LEGAL BASIS OBJECTIVES ACHIEVEMENTS

Similar documents
LEGAL BASIS OBJECTIVES ACHIEVEMENTS

Committee on Civil Liberties, Justice and Home Affairs WORKING DOCUMENT 4

EXECUTIVE SUMMARY. 3 P a g e

Spring Conference of the European Data Protection Authorities, Cyprus May 2007 DECLARATION

OPINION OF THE EUROPOL, EUROJUST, SCHENGEN AND CUSTOMS JOINT SUPERVISORY AUTHORITIES

With the current terrorist threat facing European Union Member States, including the UK

P6_TA-PROV(2007)0347 PNR Agreement

PE-CONS 71/1/15 REV 1 EN

C 276/8 Official Journal of the European Union

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 16 thereof,

COMMUNICATION FROM THE COMMISSION. On the global approach to transfers of Passenger Name Record (PNR) data to third countries

EUROPEAN DATA PROTECTION SUPERVISOR

Opinion 6/2015. A further step towards comprehensive EU data protection

Table of content What is data protection? Why was is necessary? Beginnings of Data Protection Development of International Data Protection Data Protec

Speech before LIBE Committee

OUTCOME OF THE COUNCIL MEETING. 3455th Council meeting. Justice and Home Affairs. Brussels, 10 and 11 March 2016 P R E S S

EUROPEAN UNION. Brussels, 3 February 2006 (OR. en) 2005/0182 (COD) PE-CONS 3677/05 COPEN 200 TELECOM 151 CODEC 1206 OC 981

EUROPEAN PARLIAMENT COMMITTEE ON CIVIL LIBERTIES, JUSTICE AND HOME AFFAIRS

29 October 2015 Conference of the Independent Data Protection Authorities of the Federation and the Federal States

Proposal for a COUNCIL DECISION

EDPS Opinion on the proposal for a recast of Brussels IIa Regulation

EDPS Opinion 7/2018. on the Proposal for a Regulation strengthening the security of identity cards of Union citizens and other documents

DRAFT OPINION. EN United in diversity EN. European Parliament 2016/0126(NLE) of the Committee on Legal Affairs

OUTCOME OF THE COUNCIL MEETING. 3396th Council meeting. Justice and Home Affairs. Luxembourg, 15 and 16 June 2015

SUMMARY OF THE IMPACT ASSESSMENT

The EU Passenger Name Record System and Human Rights

EU Data Protection Law - Current State and Future Perspectives

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

Area of Freedom, Security and Justice

Opinion of the European Data Protection Supervisor

LIBE Committee Inquiry on electronic mass surveillance of EU citizens. Public Hearing, Strasbourg, 7 October 2013 Contribution of Peter Hustinx (EDPS)

Assessing the necessity of measures that limit the fundamental right to the protection of personal data: A Toolkit

Recommendation for a COUNCIL DECISION

on the proposal for a Regulation of the European Parliament and of the Council concerning customs enforcement of intellectual property rights

Meijers Committee standing committee of experts on international immigration, refugee and criminal law

Chapter 6 Data protection in the third pillar: cautious pessimism

Recommendation for a COUNCIL DECISION

THE LEGAL FRAMEWORK FOR THE PROTECTION OF PERSONAL DATA IN INTERNATIONAL POLICE AND JUDICIAL COOPERATION. Matko Pajčić *

Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL. on the right to interpretation and translation in criminal proceedings

PROLAW Student Journal of Rule of Law for Development SECURING US-EU PERSONAL DATA FLOWS: A CRITICAL OUTLOOK ON THE RECENT AGREEMENTS

EUROPEAN PARLIAMENT. Committee on Civil Liberties, Justice and Home Affairs DRAFT RECOMMENDATION

RESTREINT UE. COMMISSION EUROPÉENNE Secrétariat général COM(2010) 252/2 Annexe au document COM(2010) 252 PO/2010/3091 RESTREINT UE

In the present analysis, we cover the most problematic points of the Directive. For our views on the Regulation, please go to our document pool.

