Chapter 1A: Origins and Historical Context of Data Protection Law Flashcards
What happened in the 1970s that encouraged a rise in information sharing?
Increase in the use of computers to process information about individuals, trans border trade, telecommunications
When was the Universal Declaration of Human Rights adopted? By who?
10 December 1948 by the General Assembly of the United Nations
What major event did the Universal Declaration of Human Rights follow?
World War II
Universal Declaration of Human Rights: “the inherent dignity…”
“…and the equal and unalienable rights of all members of the human race in the foundation of freedom, justice and peace in the world”.
The principles enshrined in the Universal Declaration of Human Rights set the basis for European data protection laws and standards. These principles related to…
Right to a private and family life and freedom of expression.
Article 12 of the Universal Declaration of Human Rights relates to the right to…
a private life and associated freedoms.
Article 19 of the Universal Declaration of Human Rights relates to the right to…
Freedom of expression.
The conflict between article 12 and article 19 of the Universal Declaration of Human rights is reconciled in article… what? What does it determine?
29(2) - individual rights are not absolute and balances must be struck
When and where did the Council of Europe invite individual states to sign the European Convention on Human Rights?
Rome, 1950.
What was the European Convention on Human Rights?
An international treaty to protect human rights and fundamental freedoms.
The European Convention of Human Rights applies to…
Council of Europe Member States - new members are expected to ratify ASAP.
The European Convention of Human Rights is enforced by a system of enforcement called… what? Where was it established?
European Court of Human Rights, established in Strasbourg,
What does the European Court of Human Rights do?
Examines breaches of the European Convention of Human Rights and ensures that stages comply with their obligations under ECHR Their rulings are binding on the states concerned and can lead to change of legislation or practice.
When was the European Court of Human Rights restructured into a single full time Court of Human Rights?
1st November 1998.
What does Article 8 of the European Convention of Human Rights protect?
The rights of individuals for their personal information to remain private (not absolute).
What does article 10 of the European Convention of Human Rights protect?
The freedom of expression and the right to share information and ideas across national boundaries.
The Council of Europe established a framework of specific principles and standards to prevent unfair collecting and processing of personal information as a result of concerns relating to emerging technology. What was this framework and when was it published?
Recommendation 509 on human rights and modern scientific and technological developments.
In 1973 the Council of Europe built on Recommendation 509 with…
Resolutions 73/22 and 74/29 which established principles for the protection of personal data in automated databanks in private and public sectors
What does OECD stand for?
Organisation for Economic Co-operation and Development
What is the role of the OECD?
To promote policies for high sustainable economic growth/employment and a rising standard of living. Contributing to the development of the world economy.
Where does OECD membership extend to?
Beyond Europe.
When did the OECD develop guidelines re: data protection?
1980.
What is the full name of the OECD ‘guidelines’?
Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.
What do the OECD’s guidelines do?
Lay out basic rules to govern transborder data flows and the protection of personal data/privacy to help the harmonisation of data protection law between countries.
Not legally binding; intended to flex to serve as a basis for legislation for countries that don’t have it or a set of principles to be built into existing legislation.
Who cooperated with the OECD to devise the OECD guidelines?
Council of Europe and the European Community.
When were the OECD guidelines published?
23 September 1980.
When did the OECD reaffirm its commitment to the guidelines?
1985 and 1998 via declarations.
What is the aim of the guidelines?
Strike a balance between protecting privacy/rights and freedoms of individuals without creating any barriers to trade and allowing the uninterrupted flow of personal data across national borders.
Is any distinction drawn between public and private sectors in the guidelines?
No. They are neutral, and also don’t make distinction between data collected electronically or otherwise.
What are the eight principles of the OECD guidelines?
- Collection limitation
- Data quality
- Purpose specification
- Use limitation
- Security safeguards
- Openness
- Individual participation
- Accountability principle
What is the collection limitation principle of the OECD guidelines?
Personal information must be collected fairly and lawfully and where appropriate with the knowledge or consent of the individual concerned.
What is the data quality principle of the OECD guidelines?
Personsal information must be relevant, complete, accurate and up to date.
What is the purpose specification principle of the OECD guidelines?
There must be a specified purpose for using the data and this must be specified no later than the point of collection and any further use should be within that purpose.
What is the use limitation principle of the OECD guidelines?
Any disclosure of personal information must be consistent with the purposes specified unless the individual has given consent or the data controller has lawful authority to do so.
What is the security safeguards principle of the OECD guidelines?
Reasonable security safeguards must be taken against risks such as loss, unauthorised access, destruction, use, modification or disclosure of personal data
What is the openness principle of the OECD guidelines?
There should be a general policy of openness with respect to uses of personal data, and the identity and location of the controller.
What is the individual participation principle of the OECD guidelines?
What an individual is entitled to receive from a controller re: a request for their personal information.
What is the accountability principle of the OECD guidelines?
A data controller should be accountable for complying with measures that ensure the principles stated in the guidelines.
OECD members should take into consideration implications for other member countries relating to…
Domestic processing and re-export of personal data
What is Convention 108’s full title?
The Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data
Who adopted Convention 108?
The Council of Europe.
When was Convention 108 opened for signature to the member states of the Council of Europe?
28 January 1981.
Why was Convention 108 not named the European Convention?
To signify that it’s open for signature to countries outside of Europe.
Which resolutions does Convention 108 consolidate and reaffirm?
1973 and 1974 resolutions