The EU Data Protection Reform
|
|
- Claribel Shields
- 5 years ago
- Views:
Transcription
1 Background paper N 2 January 2015 The EU Data Protection Reform Clearswift The European Commission has published in 2012 a proposal for a new legal framework for the protection of personal data in the EU. The European Parliament and the Council of the EU are now working on the proposal, composed of a Regulation and a Directive. The reform could have important consequences for sport organisations, especially with regard to the fight against doping and match-fixing, which requires the collection and transfer of sensitive data. 1. The EU Data Protection Reform general state of play 2. Impact on sport 3. Analysis of most relevant topics for sport and recommendations
2 The European Commission has published in 2012 a proposal for a new legal framework for the protection of personal data in the EU (the existing Directive 95/46/EC dates back to 1995). The proposed framework consists of two legislative proposals: a Regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) and a Directive on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data. However, the specificity of sport, in particular its voluntary nature and its contribution to the public interest, has not been sufficiently taken into account in the Commission s proposal. The reform could therefore jeopardise the capacity of sport organisations to effectively fight against doping and match-fixing if adequate provisions are not included. 1. The EU Data Protection Reform general state of play January 2012 Legislative proposals published by the European Commission October 2012 Debate starts in Council October 2013 Vote in LIBE committee (European Parliament) March st reading position adopted by European Parliament December 2014 Council has reached partial general approach on public sector provisions, rules on territorial scope, chapter IV, chapter V. However, the rule is nothing is agreed until everything is agreed. Spring Trilogues are expected to start EP Rapporteurs General Data Protection Regulation LIBE Jan Philipp ALBRECHT (Greens, DE) Directive LIBE Marju LAURISTIN (S&D, EST) Shadows: EPP Axel VOSS (DE) EPP Axel VOSS (DE) S&D Marju LAURISTIN (EST) Greens Jan Philipp ALBRECHT (DE) ALDE Sophia IN T VELD (NL) ALDE Sophia IN T VELD (NL) ECR Timothy KIRKHOPE (UK) ECR Timothy KIRKHOPE (UK) GUE/NGL Cornelia ERNST (DE) GUE/NGL Cornelia ERNST (DE) 2
3 Opinion rapporteurs: EMPL Nadja HIRSCH (ALDE, DE) ITRE Sean KELLY (EPP, IRL) IMCO Lara COMI (EPP, IT) JURI Marielle GALLO (EPP, FR) JURI Axel VOSS (EPP, DE) 2. Impact on sport Council configuration : Justice and Home Affairs (JHA) Sport organisations have implemented methods to fight against doping and match-fixing which require the transfer of sensitive data. The reform of personal data protection could make it more difficult to collect and transfer these sensitive data. Such a situation is highly paradoxical since European institutions repeatedly called upon sport organisations to take up their responsibility in fighting doping and match-fixing and in preserving the integrity of sport Calls on sport organisations to fight against doping and match-fixing The European institutions and the Council of Europe have repeatedly emphasized the need to fight more efficiently against doping and match-fixing, including through the exchange of information: - Council of Europe Convention on the Manipulation of Sports Competitions (CETS No. 215), July 2014, signed by 8 EU Member States already Recital: Emphasizing that sports organisations bear the responsibility to detect and sanction the manipulation of sports competitions committed by persons under their authority Article 7.1: Each Party shall encourage sports organisations and competition organisers to adopt and implement rules to combat the manipulation of sports competitions ( ). Article 12.1: Without prejudice to Article 14, each Party shall facilitate, at national and international levels and in accordance with its domestic law, exchanges of information between the relevant public authorities, sports organisations, competition organisers, sports betting operators and national platforms. In particular, each Party shall undertake to set up mechanisms for sharing relevant information when such information might assist in the carrying out of the risk assessment referred to in Article 5 and namely the advanced provision of information about the types and object of the betting products to the competition organisers, and in initiating or carrying out investigations or proceedings concerning the manipulation of sports competitions. Article 14.1: Each Party shall adopt such legislative and other measures as may be necessary to ensure that all actions against the manipulation of sports competitions comply with relevant 3
4 national and international personal data protection laws and standards, particularly in the exchange of information covered by this Convention. - European Commission s Communication on the European dimension in sport, 18 January 2011 EU action can help address transnational challenges encountered by sport in Europe such as a coordinated approach to the challenge of doping, fraud and match-fixing. - European Commission s Communication Towards a comprehensive European framework for online gambling, 23 October 2012 Match fixing runs contrary to the principle of fairness in sporting competitions, which is one of the objectives of EU action in the field of sport (Article 165 TFEU). Addressing the issue requires concerted and coordinated efforts from public authorities, sport organisations and gambling operators. - European Parliament s resolution on the European dimension in sport, 2 February 2012 Article 30: Is in favour of greater harmonisation of legislation in order to achieve effective cooperation on the part of the police and the judiciary in the fight against doping and other kinds of manipulation of sports events Article 86: Calls on the European Commissions to tackle the opacity of transfers and matchfixing ( ). - Council Conclusions on combating match-fixing, November 2011 Article 2.1: Match-fixing is besides doping one of the most significant threat to contemporary sport and damages the image of sport by jeopardizing the integrity and unpredictability of sporting competition. Article 3.1: Encourage close cooperation and information sharing between all interested stakeholders in order to combat match-fixing in an effective way ( ) 4
5 - Council Expert Group on good governance : deliverable on principles of good governance in sport, September 2013 In the areas such as match fixing and doping, sporting bodies should continue to develop and apply relevant rules, codes of conduct and educational programmes for its participants and take other steps to minimise the prospect of misconduct by adopting sound financial management principles whilst governments should ensure that relevant laws are fit for purpose and the resources exist that enable law enforcement bodies to take appropriate action when required The potential consequences of the reform on the fight against doping and match-fixing Certain elements in the current proposals create the risk of hindering the hosting of sports events in Europe, penalising European athletes wishing to participate in international competitions and jeopardising joint efforts to effectively fight doping and match-fixing. Furthermore, the current reform could have a negative impact on the fight against organised crime, particular linked to sport. Besides the organisation of sports events, the Olympic Sports Movement is responsible for the development of sport, from grassroots participation to elite competitions, and for the protection of the integrity of competitions against doping and match-fixing. These different activities may require the IOC, the EOC and other sports organisations to process personal data of athletes and other participants, for instance in the following cases: a) investigation of match-fixing cases linked to betting and or other breaches of the IOC Code of Ethics; b) anti-doping controls and investigations; c) accreditation of athletes and other participants to sport events such as the Olympic Games, European Games and Youth Olympic Games; d) sale of tickets to sport events of such as Olympic Games and European Games; e) management and transfer of competitions results; f) communication of athletes biographies to media organisations; g) coordination of various projects for the development of sport and the promotion of Olympic values; h) conservation of archives for the legacy of the Olympic Movement. If the new legal framework on data protection does not take into account the specificities of sport, it would create major obstacles to carry out essential activities by the IOC and other sports organisations. The Data Protection Regulation should thus be applied in respect of the principle of sports specificity as guaranteed by Article 165 TFEU. 5
