Legal aspects of biometric data processing : current state of affairs. Dr. E. J. Kindt MIPRO 2015
|
|
- Meredith Boyd
- 5 years ago
- Views:
Transcription
1 Legal aspects of biometric data processing : current state of affairs Dr. E. J. Kindt MIPRO 2015
2 Overview Introduction Biometric data and the legislator o legal qualification o Consent and biometric data o PbD: Pseudonymous biometric identities Recent case law Some conclusions 2
3 Face facts? 3
4 Face facts? Biometric data : allow to identify - but: laws usually specify identity controls Biometric data also increase risk of surveillance - de-identification very important where desirable Hence : biometric data processing is interfering? Under which conditions is it acceptable? 4
5 Face facts? Biometric data : Sensitive data? Current definition : Directive 95/46/EC: data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, ( ) data concerning health or sex life ( ) intention? Compare: CoE: DNA use of only non-coding for identification 5
6 1.1 The nature of biometric data: legal qualification Biometric data : o The Netherlands: HR LJN BK6331: facial images reveal racial information o United Kingdom: Murray v. Express Newspapers & Big Pictures (UK) Ltd 2007 (UK) : photograph is sensitive personal data? 6
7 1.1 The nature of biometric data: legal qualification o Cons. Constitutionnel n (Loi protection identité) (France): 6. ( ) la création d'un fichier d'identité biométrique portant sur la quasi-totalité de la population française et dont les caractéristiques rendent possible l'identification d'une personne à partir de ses empreintes digitales porte une atteinte inconstitutionnelle au droit au respect de la vie privée ; ( ) Interference with fundamental rights to respect for privacy and data protection 7
8 1.1 The nature of biometric data: legal qualification Artikel 29 Working Party: are of a special nature. ( ) Art. 29 WP (WP80) - EDPS sensitive Art. 29 WP Very few EU Member States have data protection legislation which explicitly states that biometric data is sensitive data 8
9 1.1 The nature of biometric data: legal qualification New in Proposal 2012: data revealing racial or ethnic origin, political opinions, religious or (philosophical) beliefs, ( ) genetic data or data concerning health or sex life ( ) New in Proposal 2012: Biometric data in particular present specific risks EP amend. Proposal 2012: genetic or biometric data European Commission, Proposal for a Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), COM(2012) 11 final, , 118 p. 9
10 1.1 The nature of biometric data: legal qualification EU Council: Art. 4 (11): 'biometric data' means any personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of an individual of that individual, which allows or confirms the unique identification such as facial images, or dactyloscopic data EU Council, 15395/14, 2012/0011 (COD), consolidated version of
11 1.1 The nature of biometric data: legal qualification EU Council: Art. 33 (1): Where a type of processing in particular using new technologies, and taking into account the nature, their scope, context and or their purposes of the processing, is likely to result in a high risk for the rights and freedoms of individuals, such as discrimination, identity theft or fraud, financial loss, damage to the reputation, [breach of pseudonymity], loss of confidentiality of data protected by professional secrecy or any other significant economic or social disadvantage, the controller or the processor acting on the controller's behalf shall, prior to the processing, carry out an assessment of the impact of the envisaged processing operations on the protection of personal data. EU Council, 15395/14, 2012/0011 (COD), consolidated version of
12 1.1 The nature of biometric data: legal qualification EU Council: Art. 33 (2) : data protection impact assessment referred to in paragraph 1 shall in particular be required in the following cases: ( ) b) of personal data under Article 9(1) ( ), biometric data or data on criminal convictions and offences or related security measures, where the data are processed for taking measures or decisions regarding specific individuals on a large scale; EU Council, 15395/14, 2012/0011 (COD), consolidated version of
13 1.2 Consent and biometric data Dir. 95/46: Processing of sensitive data prohibited; But: exceptions: o explicit consent unless (!) MS prohibit Protection of Freedoms Act 2012 (UK), Chap. 2 ( ) must ensure a child s biometric information is not processed unless (a) at least one parent of the child consents ( ) (b) no parent of the child has withdrawn his or her consent, or otherwise objected, (..) (section 26 (3)) But: - informed consent? - Information about the risks? - accuracy? 13
14 1.2. Consent and biometric data New in Proposal 2012: Consent :1. burden of proof upon the controller 2. presented distinguishable 3. right to withdraw at any time - 4. no legal basis if there is a significant imbalance between the position of the data subject and the controller Cate, Cullen, Mayer-Schönberger, Data Protection Principles for the 21st Century. Revising the 1980 OECD Guidelines, december 2013 for reasons of substantial public interest by MS law or DPA decisions, subject to suitable safeguards Consent is not the solution 14
15 1.3. PbD: Multiple Pseudonymous Biometric identities Irreversible, revocable, unlinkable, multiple biometric identities o ISO/IEC 24745:2011 Information technology Security techniques - Biometric Information Protection, o Scientific research and deployment in practice EP amend. Proposal 2012: Pseudonymous data means personal data that cannot be attributed to a specific data subject without the use of additional information, as long as such additional information is kept separately and subject to technical and organisational measures to ensure non-attribution Fingerprint without name?? Is not pseudonymous! 15
