International cooperation on the protection of personal data: Moroccan practice

Similar documents
PERSONAL DATA PROTECTION

The Right to Data Protection and the Commissions Adequacy Decision

OPINION OF THE EUROPOL, EUROJUST, SCHENGEN AND CUSTOMS JOINT SUPERVISORY AUTHORITIES

Proposal for a COUNCIL DECISION

Privacy and Protection of Personal Data in the EU Transfers of Personal Data to third Countries

Table of content What is data protection? Why was is necessary? Beginnings of Data Protection Development of International Data Protection Data Protec

Adequacy Referential (updated)

Analytical examination of the acquis communautaire Screening CHAPTER 23 - JUDICIARY AND FUNDAMENTAL RIGHTS

EXECUTIVE SUMMARY. 3 P a g e

1. Why do third-country audit entities have to register with authorities in Member States?

ARTICLE 29 Data Protection Working Party

GDPR: Belgium sets up new Data Protection Authority

COMMUNICATION FROM THE COMMISSION. On the global approach to transfers of Passenger Name Record (PNR) data to third countries

A Modern European Data Protection Framework. Bruno Gencarelli DG JUSTICE and CONSUMERS

TD/RBP/CONF.7/L.10. United Nations Conference on Trade and Development. Model Law on Competition (2010) Chapter X. United Nations GE.

LEGAL BASIS OBJECTIVES ACHIEVEMENTS

Issues concerning the Court of Justice

THE TUNISIAN PROCESS TO UPSCALE THE PROTECTION OF PERSONAL DATA TO EUROPEAN STANDARDS

THE EU S ATTEMPTS AT SETTING A GLOBAL DATA PROTECTION NORM

COMMISSION OF THE EUROPEAN COMMUNITIES. Proposal for a COUNCIL REGULATION

8193/11 GL/mkl 1 DG C I

EUROPEAN UNION. Brussels, 3 February 2006 (OR. en) 2005/0182 (COD) PE-CONS 3677/05 COPEN 200 TELECOM 151 CODEC 1206 OC 981

PERSONAL DATA PROTECTION PRIVACY INFORMATION FOR THE CITIZENS ON THE RIGHT TO PERSONAL DATA PROTECTION

LEGAL BASIS OBJECTIVES ACHIEVEMENTS

Privacy Notice 1. CONTROLLER S NAME AND DATA

COMP Article 1. Article 1 Subject matter and objectives

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

The global diffusion of data privacy laws and their interoperability

How the EEA Agreement works

***I POSITION OF THE EUROPEAN PARLIAMENT

BINDING CORPORATE RULES PRIVACY policy. Telekom Albania. Çaste që na lidhin.

ILO comments on the EU single permit directive and its discussions in the European Parliament and Council

STATOIL BINDING CORPORATE RULES - PUBLIC DOCUMENT

Data Protection Bill, House of Lords second reading Information Commissioner s briefing

Asian Privacy Certification

PROTOCOL AMENDING THE FREE TRADE AGREEMENT BETWEEN THE EFTA STATES AND THE REPUBLIC OF SERBIA

DECISION OF THE EEA JOINT COMMITTEE. No 200/2016. of 30 September amending Annex IX (Financial services) to the EEA Agreement [2017/277]

Telekom Austria Group Standard Data Processing Agreement

Presentation to IAPP November 18, EU Data Protection. Monday 18 November 13

P6_TA-PROV(2007)0347 PNR Agreement

ARTICLE 29 Data Protection Working Party

L 348/98 Official Journal of the European Union

THE EUROPEAN ECONOMIC AREA

CYBERCRIME LEGISLATION WORLDWIDE UPDATE 2007

Frequently Asked Questions: Electronic System for Travel Authorization (ESTA)

THE HIGH COURT COMMERCIAL

PROTOCOL AMENDING THE FREE TRADE AGREEMENT BETWEEN THE REPUBLIC OF ALBANIA AND THE EFTA STATES

EFTA Introductory Seminar on the EEA Agreement. 2 September 2015

Proposal for a COUNCIL DECISION

DECISION OF THE EEA JOINT COMMITTEE. No 199/2016. of 30 September amending Annex IX (Financial services) to the EEA Agreement [2017/276]

SAFE HARBOR: STAYING ALIVE?

ECTA ACTIVITY REPORT June 2016 June 2017

100+ Data Privacy Laws: Their Significance and Origins

COMMISSION OF THE EUROPEAN COMMUNITIES. Proposal for a COUNCIL DECISION

COMMISSION IMPLEMENTING DECISION. of

32001D0527.A09-P37, 32001D0528.A09-P37, 32004D0005.A09-P37, 32004D0006.A09- P37, 32004D0007.A09-P37, 32004D0008.A09-P37, 32004D0009.

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 16 thereof,

International Business

ANNEX. Attachment. to the. Proposal for a Council Decision

FOREIGN SERVICE BILL

The EEA Agreement Background, Developments and Challenges

Determining the applicable law in a world of globalization

CHAPTER 3 PROPOSED CONTENTS AND FEATURES OF A REGIONAL ARRANGEMENT

EUROPEAN COMMITTEE ON CRIME PROBLEMS (CDPC) COMMITTEE OF EXPERTS ON THE OPERATION OF EUROPEAN CONVENTIONS ON CO-OPERATION IN CRIMINAL MATTERS (PC-OC)

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 16 thereof,

Opinion of the European Banking Authority on cooperation with third countries Article 161(7) CRD

Opinion 6/2015. A further step towards comprehensive EU data protection

Frequently Asked Questions

THE LEGAL FRAMEWORK FOR THE PROTECTION OF PERSONAL DATA IN INTERNATIONAL POLICE AND JUDICIAL COOPERATION. Matko Pajčić *

The Transfer of Data Abroad by Private Sector Companies: Data Protection Under the German Federal Data Protection Act

Factsheet on the Right to be

Agreement on arrangements regarding citizens rights between Iceland, the Principality of Liechtenstein, the Kingdom of Norway and the United Kingdom

Article 1. Federal Data Protection Act (BDSG)

EUROPEAN ECONOMIC AREA

32000D0520. Official Journal L 215, 25/08/2000 P

Proposal for a COUNCIL DECISION

The modernised Convention 108: novelties in a nutshell

Diversity of Cultural Expressions

Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

DATA PROTECTION (AMENDMENT) REGULATIONS Amendments to the Data Protection Regulations Insertion of new sections...

Having regard to the opinion of the European Economic and Social Committee ( 1 ),

on the Commission Communication on Internet Policy and Governance - Europe`s role in shaping the future of Internet Governance

8557/16 SHO/ra 1 DGD 2

14618/16 JdSS/fp 1 DGD 1A

BREXIT BRIEFING RULES OF ORIGIN

Proposal for a COUNCIL DECISION

Western Europe. Working environment

A Legal Overview of the Data Protection Act By: Mrs D. Madhub Data Protection Commissioner

Overview Status of European Union Data Protection Law Reform (Aug. 2015) Martin Braun

General Assembly. United Nations A/66/442. Globalization and interdependence. I. Introduction. Report of the Second Committee* * *

AMENDMENTS EN United in diversity EN. European Parliament Draft report Claude Moraes (PE v02-00)

Act No. 502 of 23 May 2018

NOW, THEREFORE, IT IS MUTUALLY AGREED AS FOLLOWS:

What does a soft Brexit mean for immigration from the EU?

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 78(3) thereof,

Action Plan for further steps in the implementation of the Roadmap for visa liberalization

COMMISSION OF THE EUROPEAN COMMUNITIES. Proposal for a COUNCIL DECISION

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

The Associated States of the European Union

Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

Transcription:

the protection of personal data: Moroccan practice Phaedra Maurice October 2014

Introduction Advanced status granted by the EU to Morocco in 2008 Adoption of the Moroccan digital strategy 2008-2013 Adoption of the Law on the protection of personal data in February 2009 CNDP established on 31/08/2010 Constitution adopted in July 2011: article.24: Protection of privacy "Everyone has the right to privacy International cooperation on the protection of personal data: Moroccan practice : I. Cooperation for making Moroccan law II. Cooperation for implementation of the legal framework III. Cooperation for improvement of transborder data flows: pending "adequacy"

I. Cooperation for making Moroccan law A-The repository of the CNDP 1-Regional data protection a-oecd Recommendation of 23-09-1980 on "Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data," the first text on Personal Data Protection (PDP). b-the remarkable contribution of the Council of Europe to consolidate the protection of personal data: the Convention of 28-01-1981 for the protection of individuals with regard to the processing of personal data, called 108 Agreement, and its Additional Protocol of 2001 regarding supervisory authorities and transborder data flows, are the foundation on which the personal data protection is based in Europe and Worldwide.

c- EU Directives: Directives 95/46 / EC of 2-10-1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data; Directive 2002/58 / EC on "treatment of personal data and the protection of privacy in the voltage of the electronic communications sector. d- Protection also affects Africa and Francophonie: Morocco joins the Francophone Association of Data Protection Authorities (AFAPDP). AFAPDP has, at last meeting in Marrakech in November 2013, adopted a common repository for Francophone authorities to facilitate the transfer of data by companies.

2-The attempts to universalize Protection a-the 45/95 resolution 1990 of the UN General Assembly, on "Guiding principles for the regulation of computerized files containing personal data." b-the establishment of the International Conference on the protection of personal data and privacy: first Conference in Madrid in 2009 adopted the 1O principles providing international standards for the protection of personal data. The 33rd conference held on 2 and 3-11-2011 in Mexico, certified CNDP. This accreditation allows it now to be a full member of the International Conference of National control authorities. c-toward the development of an international instrument of the personal data through the use of an intergovernmental conference.

