of disregarding the separate legal personality of a corporation or limited liability company (LLC). Normally, a corporation is considered a legal entity separate from its shareholders or members, meaning that the personal assets of shareholders or members are protected from the liabilities of the corporation. However, there are certain situations where courts may decide to "pierce" or "lift" the corporate veil, holding shareholders or members personally liable for the debts or actions of the corporation.
Here are some common scenarios in which courts might lift the corporate veil:
Fraud or Illegality: If shareholders or members use the corporate structure to perpetrate fraud, evade legal obligations, or engage in illegal activities, courts may disregard the corporate entity and hold those individuals personally liable.
Undercapitalization: If a corporation is formed with insufficient capital to conduct its intended business and meet its foreseeable liabilities, and this lack of capitalization results in harm to creditors or other parties, courts may lift the corporate veil to hold shareholders or members liable.
Failure to Observe Corporate Formalities: Corporations and LLCs are required to observe certain formalities, such as holding regular meetings, maintaining separate financial records, and avoiding commingling of personal and corporate assets. If these formalities are not observed and the corporate structure is used as a mere façade, courts may disregard the corporate entity.
Alter Ego: If there is such a unity of interest and ownership between the corporation and its shareholders or members that the separate personalities of the corporation and the individuals no longer exist, courts may treat the corporation as the alter ego of its owners and hold them personally liable.
Group Enterprises: In some cases, where multiple corporations are closely related or form part of a single economic unit, courts may pierce the corporate veil to achieve equity, particularly if one corporation's actions harm creditors or other stakeholders and the corporate structure is being used to shield culpable parties from liability.
Integrating Advocacy and Legal Tactics to Tackle Online Consumer Complaints
Our company bridges the gap between registered users and experienced advocates, offering a user-friendly online platform for seamless interaction. This platform empowers users to voice their grievances, particularly regarding online consumer issues. We streamline support by utilizing our team of expert advocates to provide consultancy services and initiate appropriate legal actions.
Our Online Consumer Legal Forum offers comprehensive guidance to individuals and businesses facing consumer complaints. With a dedicated team, round-the-clock support, and efficient complaint management, we are the preferred solution for addressing consumer grievances.
Our intuitive online interface allows individuals to register complaints, seek legal advice, and pursue justice conveniently. Users can submit complaints via mobile devices and send legal notices to companies directly through our portal.
The Work Permit for Self-Employed Persons in Italy
Learn more on how to obtain the work permit for self-employed persons in Italy at https://immigration-italy.com/selfemployment-work-permit-in-italy/.
Corporate Governance : Scope and Legal Framework
CORPORATE GOVERNANCE
MEANING
Corporate Governance refers to the way in which companies are governed and to what purpose. It identifies who has power and accountability, and who makes decisions. It is, in essence, a toolkit that enables management and the board to deal more effectively with the challenges of running a company.
Presentation (1).pptx Human rights of LGBTQ people in India, constitutional a...
Human rights of LGBTQ people in India, constitutional and judicial approach
Genocide in International Criminal Law.pptx
Excited to share insights from my recent presentation on genocide! 💡 In light of ongoing debates, it's crucial to delve into the nuances of this grave crime.
快速办理(SCU毕业证书)澳洲南十字星大学毕业证文凭证书一模一样
学校原件一模一样【微信:741003700 】《(SCU毕业证书)澳洲南十字星大学毕业证文凭证书》【微信:741003700 】学位证,留信认证(真实可查,永久存档)原件一模一样纸张工艺/offer、雅思、外壳等材料/诚信可靠,可直接看成品样本,帮您解决无法毕业带来的各种难题!外壳,原版制作,诚信可靠,可直接看成品样本。行业标杆!精益求精,诚心合作,真诚制作!多年品质 ,按需精细制作,24小时接单,全套进口原装设备。十五年致力于帮助留学生解决难题,包您满意。
本公司拥有海外各大学样板无数,能完美还原。
1:1完美还原海外各大学毕业材料上的工艺:水印,阴影底纹,钢印LOGO烫金烫银,LOGO烫金烫银复合重叠。文字图案浮雕、激光镭射、紫外荧光、温感、复印防伪等防伪工艺。材料咨询办理、认证咨询办理请加学历顾问Q/微741003700
【主营项目】
一.毕业证【q微741003700】成绩单、使馆认证、教育部认证、雅思托福成绩单、学生卡等!
