Upload
jillian-horsley
View
216
Download
3
Embed Size (px)
Citation preview
COMNET Conference
Legal Frameworks for ICTs
Regulating Privacy
COMNET 2013 - MALTA - 07.03.2013
Ian DeguaraHead - Technical
Office of the Information and Data Protection Commissioner
MALTA
Fact Sheet - DPA
Role of the Commissioner
Recent Developments
Conclusive Remarks
1
2
3
4
COMNET 2013 - MALTA - 07.03.2013
Fact Sheet – DPA
COMNET 2013 - MALTA - 07.03.2013
Fact Sheet – Data Protection Authority
COMNET 2013 - MALTA - 07.03.2013
Legislative Background
Right to privacy – a fundamental human right established under article 8 of the European Convention for the Protection of Human Rights and Fundamental Freedoms;
European Convention Act (Cap. 319) makes provision for the substantive articles contained in the European Convention;
CoE Convention 108 on the protection of individuals with regard to the automatic processing of personal data; ratified in Feb ‘03;
Directive 95/46/EC; faithfully transposed under the Data Protection Act (Cap.440); brought fully into force on 15 July 2003;
Subsidiary legislation on, inter alia, the processing of personal data in
the electronic communications sector and by the Police.
Organisation
The Commissioner enjoys a distinct legal personality and is not subject to the direction or control of any other person or authority;
The Commissioner has the power of investigation, the power to engage in legal proceedings and the power of enforcement;
The Commissioner regulates both public and private sector;
Human resources - small staff built on teamwork who are generalists but with a specialisation (legal, IT and management);
Financial resources - by means of a parliamentary allocation (amounting to 50% of total revenue) in the form of a subvention. Notification fees and fines deriving from administrative penalties accrue as revenue to the Office’s coffers;
Volume of work – more than 10,000 notification forms received, an average of 45 official complaints received annually, 25 telephone queries per week and 50 monthly queries received by email;
Fact Sheet – Data Protection Authority
COMNET 2013 - MALTA - 07.03.2013
Fact Sheet – Data Protection Authority
Organisation
Raising awareness is one of the main functions of the Office which is primarily achieved by:
- delivering presentations;
- penning newspapers articles;
- participating in radio & TV interviews;
- posting information on the portal;
- holding sectorial meetings;
- activities of the annual Data Protection Day;
- liasing closely with the Data Protection Unit within OPM (a dedicated unit responsible to facilitate and coordinate the implementation of data protection in the public service);
As of April 2010 the Commissioner was vested with the additional functions and responsibilities emanating from the provisions of the Freedom of Information Act; brought into force on 1 Sept 2012.
COMNET 2013 - MALTA - 07.03.2013
Role of the Commissioner
COMNET 2013 - MALTA - 07.03.2013
The Commissioner is the sole National Supervisory Authority.
The Commissioner regulates both the private and public sector.
The Commissioner enjoys independence similar to that of a judge.
Role of the Commissioner
COMNET 2013 - MALTA - 07.03.2013
The Commissioner is responsible for the independent supervision of the data processing, including processing of law enforcement agencies by:
- ensuring compliance with the relevant instruments (Conventions/ Decisions) and data protection legislation; - ensuring that the citizen’s right of access, rectification and blocking is being respected;
- where there is refusal of such right, receiving and deciding an appeal by the data subject;
- carrying out such verifications and inspections as may be required.
Role of the Commissioner
COMNET 2013 - MALTA - 07.03.2013
Independence
The Information and Data Protection Commissioner –
is appointed by the Prime Minister after having consulted the Leader of the Opposition;
holds office for a period of 5 years and is eligible for reappointment on the expiration of his term of office;
can only be removed by a motion of the Prime Minister upon an address of the House of Representatives supported by the votes of not less than two-thirds of all the members;
Role of the Commissioner
COMNET 2013 - MALTA - 07.03.2013
Independence
may not hold any other office of profit; Article 37 of Act amended in December 2003;
takes oath of office before the Attorney General to carry
out duties without fear or favour;
is not subject to the direction or control of any other person or authority.
Role of the Commissioner
COMNET 2013 - MALTA - 07.03.2013
Independence
The Commissioner has a distinct legal personality and is capable of:
- entering into contracts;
- acquiring, holding and disposing of any kind of property for the purposes of his functions;
- suing and being sued;
- doing all such transactions as are incidental or conducive to the exercise of his functions.
Funding voted by the House of Representatives in the general estimates as a subvention.
Role of the Commissioner
COMNET 2013 - MALTA - 07.03.2013
Functions
The functions of the Data Protection Commissioner include:
to require the notification of processing operations and to keep a public register of such operations;
to exercise control and verification of whether the processing is carried out fairly and lawfully;
to intervene where a data subject is not allowed right of access by a data controller;
to verify the lawful processing of personal data falling under Article 13 of the Directive (secrecy, national security, etc.) - at the request of the data subject;
Role of the Commissioner
COMNET 2013 - MALTA - 07.03.2013
Functions
to receive reports, claims and complaints by data subjects taking remedial action where necessary;
to encourage the drawing up of codes of conduct by the various sectors;
to bring to the knowledge of the general public the provisions of the Act and to give advice to any person where it is required;
to advise Government on any legislative measures in relation to his functions; and
to collaborate with supervisory authorities of other countries.
Role of the Commissioner
COMNET 2013 - MALTA - 07.03.2013
Power of Investigation
To enable investigation the Commissioner has the right to -
- access personal data being processed;
- obtain information and documentation on the processing of personal data and its security;
- enter and search any premises with the same powers as are vested in the executive police.