16 1.3. Turbine recommended Best Practices BP N 1. Functionality of the biometric IdM system Use of verification mode only Design and Architecture Enrolment Deployment BP N 2. User control BP N 3. Multiple identities en pseudonyms BP N 4. Revocation and reissuance BP N 5. Credential/Identity check BP N 6. Deletion of samples and original templates BP N 10. Organization, Security & Certification BP N 7. Use of privacy enhancing technologies BP N 8. transparency and additional information BP N 9. Accuracy, fall back procedure and appeal 16
17 2. Recent case law ECtHR P.G. and J.H. v. the United Kingdom (2001) : About recording of data and the systematic or permanent nature of the record A permanent record of a person s voice for further analysis is of direct relevance to identifying that person when considered in conjunction with other personal data. The recording of the applicants voices for such further analysis amounts to interference with the right to respect for their private lives ( 59-60) 17
18 2. Recent case law ECtHR S. and Marper v. UK (2008) : fingerprint records constitute ( ) personal data ( ) which contain certain external identification features ( 81) fingerprints objectively contain unique information about the individual concerned, allowing his or her identification with precision in a wide range of circumstances. They are thus capable of affecting his or her private life and the retention of this information without the consent of the individual concerned cannot be regarded as neutral or insignificant ( 84) 18
19 2. Recent case law ECHR S. and Marper v. UK (2008) : fingerprints were initially taken in criminal proceedings and subsequently recorded on a national database with the aim of being permanently kept and regularly processed by automated means for criminal-identification purposes. the retention of fingerprints constitutes an interference with the right to respect for private life ( 86) 19
20 2. Recent case law ECHR S. and Marper v. UK (2008) : Biometric data processing is interfering and requires balancing (law legitimacy proportionality) Use of modern scientific techniques ( 112) legislation allowing for their indefinite retention, despite the acquittal of the former and the discontinuance of the criminal proceedings against the latter. The Court must consider whether the permanent retention of fingerprint and DNA data of all suspected but unconvicted people is based on relevant and sufficient reasons ( 114) (legitimacy) 20
21 2. Recent case law ECHR S. and Marper v. UK (2008) : remains whether such retention and storage is proportionate and strikes a fair balance between the competing public and private interests (proportionality test sensu strictu) blanket and indiscriminate nature of the power of retention ( 119) the risk of stigmatisation - right to presumption of innocence the retention at issue constitutes a disproportionate interference with the applicants right to respect for private life and cannot be regarded as necessary in a democratic society ( ) 21
22 2. Recent case law Council Regulation (EC) No 2252/2004 of 13 December 2004 on standards for security features and biometrics in passports and travel documents issued by Member States, as amended by Regulation (EC) No 444/2009 ECJ C-291/12 decision Schwarz v. Bochum, 2013 : o o constitutes a threat to the rights to respect for private life and the protection of personal data. Accordingly, it must be ascertained whether that twofold threat is justified the contested measures pursue, in particular, the general interest objective of preventing illegal entry into the EU and are appropriate for attaining the aim of protecting against the fraudulent use of passports. 22
23 2. Recent case law Council Regulation (EC) No 2252/2004 of 13 December 2004 on standards for security features and biometrics in passports and travel documents issued by Member States, as amended by Regulation (EC) No 444/2009 ECJ C-446/12-449/12 Willems e.a.16 April 2015 : 45: to be used only for verifying the authenticity of the document or the identity of the holder 47: does not provide a legal basis for. databases in MS 48 : It follows, in particular, that Regulation No 2252/2004 does not require a Member State to guarantee in its legislation that biometric data will not be used or stored by that State for purposes other than those mentioned in Art. 4(3) 23
24 2. More important recent (data protection) case law United Kingdom: Google v. Vidal-Hall 2015 EWCA Civ 311 tort for misuse of private information? (rather than confidential information) EU Charter rights were relied upon to strike down UK legislation limiting the ability to sue for non-economic losses United States : Ct Appeal 2 nd Circuit Civil Libert. vs NSA 7 May 2015 : Sect. 215 Patriot Act unlawful (bulk collection of telephone metadata) 24
25 Role for the legislator ECJ C-291/12 decision Schwarz v. Bochum, 2013 on preliminary questions: 46. ( ) Next, in assessing whether such processing is necessary, the legislature is obliged, inter alia, to examine whether it is possible to envisage measures which will interfere less with the rights recognised by Articles 7 and 8 of the Charter but will still contribute effectively to the objectives of the European Union rules in question ( ) Legislator shall take responsibility 25
26 Conclusions Need to acknowledge interfering and sensitive character of biometric data Consent not sufficient quid irreversible, revocable, unlinkable, multiple biometric identities? Need for legislative action with conditions and requiring safeguards for biometric data processing 26
27 Further reading European Commission, Proposal for a Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), COM(2012) 11 final, , 118 p. EU Council, 15395/14, 2012/0011 (COD), consolidated version of , available at ECHR S. and Marper v. UK (2008) ECJ C-291/12 Schwarz v. Bochum, 2013 ECJ C-446/12-449/12 Willems e.a.16 April 2015 and also : our Facebook report v. 1.2 ( ) See 27
EDPS Opinion 7/2018. on the Proposal for a Regulation strengthening the security of identity cards of Union citizens and other documents
EDPS Opinion 7/2018 on the Proposal for a Regulation strengthening the security of identity cards of Union citizens and other documents 10 August 2018 1 Page The European Data Protection Supervisor ( EDPS
More informationBiometrics: The Future of Banking?
