🔐
Digital Privacy Seminar
From the Data Protection Directive to the GDPR
Right to Privacy in the ECHR - Caselaw
S and Marper v United Kingdom (2008)
Peck v United Kingdom (2003)
K.U. v. Finland (2008)
EU sources of law
Privacy and Data Protection in the EU
Directive 95/46
Privacy and Data Protection in the CJEU Case Law
Lindqvist (Case C-101/01)
Promusicae v. Telefónica de España SAU (Case C-275/06)
Sabam v. Scarlet (Case C-70/10)
From Digital Rights Ireland to the GDPR
The ruling – C-293/12
Data Retention saga continues
Retention of data and the GDPR
From Google Spain to the GDPR
From Schrems to the GDPR
Schrems case
The GDPR
From a Directive to a Regulation?
Scope of application
Material Scope - Art. 2 GDPR
Territorial Scope - Art. 3 GDPR
Digital Privacy Seminar 1
, Principles
Accountability
Transparency
Purpose limitation
Data minimization
Accuracy
Storage limitation
Integrity and confidentiality
Consent and data subject rights
The consent
Legitimate interest
Explicit consent
Data subject’s rights
Data controller
Obligations of the data controller:
Data Processor
Obligations of the Data Processor:
Security of processing
Data breach notification
Records of processing activities
Data Protection Impact Assessment
Data Protection Officer
Appointment of the DPO
Position of the DPO
Transfer of personal data to third countries
Penalties
Big Data & GPPR
Principle of fairness and transparency
Legal grounds for processing
Principle of purpose limitaion
Data minimization
Accuracy
Difficulty to distinguish between different categories of data
Storage limitation
Integrity and risks involved with management of large quantities of data
Transfer data across jurisdictions
Automated decision-making
e-Privacy and Cybersecurity
The e-Privacy Directive
Scope of application of the e-Privacy Directive
Key provisions of the e-Privacy Directive
Relationship with GDPR
Digital Privacy Seminar 2
, The European Electronic Communications Code
What is Cybersecurity?
Cyber Resilience
The NIS Directive
The EU Cybersecurity Act
The EU Cyber Resilience Act
Summary
GDPR
Transition from Directive to Regulation
Scope of Application
Core Principles
Accountability
Transparency
Purpose Limitation
Data Minimization
Accuracy
Storage Limitation
Integrity and Confidentiality
Consent and Data Subject Rights
Controller Responsibility
Compliance Obligations
Valid Consent Criteria:
Exceptions to Consent:
Legitimate Interest
Special Categories of Data (Art. 9)
Covid-19 Pandemic Data Processing
Explicit Consent Requirements
Data Subject Rights:
Data Controller
Key Obligations:
Data Processor
Key Obligations:
Data Breaches
Data Breach Notification:
Records of Processing Activities:
Data Protection Impact Assessment (DPIA):
Data Protection Officer
Appointment of the DPO:
Position and Responsibilities of the DPO:
Transfer of Personal Data to Third Countries:
Penalties for Non-Compliance:
Big Data
Digital Privacy Seminar 3
, Problems with Regulating Big Data:
Impact of Big Data:
GDPR Principles in Big Data Context:
e-Privacy and Cybersecurity
e-Privacy Directive:
European Electronic Communications Code:
Cybersecurity:
EU Cyber Resilience Act:
Final Summary
GDPR (General Data Protection Regulation)
Data Processing and Processor Obligations
Data Breach and Notification
Data Protection Officer (DPO)
Big Data & GDPR
e-Privacy and Cybersecurity
From the Data Protection Directive to the
GDPR
Art. 8 ECHR (European Court of Human Rights): «Everyone has the right to
respect for his private and family life».
Right to private life/privacy (right to be let alone).
Convention of the Council of Europe No. 108/1981 for the Protection of
Individuals with regard to Automated Processing of Personal Data.
“Processing of personal data”: from privacy to data protection.
There shall be no interference by a public authority with the exercise of this
right (Art. 8 ECHR) except such as is in accordance with the law and is
necessary in a democratic society in the interests of national security, public
safety or the economic well-being of the country, for the prevention of disorder
or crime, for the protection of health or morals, or for the protection of the
rights and freedoms of others.
