Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Data Protection - Law Enforcement

No description
by

Els De Busser

on 16 January 2017

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Data Protection - Law Enforcement

Data Protection - Law Enforcement - Cybersecurity
EU - US Cooperation
Link with cybersecurity
Data Protection Principles
Data Protection Principles
Plan for today:
freshen up data protection
make link with law enforcement
differences
similarities
look at EU - US data protection in criminal matters
A car hire company contracts a vehicle-tracking company to install devices in its cars (a software that is a trade secret of the tracking company) and monitor them so that cars can be recovered if they go missing. They specify:
that the tracking company should track all the company’s cars and send back the location data to the hire company six hours after the end of the hire period, if the car has not been returned.

Example II
personal data
data controller
processing
data processor
A car hire company contracts a vehicle-tracking company to install devices in its cars and monitor them so that cars can be recovered if they go missing. The car hire company specifies in the contract:
which data the tracking company should collect,
how the data should be analysed and
that all the company’s cars should be tracked and the location data should be sent back to the hire company 6 hours after the end of the hire period, if the car has not been returned.

Example I
data controller
data processor
data controllers
each for different activity
DHL is contracted by a local bank to pick up envelopes containing (among other data) specific customers’ credit card data and bring them to a second office of the bank at the other side of the same city. The courier service is in physical possession of the documents but may not open it to access any personal data or other content.

Example III
data controller
Two police officers enter a local bank to pick up envelopes containing (among other data) specific customers’ credit card data and bring them to the police station at the other side of the same city for the purpose of an investigation into credit card fraud.

Example IV
data controllers
each for different activity
Council of Europe Convention 1981
EU legal instruments
commercial
matters
in criminal
matters
until
May 2018
from May
2018 onwards
Directive
95/46/EC
Framework
Decision 2008
GDPR
Directive
Data Protection
Law Enforcement
personal data as such
accurate
up to date
adequate
not excessive
processing of personal data
purpose limitation
data retention
PURPOSE
law enforcement?
exception:
in law
necessary & proportionate
secrecy of criminal investigation
fair trial rights (presumption of innocence, right to lawyer, etc.)
security of data GDPR
= security of data Law Enforcement Directive
risk mitigation plans
notification data breach to supervisory authority
risk and high risk
additionally:
data protection impact assessment
prior consultation of superv. authority
notification data breach to data subject
What data can police use?
profiling &
big data analysis
telecommunication data
purchasing behaviour
travel & location data
images (security camera's)
...
suspect
victim(s)
witness(es)
commercial
matters
in criminal
matters
until
May 2018
from May
2018 onwards
EU - US
cooperation
Directive
95/46/EC
Framework
Decision 2008
GDPR
Directive
Data Protection
Law Enforcement
Privacy Shield
Umbrella Agreement
different data protection regimes

requirement for 3rd states:
adequate level of data protection
or appropriate safeguards

both in commercial and criminal cooperation
self-certify system
of commitments
replaced Safe Harbor in 2016
2 December 2016
superstructure
added to existing agreements
dependent on US Judicial Redress Act
EU
EU - US
The takeaways:
data protection terminology

commercial - criminal matters

specific nature of criminal investigations

3rd states - adequacy

EU - US cooperation
Court of Justice
2015:
"essential
equivalence"
Full transcript