Biometrics: The Future of Banking? CECA Bank Madrid, 3 November 2016 Els Kindt Overview Introduction Biometric data and the GDPR Biometric data and evidence Forensic use of biometric data Conclusion 2
More informationLaw Enforcement processing (Part 3 of the DPA 2018)
Law Enforcement processing (Part 3 of the DPA 2018) Introduction This part of the Act transposes the EU Data Protection Directive 2016/680 (Law Enforcement Directive) into domestic UK law. The Directive
More informationSecretariaat. To European Parliament Civil Liberties, Justice and Home Affairs Committee Rue Wiertz BE-1047 BRUXELLES
Meijers Committee Secretariaat postbus 201, 3500 AE Utrecht/Nederland telefoon 31 (30) 297 42 14/43 28 telefax 31 (30) 296 00 50 e-mail cie.meijers@forum.nl http://www.commissie-meijers.nl To European
More information5418/16 AV/NT/vm DGD 2
Council of the European Union Brussels, 6 April 2016 (OR. en) Interinstitutional File: 2012/0010 (COD) 5418/16 LEGISLATIVE ACTS AND OTHER INSTRUMTS Subject: DATAPROTECT 1 JAI 37 DAPIX 8 FREMP 3 COMIX 36
More informationBiometrics from a legal perspective dr. Ronald Leenes
Biometrics from a legal perspective dr. Ronald Leenes TILT - Tilburg Institute for Law, Technology, and Society outline introduction biometrics, use legal aspects privacy/data protection biometrics as
More informationCOMP Article 1. Article 1 Subject matter and objectives
Proposal for a directive of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention,
More informationEUROPEAN DATA PROTECTION SUPERVISOR
23.7.2005 C 181/13 EUROPEAN DATA PROTECTION SUPERVISOR Opinion of the European Data Protection Supervisor on the Proposal for a Regulation of the European Parliament and of the Council concerning the Visa
More informationOpinion 3/2016. Opinion on the exchange of information on third country nationals as regards the European Criminal Records Information System (ECRIS)
Opinion 3/2016 Opinion on the exchange of information on third country nationals as regards the European Criminal Records Information System (ECRIS) 13 April 2016 The European Data Protection Supervisor
More informationMeijers Committee standing committee of experts on international immigration, refugee and criminal law
CM1802 Comments on the Proposal for a Regulation of the European Parliament and of the Council on establishing a framework for interoperability between EU information systems (police and judicial cooperation,
More information16 March Purpose & Introduction
Factsheet on the key issues relating to the relationship between the proposed eprivacy Regulation (epr) and the General Data Protection Regulation (GDPR) 1. Purpose & Introduction As the eprivacy Regulation
More informationGeneral Data Protection Regulation
General Data Protection Regulation Bar Council Guide for Barristers and Chambers Purpose: Scope of application: Issued by: To assist barristers and sets of chambers in their compliance with the GDPR All
More informationHong Kong General Chamber of Commerce Roundtable Luncheon 13 April 2016 Collection and Use of Biometric Data
Hong Kong General Chamber of Commerce Roundtable Luncheon 13 April 2016 Collection and Use of Biometric Data Stephen Kai-yi Wong Privacy Commissioner for Personal Data, Hong Kong Biometric Applications
More informationOpinion 01/2014 on the application of necessity and proportionality concepts and data protection within the law enforcement sector
ARTICLE 29 DATA PROTECTION WORKING PARTY 536/14/EN WP 211 Opinion 01/2014 on the application of necessity and proportionality concepts and data protection within the law enforcement sector Adopted on 27
More information***I DRAFT REPORT. EN United in diversity EN 2012/0010(COD)
EUROPEAN PARLIAMT 2009-2014 Committee on Civil Liberties, Justice and Home Affairs 20.12.2012 2012/0010(COD) ***I DRAFT REPORT on the proposal for a directive of the European Parliament and of the Council
More informationARTICLE 29 DATA PROTECTION WORKING PARTY
ARTICLE 29 DATA PROTECTION WORKING PARTY 1576-00-00-08/EN WP 156 Opinion 3/2008 on the World Anti-Doping Code Draft International Standard for the Protection of Privacy Adopted on 1 August 2008 This Working
More informationAssessing the necessity of measures that limit the fundamental right to the protection of personal data: A Toolkit
Assessing the necessity of measures that limit the fundamental right to the protection of personal data: A Toolkit 11 April 2017 TABLE OF CONTENTS I. The purpose of this Toolkit and how to use it... 2
More informationPE-CONS 71/1/15 REV 1 EN
EUROPEAN UNION THE EUROPEAN PARLIAMT THE COUNCIL Brussels, 27 April 2016 (OR. en) 2011/0023 (COD) LEX 1670 PE-CONS 71/1/15 REV 1 GVAL 81 AVIATION 164 DATAPROTECT 233 FOPOL 417 CODEC 1698 DIRECTIVE OF THE
More informationREGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April on the protection of natural persons
REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC
More informationDATA PROTECTION (JERSEY) LAW 2018
Data Protection (Jersey) Law 2018 Arrangement DATA PROTECTION (JERSEY) LAW 2018 Arrangement Article PART 1 7 INTRODUCTORY 7 1 Interpretation... 7 2 Personal data and data subject... 12 3 Pseudonymization...
