Loading presentation...

Present Remotely

Send the link below via email or IM


Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.


Data Protection in the European Union

EDCC Presentation Ioana Beganu

razvan antemir

on 25 February 2011

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Data Protection in the European Union

Data Protection in the European Union Definition of personal data Art. 2(a) of Directive 95/46/EC (Data Protection Directive)

‘Personal data' shall mean any information relating to an
identified or identifiable natural person ('data subject');
an identifiable person is one who can be identified,
directly or indirectly, in particular by reference to an
identification number or to one or more factors specific
to his physical, physiological, mental, economic, cultural or
social identity.
EU data protection legislation Charter of Fundamental Rights of the European Union, Article 8
TFEU, Article 16

Data protection Directive 95/46/EC
Directive 2002/58/EC (Directive on privacy and electronic communications)
Regulation (EC) 45/2001 (EU institutions and bodies)
Council Framework Decision 2008/977/JHA (protection of personal data processed in the framework of police and judicial cooperation in criminal matters)
ECJ jurisdiction Scope of the Data Protection Directive The Directive applies to:

'processing' of data (collection of personal data, its storage, disclosure, etc.)
data processed by automated means (e.g. a computer database of customers)
non automated 'filing systems' (traditional paper files)

The Directive does not apply to:
data processed for purely personal reasons or household activities
public security, defence or criminal law enforcement When can personal data be processed? Personal data can only be processed in specific circumstances
(contracts, legal requirements, public interest, etc.)
and with the informed consent of the data subject.

Sensitive data cannot be processed!
Racial or ethnic origin, political opinions, religious of philosophical beliefs,
trade union membership, data concerning health or sexual preference


Derogations only under specific circumstances (employment law) Rights of subjects Information
Access and rectification
Object on legitimate grounds
Compensation for damage
Obligations of data controllers Lawful processing
Explicit and legitimate purpose
Relevant data (not excessive)
Provide access to data subject
Time limits
Supervisory authorities to be notified of data is collected Transfers to third countries Personal data can only be transferred to countries outside the EU that guarantee an “adequate” level of protection
EU procedure to ensure that any Member State’s decision to block a particular transfer is either extended to the EU as a whole, or reversed.
E-privacy directive 2002/58/EC Complements the provisions of Directive 95/46/EC in the electronic communications sector:
Confidentiality of communications
Prohibition of spam
Does not apply to public security, defence, public security and criminal law enforcement activities Data retention directive 2006/24/EC The data is required to be available to competent national authorities in specific cases, only "for the purpose of the investigation, detection and prosecution of serious crime, as defined by each Member State in its national law".

Operators must retain, for a period of between 6 months and 2 years data on:
date and time
type of communication (and means)
identity of caller and recipient

Remedies ? Complain to data controller

Complain to national Data Protection Authorities (DPAs)

Go to national court
Reform of the data protection legislation COM(2010) 609 “A comprehensive approach on personal data protection in the European Union” (proposal expected in 2011)

New technologies, Treaty of Lisbon’s new legal bases, need for coherent application and better enforcement .

Strenghening the individuals‘ rights
Enhancing the internal market dimension
Stronger institutional arrangement for better enforcement
Addressing the global dimension of data protection
Revising the data protection rules in the area of police and judicial cooperation in criminal matters Data Protection and the EU Institutions The EDPS ensures that the European institutions and bodies respect the right to privacy when they process personal data and develop new policies.
Specific duties of the EDPS are laid down in Regulation (EC) No 45/2001.

Transparency VS Privacy: beneficiaries of agricultural funds

EDCC data protection policy
EDCC Requests to remove data
Resources DG Just Data protection guide (to be updated in 2011)

Art. 29 Working Party opinions (not legally binding)

EdWise SR on Data protection
Full transcript