6 3. Analysis of most relevant topics for sport and recommendations The proposed Regulation details in which cases the processing of personal data is lawful (article 6): - Consent given by the data subject - Necessary for the performance of a contract to which the data subject is party - Necessary for compliance with a legal obligation - Public interest - Legitimate interests pursued by a controller - Necessary for the purposes of historical, statistical or scientific research Some of these points are of crucial importance for the Olympic Sports Movement: - The definition of consent - The definition of public interest - The definition of categories of data that benefit from a derogation With regard to the directive, it lays down the rules relating to the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences and the execution of criminal penalties. It covers therefore the fight against sports fraud insofar as such as fraud is legally defined as a criminal offence. Considering that the directive does not specify which kinds of offences are covered, the Olympic Sports Movement does not ask for specific amendments on the directive but reiterates its call for sports fraud to be legally defined as a criminal offense at EU level or within all Member States of the EU The definition of consent European Commission s proposal Article 4.8 of the regulation defines a data subject s consent as: any freely given specific, informed and explicit indication of his or her wishes by which the data subject, either by a statement or by a clear affirmative action, signifies agreement to personal data relating to them being processed. Article 7 further clarifies the conditions for consent. However it remains to be seen how free consent will be defined in practice. Recital 33 for instance mentions that in order to ensure free consent, it should be clarified that consent does not provide a valid legal ground where the individual has no genuine and free choice and is subsequently not able to refuse or withdraw consent without 6
7 detriment. Especially to withdraw consent without detriment might be an issue that needs further examination. So if consent is to be applied as a legal basis for processing data of athletes, it therefore has to be shown that this consent has been free, explicit and informed. With regard to the Olympic Games, athletes are free to choose if they want to participate in the competitions. If they want to participate, they provide consent via the accreditation mechanism (e.g. signing of an entry form). It can therefore be argued that this consent is free, explicit and informed. However, the Article 29 Data Protection Working Party has on numerous occasions (e.g. opinion in August 2008, opinion in April 2009, letter to Commissioner Vassiliou in February 2012) questioned if the consent provided by athletes within the structure of the World Anti-Doping Code can really be considered as free. The World Anti-Doping Agency (WADA) has been in contact with the Working Party and openly disagrees with the Working Party on this point, claiming that the consent is both free and informed. It seems therefore that even though consent might be applicable as a legal basis from the point of view of the sports world, it could still be questioned by for instance professional players associations (e.g. EU Athletes) European Parliament Compared to the proposal of the Commission, the Parliament has deleted the reference to a significant imbalance between the position of the data subject and the controller (article 7.4), which is positive. The Parliament has also added that it shall be as easy to withdraw consent as to give it (article 7.3). No agreement yet EU Council However, it is to be noted that on article 44 of the Regulation, which lists the derogations admissible, the Council has added explicitly to the provision regarding consent (point a), but the change has no major consequences since it was already clear that consent has to be explicit. 7
8 Article 44 as amended by the Council a) the data subject has explicitly 1 consented to the proposed transfer, after having been informed that such transfers may involve risks for the data subject due to the absence of an adequacy decision and appropriate safeguards; Our recommendation The reference to a significant imbalance between the position of the data subject and the controller in the Commission s proposal could be used by an athlete to contest processing of his/her data in the frame of the fight against doping. It would create legal uncertainty and should therefore be deleted, as proposed by the European Parliament. More generally, the question of whether the processing of data in the frame of the fight against doping or match-fixing is considered as lawful because of the consent of the athlete remains subject to legal uncertainty. Therefore, the Regulation should provide another clear legal basis, e.g. public interest, for the processing of data in the frame of the fight against doping but also against the manipulation of sports competition, which is not covered by the consent of the data subject The definition of public interest European Commission s proposal Article 6.1 of the Regulation lists public interest as one of the possible grounds for data processing: processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller (point e). Article 44 of the Regulation also lists a number of derogations for a transfer or a set of transfers of personal data to a third country or an international organisation, including important grounds of public interest (point d). Related to this article, recital 87 provides further information on the derogations admissible for reasons of public interest European Parliament The proposed amendment to recital 87 of the Regulation (derogations should apply to bodies responsible for fighting against match-fixing and fraud in sport ) has not been taken up by the Parliament. 1 UK thought the question of the nature of the consent needed to be discussed in a horizontal manner. 8
9 The Parliament has however added a derogation for transfers between services competent for public health without specifically mentioning doping, which the Council has (see below). Still in recital 87 of the regulation, the Parliament has also added a reference to the prevention of money laundering and the fight against terrorist financing, which could partially cover the fight against manipulation of sport competitions. Recital 87 as amended by the European Parliament (87) These derogations should in particular apply to data transfers required and necessary for the protection of important grounds of public interest, for example in cases of international data transfers between competition authorities, tax or customs administrations, financial supervisory authorities, between services competent for social security matters or for public health, or to competent public authorities for the prevention, investigation, detection and prosecution of criminal offences, including for the prevention of money laundering and the fight against terrorist financing. ( ) EU Council While the European Parliament has added public health to the list of derogations, the Council has gone further and mentioned the fight against doping as an example of derogation admissible under the notion of public health in recital 87 Recital 87 as amended by the Council These rules should in particular apply to data transfers required and necessary for important reasons of public interest, for example in cases of international data exchange, between competition authorities, between tax or customs administrations, between financial supervisory authorities, between services competent for social security matters or for public health, for example in case of contact tracing for contagious diseases or in order to reduce and/or eliminate doping in sport. In article 44, the Council also replaced public interest with important reasons of public interest (point d). The consequences of this amendment could be to restrict a bit the coverage of public interest derogations. Article 44 as amended by the Council d) the transfer is necessary for important reasons of public interest 2 2 DE remarked that the effects of (d) in conjunction with paragraph 5 need to be examined, in particular with respect to the transfer of data on the basis of court judgments and decisions by administrative authorities of third states, and with regard to 9
