Overview of the legal reports under workstream 2

41st Asia Pacific Privacy Authorities (APPA) Forum –
PHAEDRA Workshop Nr. 3: The EU Data Protection
Regulation and regional perspectives on improving
cooperation between DPAs, PCs and PEAs
Overview of the legal reports under
workstream 2
Gertjan Boulet
Wednesday, 18 June 2014, 13.20-15.20
Westin Chosun Hotel Seoul, 106 Sogong-ro, Jung-gu, Seoul
July 14, 2017
1
Workstream 2: legislative
review
Report 2.1: “A Compass towards best Elements
for Cooperation between Data Protection
authorities”
- 28 February 2014, updated 9 May 2014
Report 2.2: “Legal reflections for further
improving cooperation between data
protection authorities”
- 9 May 2014
July 14, 2017
2
Report 2.1 - Jurisdiction profiles
- (non)-EU countries
- Identification and review of
- general data protection laws
- enabling legislation: establishing and
empowering DPAs and creating a legal
basis for cooperation
- Key findings in questionnaires, annual
reports, press releases, websites
July 14, 2017
3
Report 2.1 - Jurisdiction profiles
Questionnaire, question 2
“What are the chief constraints on you in
achieving more co-operation and better coordination? Please rank in order of importance,
with 1 as most serious and 6 as least serious.”
July 14, 2017
4
Report 2.1 - Jurisdiction profiles
Frequency with which each constraint is ranked as of
high importance (1 or 2)
Limited budget or human resources
Legal constraints
Lack of info from other DPAs
Language differences
Other
34
32
23
4
3
High rank
July 14, 2017
5
Report 2.1 - Jurisdiction profiles
Observations
-In general: just one or two articles on
cooperation are sufficient to foster international
cooperation.
-BUT: which information can be shared?
Confidential information, professional secrecy.
-Problem expressed by Danish DPA: “the
divergence in opinions on what's important and
less important is more important than specific
legal constraints.”
-Lack of a harmonized EU DP legal framework,
different national laws & enforcement priorities
July 14, 2017
6
Report 2.1 - Networks between
DPAs
Binding networks
- Cooperation in the Convention 108 and its
additional protocol + modernisation
- Cooperation under Directive 95/46/EC
- Cooperation under proposal for a Data
Protection Regulation (GDPR)
-
Intra-EU (Arts 54-68)
Outside EU (Art 45)
July 14, 2017
7
OECD
Central & Eastern European
DPAs
French-speaking Association
of Personal Data Protection
Authorities
Ibero-American
Data Protection Network
APEC
Asia-Pacific
Privacy Authorities
International Conference
Of Data Protection
And Privacy Commissioners
Report 2.1 - Agreements between
DPAs
- Memorandum of Cooperation, Cooperation
Agreement, Collaboration Declaration,
Declaration on Further Collaboration,
Declaration of Intentions, Declaration on Joint
Co-operation …
- MoU between the DPA of Berlin and the Korea
Information Security Agency (28 November
2002)
July 14, 2017
9
Report 2.1 - Aims of
cooperation
Enforcement of privacy and data
protection laws
- coordination of policies in enforcement
matters
- coordination of enforcement methods
- sanctions
Mutual assistance between DPAs
Raising awareness activities
July 14, 2017
10
Report 2.1 – Forms of
cooperation
For various aims of cooperation
- Monitoring privacy and data protection laws in
other countries
- Sharing of standards and information
- Trainings & staff exchanges
- Projects between DPAs
Enforcement cooperation
- Mutual legal assistance
- Parallel or joint investigations
- Mutual recognition
July 14, 2017
11
Report 2.2 - Reflections on
instruments for cooperation
between DPAs
- Type of instrument: international
treaty, MoU, ...
- Scope: general or limited
- Nature: binding or non-binding
- Impact of level of harmonisation on
the choice of the instrument ?
July 14, 2017
12
Report 2.2 - Reflections on
independence of DPAs
- Article 16 Treaty of the Functioning of the
European Union (EU)
- Article 8 EU Charter of Fundamental Rights
- Article 28(1) Directive 95/46/EC
- Article 1(3) Additional Protocol to Convention
108
- §19(c) revised OECD Guidelines on the
Protection of Privacy and Transborder Flows of
Personal Data
July 14, 2017
13
Report 2.2 - Reflections on
independence of DPAs
European Commission versus
- Germany, 9 March 2010: German DPAs subject
to oversight by the state
- Austria, 6 October 2012: Federal Chancellor
has an unconditional right to information
covering all aspects of the work of the DPA
- Hungary, 8 April 2014: bringing to an end the
term served by the Hungarian DPA before expiry
of the full term
July 14, 2017
14
PHAEDRA project
www.phaedra-project.eu
July 14, 2017
15
Thank you!
[email protected]
July 14, 2017
16