Embed Size (px)
Citation preview
Christian D’Cunha, Office of the EDPSConsumer Justice Enforcement Forum II Policy Debate
Brussels 21 April 2015
Enforcement in the field of data protection
1 Data protection enforcement
2 Cooperation between data protection authorities
3 Interaction between consumer and data protection
2
The EDPS Strategy 2015-2019: Leading by example
I. Data protection goes digital
II. Forging global partnerships
III. Opening a new chapter for EU data protection
3
Data protection in flux
Reform of data protection framework in EU and Council of Europe C-293/12 & C-594/12 DRIC-131/12 Google Spain
C-362/14 Schrems
4
What data protection authorities do
Ombudsmen
Auditors
Consultants
Educators
Policy Advisers
Negotiators
Enforcers
[C.Bennett, Ch. D. Raab, The Governance of Privacy: Policy Instruments in Global Perspective, Ashgate, 2003, pp. 107-116.]
5
Staffing of DPAsSize matters
6
Austria - 20Belgium - 56Bulgaria - 67Cyprus - 11Czech Republic - 97Denmark - 35Estonia - 17Finland - 21France -148FR Germany - 81Greece - 27Hungary - 48 Ireland - 30Italy - 118Latvia - 19Lithuania - 30
Luxembourg -13Malta - 8Netherlands - 88Poland -123Portugal - 28Romania - 46Slovenia - 34Slovakia - 33Spain - 154Sweden - 44United Kingdom- 380 EDPS - 50Iceland - 4Liechtenstein - 4Norway - 40
[Source: Phaedra, June 2014]
7
8
Data protection
Consumer protection
Competition
Compatibility/ substitutabilityData portability
TransparencyAccurate, intelligible information
Welfare vs harm ChoiceTrust and the internal market
Exploitation
Fines
11
Google's net income Data protection
(FR/ Google 2014) Consumer (IT/ Apple/ 2012) Anti competitive
agreements (max) GDPR (max) (EP's amendments)
€-
€2,000,000,000
€4,000,000,000
€6,000,000,000
€8,000,000,000
€10,000,000,000
€12,000,000,000
€14,000,000,000
Data protection reform: look out for Article 76
Art 73: Right to lodge a complaint with a supervisory authority
Any body, organisation or association which aims to protect data subjects’ rights and interests concerning the protection of their personal data and has been properly constituted according to the law of a Member State shall have the right to lodge a
complaint with a supervisory authority in any Member State on behalf of one or more data subjects if it considers that a data subject’s rights under this Regulation have been infringed as a result of the processing of personal data.
Art 76: Common rules for court proceedings
Any body, organisation or association referred to in Article 73(2) shall have the right to exercise the rights referred to in Articles 74 and 75 on behalf of one or more data subjects 12
13
The Charter of Fundamental Rights of the EU
Art 7: Right to respect for private and family life
Art 8: Right to protection of personal data… compliance subject to control of independent authority
Art 37: Union policies shall ensure a high level of consumer protection
14
Lisbon Treaty: horizontal, heterogenous applicability
Art 12 Consumer protection requirements shall be taken into account in defining and implementing other Union policies and activities
Art 16: Rules shall be laid down on protection of individuals where data processed by EU bodies, by MS carrying out activities in scope of EU law and on free movement of data in the internal market. Compliance controlled by independent authorities.
Art 169: To promote interests of consumers and high level of consumer protection, EU shall contribute to protecting health, safety and economic interests of consumers and to protecting right to information, education and to organise themselves to safeguard their interests – through measures that o complete the internal marketo support, supplement and monitor MS policy
MS may apply more stringent protective measures
15
Parallel lines
Consumer law
Data protection
fund
amen
tal
right
s
enf
orc
emen
t
Inte
rna
l ma
rke
t
Pro
tect
ion
from
har
m
Ch
oic
e
Points of intersection
16
What is the deal? Transparency of information – ‘concise, transparent, clear
and easily accessible… in an intelligible form, using clear and plain language ‘ (GDPR Art 11);
‘plain and intelligible language (CPD Art.8.1)
How do I agree to the deal? Concept of consent (Article 7(a) Directive 95/46/EC, Art 7
GDPR) ‘explicit acknowledgement’ (CPD Art 8.2)
How do I get out of the deal? Data portability (GDPR Art 15), right to be forgotten (Art
17) Right of withdrawal (CPD Art 9)
Transparency Web 2.0? What is the deal?
Our automated systems analyse your sent, received and stored emails to provide you personally relevant product features. The rights you grant in this license are for the limited purpose of operating, promoting, and improving our services, and to develop new ones.
How do I agree to the deal?
When you upload, submit, store, send or receive content to or through our services, you give us and our partners a worldwide license to use, host, store, reproduce, modify, create derivative works communicate, publish, publicly perform, publicly display and distribute such content.
How do I get out of the deal?
You may block all cookies… However, it’s important to remember that many of our services may not function properly if your cookies are disabled.
17
EDPS Strategy 2015-2019
Priority action 3
develop a model for information-handling policies … which explains in simple terms
how business processes could affect individuals’ rights to privacy and protection
of personal data…
18
Big challenges
Understanding the consumer interest Defining abuse of data/ unfair contracts Cooperation between authorities Enforcement powers and sanctions Redress
19
20
Thank you
https://secure.edps.europa.eu/EDPSWEB/edps/Consultation/big_data
@EU_EDPS