10 Our recommendation The inclusion by the Council of a reference to doping in recital 87, which specifies the notion of public interest, is important for the Olympic Sports Movement and should be kept in the text. The Parliament s amendment adding the the prevention of money laundering and the fight against terrorist financing is also welcome, but should be completed by a clear reference to the prevention of the manipulation of sports competition. Suggested amendment (based on EP and Council current text) Proposal for Regulation Recital 87 (87) These derogations should in particular apply to data transfers required and necessary for the protection of important grounds of public interest, for example in cases of international data transfers between competition authorities, tax or customs administrations, financial supervisory authorities, between services competent for social security matters or for public health, for example in case of contact tracing for contagious diseases or in order to reduce and/or eliminate doping in sport, to competent public authorities for the prevention, investigation, detection and prosecution of criminal offences, including for the prevention of money laundering, the prevention of manipulation of sports competitions and the fight against terrorist financing. ( ) 3.3. Special categories of data European Commission s proposal Article 9.1 of the regulation lists the different categories of data that are prohibited to be processed, except in a limited number of situations. It includes genetic or biometric data or data concerning health. Article 9.2 provides derogations in which the processing of data listed in 9.1 is authorized European Parliament Biometric has been added by the Parliament. An amendment on article 9.2 to include non-profitseeking body with a sporting aim within the list of entities authorised to process special categories of data has not been adopted by the Parliament. existing mutual legal assistance treaties. IT raised reservations on the (subjective) use of the concept of public interest. HR suggested adding 'which is not overridden by the legal interest of the data subject'. 10
11 EU Council No agreement yet Our recommendation An amendment to article 9.2 to include non-profit-seeking body with a sporting aim within the list of entities authorised to process special categories of data should be included. It would allow sport organisations to continue their efforts to organize fair and open competitions and to fight efficiently against doping and match-fixing. Furthermore, this derogation clearly states that processing is carried out in the course of the body s legitimate activities and that such data are not disclosed outside that body without the consent of the data subjects. Suggested amendment Proposal for Regulation Article 9, Para 2, point d (d) processing is carried out in the course of its legitimate activities with appropriate safeguards by a foundation, association or any other non-profit-seeking body with a political, philosophical, religious, sporting or trade-union aim and on condition that the processing relates solely to the members or to former members of the body or to persons who have regular contact with it in connection with its purposes and that the data are not disclosed outside that body without the consent of the data subjects; Conclusion The Olympic Sports Movement welcomes the reform of the EU data protection legal framework, which needs to be adapted to ensure a high level of data protection to all citizens. However, the Olympic Sports Movement is concerned that this reform would prevent sports organisations to organise fair and open competitions and efficiently fight against doping and match-fixing, repeatedly defined as priorities by the EU itself. In other words, if the data protection reform does not take into account sport specificities, the EU could paradoxically put in jeopardy its own desire to see sport remaining clean. Although several Members of the LIBE Committee of the European Parliament had submitted amendments in line with the position of the Olympic Sports Movement, both on the Regulation and on the Directive, none of the amendments have been taken up in the reports of the LIBE Committee and consequently in the 1 st reading position adopted by the Parliament in March The texts adopted by the Parliament therefore do not sufficiently take into account the sport 11
12 sector s specificities and do not clearly mention the fight against doping or match-fixing for instance. As a consequence, the texts adopted in 1 st reading by the Parliament would, as such, create legal uncertainties for the Olympic Sports Movement. The Council has been more open to take into consideration sports specificities. It has included a mention of the fight against doping but has not, however, included mention of the fight against match-fixing. In view of the upcoming Council negotiations and trilogues, the Olympic Sports Movement recommends: - To clarify the definition of public interest as covering the fight against doping and the prevention of manipulation of sports competitions (recital 87 of the regulation); - To list sports organisations among the entities that can process special categories of data including data concerning health, insofar as it is done in the frame of legitimate activities, such as organising fair and open competitions (article 9.2 of the regulation). Also, further from the Data Protection Reform, the Olympic Sports Movement calls for sports fraud to be legally defined as a criminal offence at EU level or within all Member States of the EU. 12
Committee on Civil Liberties, Justice and Home Affairs WORKING DOCUMENT. Committee on Civil Liberties, Justice and Home Affairs
EUROPEAN PARLIAMT 2009-2014 Committee on Civil Liberties, Justice and Home Affairs 06.07.2012 WORKING DOCUMT on the protection of individuals with regard to the processing of personal data and on the free
More informationEUROPEAN DATA PROTECTION SUPERVISOR
26.7.2014 EN Official Journal of the European Union C 244/15 EUROPEAN DATA PROTECTION SUPERVISOR Executive summary of the Opinion of the European Data Protection Supervisor on the package of legislative
More information10366/15 VH/np DGD 2C LIMITE EN
Council of the European Union Brussels, 2 July 2015 (OR. en) Interinstitutional File: 2012/0011 (COD) 10366/15 LIMITE DATAPROTECT 110 JAI 511 MI 422 DIGIT 53 DAPIX 116 FREMP 145 COMIX 302 CODEC 948 NOTE
More informationThe Society of St Stephen s House Site Security and Monitoring Privacy Notice
This privacy notice applies to data processing activities undertaken by The Society of St Stephen s House for security and monitoring relating to staff, students and visitors to College premises A summary
More information(2007/C 255/02) Having regard to the Treaty establishing the European Community, and in particular its Article 286,
27.10.2007 C 255/13 Opinion of the European Data Protection Supervisor on the Proposal for a Council Decision establishing the European Police Office (Europol) COM(2006) 817 final (2007/C 255/02) THE EUROPEAN
More informationTrinity is committed to protecting the privacy and security of personal data.