Inspections may also be carried out at Law Enforcement Authorities subject to the Commissioner’s written authorisation. The outcome is reported directly and solely
to the Commissioner.
Role of the Commissioner
COMNET 2013 - MALTA - 07.03.2013
Power of Intervention
The Commissioner may order –
rectification where data is unlawfully processed;
a data controller to stop processing personal data (except
for storage):
- when rectification is not effected;
- when sufficient information cannot be obtained following an access request; or
- if the urgency of the matter so requires.
Role of the Commissioner
COMNET 2013 - MALTA - 07.03.2013
Power of Intervention
The Commissioner has also the power to issue a notice for erasure.
The notice may be appealed to the Court of Appeal within 15 days.
The notice becomes effective:
- after 15 days if no appeal is lodged; or
- after the Court of Appeal affirms the erasure order,
in case of an appeal.
Role of the Commissioner
COMNET 2013 - MALTA - 07.03.2013
The Commissioner may institute proceedings in a Court of law and may appear before the Appeals Tribunal and the Court of Appeal.
Similarly any person aggrieved by a decision of the Commissioner may appeal to the Data Protection Appeals Tribunal -
in writing; within 30 days from notification of the decision; on any of the following grounds -
- a material error concerning the facts;- a material procedural error;- an error of law;- some material illegality, including unreasonableness or
lack of proportionality.
Power to Engage in Legal Proceedings
Role of the Commissioner
COMNET 2013 - MALTA - 07.03.2013
Power to Engage in Legal Proceedings
Recourse to the Court of Appeal shall also lie to a party or to the Commissioner where they feel aggrieved from a decision of the Tribunal -
within 30 days from the decision; and
only on a question of law.
Role of the Commissioner
COMNET 2013 - MALTA - 07.03.2013
Power to Engage in Legal Proceedings
The Commissioner shall commence proceedings against any personwho –
provides untrue information to data subjects or to the Commissioner;
processes personal data in contravention of the criteria required to process - - sensitive personal data;
- data relating to criminal records or security measures;
illegally transfers personal data to a third country;
omits to give notification as required by law or provides untrue information in such notification.
Role of the Commissioner
COMNET 2013 - MALTA - 07.03.2013
Power of Enforcement
Penalties following court proceedings
On conviction a person may be liable to:
- a fine not exceeding €23,290;
- imprisonment for a term not exceeding six months;
OR
- both such fine and imprisonment.
Role of the Commissioner
COMNET 2013 - MALTA - 07.03.2013
Power of Enforcement
Administrative fines may be imposed by the Commissioner by an order in writing to the data controller, where –
- personal data is processed in an unlawful manner;
- appropriate security measures are not in place;
- a person does not comply with a lawful request relevant to an investigation by the Commissioner.
An administrative fine shall not exceed €23,290 for each violation, and €2,329 for each day during which a violation continues.
Role of the Commissioner
COMNET 2013 - MALTA - 07.03.2013
Recent Developments
COMNET 2013 - MALTA - 07.03.2013
Technological progress and globalisation have changed the way personal data is collected, accessed and used;
Common trends nowadays include internet profiling, behavioural and location based advertising;
Information is becoming increasingly exposed and vulnerable leading to security breaches, hacking or other unlawful action especially on the online environment;
Initiatives at EU level aimed towards facilitating information processing or exchange to enhance security and justice;
Privacy challenges are constantly on the increase;
Reform of the EU data protection legislative framework;
Recent Developments
COMNET 2013 - MALTA - 07.03.2013
On 25th January 2012, the EC proposed a comprehensive reform of the 1995 Data Protection Directive;
The main objective was to strengthen online privacy rights, boost Europe’s digital agenda and ensure a harmonised environment across the EU;
A regulation was considered to be the most appropriate legal instrument; direct applicability reduces legal fragmentation and provides more legal certainty;
The proposal introduces new rights and obligations, including:
- the right to be forgotten; - data protection by design and default; - personal data breach notification; - data protection impact assessment;
Recent Developments
COMNET 2013 - MALTA - 07.03.2013
Recent Developments
COMNET 2013 - MALTA - 07.03.2013
The proposed regulation also provides for:
- the setting up European Data Protection Board;
- hefty administrative sanctions;
- the adoption of implementing acts by the EC;
- a transition period of two years for the implementation of the provisions following its entry into force;
State of play – The Working Party on Information Exchange
and Data Protection (DAPIX) are progressing steadily on the article by article analysis of the proposed regulation.
No official date has been established for the adoption of such proposal. A possible date might be the end of 2013.
Conclusive Remarks
COMNET 2013 - MALTA - 07.03.2013
Information has become a fundamental tool for private and public sector entities;
Data Protection rights should be safeguarded;
Close collaboration between all stakeholders such as the Industry, Law Enforcement Agencies and the Commissioner to ensure effective data protection;
Education and awareness are the fundamentals to create a relationship of mutual trust.
Conclusive Remarks
COMNET 2013 - MALTA - 07.03.2013
CREATING THE RIGHT BALANCE BETWEEN
Need or Obligation for Data Processing
Data Protection Principles and Rights
Conclusive Remarks
COMNET 2013 - MALTA - 07.03.2013
Thank you!
Office of the Information and Data Protection Commissioner
Tel: (+356) 2328 7100 E-Mail: [email protected] Portal: www.idpc.gov.mt
The Floor is now open for discussion/questions
Contact Details
COMNET 2013 - MALTA - 07.03.2013