More informationEUROPEAN PARLIAMENT Committee on the Internal Market and Consumer Protection
EUROPEAN PARLIAMT 2009-2014 Committee on the Internal Market and Consumer Protection 2012/0011(COD) 28.1.2013 OPINION of the Committee on the Internal Market and Consumer Protection for the Committee on
More informationHaving regard to the Treaty on the Functioning of the European Union, and in particular Article 16 thereof,
Opinion of the European Data Protection Supervisor on the Proposal for a Council Decision on the conclusion of an Agreement between the European Union and Australia on the processing and transfer of Passenger
More informationREGULATION (EC) No 767/2008 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL. of 9 July 2008
L 218/60 EN Official Journal of the European Union 13.8.2008 REGULATION (EC) No 767/2008 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 9 July 2008 concerning the Visa Information System (VIS) and the
More informationPrivacy International's comments on the Brazil draft law on processing of personal data to protect the personality and dignity of natural persons
Privacy International's comments on the Brazil draft law on processing of personal data to protect the personality and dignity of natural persons 1. Introduction This submission is made by Privacy International.
More informationReview of the Use and Retention of Custody Images
Review of the Use and Retention of Custody Images February 2017 Crown copyright 2017 This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view
More informationLIMITE EN COUNCIL OF THE EUROPEAN UNION. Brussels, 20 December /06 Interinstitutional File: 2004/0287 (COD) LIMITE
COUNCIL OF THE EUROPEAN UNION Brussels, 20 December 2006 16817/06 Interinstitutional File: 2004/0287 (COD) LIMITE VISA 337 CODEC 1566 COMIX 1060 NOTE from : the Presidency to : Visa Working Party/Mixed
More informationProposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
EUROPEAN COMMISSION Strasbourg, 17.4.2018 COM(2018) 212 final 2018/0104 (COD) Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on strengthening the security of identity cards of
More informationPolicy Framework for the Regional Biometric Data Exchange Solution
Policy Framework for the Regional Biometric Data Exchange Solution Part 8 : Template Privacy Notices and Consent Form REGIONAL SUPPORT OFFICE THE BALI PROCESS 1 Attachment 7 Template privacy notices and
More information9091/17 VH/np 1 DGD 2C
Council of the European Union Brussels, 24 May 2017 (OR. en) Interinstitutional File: 2017/0002 (COD) 9091/17 NOTE From: To: Presidency Council No. prev. doc.: 8431/17 Subject: Proposal DATAPROTECT 94
More informationAdopted on 23 June 2005
ARTICLE 29 Data Protection Working Party 1022/05/EN WP 110 Opinion on the Proposal for a Regulation of the European Parliament and of the Council concerning the Visa Information System (VIS) and the exchange
More informationPublic Consultation on the Smart Borders Package
Case Id: 8bfe0a99-7887-4411-93ba-8149ed1964c4 Date: 29/10/2015 17:06:40 Public Consultation on the Smart Borders Package Fields marked with are mandatory. Questions to all contributors You are responding
More informationData Protection Policy. Malta Gaming Authority
Data Protection Policy Malta Gaming Authority Contents 1 Purpose and Scope... 3 2 Data Protection Officer... 3 3 Principles for Processing Personal Data... 3 3.1 Lawfulness, Fairness and Transparency...