EDPS Newsletter NO 25 JULY 2010

Having regard to the opinion of the European Economic and Social Committee ( 1 ),

***I DRAFT REPORT. EN United in diversity EN 2012/0010(COD)

Adequacy Referential (updated)

COUNCIL OF THE EUROPEAN UNION. Brussels, 27 November 2009 (OR. en) 16110/09 JAI 838 USA 101 RELEX 1082 DATAPROTECT 73 ECOFIN 805

Opinion of the Joint Supervisory Body of Eurojust regarding data protection in the proposed new Eurojust legal framework

ARTICLE 29 DATA PROTECTION WORKING PARTY WORKING PARTY ON POLICE AND JUSTICE

Reflection paper on the interoperability of information systems in the area of Freedom, Security and Justice

How to read the analysis?

EUROPEAN PARLIAMENT. Committee on Civil Liberties, Justice and Home Affairs

FINAL WORKING DOCUMENT

Privacy International's comments on the Brazil draft law on processing of personal data to protect the personality and dignity of natural persons

Council of the European Union Brussels, 2 December 2015 (OR. en)

Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

ARTICLE 29 Data Protection Working Party

AMENDMENTS EN United in diversity EN. European Parliament Draft report Claude Moraes (PE v02-00)

Opinion 3/2016. Opinion on the exchange of information on third country nationals as regards the European Criminal Records Information System (ECRIS)

12913/17 EG/np 1 DGD 2C

Lead Department Ref. Date of Publication Decision Ministry of 14722/09 20/10/2009 Did not opt in: Link to Written Ministerial Statement

Working Paper Series

Counter-terrorism, De-Radicalisation and Foreign Fighters. Joint debate during the extraordinary meeting of the LIBE Committee. Giovanni Buttarelli

ARTICLE 29 Data Protection Working Party

The Right to Data Protection and the Commissions Adequacy Decision

1. What sort of passenger information will be transferred to US authorities?

Comments. made by the Conference of the German Data Protection Commissioners of the Federation and of the Länder. of 11 June 2012

ACTS ADOPTED UNDER TITLE VI OF THE EU TREATY

REGULATION (EC) No 767/2008 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL. of 9 July 2008

REPORT FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS

EUROPEAN DATA PROTECTION SUPERVISOR

LIMITE EN. I: Background

B. The transfer of personal information to states with equivalent protection of fundamental rights

REPORT FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL. on the second annual review of the functioning of the EU-U.S.

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 16 thereof,

Proposal for a COUNCIL DECISION

Opinion. of the. European Union Agency for Fundamental Rights. on the. Proposal for a Directive on the use of

Official Journal of the European Union. (Legislative acts) DIRECTIVES

Opinion 07/2016. EDPS Opinion on the First reform package on the Common European Asylum System (Eurodac, EASO and Dublin regulations)

Schengen Joint Supervisory Authority Activity Report January 2004-December 2005

60 th UIA CONGRESS Budapest / Hungary October 28 November 1, UIA Biotechnology Law Commission Sunday, October 30, 2016

Supreme Court of the United States

PROVISIONAL AGREEMENT RESULTING FROM INTERINSTITUTIONAL NEGOTIATIONS

ARTICLE 29 DATA PROTECTION WORKING PARTY

Data protection and privacy aspects of cross-border access to electronic evidence

COMP Article 1. Article 1 Subject matter and objectives

PUBLIC LIMITE EN COUNCILOF THEEUROPEANUNION. Brusels,19December2013 (OR.en) 18031/13 LIMITE. InterinstitutionalFile: 2012/0011(COD)

17506/1/10 REV 1 ADD 1 ott/lb/ms 1 DQPG

HEARING COMBATING SEXUAL ABUSE, SEXUAL EXPLOITATION OF CHILDREN AND CHILD PORNOGRAPHY ORGANIZED BY THE LIBE COMMITTEE OF THE EUROPEAN PARLIAMENT