Right to Privacy in the ECHR - Caselaw
S and Marper v United Kingdom (2008)
The retention of DNA samples of individuals arrested who are later acquitted or
have the charges against them dropped constitutes a violation of the right to
Digital Privacy Seminar 4
Digital Privacy Seminar
From the Data Protection Directive to the GDPR
Right to Privacy in the ECHR - Caselaw
S and Marper v United Kingdom (2008)
Peck v United Kingdom (2003)
K.U. v. Finland (2008)
EU sources of law
Privacy and Data Protection in the EU
Directive 95/46
Privacy and Data Protection in the CJEU Case Law
Lindqvist (Case C-101/01)
Promusicae v. Telefónica de España SAU (Case C-275/06)
Sabam v. Scarlet (Case C-70/10)
From Digital Rights Ireland to the GDPR
The ruling – C-293/12
Data Retention saga continues
Retention of data and the GDPR
From Google Spain to the GDPR
From Schrems to the GDPR
Schrems case
The GDPR
From a Directive to a Regulation?
Scope of application
Material Scope - Art. 2 GDPR
Territorial Scope - Art. 3 GDPR
Digital Privacy Seminar 1
, Principles
Accountability
Transparency
Purpose limitation
Data minimization
Accuracy
Storage limitation
Integrity and confidentiality
Consent and data subject rights
The consent
Legitimate interest
Explicit consent
Data subject’s rights
Data controller
Obligations of the data controller:
Data Processor
Obligations of the Data Processor:
Security of processing
Data breach notification
Records of processing activities
Data Protection Impact Assessment
Data Protection Officer
Appointment of the DPO
Position of the DPO
Transfer of personal data to third countries
Penalties
Big Data & GPPR
Principle of fairness and transparency
Legal grounds for processing
Principle of purpose limitaion
Data minimization
Accuracy
Difficulty to distinguish between different categories of data
Storage limitation
Integrity and risks involved with management of large quantities of data
Transfer data across jurisdictions
Automated decision-making
e-Privacy and Cybersecurity
The e-Privacy Directive
Scope of application of the e-Privacy Directive
Key provisions of the e-Privacy Directive
Relationship with GDPR
Digital Privacy Seminar 2
, The European Electronic Communications Code
What is Cybersecurity?
Cyber Resilience
The NIS Directive
The EU Cybersecurity Act
The EU Cyber Resilience Act
Summary
GDPR
Transition from Directive to Regulation
Scope of Application
Core Principles
Accountability
Transparency
Purpose Limitation
Data Minimization
Accuracy
Storage Limitation
Integrity and Confidentiality
Consent and Data Subject Rights
Controller Responsibility
Compliance Obligations
Valid Consent Criteria:
Exceptions to Consent:
Legitimate Interest
Special Categories of Data (Art. 9)
Covid-19 Pandemic Data Processing
Explicit Consent Requirements
Data Subject Rights:
Data Controller
Key Obligations:
Data Processor
Key Obligations:
Data Breaches
Data Breach Notification:
Records of Processing Activities:
Data Protection Impact Assessment (DPIA):
Data Protection Officer
Appointment of the DPO:
Position and Responsibilities of the DPO:
Transfer of Personal Data to Third Countries:
Penalties for Non-Compliance:
Big Data
Digital Privacy Seminar 3
, Problems with Regulating Big Data:
Impact of Big Data:
GDPR Principles in Big Data Context:
e-Privacy and Cybersecurity
e-Privacy Directive:
European Electronic Communications Code:
Cybersecurity:
EU Cyber Resilience Act:
Final Summary
GDPR (General Data Protection Regulation)
Data Processing and Processor Obligations
Data Breach and Notification
Data Protection Officer (DPO)
Big Data & GDPR
e-Privacy and Cybersecurity
From the Data Protection Directive to the
GDPR
Art. 8 ECHR (European Court of Human Rights): «Everyone has the right to
respect for his private and family life».
Right to private life/privacy (right to be let alone).
Convention of the Council of Europe No. 108/1981 for the Protection of
Individuals with regard to Automated Processing of Personal Data.
“Processing of personal data”: from privacy to data protection.
There shall be no interference by a public authority with the exercise of this
right (Art. 8 ECHR) except such as is in accordance with the law and is
necessary in a democratic society in the interests of national security, public
safety or the economic well-being of the country, for the prevention of disorder
or crime, for the protection of health or morals, or for the protection of the
rights and freedoms of others.
Right to Privacy in the ECHR - Caselaw
S and Marper v United Kingdom (2008)
The retention of DNA samples of individuals arrested who are later acquitted or
have the charges against them dropped constitutes a violation of the right to
Digital Privacy Seminar 4