More informationEDPS respomse to the Commission public consultation on lowering tfiie fingerprinting âge for children in the visa procédure from 12 years to 6 years
Europe an Data protection supervisof EDPS respomse to the Commission public consultation on lowering tfiie fingerprinting âge for children in the visa procédure from 12 years to 6 years Context On 17 August
More informationAmCham EU Proposed Amendments on the General Data Protection Regulation
AmCham EU Proposed Amendments on the General Data Protection Regulation Page 1 of 89 CONTENTS 1. CONSENT AND PROFILING 3 2. DEFINITION OF PERSONAL DATA / PROCESSING FOR SECURITY AND ANTI-ABUSE PURPOSES
More informationLIMITE EN COUNCIL OF THE EUROPEAN UNION. Brussels, 11 January /07 Interinstitutional File: 2004/0287 (COD) LIMITE VISA 7 CODEC 32 COMIX 25
COUNCIL OF THE EUROPEAN UNION Brussels, 11 January 2007 5213/07 Interinstitutional File: 2004/0287 (COD) LIMITE VISA 7 CODEC 32 COMIX 25 NOTE from : Presidency to : delegations No. Cion prop. : 5093/05
More informationOpinion 3/2012 on developments in biometric technologies
ARTICLE 29 DATA PROTECTION WORKING PARTY 00720/12/EN WP193 Opinion 3/2012 on developments in biometric technologies Adopted on 27 th April 2012 This Working Party was set up under Article 29 of Directive
More informationCOMMUNICATION FROM THE COMMISSION. On the global approach to transfers of Passenger Name Record (PNR) data to third countries
EUROPEAN COMMISSION Brussels, 21.9.2010 COM(2010) 492 final COMMUNICATION FROM THE COMMISSION On the global approach to transfers of Passenger Name Record (PNR) data to third countries EN EN COMMUNICATION
More informationLIMITE EN COUNCIL OF THE EUROPEAN UNION. Brussels, 25 October /06 Interinstitutional File: 2004/0287 (COD) LIMITE
COUNCIL OF THE EUROPEAN UNION Brussels, 25 October 2006 14359/06 Interinstitutional File: 2004/0287 (COD) LIMITE VISA 271 CODEC 1166 COMIX 871 NOTE from : the General Secretariat of the Council to : delegations
More informationTO THE PRESIDENT AND MEMBERS OF THE COURT OF JUSTICE WRITTEN OBSERVATIONS
Ref. Ares(2016)6433981-15/11/2016 EUROPEAN COMMISSION Brussels, 15 november 2016 sj f(2016)7035708 Court procedural document TO THE PRESIDENT AND MEMBERS OF THE COURT OF JUSTICE WRITTEN OBSERVATIONS Submitted
More informationCouncil of the European Union Brussels, 8 February 2016 (OR. en)
Council of the European Union Brussels, 8 February 2016 (OR. en) Interinstitutional File: 2015/0307 (COD) 5808/16 LIMITE FRONT 50 CODEC 124 COMIX 80 NOTE From: Presidency To: Permanent Representatives
More informationWith the current terrorist threat facing European Union Member States, including the UK
Passenger Information Latest Update 26 th February 2015 Author David Lowe Liverpool John Moores University Introduction With the current terrorist threat facing European Union Member States, including
More informationThe NATIONAL CONGRESS decrees: CHAPTER I PRELIMINARY PROVISIONS
Provides for the protection of personal data and changes Law No. 12,965, of April 23, 2014 (the Brazilian Internet Law ). The NATIONAL CONGRESS decrees: CHAPTER I PRELIMINARY PROVISIONS Art. 1 This Law
More informationData protection and privacy aspects of cross-border access to electronic evidence
Statement of the Article 29 Working Party Brussels, 29 November 2017 Data protection and privacy aspects of cross-border access to electronic evidence On 8th June 2017, the European Commission issued a
More informationARTICLE 29 Data Protection Working Party
ARTICLE 29 Data Protection Working Party 02072/07/EN WP 141 Opinion 8/2007 on the level of protection of personal data in Jersey Adopted on 9 October 2007 This Working Party was set up under Article 29
More information1. The Commission proposed on 25 January 2012 a comprehensive data protection package comprising of:
Council of the European Union Brussels, 28 January 2016 (OR. en) Interinstitutional File: 2012/0011 (COD) 5455/16 "I/A" ITEM NOTE From: To: Presidency No. prev. doc.: 15321/15 Subject: DATAPROTECT 3 JAI
More informationGDPR in access control and time and attendance systems using biometric data
GDPR in access control and time and attendance systems using biometric data Goran Vojković, Ph.D. Melita Milenković, LL.M. University of Zagreb Faculty of Transport and Traffic Sciences Vukelićeva 4, Zagreb,
More informationThe forensic use of bioinformation: ethical issues
The forensic use of bioinformation: ethical issues A guide to the Report 01 The Nuffield Council on Bioethics has published a Report, The forensic use of bioinformation: ethical issues. It considers the
More information6310/1/16 REV 1 BM/cr 1 DG D 1 A
Council of the European Union Brussels, 24 February 2016 (OR. en) Interinstitutional File: 2015/0307 (COD) 6310/1/16 REV 1 FRONT 79 SIRIS 20 CODEC 185 COMIX 127 NOTE From: To: Subject: Presidency Council
More information13462/18 BN/cr 1 JAI.1 LIMITE EN
Council of the European Union Brussels, 30 October 2018 (OR. en) Interinstitutional File: 2018/0104(COD) 13462/18 LIMITE JAI 1042 FRONT 357 VISA 284 FAUXDOC 96 IA 330 FREMP 180 CODEC 1762 NOTE From: To:
More informationPUBLIC 14707/1/14REV1DATAPROTECT147JAI803MI806 DRS136DAPIX151 FREMP179COMIX569CODEC /1/14REV1 GS/np 1 DGD2C LIMITE EN
ConseilUE Councilofthe EuropeanUnion PUBLIC Brussels,3February2015 (OR.en) InterinstitutionalFile: 2012/0011(COD) 17072/1/14 REV1 LIMITE DATAPROTECT189 JAI1029 MI1012 DRS178 DAPIX190 FREMP233 COMIX683
More informationOpinion 07/2016. EDPS Opinion on the First reform package on the Common European Asylum System (Eurodac, EASO and Dublin regulations)
Opinion 07/2016 EDPS Opinion on the First reform package on the Common European Asylum System (Eurodac, EASO and Dublin regulations) 21 September 2016 1 P a g e The European Data Protection Supervisor
More informationDGD 1 EUROPEAN UNION. Brussels, 22 February 2017 (OR. en) 2015/0307 (COD) PE-CONS 55/16 FRONT 484 VISA 393 SIRIS 169 COMIX 815 CODEC 1854
EUROPEAN UNION THE EUROPEAN PARLIAMT THE COUNCIL Brussels, 22 February 2017 (OR. en) 2015/0307 (COD) PE-CONS 55/16 FRONT 484 VISA 393 SIRIS 169 COMIX 815 CODEC 1854 LEGISLATIVE ACTS AND OTHER INSTRUMTS
More informationPolicy Framework for the Regional Biometric Data Exchange Solution
Policy Framework for the Regional Biometric Data Exchange Solution Part 10 : Privacy Impact Assessment: Regional Biometric Data Exchange Solution REGIONAL SUPPORT OFFICE THE BALI PROCESS 1 Attachment 9
More informationThe EU Passenger Name Record System and Human Rights
The EU Passenger Name Record System and Human Rights Transferring passenger data or passenger freedom? CEPS Working Document No. 320/September 2009 Evelien Brouwer Abstract The European Commission presented
More informationHaving regard to the opinion of the European Economic and Social Committee ( 1 ),
L 327/20 Official Journal of the European Union 9.12.2017 REGULATION (EU) 2017/2226 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 30 November 2017 establishing an Entry/Exit System (EES) to register
More informationProposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL. amending Regulation (EU) 2016/399 as regards the use of the Entry/Exit System
EUROPEAN COMMISSION Brussels, 6.4.2016 COM(2016) 196 final 2016/0105 (COD) Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Regulation (EU) 2016/399 as regards the use of
More informationAn overview of the European approach to the cross-jurisdictional and societal aspects of biometrics
An overview of the European approach to the cross-jurisdictional and societal aspects of biometrics Mario Savastano Senior Researcher IBB / National Research Council of Italy DIEL Federico II University
More informationA Legal Overview of the Data Protection Act By: Mrs D. Madhub Data Protection Commissioner
A Legal Overview of the Data Protection Act 2017 By: Mrs D. Madhub Data Protection Commissioner 06.02.2018 Overview The Data Protection Act 2017 Aim of the Act Major changes brought in the new Act Key
More informationThe legal framework and guidance on data protection under the. Cross-border ehealth Information Services (CBeHIS) T6.2 JAseHN draft v.2 (20.10.
The legal framework and guidance on data protection under the Cross-border ehealth Information Services (CBeHIS) T6.2 JAseHN draft v.2 (20.10.2016) The purpose of this document is to outline the data protection
More informationcloser look at Rights & remedies
A closer look at Rights & remedies November 2017 V1 www.inforights.im Important This document is part of a series, produced purely for guidance, and does not constitute legal advice or legal analysis.
More informationOpinion on a notification for Prior Checking received from the Data Protection Officer of the European Commission regarding the database ARDOS
Opinion on a notification for Prior Checking received from the Data Protection Officer of the European Commission regarding the database ARDOS Brussels, 15 December 2008 (Case 2007-380) 1. Proceedings
More informationGDPR. EU General Data Protection Regulation. ebook Version 1.2
GDPR EU General Data Protection Regulation ebook Version 1.2 Table of Contents Introduction... 6 The GDPR... 6 Source... 6 Objective... 6 Restrictions... 6 Versions... 6 Feedback... 6 CHAPTER I - General
More informationCouncil of the European Union Brussels, 16 October 2017 (OR. en)
Council of the European Union Brussels, 16 October 2017 (OR. en) Interinstitutional File: 2016/0408 (COD) 13163/17 LIMITE SIRIS 163 FRONT 422 SCHENGEN 65 COMIX 678 CODEC 1581 NOTE From: To: Subject: Presidency
More informationDIRECTIVE 95/46/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL. of 24 October 1995
DIRECTIVE 95/46/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data
More informationResponse to Consultation on Proposals for the Retention and Destruction of Fingerprints and DNA Data in Northern Ireland
Response to Consultation on Proposals for the Retention and Destruction of Fingerprints and DNA Data in Northern Ireland Summary This is the Human Rights Commission s response to the 2011 Northern Ireland
More informationTony Bunyan May Interoperability: the point of no return 1
