Module 1: Data Protection Laws Flashcards
Universal Declaration of Human Rights
1948
United Nations General Assembly
Nonbinding.
Article 12: human right to privacy
Article 19: Right to free speech
Article 29(2): 12 & 19 not absolute and should be balanced
European Convention on Human Rights
1953
Council of Europe
International Treaty
Enforced by ECHR
Article 8: Privacy Article 10: freedom of expression and sharing info across national boundaries Article 10(2): Balance
Required member state ratification
Treaty of Rome
1958
Allowed the Data Protection Directive to be setup as a harmonizing measure
Enriched free trade
OECD Guidelines
1980 - Updated in 2013
Aimed to facilitate data flows and protect personal data in a global economy
Most widely recognized framework for fair information practices
What are the 8 OECD Principles?
- Collection limitation
- Data quality
- Purpose specification
- Use limitation
- Security safeguards
- Openness
- Individual participation
- Accountability
Convention 108
Council of Europe Convention
Council of Europe
- Differs from OECD because it requires signatories
- Principles must be applied in domestic legislation
Enforced by ECHR
Governs international data transfers (along with GDPR)
First data protection instrument for several Council of Europe member states
Convention 108
EU Data Protection Directive (95/46/EC)
European Commission
Set out general data protection principles and obligations, requiring EU member states to transpose and implement them.
Differed across member states
Formed the Article 29 Working Party
Charter of Fundamental Rights of the EU
2000
European Union Institutions
Comprehensive collection of individual’s rights including the fundamental right to the protection of personal data.
Ecommerce Directive
Directive 2000/31/EC
2000
Issues relating to personal data are outside of its scope
e-Privacy Directive
EU Directive on Privacy and Electronic Communications
2002
Legally binding on EU member states
Requires local implementation.
Generally applies to processing of personal data through public electronic communications services and networks in the EU.
EU Data Retention Directive (2006/24/EC)
2006
Annulled in 2014 by the Court of Justice of the EU
Treaty of Lisbon
2009
To strengthen and improve the core structures of the EU and help it function more efficiently.
Gave the Charter of Fundamental Rights of The EU full legal effect in the EU.
Treaty of Lisbon
General Data Protection Regulation (GDPR)
Became law in 2016
Replaced the Data Protection Directive and became enforceable on 25th of May 2018.
Directly applicable and enforceable by law
Provides one set of data protection rules for all
Allows member states a degree of tailoring
Forms the European Data Protection Board (EDPB)