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

Table of contents United Nations... 17

Free and Fair elections GUIDANCE DOCUMENT. Commission guidance on the application of Union data protection law in the electoral context

GDPR. EU General Data Protection Regulation. ebook Version 1.2

Developing a 'toolkit' for assessing the necessity of measures that interfere with fundamental rights Background paper

Council of the European Union Brussels, 12 July 2016 (OR. en)

Council of the European Union Brussels, 26 February 2015 (OR. en)

1. The Commission proposed on 25 January 2012 a comprehensive data protection package comprising of:

THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION.

10168/13 KR/tt 1 DG D 2B

Transcription:

PERSONAL DATA PROTECTION Protection of personal data and respect for private life are important fundamental rights. The European Parliament has always insisted on the need to strike a balance between enhancing security and safeguarding human rights, including data protection and privacy. The EU data protection reform will strengthen citizens rights, giving them better control of their data and ensuring that their privacy continues to be protected in the digital age. LEGAL BASIS Article 16 of the Treaty on the Functioning of the European Union (TFEU); Articles 7 and 8 of the EU Charter of Fundamental Rights. OBJECTIVES The Union must ensure that the fundamental right to data protection, which is enshrined in the EU Charter of Fundamental Rights, is applied in a consistent manner. The EU s stance on the protection of personal data needs to be strengthened in the context of all EU policies, including law enforcement and crime prevention, as well as in international relations, especially in a global society characterised by rapid technological change. ACHIEVEMENTS A. Institutional framework 1. Lisbon Treaty Before the entry into force of the Lisbon Treaty, legislation concerning data protection in the area of freedom, security and justice (AFSJ) was divided between the first pillar (data protection for private and commercial purposes, with the use of the Community method) and the third pillar (data protection for law enforcement purposes, at intergovernmental level). As a consequence, the decision-making processes in the two areas followed different rules. The pillar structure disappeared with the Lisbon Treaty, which provides a stronger basis for the development of a clearer and more effective data protection system, while at the same time stipulating new powers for Parliament, which has become co-legislator. Article 16 of the TFEU provides that Parliament and the Council lay down rules relating to the protection of individuals with regard to the processing of personal data by Union institutions, bodies, offices and agencies, and by the Member States when carrying out activities which fall within the scope of Union law. 2. The strategic guidelines in the area of freedom, security and justice Following the Tampere and Hague programmes (of October 1999 and November 2004, respectively), in December 2009 the European Council approved the multiannual programme regarding the AFSJ for the 2010-2014 period, known as the Stockholm programme. In its conclusions of June 2014, the European Council defined the strategic guidelines for legislative Fact Sheets on the European Union - 2017 1