Analysis The point of no return Interoperability morphs into the creation of a Big Brother centralised EU state database including all existing and future Justice and Home Affairs databases Tony Bunyan
More informationCouncil of the European Union Brussels, 1 February 2017 (OR. en)
Council of the European Union Brussels, 1 February 2017 (OR. en) 5884/17 INFORMATION NOTE From: Legal Service LIMITE JUR 58 JAI 83 DAPIX 36 TELECOM 28 COPEN 27 CYBER 14 DROIPEN 12 To: Permanent Representatives
More informationBiometrics: primed for business use
Article Biometrics: primed for business use Introduction For the regular traveller, identity and security checks are becoming ever more intrusive. Walk though an airport today, and you are likely to be
More informationSpring Conference of the European Data Protection Authorities, Cyprus May 2007 DECLARATION
DECLARATION The European Union initiated several initiatives to improve the effectiveness of law enforcement and combating terrorism in the European Union. In this context, the exchange of law enforcement
More informationPrinciples and Rules for Processing Personal Data
data protection rules LAW AND DIGITAL TECHNOLOGIES INTERNET PRIVACY AND EU DATA PROTECTION Principles and Rules for Processing Personal Data Gerrit-Jan Zwenne Seminar III October 31th, 2018 lawfulness,fairness
More information(Legislative acts) REGULATIONS REGULATION (EU) 2017/458 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL. of 15 March 2017
18.3.2017 EN Official Journal of the European Union L 74/1 I (Legislative acts) REGULATIONS REGULATION (EU) 2017/458 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 15 March 2017 amending Regulation (EU)
More informationAdequacy Referential (updated)
ARTICLE 29 DATA PROTECTION WORKING PARTY 17/EN WP 254 Adequacy Referential (updated) Adopted on 28 November 2017 This Working Party was set up under Article 29 of Directive 95/46/EC. It is an independent
More informationEXECUTIVE SUMMARY. 3 P a g e
Opinion 1/2016 Preliminary Opinion on the agreement between the United States of America and the European Union on the protection of personal information relating to the prevention, investigation, detection
More informationJAI.1 EUROPEAN UNION. Brussels, 8 November 2018 (OR. en) 2016/0407 (COD) PE-CONS 34/18 SIRIS 69 MIGR 91 SCHENGEN 28 COMIX 333 CODEC 1123 JAI 829
EUROPEAN UNION THE EUROPEAN PARLIAMT THE COUNCIL Brussels, 8 November 2018 (OR. en) 2016/0407 (COD) PE-CONS 34/18 SIRIS 69 MIGR 91 SCHG 28 COMIX 333 CODEC 1123 JAI 829 LEGISLATIVE ACTS AND OTHER INSTRUMTS
More informationPROTECTION OF PERSONAL INFORMATION ACT NO. 4 OF 2013
PROTECTION OF PERSONAL INFORMATION ACT NO. 4 OF 2013 [ASSENTED TO 19 NOVEMBER, 2013] [DATE OF COMMENCEMENT TO BE PROCLAIMED] (Unless otherwise indicated) (The English text signed by the President) This
More informationEuropean Data Protection Supervisor Your personal information and the EU administration: What are your rights?
European Data Protection Supervisor Your personal information and the EU administration: What are your rights? EDPS factsheet 1 Everyday, personal information - also known as personal data - is processed
More informationSUBSIDIARY LEGISLATION DATA PROTECTION (PROCESSING OF PERSONAL DATA IN THE POLICE SECTOR) REGULATIONS
DATA PROTECTION (PROCESSING OF PERSONAL DATA IN THE POLICE SECTOR) [S.L.440.05 1 SUBSIDIARY LEGISLATION 440.05 DATA PROTECTION (PROCESSING OF PERSONAL DATA IN THE POLICE SECTOR) REGULATIONS 30th September,
More informationDeveloping a 'toolkit' for assessing the necessity of measures that interfere with fundamental rights Background paper
Developing a 'toolkit' for assessing the necessity of measures that interfere with fundamental rights Background paper - for consultation - 16 June 2016 The European Data Protection Supervisor (EDPS) is
More informationThe High Contracting Parties to the present Treaty, Member States of the European Union,
TREATY BETWEEN THE KINGDOM OF BELGIUM, THE FEDERAL REPUBLIC OF GERMANY, THE KINGDOM OF SPAIN, THE REPUBLIC OF FRANCE, THE GRAND DUCHY OF LUXEMBOURG, THE KINGDOM OF THE NETHERLANDS AND THE REPUBLIC OF AUSTRIA
More informationProposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
EUROPEAN COMMISSION Brussels, 18.7.2014 COM(2014) 476 final 2014/0218 (COD) Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL facilitating cross-border exchange of information on road
More informationAnnex - Summary of GDPR derogations in the Data Protection Bill
Annex - Summary of GDPR derogations in the Data Protection Bill The majority of the provisions in the General Data Protection Regulation (GDPR) will automatically become UK law on 25 May 2018. However,
More informationFOURTH SECTION DECISION AS TO THE ADMISSIBILITY OF
FOURTH SECTION DECISION AS TO THE ADMISSIBILITY OF Application nos. 30562/04 and 30566/04 by S. and Michael MARPER against the United Kingdom The European Court of Human Rights (Fourth Section), sitting
More informationProposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