This privacy notice applies data processing activities undertaken by Trinity College for security and monitoring relating to staff, students and visitors to Trinity premises including CCTV, other security
More informationBrasenose College is committed to protecting the privacy and security of personal data.
This privacy notice (v1.2) applies to data processing activities undertaken by Brasenose College for security and monitoring relating to staff, students and visitors to College premises including CCTV,
More informationEU GENERAL DATA PROTECTION REGULATION
EU GENERAL DATA PROTECTION REGULATION GENERAL INFORMATION DOCUMENT This resource aims to provide a general factsheet to Asia Pacific Privacy Authorities (APPA) members, in order to understand the basic
More informationDRAFT OPINION. EN United in diversity EN. European Parliament 2016/0404(COD) of the Committee on Legal Affairs
European Parliament 2014-2019 Committee on Legal Affairs 2016/0404(COD) 31.3.2017 DRAFT OPINION of the Committee on Legal Affairs for the Committee on the Internal Market and Consumer Protection on the
More informationTEXTS ADOPTED PART II. United in diversity. at the sitting of. Wednesday 5 May 2010 EUROPEAN PARLIAMENT
EUROPEAN PARLIAMT 2010-2011 TEXTS ADOPTED PART II at the sitting of Wednesday 5 May 2010 P7_TA-PROV(2010)05-05 PROVISIONAL EDITION PE 440.543 United in diversity P7_TA-PROV(2010)0144 Passenger Name Record
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY In Zagreb, 25 May 2018 Contents: 1. DEFINITIONS 2. GENERAL PROVISIONS 3. DATA PROTECTION CONTROLLER 4. PRINCIPLES OF DATA PROCESSING 5. LAWFULNESS OF DATA PROCESSING 6. DATA THAT
More informationMessage 791 Communication from the Commission - SG(2012) D/50777 Directive 98/34/EC Notification: 2011/0188/D
Message 791 Communication from the Commission - SG(2012) D/50777 Directive 98/34/EC Notification: 2011/0188/D Reaction of the Commission to the response of a Member State notifying a draft regarding a
More informationEUROPEAN DATA PROTECTION SUPERVISOR
20.2.2009 EN C 42/1 I (Resolutions, recommendations and opinions) OPINIONS EUROPEAN DATA PROTECTION SUPERVISOR Opinion of the European Data Protection Supervisor on the Proposal for a Council Decision
More informationConstitution for Europe
Représentant les avocats d Europe Representing Europe s lawyers Constitution for Europe Constitution for Europe Introduction The Treaty establishing a Constitution for Europe was adopted by the 25 European
More informationData Protection Policy. Data protection. Date: 28/4/2018. Version: 1. Contents
Company Name: Document: Topic: System People ( the Company ) Data Protection Policy Data protection Date: 28/4/2018 Version: 1 Contents Introduction Definitions Data processing under the Data Protection
More informationRSD Technology Limited - Data protection policy: RSD Technology Limited ( the Company )
RSD Technology Limited - Data protection policy: Introduction Company Name: Document DP3 Topic: RSD Technology Limited ( the Company ) Data Protection Policy Data protection Date: 25 th May 2018 Version:
More informationTimePlan Education Group Ltd ( the Company ) Data Protection. Date: April Version: 001. Contents
Company Name: Document DP3 Topic: ( the Company ) Data Protection Policy Data Protection Date: April 2018 Version: 001 Contents Introduction Definitions Data processing under the Data Protection Laws 1.
More informationEUROPEAN PARLIAMENT. Committee on Civil Liberties, Justice and Home Affairs (8958/2004 C6-0198/ /0813(CNS))
EUROPEAN PARLIAMT 2004 2009 Committee on Civil Liberties, Justice and Home Affairs PROVISIONAL 2004/0813(CNS) 18.4.2005 * DRAFT REPORT on the initiative by the French Republic, Ireland, the Kingdom of
More informationP Drive_GDPR_Data Protection Policy_May18_V1. Skills Direct Ltd ( the Company ) Data protection. Date: 21 st May Version: Version 1.
Company Name: Document DP3 Topic: Skills Direct Ltd ( the Company ) Data Protection Policy Data protection Date: 21 st May 2018 Version: Version 1 Contents Introduction Definitions Data processing under
More informationDIRECTIVE (EU) 2018/958 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
9.7.2018 Official Journal of the European Union L 173/25 DIRECTIVE (EU) 2018/958 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 28 June 2018 on a proportionality test before adoption of new regulation
More informationEDPS Opinion on safeguards and derogations under Article 89 GDPR in the context of a proposal for a Regulation on integrated farm statistics
Opinion 10/2017 EDPS Opinion on safeguards and derogations under Article 89 GDPR in the context of a proposal for a Regulation on integrated farm statistics 20 November 2017 1 P a g e The European Data
More informationThe National Office for Gambling - new structure to coordinate activities in the field of gambling in Romania
The National Office for Gambling - new structure to coordinate activities in the field of gambling in Romania Associate professor Marius PANTEA, Ph.D Police Department, Police Faculty Alexandru Ioan Cuza
More informationDRAFT Speaking Points: The OLAF model after 1999: where are we?