and operational planning for the coming years within the AFSJ, pursuant to Article 68 TFEU. One of the key objectives is to better protect personal data in the EU. A mid-term review of the guidelines will take place in 2017. B. Main legislative instruments on data protection 1. EU Charter of Fundamental Rights Articles 7 and 8 of the EU Charter of Fundamental Rights recognise respect for private life and protection of personal data as closely related but separate fundamental rights. The Charter is integrated into the Lisbon Treaty and is legally binding on the institutions and bodies of the European Union, and on the Member States when implementing EU law. 2. Council of Europe a. Convention 108 of 1981 Council of Europe Convention 108 of 28 January 1981 for the Protection of Individuals with regard to Automatic Processing of Personal Data is the first legally binding international instrument adopted in the field of data protection. Its purpose is to secure... for every individual... respect for his rights and fundamental freedoms and in particular his right to privacy, with regard to automatic processing of personal data. b. European Convention on Human Rights (ECHR) Article 8 of the Convention of 4 November 1950 for the Protection of Human Rights and Fundamental Freedoms establishes the right to respect for private and family life: Everyone has the right to respect for his private and family life, his home and his correspondence. 3. Current EU legislative instruments on data protection As a consequence of the old pillar structure, various legislative instruments are currently in force. These include former first-pillar instruments such as Directive 95/46/EC on data protection, Directive 2002/58/EC on e-privacy (modified in 2009; new proposal currently under consideration), Directive 2006/24/EC on data retention (declared invalid by the Court of Justice of the European Union on 8 April 2014 owing to its serious interference with private life and data protection), and Regulation (EC) No 45/2001 on processing of personal data by Community institutions and bodies (new proposal currently under consideration), as well as former third-pillar instruments such as the Council Framework Decision of November 2008 on the protection of personal data processed in the framework of police and criminal justice. A new comprehensive legal framework on data protection at EU level is due to come into force shortly (see below). a. Data Protection Directive (95/46/EC) to be repealed in May 2018 Directive 95/46/EC of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data is the central piece of legislation on the protection of personal data in the EU. The directive stipulates general rules on the lawfulness of personal data processing, sets out the rights of data subjects and makes provision for national independent supervisory authorities. The directive stipulates that personal information may only be processed if the person concerned has given his/her explicit consent to, and has been informed in advance of, the data processing. b. Council Framework Decision 2008/977/JHA to be repealed in May 2018 Council Framework Decision 2008/977/JHA of 27 November 2008 on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters regulates data protection under the former third pillar. This is a sector not covered by Directive 95/46/EC, Fact Sheets on the European Union - 2017 2

which applies to the processing of personal data under the former first pillar. The Framework Decision only applies to police and judicial data exchanged among Member States, EU authorities and associated systems, and does not cover domestic data. 4. European Data Protection Supervisor and Article 29 Working Party The European Data Protection Supervisor (EDPS) is an independent supervisory authority which ensures that the EU institutions and bodies meet their obligations with regard to data protection as laid down in the Data Protection Regulation (Regulation (EC) No 45/2001). The primary duties of the EDPS are supervision, consultation and cooperation. The Article 29 Working Party is an independent advisory body on data protection and privacy, set up under Article 29 of the Data Protection Directive. It is composed of representatives of the EU national data protection authorities, the EDPS and the Commission. It issues recommendations, opinions and working documents. The Article 29 Working Party will be replaced by the European Data Protection Board under the new General Data Protection Regulation. 5. EU Data Protection Reform to be applied from May 2018 On 25 January 2012, the Commission published a broad legislative package to reform EU legislation on data protection. The reform is aimed at safeguarding personal data across the EU, increasing users control of their data and cutting costs for businesses. Technological progress and globalisation have profoundly changed the way data is collected, accessed and used. In addition, the 28 Member States have implemented the 1995 rules in differing ways. A single law will do away with the current fragmentation and costly administrative burdens. This will help to reinforce consumer confidence in online services, providing a much-needed boost to growth, jobs and innovation in Europe. In December 2015, Parliament (at committee level) and the Council (at ambassadorial level) reached an agreement on the new data protection rules after almost three years of lengthy negotiations. New rules were published in April 2016 and will apply from May 2018: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation); Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA. ROLE OF THE EUROPEAN PARLIAMENT Parliament has always insisted on the need to strike a balance between enhancing security and protecting privacy and personal data. It has adopted various resolutions on these sensitive matters, specifically addressing ethno-racial profiling, the Prüm Council Decision on crossborder cooperation in combating terrorism and cross-border crime, the use of body scanners to enhance aviation security, biometrics in passports and common consular instructions, border management, the internet and data mining. Parliament rejected in February 2010 under the consent procedure the provisional application of the Terrorist Finance Tracking Programme (TFTP) agreement (previously known as the SWIFT agreement) on transfers of bank data to the USA for counterterrorism purposes. Following the adoption of Parliament s resolution of 8 July 2010, the TFTP agreement entered into force in Fact Sheets on the European Union - 2017 3

