Legal, Risk & Capital Deutsche Bank Domenico Romanazzi Brussels, January 28, 2011 Data Protection...
-
Upload
doreen-walsh -
Category
Documents
-
view
222 -
download
0
Transcript of Legal, Risk & Capital Deutsche Bank Domenico Romanazzi Brussels, January 28, 2011 Data Protection...
Legal, Risk & CapitalDeutsche Bank
Domenico RomanazziBrussels, January 28, 2011
Data Protection Day 2011 JOINT HIGH LEVEL MEETING THE COUNCIL OF EUROPE & THE EUROPEAN COMMISSION
Legal, Risk & CapitalDeutsche Bank Domenico Romanazzi
January 28, 2011
04/19/23 2010 DB Blue template
2
ICC— ICC Data Protection Task Force has been working for more than 20 years to improve the international legal
framework for data protection: — 1990s to present: participation as sole business organization as an observer in the
Council of Europe T-PD group
— 1992: Joint adoption (by ICC, CoE, and European Commission) of standard contractual clauses for international data transfers
— 2002-present: Participation by ICC in drafting of APEC Privacy Working Group
— 2004 and 2010: Adoption by European Commission of standard contractual clauses for data processors originally proposed by ICC
From European to international standards on data protection (1/2)
Rationale for International Standards on Data Protection— Bridging divergences in data protection
— Facilitation of global data flows
Legal, Risk & CapitalDeutsche Bank Domenico Romanazzi
January 28, 2011
From European to international standards on data protection (2/2)
04/19/23 05:18 AM 2010 DB Blue template
3
Various Options— Legally binding instrument or framework / model law
— Convention
— Guideline
— Potential timeline
Current Environment— Substantial differences in data protection culture
— Evolving regional treaties
— Rapid technological development
The Bottom Line— Greater harmonisation would not only help business, but also individuals
— A binding solution is hard to achieve, while a non-binding approach would not resolve the issues
— Boost harmonisation on regional level, and intensify dialogue between regional data protection systems and associated steps of convergence
— ICC is looking forward to working with the Commission and other related authorities to transfer effective data protection into corporate practice
Legal, Risk & CapitalDeutsche Bank Domenico Romanazzi
January 28, 2011
Significant Issues concerning Harmonisation
04/19/23 2010 DB Blue template
4
Transparency— Avoid information overload via balanced and concise information / notices
— Security breach notification aligned with underlying peril / risk for data subject
— Clear and unified criteria for informed and free consent by data subject
Enhancing Internal Market Dimension— Stengthen harmonisation and clarity of implementation of the EU Data Protection Directive
— Reduce administrative burdens where these do not contribute to effective data protection, e.g.
o Registration / notification requirements for personal data processing and
o Prior notification / approval requirements of third country data transfers
— Avoid contradiction with sectoral requirements (e.g. anti money-laundering)
Global Dimension of Data Protection— Current set of rules for international data transfers does not allow for a reasonable handling of data within a
corporate group
— Consider that today’s information flows are global and less defined by point to point communication
— Consider technological trends, so that regulations apply to new technologies as well