二.真实使馆公证(即留学回国人员证明,不成功不收费)
三.真实教育部学历学位认证(教育部存档!教育部留服网站永久可查)
四.办理各国各大学文凭(一对一专业服务,可全程监控跟踪进度)
如果您处于以下几种情况:
◇在校期间,因各种原因未能顺利毕业……拿不到官方毕业证【q/微741003700】
◇面对父母的压力,希望尽快拿到;
◇不清楚认证流程以及材料该如何准备;
◇回国时间很长,忘记办理;
◇回国马上就要找工作,办给用人单位看;
◇企事业单位必须要求办理的
◇需要报考公务员、购买免税车、落转户口
◇申请留学生创业基金
留信网认证的作用:
1:该专业认证可证明留学生真实身份
2:同时对留学生所学专业登记给予评定
3:国家专业人才认证中心颁发入库证书
4:这个认证书并且可以归档倒地方
5:凡事获得留信网入网的信息将会逐步更新到个人身份内,将在公安局网内查询个人身份证信息后,同步读取人才网入库信息
6:个人职称评审加20分
7:个人信誉贷款加10分
8:在国家人才网主办的国家网络招聘大会中纳入资料,供国家高端企业选择人才
What are the common challenges faced by women lawyers working in the legal pr...
The legal profession, which has historically been male-dominated, has experienced a significant increase in the number of women entering the field over the past few decades. Despite this progress, women lawyers continue to encounter various challenges as they strive for top positions.
在线办理(SU毕业证书)美国雪城大学毕业证成绩单一模一样
学校原件一模一样【微信:741003700 】《(SU毕业证书)美国雪城大学毕业证成绩单》【微信:741003700 】学位证,留信认证(真实可查,永久存档)原件一模一样纸张工艺/offer、雅思、外壳等材料/诚信可靠,可直接看成品样本,帮您解决无法毕业带来的各种难题!外壳,原版制作,诚信可靠,可直接看成品样本。行业标杆!精益求精,诚心合作,真诚制作!多年品质 ,按需精细制作,24小时接单,全套进口原装设备。十五年致力于帮助留学生解决难题,包您满意。
本公司拥有海外各大学样板无数,能完美还原。
1:1完美还原海外各大学毕业材料上的工艺:水印,阴影底纹,钢印LOGO烫金烫银,LOGO烫金烫银复合重叠。文字图案浮雕、激光镭射、紫外荧光、温感、复印防伪等防伪工艺。材料咨询办理、认证咨询办理请加学历顾问Q/微741003700
【主营项目】
一.毕业证【q微741003700】成绩单、使馆认证、教育部认证、雅思托福成绩单、学生卡等!
二.真实使馆公证(即留学回国人员证明,不成功不收费)
三.真实教育部学历学位认证(教育部存档!教育部留服网站永久可查)
四.办理各国各大学文凭(一对一专业服务,可全程监控跟踪进度)
如果您处于以下几种情况:
◇在校期间,因各种原因未能顺利毕业……拿不到官方毕业证【q/微741003700】
◇面对父母的压力,希望尽快拿到;
◇不清楚认证流程以及材料该如何准备;
◇回国时间很长,忘记办理;
◇回国马上就要找工作,办给用人单位看;
◇企事业单位必须要求办理的
◇需要报考公务员、购买免税车、落转户口
◇申请留学生创业基金
留信网认证的作用:
1:该专业认证可证明留学生真实身份
2:同时对留学生所学专业登记给予评定
3:国家专业人才认证中心颁发入库证书
4:这个认证书并且可以归档倒地方
5:凡事获得留信网入网的信息将会逐步更新到个人身份内,将在公安局网内查询个人身份证信息后,同步读取人才网入库信息
6:个人职称评审加20分
7:个人信誉贷款加10分
8:在国家人才网主办的国家网络招聘大会中纳入资料,供国家高端企业选择人才
在线办理(UNE毕业证书)新英格兰大学毕业证成绩单一模一样
学校原件一模一样【微信:741003700 】《(UNE毕业证书)新英格兰大学毕业证成绩单》【微信:741003700 】学位证,留信认证(真实可查,永久存档)原件一模一样纸张工艺/offer、雅思、外壳等材料/诚信可靠,可直接看成品样本,帮您解决无法毕业带来的各种难题!外壳,原版制作,诚信可靠,可直接看成品样本。行业标杆!精益求精,诚心合作,真诚制作!多年品质 ,按需精细制作,24小时接单,全套进口原装设备。十五年致力于帮助留学生解决难题,包您满意。
本公司拥有海外各大学样板无数,能完美还原。
1:1完美还原海外各大学毕业材料上的工艺:水印,阴影底纹,钢印LOGO烫金烫银,LOGO烫金烫银复合重叠。文字图案浮雕、激光镭射、紫外荧光、温感、复印防伪等防伪工艺。材料咨询办理、认证咨询办理请加学历顾问Q/微741003700
【主营项目】
一.毕业证【q微741003700】成绩单、使馆认证、教育部认证、雅思托福成绩单、学生卡等!
二.真实使馆公证(即留学回国人员证明,不成功不收费)
三.真实教育部学历学位认证(教育部存档!教育部留服网站永久可查)
四.办理各国各大学文凭(一对一专业服务,可全程监控跟踪进度)
如果您处于以下几种情况:
◇在校期间,因各种原因未能顺利毕业……拿不到官方毕业证【q/微741003700】
◇面对父母的压力,希望尽快拿到;
◇不清楚认证流程以及材料该如何准备;
◇回国时间很长,忘记办理;
◇回国马上就要找工作,办给用人单位看;
◇企事业单位必须要求办理的
◇需要报考公务员、购买免税车、落转户口
◇申请留学生创业基金
留信网认证的作用:
1:该专业认证可证明留学生真实身份
2:同时对留学生所学专业登记给予评定
3:国家专业人才认证中心颁发入库证书
4:这个认证书并且可以归档倒地方
5:凡事获得留信网入网的信息将会逐步更新到个人身份内,将在公安局网内查询个人身份证信息后,同步读取人才网入库信息
6:个人职称评审加20分
7:个人信誉贷款加10分
8:在国家人才网主办的国家网络招聘大会中纳入资料,供国家高端企业选择人才
原版制作(PSU毕业证书)宾州州立大学公园分校毕业证学历证书一模一样
学校原件一模一样【微信:741003700 】《(PSU毕业证书)宾州州立大学公园分校毕业证学历证书》【微信:741003700 】学位证,留信认证(真实可查,永久存档)原件一模一样纸张工艺/offer、雅思、外壳等材料/诚信可靠,可直接看成品样本,帮您解决无法毕业带来的各种难题!外壳,原版制作,诚信可靠,可直接看成品样本。行业标杆!精益求精,诚心合作,真诚制作!多年品质 ,按需精细制作,24小时接单,全套进口原装设备。十五年致力于帮助留学生解决难题,包您满意。
本公司拥有海外各大学样板无数,能完美还原。
1:1完美还原海外各大学毕业材料上的工艺:水印,阴影底纹,钢印LOGO烫金烫银,LOGO烫金烫银复合重叠。文字图案浮雕、激光镭射、紫外荧光、温感、复印防伪等防伪工艺。材料咨询办理、认证咨询办理请加学历顾问Q/微741003700
【主营项目】
一.毕业证【q微741003700】成绩单、使馆认证、教育部认证、雅思托福成绩单、学生卡等!
二.真实使馆公证(即留学回国人员证明,不成功不收费)
三.真实教育部学历学位认证(教育部存档!教育部留服网站永久可查)
四.办理各国各大学文凭(一对一专业服务,可全程监控跟踪进度)
如果您处于以下几种情况:
◇在校期间,因各种原因未能顺利毕业……拿不到官方毕业证【q/微741003700】
◇面对父母的压力,希望尽快拿到;
◇不清楚认证流程以及材料该如何准备;
◇回国时间很长,忘记办理;
◇回国马上就要找工作,办给用人单位看;
◇企事业单位必须要求办理的
◇需要报考公务员、购买免税车、落转户口
◇申请留学生创业基金
留信网认证的作用:
1:该专业认证可证明留学生真实身份
2:同时对留学生所学专业登记给予评定
3:国家专业人才认证中心颁发入库证书
4:这个认证书并且可以归档倒地方
5:凡事获得留信网入网的信息将会逐步更新到个人身份内,将在公安局网内查询个人身份证信息后,同步读取人才网入库信息
6:个人职称评审加20分
7:个人信誉贷款加10分
8:在国家人才网主办的国家网络招聘大会中纳入资料,供国家高端企业选择人才
The Future of Criminal Defense Lawyer in India.pdf
https://veteranlegal.in/defense-lawyer-in-india/ | Criminal defense Lawyer in India has always been a vital aspect of the country's legal system. As defenders of justice, criminal Defense Lawyer play a critical role in ensuring that individuals accused of crimes receive a fair trial and that their constitutional rights are protected. As India evolves socially, economically, and technologically, the role and future of criminal Defense Lawyer are also undergoing significant changes. This comprehensive blog explores the current landscape, challenges, technological advancements, and prospects for criminal Defense Lawyer in India.
Search Warrants for NH Law Enforcement Officers
Training aid for law enforcement officers related to search warrants, the requirements needed, drafting, and execution of the search warrant.
Receivership and liquidation Accounts Prof. Oyedokun.pptx
Receivership and liquidation Accounts Prof. Oyedokun.pptxGodwin Emmanuel Oyedokun MBA MSc PhD FCA FCTI FCNA CFE FFAR
Receivership and liquidation Accounts
Being a Paper Presented at Business Recovery and Insolvency Practitioners Association of Nigeria (BRIPAN) on Friday, August 18, 2023.
Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...
Presentation slides for a session held on June 4, 2024, at Kyoto University. This presentation is based on the presenter’s recent paper, coauthored with Hwang Lee, Professor, Korea University, with the same title, published in the Journal of Business Administration & Law, Volume 34, No. 2 (April 2024). The paper, written in Korean, is available at <https://shorturl.at/GCWcI>.
Recently uploaded (20)
It's the Law: Recent Court and Administrative Decisions of Interest
It's the Law: Recent Court and Administrative Decisions of Interest
Lifting the Corporate Veil. Power Point Presentation
Lifting the Corporate Veil. Power Point Presentation
Integrating Advocacy and Legal Tactics to Tackle Online Consumer Complaints
Integrating Advocacy and Legal Tactics to Tackle Online Consumer Complaints
The Work Permit for Self-Employed Persons in Italy
The Work Permit for Self-Employed Persons in Italy
Presentation (1).pptx Human rights of LGBTQ people in India, constitutional a...
Presentation (1).pptx Human rights of LGBTQ people in India, constitutional a...
What are the common challenges faced by women lawyers working in the legal pr...
What are the common challenges faced by women lawyers working in the legal pr...
fnaf lore.pptx ...................................
fnaf lore.pptx ...................................
The Future of Criminal Defense Lawyer in India.pdf
The Future of Criminal Defense Lawyer in India.pdf
Receivership and liquidation Accounts Prof. Oyedokun.pptx
Receivership and liquidation Accounts Prof. Oyedokun.pptx
Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...
Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...
Comparing EU and Council of Europe Data Protection Standards in the Context of Brexit
- 1. Dr David Erdos Faculty of Law University of Cambridge
- 2. Introduction S. I. 2019/419 provides for only minor immediate changes to UK DP in event of even “no deal” Brexit. But longer-term will likely see divergence. But in addition to seeking adequacy, UK will remain part of CoE framework including Convention 108+. Going to explore what less prescriptive substantive approach within CoE framework might look like.
- 3. Article 8 of EU Charter Will Go Specific things within Article 8 are high-level & not controversial: fairness, purpose specification, legal basis, right of access & rectification. But Article 8 gives a special status not just to this but to right of data protection more generally. Special status is bolstered by emphasis Court of Justice places on DP as a fundamental right. None of that is fully replicated in CoE DP or will be replicated in UK domestically in event of Brexit.
- 4. Transparency Rules Both instruments have proactive & reactive rights here. But, Convention 108+ much weaker esp. re: proactive (A. 8): Less information ‘mandatory’ (storage period, automated decision-making, source etc.). Explanatory Report seems to see public notice as sufficient. Report also seems to imply that if not direct collection then must be from third party – but what about imputed or public domain? Disproportionate effort is also full exemption – no mention of appropriate protective measures, let alone “making the information publicly available” (cf. GDPR, art. 14(5)(b)).
- 5. Special/Sensitive Data: Overview Special/sensitive data not mentioned per se in EU Charter. But it is a core part of granular law in both EU and CoE. However, divergences here could also feed into shift to less prescriptive, more “pragmatic” approach. This is especially apparent as regards the definition of special data but may also arise as regards type of safeguards.
- 6. Protection of Criminal-Related Data Scope: Stringency: GDPR: “data relating to criminal convictions and offences or related security measures” (A. 10) Convention 108+: “data relating to offences, criminal proceedings and convictions and related security measures.” (A. 6) GDPR: Control of official authority or law with appropriate safeguards. Convention 108+: Law with appropriate safeguards.
- 7. Other Special/Sensitive Data Stringency: Convention 108+: Law with appropriate safeguards. GDPR: General prohibition absent waiver or weighty public interest & safeguards (A. 9) Scope: Both adopt categorical approach & only minor differences. But Convention 108+ usually also requires sensitive purpose: This would even cover super-sensitive areas like health & sex life. “The processing of: … - personal data for the information they reveal … shall only be allowed with appropriate safeguards are enshrined in law.”
- 8. Discipline Provisions CoE & GDPR: Security Accountability Export Control (DPA Breach) Rules on: Processor Joint Control Export Rules: “essential equivalence” Closed list Breach Regime: - DPA - Subject - Public DP Officer Documentation Impact Assess. Prior Consult
- 9. Conclusions In event of Brexit, UK with leave EU Charter and substantive DP regime will slowly diverge from that of EU. UK remains commited not just to ‘adequacy’ but also CoE DP, which shares common roots and structure with EU DP. But CoE less prescriptive & more pragmatic especially re: Proactive Transparency Discipline provisions Special data regime. Those differences are likely to impact UK DP in future.