August 2010. In July 2011, the Commission adopted a communication on the main options for establishing a European Terrorist Finance Tracking System (EU TFTS), about which Parliament expressed doubts. In November 2013, the Commission announced its intention not to present at this stage a proposal for an EU TFTS. Another issue of crucial importance is the Passenger Name Records (PNR) agreement between the EU and the US on the processing and transfer of PNR data between air carriers and the US Department of Homeland Security. Following the consent given by Parliament, the Council adopted in April 2012 a decision on the conclusion of the new agreement, which replaced the previous EU-US PNR agreement, applied provisionally since 2007. In February 2011, the Commission tabled a proposal for a directive on the use of PNR data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime (EU PNR). In June 2013, Parliament decided in plenary to refer the matter back to its Committee on Civil Liberties, Justice and Home Affairs (LIBE), which in April 2013 voted against the EU PNR proposal, questioning its proportionality and compliance with fundamental rights. Following the 2015 terrorist attacks in Paris and new concerns over possible threats to the EU s internal security posed by foreign fighters, the debate on the EU PNR proposal gained new momentum. In December 2015, Parliament (at committee level) and the Council (at ambassadorial level) reached a compromise solution on this sensitive matter. Directive (EU) 2016/681 of the European Parliament and of the Council of 27 April 2016 on the use of passenger name record (PNR) data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime will have to be transposed into national law by 25 May 2018. Parliament has been involved in the approval (under the consent procedure) of a legally binding framework agreement with the USA on the exchange of information and data protection, known as the Umbrella Agreement. The aim is to ensure a high level of protection of personal information transferred in the framework of transatlantic cooperation in the fight against terrorism and organised crime. The signing of the Judicial Redress Act by President Obama in February 2016 paved the way for the signature of the EU-US Umbrella Agreement on 2 June 2016. In parallel, the EU-US Privacy Shield was put in place in order to ensure a high level of data protection for commercial data transfers. The Privacy Shield reflects the requirements set out by the Court of Justice of the EU in its ruling of October 2015, which declared the old Safe Harbour framework (voluntary data protection standards for non-eu companies transferring EU citizens personal data to the US) invalid. The Commission adopted the implementing decision pursuant to Directive 95/46/EC on the adequacy of the protection provided by the EU-US Privacy Shield on 12 July 2016, and it entered into force immediately. As of 1 August 2016, companies are able to sign up to the Privacy Shield with the US Department of Commerce, which then verifies that their privacy policies comply with the high data protection standards required by the Privacy Shield. Parliament, in its resolution of 26 May 2016 on transatlantic data flows, welcomed the efforts to achieve substantial improvements in the Privacy Shield compared to the Safe Harbour decision which it replaced, and expressed some criticisms. On 12 March 2014, Parliament adopted a resolution on the US NSA surveillance programme, surveillance bodies in various Member States and their impact on EU citizens fundamental rights and on transatlantic cooperation in Justice and Home Affairs. This resolution concluded a six-month inquiry by Parliament into the electronic mass surveillance of EU citizens, following the revelations that emerged in June 2013 concerning alleged spying by the US and some EU Member States. In this resolution, Parliament called for the suspension of the Safe Harbour privacy principles and of the Terrorist Finance Tracking Programme. On 29 October 2015, Parliament adopted a resolution on the follow-up to its resolution of 12 March 2014 on the Fact Sheets on the European Union - 2017 4

electronic mass surveillance of EU citizens, in which it reiterated its call for the suspension of the Safe Harbour Decision and of the Terrorist Finance Tracking Programme. Parliament has been involved, under the ordinary legislative procedure, in approving the data protection reform (see previous section). The new data protection rules will strengthen citizens fundamental rights in the digital age and facilitate business by simplifying rules for companies in the digital single market. Kristiina Milt 10/2017 Fact Sheets on the European Union - 2017 5

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback