Chapter 1 - Intro to European Data Protection Flashcards
What was the rationale for data protection?
-During early 1970s there was increase in use of computers to process individual’s information
-Transborder trade encouraged by European Economic Community (EEC) encouraged rise in information sharing
-Automated storage of PI required new standards for individual control balanced with transborder flow of info.
What was the early challenges to create data protection standards?
-To maintain a balance between national level concerns for personal freedom and privacy with the ability to support free trade at the EEC level (European Economic Community).
What underlines EU data protection laws?
-That in the European Union, right to a private life and associated freedoms is considered fundamental human right.
When was the Universal Declaration of Human Rights adopted?
Adopted by General Assembly of United Nations on 10 December 1948
What is the Universal Declaration of Human Rights?
-Starting point for framing standards of protection for individuals.
-Was born after atrocities during WW2
-Contains specific provisions about right to private and family life and freedom of expression (basis for European data protection laws).
What are the key articles of the Universal Declaration of Human Rights?
-Article 12 -> Right to a private life and family and correspondence
-Article 19 -> Right to freedom of expression without interference (including media)
-Article 29(2) -> Individual rights are not absolute and there will be instances where balance must be struck.
When was the ECHR signed?
Rome 1950 - Council of Europe invited individual states to sign the ECHR
What is the European Convention of Human Rights (ECHR)
-International treaty to protect human rights and fundamental freedoms
-Applies only to member states
-All Council of Europe member states are party to ECHR & new members must ratify asap.
When did the ECHR enter into effect?
3 Sep 1953
Why is the ECHR important?
-Powerful instrument that protects a large scope of fundamental rights and freedoms (e.g., right to life/ prohibition of torture/ right to marry)
Who enforces the ECHR?
-European Court of Human Rights (ECtHR) in Strasbourg
-All rulings are binding on states concerned / can lead to amendment in legislation or change in government practice
-At request of Committee of Ministers of Council of Europe -> ECtHR may give advisory opinions concerning interpretation of ECHR
When and what was the ECtHR restructuring?
-1 Nov 1998
-Court system was restructured into a single full time Court of Human Rights
What are the key articles of the ECHR?
-Article 8 -> (not absolute right) Right to a private and family life and correspondence & no interference from public authority unless interests of national security/ public safety or economic well-being of country/ prevention of crime etc
-Article 10(1) - Right to freedom of expression (opinions etc) without interference of public authority
-Article 10(2) - Qualified right - so subject to conditions/ restritions / penalties necessary in democratic society & in interests of national security
What do both the UDHR and ECHR recognise?
The need for balance between the rights of individuals and the justifiable interference with these rights (recurring theme in data protection law).
Which countries took the lead in implementing early legislation aimed at controlling PI use by government agencies & large companies?
-7 countries
1. Austria
2. Denmark
3. France
4. Federal Republic of Germany
5. Norway
6. Sweden
7. Luxembourg
Which countries was data protection incorporated as a fundamental right in their constitutions?
- Spain
- Portugal
- Austria
What did the Council of Europe establish in the 1960s and why? (early regulations)
-Recommendation 509 on human rights and modern scientific developments
-From concern that national legislation did not adequately protect Article 8 ECHR right.
What were Resolutions 72/22 and 74/29?
-Built on Recommendation 509 by Council of Europe
-In 1973 and 1974
-Established principles for the protection of personal data in automated databanks in private & public sectors
What is the OECD and their role?
-The Organisation for Economic Co-operation and Development
-To achieve sustainable economic growth, sustainable employment & rising standard of living in both OECD members & nonmembers
What are the OECD Guidelines and when was it introduced?
-Published 23 Sep 1980
-Guidelines on Protection of Pirvacy and Transborder Flows of Personal Data
-Govern transborder data flows, protection of PI, harmonisation of DP law between countries.
-Do NOT draw distinction between public & private sectors.
-Neutral towards type of tech used/ no distinciton between manually or electronically gathered data
-Not legally binding but basis for countries with no legislation/ can be built into existing legislation
What is the significance of the OECD guidelines?
-Guidelines have far-reaching effect as OECD membership extends Europe
-To strike balance between protecting privacy and the rights/ freedoms of individuals without creating barriers to trade & allowing uninterrupted flow of personal data across national borders.
-Not legally binding but basis for countries with no legislation/ can be built into existing legislation
What are the important principles in the OECD guidelines?
- Collection Limitation Principle
- Data Quality Principle
- Purpose Specification Principle
- Use Limitation Principle
- Security Safeguards Principle
- Openness Principle
- Individual Participation Principle
- Accountability Principle
What is the Collection Limitation Principle? (OECD Guidelines)
PI must be collected fairfully and lawfully & where appropriate with individual consent
What is the Data Quality Principle? (OECD Guidelines)
PI must be relevant, complete, accurate & up to date