DRAFT Speaking Points: The OLAF model after 1999: where are we? Introduction the original OLAF model of 1999 It s an understatement to say that since 1999, the world in general and the European Union in
More informationAnalysis. Second version. The Proposed Data Protection Regulation: What has the Council agreed so far?
Analysis Second version The Proposed Data Protection Regulation: What has the Council agreed so far? Steve Peers, Professor of Law, University of Essex, Twitter: @StevePeers 13 March 2015 Introduction
More informationcloser look at Definitions The General Data Protection Regulation
A closer look at Definitions The General Data Protection Regulation September 2017 V1 www.inforights.im Important This document is part of a series, produced purely for guidance, and does not constitute
More informationIon RUSU, Ph.D Danubius University, Galati, Romania Lawyer, Vrancea Bar Introduction
Cross-border exchange of information between the member states of the European Union aimed at preventing and combating violations of traffic rules affecting road safety. Some critical opinions, Ph.D Danubius
More informationPRIVACY NOTICE FOR JOB APPLICANTS
PRIVACY NOTICE FOR JOB APPLICANTS 1. General Information 1.1 Derby County Football Club are committed to protecting the privacy and security of your personal information. 1.2 Under data protection law,
More informationThis document is meant purely as a documentation tool and the institutions do not assume any liability for its contents
2012R1024 EN 17.06.2014 002.001 1 This document is meant purely as a documentation tool and the institutions do not assume any liability for its contents B REGULATION (EU) No 1024/2012 OF THE EUROPEAN
More informationThe Reform of European Data Protection Law
The Reform of European Data Protection Law - Why does it matter to the discussion? - RA Annabel Seebohm, LL.M. Legal Advisor, World Medical Association. The WMA Copenhagen meeting On Health Databases and
More informationEUROPEAN DATA PROTECTION SUPERVISOR
10.4.2008 C 89/1 I (Resolutions, recommendations and opinions) OPINIONS EUROPEAN DATA PROTECTION SUPERVISOR Opinion of the European Data Protection Supervisor on the Initiative of the Federal Republic
More informationData Protection Policy
Data Protection Policy Version Date Revision Author Summary of Changes 1.0 21 st May 2018 Ashleigh Morrow EXECUTIVE STATEMENT At CASTLEREAGH NURSERY SCHOOL (the School ), we believe privacy is important.
More informationAmended draft European Council (Art. 50) guidelines following the United Kingdom's notification under Article 50 TEU.
Amended draft European Council (Art. 50) guidelines following the United Kingdom's notification under Article 50 TEU. On 29 March 2017, the European Council received the notification by the United Kingdom
More informationTHE REGULATORY AUTHORITIES
EN EN EN EUROPEAN COMMISSION Brussels, 22 January 2010 COMMISSION STAFF WORKING PAPER INTERPRETATIVE NOTE ON DIRECTIVE 2009/72/EC CONCERNING COMMON RULES FOR THE INTERNAL MARKET IN ELECTRICITY AND DIRECTIVE
More information11th Conference on Data Protection and Data Security - DuD 2009 Berlin, 8 June 2009
11th Conference on Data Protection and Data Security - DuD 2009 Berlin, 8 June 2009 "Data Protection in the Light of the Lisbon Treaty and the Consequences for Present Regulations" Peter Hustinx European
More informationTEXTS ADOPTED. having regard to the Treaties, and in particular to Articles 2, 3, 4 and 6 of the Treaty on European Union (TEU),
European Parliament 2014-2019 TEXTS ADOPTED P8_TA(2016)0344 Recent developments in Poland and their impact on fundamental rights as laid down in the Charter of Fundamental Rights of the European Union
More informationData Protection Practitioners Conference 2018 #DPPC2018. Lawful basis myths
Data Protection Practitioners Conference 2018 #DPPC2018 Myth #1 This lawful basis stuff is all new. Reality It s not new. The six lawful bases for processing are very similar to the old conditions for
More informationProposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Directive 2003/88/EC concerning certain aspects of the organisation of working time (presented by the Commission) EN 1 EN
More informationINTERNATIONAL WHAT GDPR MEANS FOR RECORDS MANAGEMENT
WHAT GDPR MEANS FOR RECORDS MANAGEMENT Presented by: Sabrina Guenther Frigo Overview Background Basic Principles Scope Lawful Processing Data Subjects Rights Accountability & Governance Data Transfers
More informationSCHOOLS DATA PROTECTION POLICY. Guidance Notes for Schools
SCHOOLS DATA PROTECTION POLICY Guidance Notes for Schools Please read this policy carefully and ensure that all spaces highlighted in the document are completed prior to publication. Please ensure that
More informationWHAT PAYROLL PROFESSIONALS NEED TO KNOW ABOUT THE GENERAL DATA PROTECTION
WHAT PAYROLL PROFESSIONALS NEED TO KNOW ABOUT THE GENERAL DATA PROTECTION REGULATION (GDPR) WHAT PAYROLL PROFESSIONALS NEED TO KNOW ABOUT THE GENERAL DATA PROTECTION REGULATION (GDPR) Published by: The
More informationCommittee on Civil Liberties, Justice and Home Affairs. of the Committee on Civil Liberties, Justice and Home Affairs
European Parliament 2014-2019 Committee on Civil Liberties, Justice and Home Affairs 2018/0111(COD) 24.9.2018 DRAFT OPINION of the Committee on Civil Liberties, Justice and Home Affairs for the Committee
More informationgdpr walkthrough lawful basis for processing
gdpr walkthrough lawful basis for processing disclaimer: this is not legal advice lawful basis for processing introduction Your Lawful Basis for Processing is your justification that you are allowed to
More informationDRAFT MOTION FOR A RESOLUTION
European Parliament 2014-2019 Plenary sitting B[8-0000/2017] [29.03.2017] DRAFT MOTION FOR A RESOLUTION to wind up the debate on negotiations with the United Kingdom following its notification that it
More informationDRAFT. Desiring to settle, in conformity with the Treaties, certain issues raised by the United Kingdom in its letter of 10 November 2015,
Delegations will find attached a revised version of the draft Decision of the Heads of State or Government, meeting within the European Council, concerning a New Settlement for the United Kingdom within
More informationThe Data Controller for all personal data stored and processed by Horiba MIRA Ltd is:
Page 1 of 8 Owned By: Data Protection Officer Review Due: March 2020 DATA PRIVACY POLICY It is the policy of Horiba MIRA Ltd (MIRA) that it shall at all times respect the privacy of individuals by processing
More informationDATA PROTECTION POLICY VERSION 1.0
VERSION 1.0 1 Department of Education and Skills Last updated 21 May 2018 Table of Contents 1. Introduction... 4 2. Scope & purpose... 4 3. Responsibility for this policy... 5 4. Data protection principles...
