Upload
others
View
5
Download
0
Embed Size (px)
Citation preview
Data Protection and Privacy RightsSofia, 13-14 June 2019
Overview of the relevant developments in the field of data protection at EU level
Plamen Angelov, Director, DPA of Bulgaria[AD/2019/04]
With financial support from the Justice
Programme of the European Union
Content
2
1. EU legal framework:
1.1. GDPR
1.2. Law Enforcement Directive
1.3. EUI – GDPR
1.4. Draft legislative acts
2. Jurisprudence of ECJ
3. European Data Protection Board
4. Practice of the Bulgarian DPA
EU Legal Framework: GDPR
3
Regulation (EU) 2016/679 (General Data Protection Regulation):
❑ Complex legal nature
❑ Horizontal and overarching
❑ Application and supervision in the judicial system
EU Legal Framework: LED
4
Directive (EU) 2016/680 (Law Enforcement Directive):
❑ Scope: (1) Prevention, investigation, detection or prosecution of criminal offences or (2) the execution of criminal penalties, including (3) the safeguarding against and the prevention of threats to public security
❑ GDPR vs. LED: High level of harmonization but mutually exclusive
EU Legal Framework: EUI-GDPR
5
Regulation (EU) 2018/1725 (GDPR for EU Institutions and Bodies):
❑ Scope: Data processing by Union institutions, bodies, offices and agencies (except CSDP missions)
❑ Processing of operational personal data by Union bodies, offices and agencies - Eurojust
❑ European Data Protection Supervisor (EDPS)
EU Legal Framework: draft acts
6
❑ Proposal for Regulation on Privacy and Electronic Communications (ePrivacy Regulation)
❑ Proposal for Regulation on European production and preservation orders for electronic evidence in criminal matters (e-evidence)
ECJ Jurisprudence
7
❑ C-362/14 (Schrems): Essential guarantees in case of access by public authorities, powers of DPAs
❑ Joined cases C-293/12 and C-594/12 (Digital Rights Ireland), Joined cases C-203/15 and C-698/15 Tele2/Watson), C-207/16 (MinisterioFiscal): Data retention
❑ Opinion 1/15 of ECJ: Agreement between EU and Canada on transfer of PNR data
ECJ Jurisprudence (cont.)
8
❑ C-131/12 (Google Spain), C-398/15 (Salvatore Manni): right to be forgotten
❑ C-210/16 (Wirtschaftsakademie): Joint controllership of a Facebook fan page
❑ C-25/17 (Jehovah’s Witnesses), C-212/13 –(Ryneš): Household exemption
❑ Case C-434/16 (Nowak): Restrictions to right to access
European Data Protection Board
9
Mission: Contribute to the consistent application of the data protection rules in the EU
❑ The EDPB is:• An independent EU body with legal personality• Composed of EEA SAs + EDPS• Advisory role + Binding decisions + Consistency Opinions
❑ What the EDPB is NOT:• A super-regulator • Investigative or enforcement body
EDPB – Guidance
10
WP 29 guidelines endorsed by
EDPB (16 in total)
EDPB guidelines
Consent Certification and Accreditation
Transparency Territorial scope of GDPR
Automated decision-making and
Profiling
Derogations under Article 49 GDPR
Data Protection Officer Legal grounds for processing of
personal data in the context of
provision of online services
Data Protection Impact Assessment Codes of Conduct
Data breach notification
Administrative fines under GDPR
. . .
Lead SA
draft
measure
Concerned SAs
Lead SA adopts
measure
Lead SA assesses
the
objection
Updated
draft
measure
EDPB
Consistency
mechanism:
binding
decision
Objection
refused
Objection
accepted
Objection
Notification
No Objection
One-Stop-Shop Mechanism
GDPR Enforcement
12
Enforcement of GDPR lies with national Supervisory Authorities
National cases Cross-border cases
Practice of the Bulgarian DPA
13
❑ Amendment of the national Data Protection Act and sector-
specific legislation
❑ Opinions and practical guidance documents
❑ Practice on complaints and investigations
❑ National awareness campaign on GDPR
❑ The Chairman of the Bulgarian DPA – Deputy Chair of
EDPB
With financial support from the Justice
Programme of the European Union
Thank you!
For more information:
www.cpdp.bg
www.edpb.europa.eu