EUROPEAN COMMISSION Strasbourg, 15.12.2015 COM(2015) 670 final 2015/0307 (COD) Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Regulation No 562/2006 (EC) as regards the
More informationPublic Consultation on the Smart Borders Package
Case Id: db7db520-ef0e-48aa-aa12-4d18d2070548 Date: 22/10/2015 15:06:12 Public Consultation on the Smart Borders Package Fields marked with are mandatory. Questions to all contributors You are responding
More informationReview of the Identity-matching Services Bill 2018 and the Australian Passports Amendment (Identity-matching Services) Bill 2018
Submission to the Parliamentary Joint Committee on Intelligence and Security Review of the Identity-matching Services Bill 2018 and the Australian Passports Amendment (Identity-matching Services) Bill
More information6153/1/18 REV 1 VH/np 1 DGD2
Council of the European Union Brussels, 16 February 2018 (OR. en) Interinstitutional File: 2017/0002 (COD) 6153/1/18 REV 1 DATAPROTECT 16 JAI 107 DAPIX 40 EUROJUST 19 FREMP 14 ENFOPOL 71 COPEN 39 DIGIT
More informationTHE DATA PROTECTION BILL (No. XIX of 2017) Explanatory Memorandum
THE DATA PROTECTION BILL (No. XIX of 2017) Explanatory Memorandum The object of this Bill is to repeal the Data Protection Act and replace it by a new and more appropriate legislation which will strengthen
More informationInterest Balancing Test Assessment regarding data processing for the purpose of the exercise of legal claims
1 Legitimate interest of the controller or a third party: Controller s interest: Exercise of legal claims in connection with the individual passenger car rental agreement concluded based on the MOL LIMO
More informationEUROPEAN DATA PROTECTION SUPERVISOR
6.8.2008 C 200/1 I (Resolutions, recommendations and opinions) OPINIONS EUROPEAN DATA PROTECTION SUPERVISOR Opinion of the European Data Protection Supervisor on the proposal for a Regulation of the European
More informationIdentifying Drug Labs by Analysing Sewage Systems. Bart van der Sloot, Tilburg University, TILT
Identifying Drug Labs by Analysing Sewage Systems Bart van der Sloot, Tilburg University, TILT www.bartvandersloot.com Who is Bart van der Sloot Bart van der Sloot specializes in the area of Privacy and
More informationPort Glasgow St Andrew s Data Protection Policy
Port Glasgow St Andrew s Data Protection Policy CONTENTS 1. Overview 2. Data Protection Principles 3. Personal Data 4. Special Category Data 5. Processing 6. How personal data should be processed 7. Privacy
More informationBrussels, 16 May 2006 (Case ) 1. Procedure
Opinion on the notification for prior checking received from the Data Protection Officer (DPO) of the Council of the European Union regarding the "Decision on the conduct of and procedure for administrative
More information14480/1/17 REV 1 MP/mj 1 DG D 2B LIMITE EN
Council of the European Union Brussels, 1 December 2017 (OR. en) NOTE From: To: Presidency Council No. prev. doc.: 14068/17 Subject: 14480/1/17 REV 1 LIMITE JAI 1064 COPEN 361 DAPIX 375 ENFOPOL 538 CYBER
More informationProtection of Freedoms Act 2012
Protection of Freedoms Act 2012 Draft statutory guidance on the making or renewing of national security determinations allowing the retention of biometric data March 2013 Issued Pursuant to Section 22
More informationAn Bille um Chosaint Sonraí, 2018 Data Protection Bill 2018
An Bille um Chosaint Sonraí, 18 Data Protection Bill 18 Mar a ritheadh ag Seanad Éireann As passed by Seanad Éireann [No. b of 18] AN BILLE UM CHOSAINT SONRAÍ, 18 DATA PROTECTION BILL 18 Mar a ritheadh
More informationSKILLSTAR 2018 NONPROFIT KFT. DATA PROTECTION POLICY
SKILLSTAR 2018 NONPROFIT KFT. DATA PROTECTION POLICY 1. OBJECT AND THE SCOPE OF THE POLICY 1.1. Object of the policy The General Data Protection Regulation, which entered into force on 25 th May 2018,
More informationDATA SHARING AND PROCESSING
DATA SHARING AND PROCESSING Capita Business Services Limited March 2016 Version 1.3 TABLE OF CONTENTS: Item Heading Page 1 Data Processing Agreement 2 2 Data Protection Act 1998 2 3 Data Protection Act
More informationThe Impact of Surveillance and Data Collection upon the Privacy of Citizens and their Relationship with the State
The Impact of Surveillance and Data Collection upon the Privacy of Citizens and their Relationship with the State House of Lords Select Committee on the Constitution June 2007 1. How has the range and
More informationCONVENTION FOR THE PROTECTION OF INDIVIDUALS WITH REGARD TO AUTOMATIC PROCESSING OF PERSONAL DATA [ETS No. 108] DRAFT EXPLANATORY REPORT 1
CONVENTION FOR THE PROTECTION OF INDIVIDUALS WITH REGARD TO AUTOMATIC PROCESSING OF PERSONAL DATA [ETS No. 108] DRAFT EXPLANATORY REPORT 1 This document was prepared on the basis of the consolidated text
More informationTable of content What is data protection? Why was is necessary? Beginnings of Data Protection Development of International Data Protection Data Protec
Data protection, the fight against terrorism & EU external relations Data protection, the fight against terrorism & EU external relations Paul De Hert (Tilburg & Brussels) Brussels, 7 November 2007 Table
More information