More informationPrivacy Notice. The Kind of Information We Hold About You
Wigan Leisure & Culture Trust, trading as Inspiring healthy lifestyles ( a Data Controller ) is committed to protecting the privacy and security of your personal information. This privacy notice explains
More informationDelegations 1 will find attached the guidelines adopted by the European Council (Art. 50) at the above meeting.
European Council Brussels, 23 March 2018 (OR. en) EUCO XT 20001/18 BXT 25 CO EUR 5 CONCL 2 NOTE From: General Secretariat of the Council To: Delegations Subject: European Council (Art. 50) (23 March 2018)
More information(Legislative acts) DIRECTIVES
16.6.2012 Official Journal of the European Union L 156/1 I (Legislative acts) DIRECTIVES DIRECTIVE 2012/17/EU OF THE EUROPEAN PARLIAMT AND OF THE COUNCIL of 13 June 2012 amending Council Directive 89/666/EEC
More informationCouncil of the European Union Brussels, 4 February 2019 (OR. en)
Council of the European Union Brussels, 4 February 2019 (OR. en) Interinstitutional File: 2017/0294(COD) 5874/19 ER 43 COEST 21 CODEC 239 NOTE From: To: No. Cion doc.: 14204/17 Subject: General Secretariat
More informationMeijers Committee standing committee of experts on international immigration, refugee and criminal law
1806 Note on the use of soft law instruments under EU law, in particular in the area of freedom, security and justice, and its impact on fundamental rights, democracy and the rule of law 9 April 2018 Background
More informationCouncil of the European Union Brussels, 25 May 2018 (OR. en)
Conseil UE Council of the European Union Brussels, 25 May 2018 (OR. en) Interinstitutional File: 2017/0003 (COD) 9079/18 LIMITE PUBLIC TELECOM 144 COMPET 322 MI 362 DATAPROTECT 97 CONSOM 146 JAI 438 DIGIT
More informationGENERAL DATA PROTECTION REGULATION Guidance Notes
GENERAL DATA PROTECTION REGULATION Guidance Notes What is the GDPR? Currently, the law on data protection requiring the handling of data which identifies people to be done in a fair way, is contained in
More informationOfficial Journal of the European Union REGULATIONS
L 21/2 REGULATIONS COMMISSION DELEGATED REGULATION (EU) 2016/98 of 16 October 2015 supplementing Directive 2013/36/EU of the European Parliament and of the Council with regard to regulatory technical standards
More informationEUROPEAN ECONOMIC AREA
EUROPEAN ECONOMIC AREA STANDING COMMITTEE OF THE EFTA STATES SUBCOMMITTEE IV ON FLANKING AND HORIZONTAL POLICIES EEA EFTA Comment 14 July 2017 on the proposal for a directive of the European Parliament
More informationSpeech. Jan Kleijssen. Director. Information Society and Action against Crime Directorate. Directorate General Human Rights and Rule of Law DGI
23/11/2016 Speech By Jan Kleijssen Director Information Society and Action against Crime Directorate Directorate General Human Rights and Rule of Law DGI Council of Europe Special Meeting of the Counter-Terrorism
More informationDepartment for Culture Media & Sport, Call for views on the General Data Protection Regulation derogations CBI submission, May 2017
Department for Culture Media & Sport, Call for views on the General Data Protection Regulation derogations CBI submission, May 2017 The CBI welcomes the opportunity to respond to the Department for Culture
More informationRECRUITMENT PRIVACY NOTICE
RECRUITMENT PRIVACY NOTICE 1. SCOPE OF PRIVACY NOTICE 1.1 Like most businesses, we hold and process a wide range of information, some of which relates to individuals who are applying to work for us. This
More informationData Protection and Privacy Statement
Data Protection and Privacy Statement We are committed to protecting your personal information and being transparent about what we do with it, no matter how you interact with us. That s whether you want
More information***I REPORT. EN United in diversity EN. European Parliament A8-0226/
European Parliament 2014-2019 Plenary sitting A8-0226/2018 27.6.2018 ***I REPORT on the proposal for a regulation of the European Parliament and of the Council on the European citizens initiative (COM(2017)0482
More informationCommittee on Civil Liberties, Justice and Home Affairs WORKING DOCUMENT
European Parliament 2014-2019 Committee on Civil Liberties, Justice and Home Affairs 26.1.2016 WORKING DOCUMT on Establishment of an EU mechanism on democracy, the rule of law and fundamental rights -
More informationGetting ready for the new data protection laws A guide for small businesses, charities and voluntary organisations
Getting ready for the new data protection laws A guide for small businesses, charities and voluntary organisations Page 1 of 22 Your business and the new data protection laws Data protection and privacy
More informationWHAT YOU NEED TO KNOW [WHITE PAPER] ABOUT GDPR HOW TO STAY COMPLIANT
WHAT YOU NEED TO KNOW [WHITE PAPER] ABOUT GDPR HOW TO STAY COMPLIANT WHAT IS GDPR? The EU General Data Protection Regulation (GDPR) comes into force on 25 May 2018. Within this document we ll explore what
More informationTHE PRINCIPLE OF SUBSIDIARITY
THE PRINCIPLE OF SUBSIDIARITY In areas in which the European Union does not have exclusive competence, the principle of subsidiarity, laid down in the Treaty on European Union, defines the circumstances
More information***I DRAFT REPORT. EN United in diversity EN 2014/0218(COD)
EUROPEAN PARLIAMT 2014-2019 Committee on Transport and Tourism 16.10.2014 2014/0218(COD) ***I DRAFT REPORT on the proposal for a directive of the European Parliament and of the Council on facilitating
More informationTEXTS ADOPTED. Negotiations with the United Kingdom following its notification that it intends to withdraw from the European Union
European Parliament 2014-2019 TEXTS ADOPTED P8_TA(2017)0102 Negotiations with the United Kingdom following its notification that it intends to withdraw from the European Union European Parliament resolution
More informationEN United in diversity EN A7-0170/27. Amendment
29.6.2011 A7-0170/27 27 Recital 2 a (new) (2a) Attention should be drawn to point 10 of the conclusions of the Environment Council meeting of 4 December 2008 which invites EFSA and Member States to pursue
More informationPUBLIC COUNCILOF THEEUROPEANUNION. Brusels,28April /1/14 REV1. InterinstitutionalFile: 2012/0011(COD) LIMITE
ConseilUE COUNCILOF THEEUROPEANUNION Brusels,28April2014 InterinstitutionalFile: 2012/0011(COD) PUBLIC 8087/1/14 REV1 LIMITE DATAPROTECT49 JAI186 MI303 DRS43 DAPIX50 FREMP49 COMIX191 CODEC884 NOTE from:
More informationCOMMISSION OF THE EUROPEAN COMMUNITIES. Amended proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
COMMISSION OF THE EUROPEAN COMMUNITIES Brussels, 7.3.2006 COM(2006) 94 final 2004/0168 (COD) Amended proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL establishing a European grouping
More informationb. by a controller not established in EU, but in a place where Member State law applies by virtue of public international law.
Buzescu Ca>Romanian Business Law>Romanian Data Protection Laws 12. ROMANIAN DATA PROTECTION LEGAL REGIME Updated October 2018 The relevant Romanian data protection laws are: European Regulation no. 679
More informationThe General Data Protection Regulation An Overview
The General Data Protection Regulation An Overview Published: May 2017 Brunel House, Old Street, St.Helier, Jersey, JE2 3RG Tel: (+44) 1534 716530 Guernsey Information Centre, North Esplanade, St Peter
More informationCOMMISSION OF THE EUROPEAN COMMUNITIES. Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
COMMISSION OF THE EUROPEAN COMMUNITIES Brussels, 24.10.2003 COM(2003) 622 final 2003/0242 (COD) Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the application of the provisions
More informationProposal for a COUNCIL DECISION
EUROPEAN COMMISSION Brussels, 27.4.2018 COM(2018) 247 final 2018/0116 (NLE) Proposal for a COUNCIL DECISION authorising Member States to become party, in the interest of the European Union, to the Council
More information(Legislative acts) REGULATIONS
16.5.2012 Official Journal of the European Union L 129/1 I (Legislative acts) REGULATIONS REGULATION (EU) No 386/2012 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 19 April 2012 on entrusting the Office
More informationEU General Data Protection Regulation (GDPR)
EU General Data Protection Regulation (GDPR) May 23, 2018 Dixie B. Baker, Ph.D. Agenda GDPR Basics Key Changes from Data Protection Directive Special Categories Consent Conditions and Elements HIPAA and
More informationBaptist Union of Scotland DATA PROTECTION POLICY
Baptist Union of Scotland DATA PROTECTION POLICY Adopted: May 2018 1 1.The Baptist Union of Scotland 48, Speirs Wharf, Glasgow G4 9TH (Charity Registration SC004960) is committed to protecting all information
More informationCOUNCIL OF THE EUROPEAN UNION. Brussels, 14 February ST 6490/14 Inte rinstitutional File: 2013/0255 (APP)
COUNCIL OF THE EUROPEAN UNION Brussels, 14 February 2014 ST 6490/14 Inte rinstitutional File: 2013/0255 (APP) EPPO 9 EUROJUST 38 CATS 23 FIN 117 COP 53 GAF 10 NOTE from: Presidency to: Coreper/Council
More information6798/14 GS/np 1 DG D 2B
COUNCIL OF THE EUROPEAN UNION Brussels, 20 February 204 6798/4 Interinstitutional File: 202/00 (COD) COVER NOTE from: received: to: Subject: DATAPROTECT 3 JAI 07 MI 98 DRS 29 DAPIX 27 FREMP 30 COMIX 2
More informationTHE NEW EUROPEAN PRIVACY LAW THE MAKING OF THE GENERAL DATA PROTECTION REGULATION & NEXT STEPS. Helsinki, Finland 14 April 2016
THE NEW EUROPEAN PRIVACY LAW THE MAKING OF THE GENERAL DATA PROTECTION REGULATION & NEXT STEPS Helsinki, Finland 14 April 2016 ABOUT IAB EUROPE HQ: Focuses: Members: Brussels Policy; European business
More information5853/12 GS/np 1 DG H 2B
COUNCIL OF THE EUROPEAN UNION Brussels, 27 January 2012 5853/12 Inte rinstitutional File: 2012/0011 (COD) DATAPROTECT 9 JAI 44 MI 58 DRS 9 DAPIX 12 FREMP 7 COMIX 61 CODEC 219 PROPOSAL from: European Commission
More informationGDPR Webinar 9: Automated Processing & Profiling
Webinar 9: Automated Processing & Profiling T-Minus 210 Days (October 26, 2017) Presenter: Peter Blenkinsop peter.blenkinsop@dbr.com 1 Agenda for Today Brief update on status of guidance and implementation
More informationPUBLIC COUNCILOF THEEUROPEANUNION. Brusels,12 May /2/14 REV2. InterinstitutionalFile: 2012/0011(COD) LIMITE
ConseilUE COUNCILOF THEEUROPEANUNION Brusels,12 May2014 InterinstitutionalFile: 2012/0011(COD) PUBLIC 8087/2/14 REV2 LIMITE DATAPROTECT49 JAI186 MI303 DRS43 DAPIX50 FREMP49 COMIX191 CODEC884 NOTE from:
More informationGDPR P4 Privacy Policy Statement & Guidance for Employees and External Providers
Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate
More informationGuidelines on the management body of market operators and data reporting services providers
Guidelines on the management body of market operators and data reporting services providers 28 September 2017 ESMA70-154-271 Table of Contents 1 Scope... 3 2 Definitions... 4 3 Purpose... 5 4 Compliance
More informationPrivacy Notice. If you wish to know more about our approach to Data Protection please read this Privacy Notice.
Privacy Notice Midland Heart Ltd makes records from our contact with you, including personal information that is subject to the General Data Protection Regulations (GDPR). We also collect information about
More informationDRAFT MOTION FOR A RESOLUTION
European Parliament 2014-2019 Plenary sitting B8-0000/2017 29.03.2017 DRAFT MOTION FOR A RESOLUTION to wind up the debate on negotiations with the United Kingdom following its notification that it intends
More informationWe reserve the right to update this privacy notice at any time. Please check our website from time to time for any changes we may make.
What is the purpose of this document? NORTHERN IRELAND SCREEN COMMISSION (Company Number NI031997) whose registered office is at 3 rd Floor Alfred House, 21 Alfred Street, Belfast, BT2 8ED is committed
More informationStanford University Offline Privacy Notice
Stanford University Offline Privacy Notice This Offline Privacy Notice applies to the that we collect from you when you provide us through the mail, over the phone, or other avenue outside of our online
More informationlaying down detailed arrangements for the exercise of the right to vote and stand
No L 329/34 Official Journal of the European Communities 30. 12. 93 COUNCIL DIRECTIVE 93/ 109/EC of 6 December 1993 laying down detailed arrangements for the exercise of the right to vote and stand as
More informationDATA PROTECTION KEY ISSUES OF THE PROPOSED REGULATION
DATA PROTECTION KEY ISSUES OF THE PROPOSED REGULATION 1 1. Definition of personal data The definition of personal data is key for determining the scope of the Regulation. Just because data are not linked
More informationCouncil of the European Union Brussels, 12 April 2018 (OR. en)
Council of the European Union Brussels, 12 April 2018 (OR. en) Interinstitutional File: 2015/0907 (APP) 7597/18 NOTE PE 41 INST 134 FREMP 40 JUR 160 AG 4 From: Permanent Representatives Committee (Part
More informationBrasenose College Data Protection Policy Statement v1.2
Brasenose College Data Protection Policy Statement v1.2 1. Introduction All documents referred to in this policy can be found online at the address below: https://www.bnc.ox.ac.uk/privacypolicies 1.1 Background
More informationEDRi analysis on the most dangerous flexibilities allowed by the General Data Protection Regulation (*)
1 EDRi analysis on the most dangerous flexibilities allowed by the General Data Protection Regulation (*) General Note on divergences: One of the main reasons for adopting the main Data Protection Directive
More informationBrussels, 27 February 2014 COUNCIL OF THE EUROPEAN UNION 6490/1/14 REV 1. Interinstitutional File: 2013/0255 (APP)
COUNCIL OF THE EUROPEAN UNION Brussels, 27 February 2014 Interinstitutional File: 2013/0255 (APP) 6490/1/14 REV 1 EPPO 9 EUROJUST 38 CATS 23 FIN 117 COP 53 GAF 10 NOTE from: Presidency to: Council No.
More informationData subject access policy
Data subject access policy Introduction 1. This is our Data subject access requests policy. 2. We are the professional regulator for nurses and midwives in the UK. Our principal functions include setting
More informationthat these standards can only be delivered effectively by devolution of responsibility to the frontline;
UK GOVERNMENT RESPONSE TO THE EUROPEAN COMMISSION S GREEN PAPER ON PUBLIC-PRIVATE PARTNERSHIPS AND COMMUNITY LAW ON PUBLIC CONTRACTS AND CONCESSIONS, MAY 2004 The UK Government welcomes the debate on the
More informationPREPARING YOUR ORGANISATION FOR THE GENERAL DATA PROTECTION REGULATION YOUR READINESS CHECKLIST DATA PROTECTION COMMISSIONER
PREPARING YOUR ORGANISATION FOR THE GENERAL DATA PROTECTION REGULATION YOUR READINESS CHECKLIST DATA PROTECTION COMMISSIONER 1 What will the GDPR mean for your business/organisation? On the 25 th May 2018,
More informationBriefing EU Legislation in Progress
Briefing EU Legislation in Progress CONTENTS Background Introduction Existing situation Parliament s starting position Council and European Council starting position Proposal Preparation of the proposal
More informationProgress on EU data protection reform now irreversible following European Parliament vote
EUROPEAN COMMISSION MEMO Strasbourg, 12 March 2014 Progress on EU data protection reform now irreversible following European Parliament vote The European Parliament today cemented the strong support previously
More information