B-The transposition of international standards in Moroccan law 09/08 (2009/11/05) 1-The constitutional provisions: Preamble : (...) gives to duly ratified international conventions, (...) primacy over the law of the country, and therefore harmonizes the relevant provisions of its national legislation. This preamble is an integral part of this Constitution. Art.24: Everyone has the right to protection of privacy. Art.27: The right to information may be restricted by law in order to ensure: -protection of everything related to the national defense, internal and external security of the State, - protection of individual privacy, -protection rights and freedoms enshrined in this Constitution - protection of sources and areas specifically determined by law.

2 Moroccan Law 09/08 on the protection of personal data: adopted as part of regulatory convergence recorded in the Euro- Mediterranean Partnership. Law 09-08 enacted in 2009, published in May 2009 ; CNDP Rules published the 07.04.2011 The objectives of the Act: ensure adequate protection of personal data by increasing the attractiveness of Morocco in the field of offshoring. (Job provider sector in Morocco, about 100 000 in 2014). ensure compliance with the privacy of citizens (Art.24 constitution 2011), strengthen the protection of freedoms and human rights in Morocco.

II. International cooperation for implementation of the legal framework 1-CNDP established on 31/08/2010 : A collegiate institution that takes its decisions at the majority of its members. They are appointed for five years, renewable once CNDP Powers : Under Rule 27 of the Act : advises the Government and Parliament on all matters concerning personal data, expertise at the request of public authorities assists the government in the preparation and definition of the Moroccan position in international negotiations in the field of personal data, receives the statements and allocates permits for the treatment of personal data, allows the retention of personal data, lists the non-automated processing, lists the country to appropriate legislation for the protection of personal data, allows data transfers to foreign, maintains the National Register of Data Protection..

receives complaints. exercising powers of investigation and inquiry the power to order providing and making available the documents of any kind regarding the treatment, proceeding or making the necessary changes required for a fair data in a file blocking, or erasure or destruction of data and that permanently or temporarily, banning the treatment. In serious cases, it refers the case to the prosecutor applying the sanctions under Chapter VII of the Act which provides for penalties for certain serious offenses and imprisonment which may extend up to 300 000dh of fine and five years imprisonment.

2-Internationally, the participation of CNDP to : works of the Francophone Association of Supervisors of Personal Data, Paris October 2010, Dakar 2011, Monaco 2012. At Marrakech 2013, adoption of a repository to the transfer of personal data the Joint Meeting of the European Commission and Council of Europe, January 2011, Brussels, International Conference in Mexico City of Control Authorities in October 2011, in Punta del Este in october 2012, and Warsow september 2013 : CNDP accreditation on october 2011. the revision of Convention 108 of the Council of Europe: Accession to the Convention 108 and its Additional Protocol The quest for Adequation of the European Commission

III. Cooperation for improvement of transborder data flows: pending "adequacy" 2009: Morocco demands adequacy The European Commission is empowered by the European Council and the EU Parliament to appreciate (Article 25 para. 6 of the 95/46 Directive) the "adequate" level of protection of personal data by a non-european third countries. A lengthy process Moroccan practice: The legislative framework contains a basic principle which is the prohibition of transfers to countries which do not ensure "an adequate level of protection of privacy, freedoms and fundamental rights of individuals with regard to the treatment of these data... ". (Article 43 of the Law). This principle is subject to exceptions: The transfer can be assured:

1 - If the person agrees 2 If there is a case of necessity related to: the preservation of the public interest, the defense of a legal claim, the need to comply with a contractual obligation of the data controller or data subject, the implementation of a measure of international legal assistance, prevention, diagnosis or treatment of diseases. 3 In the case of the execution of an obligation arising under a bilateral or multilateral agreement to which Morocco is a party. 4 The CNDP may also, by express reasoned decision, authorize the transfer of personal data in case of Contractual Clauses Type (CCT) or the BCR (BCR).

The list of countries providing adequate protection as established by the CNDP The list includes: -the member countries of the EU, -the countries members of the EEA, -the countries to which the EU has given the label of "adequacy." List of 37 countries providing adequate protection from the point of view of the CNDP. -The EU countries -The EEA (European Economic Area: Iceland, Norway and Liechtenstein. -The Eleven countries recognized by the EU as providing adequate protection: Andorra, Argentina, Australia, Canada, Switzerland, the Faroe Islands, Guernsey, Jersey, etc.

Conclusion Pending adequacy, CNDP must continue its efforts to ensure effective protection of personal data by : Awareness The rapid processing of complaints The quality and effectiveness of controls Strengthening relationships of trust between the CNDP, the controllers of personal data and data subjects

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback