Opinion about the draft privacy regulation of the EC Frank Robben General manager eHealth-platform...
Transcript of Opinion about the draft privacy regulation of the EC Frank Robben General manager eHealth-platform...
![Page 1: Opinion about the draft privacy regulation of the EC Frank Robben General manager eHealth-platform Willebroekkaai 38 B-1000 Brussels E-mail: Frank.Robben@ehealth.fgov.beFrank.Robben@ehealth.fgov.be.](https://reader036.fdocuments.net/reader036/viewer/2022072011/56649e025503460f94aed21b/html5/thumbnails/1.jpg)
Opinion about thedraft privacy regulation of the EC
Frank RobbenGeneral manager eHealth-platformWillebroekkaai 38B-1000 BrusselsE-mail: [email protected] eHealth-platform: https://www.ehealth.fgov.bePersonal website: www.law.kuleuven.be/icri/frobben
![Page 2: Opinion about the draft privacy regulation of the EC Frank Robben General manager eHealth-platform Willebroekkaai 38 B-1000 Brussels E-mail: Frank.Robben@ehealth.fgov.beFrank.Robben@ehealth.fgov.be.](https://reader036.fdocuments.net/reader036/viewer/2022072011/56649e025503460f94aed21b/html5/thumbnails/2.jpg)
223/01/2013
About me general manager of the Belgian Crossroads Bank for Social Security
since 1991• responsible for the organisation of secure personal data exchange
between 3.000 social security institutions with a good balance between privacy and information security on one hand and effective and efficient social protection on the other
• best practice awards from UN, EPSA and foreign DPA
general manager of the Belgian eHealth Platform since 2008• responsible for the organisation of secure personal health data
exchange between 100.000 health care institutions and health care providers with a good balance between privacy and information security on the one hand and effective and efficient health care on the other
life time achievement award for information security from LSEC, the most important Belgian association for information security
member of the Belgian DPA since 1991
![Page 3: Opinion about the draft privacy regulation of the EC Frank Robben General manager eHealth-platform Willebroekkaai 38 B-1000 Brussels E-mail: Frank.Robben@ehealth.fgov.beFrank.Robben@ehealth.fgov.be.](https://reader036.fdocuments.net/reader036/viewer/2022072011/56649e025503460f94aed21b/html5/thumbnails/3.jpg)
323/01/2013
Regulation: no suitable legal instrument
need for an adequate balance between fundamental rights, a.o.• right to privacy and information security• right to health and effective and efficient health care
adequate balance is not universal• depends on historical and cultural differences• can be attained in several ways: different mixes of
- structural measures- organisational measures- legal measures
![Page 4: Opinion about the draft privacy regulation of the EC Frank Robben General manager eHealth-platform Willebroekkaai 38 B-1000 Brussels E-mail: Frank.Robben@ehealth.fgov.beFrank.Robben@ehealth.fgov.be.](https://reader036.fdocuments.net/reader036/viewer/2022072011/56649e025503460f94aed21b/html5/thumbnails/4.jpg)
423/01/2013
Regulation: no suitable legal instrument
most suitable legal instrument in this respect• not a regulation that implements a unique balance throughout the
whole European Union• but a directive that contains common goals and principles, and
permits Member States to attain adequate balances accepted by their citizens
![Page 5: Opinion about the draft privacy regulation of the EC Frank Robben General manager eHealth-platform Willebroekkaai 38 B-1000 Brussels E-mail: Frank.Robben@ehealth.fgov.beFrank.Robben@ehealth.fgov.be.](https://reader036.fdocuments.net/reader036/viewer/2022072011/56649e025503460f94aed21b/html5/thumbnails/5.jpg)
523/01/2013
Proposal for a regulation the “one stop shop” has primarily advantages for
companies having activities in several Member States (because they do not have to deal anymore with the several laws of several Member States), but not for the citizen
does not install a powerful European DPA that deals with privacy and information security issues of multinational companies
is too complex, too detailed and too unclear (too vague concepts, too much interpretation possibilities)
does not seem to respect the principle of subsidiarity
![Page 6: Opinion about the draft privacy regulation of the EC Frank Robben General manager eHealth-platform Willebroekkaai 38 B-1000 Brussels E-mail: Frank.Robben@ehealth.fgov.beFrank.Robben@ehealth.fgov.be.](https://reader036.fdocuments.net/reader036/viewer/2022072011/56649e025503460f94aed21b/html5/thumbnails/6.jpg)
623/01/2013
Proposal for a regulation delegates too many decisions to the European
Commission without any democratic control
implies huge supplementary costs for data controllers, especially PME’s and government institutions• to maintain documentation of all processing operations• enormous information duty• to conduct a data protection impact assessment for more risky
processing• to notify any personal data breach to the DPA without undue
delay
creates huge problems for DPA’s• interpretation problems• resource problems
![Page 7: Opinion about the draft privacy regulation of the EC Frank Robben General manager eHealth-platform Willebroekkaai 38 B-1000 Brussels E-mail: Frank.Robben@ehealth.fgov.beFrank.Robben@ehealth.fgov.be.](https://reader036.fdocuments.net/reader036/viewer/2022072011/56649e025503460f94aed21b/html5/thumbnails/7.jpg)
723/01/2013
Proposal for a regulation denial of the principle of the separation of powers
limits unnecessarily the possibility for Member States to attain balances between the right to privacy and other fundamental rights that match with the historical and cultural specificities, e.g.• field of application of specific rules for health data• information duties• authorisation of exchange of personal data by the DPA instead
of explicit consent of the data subject
will, at the end, not be favourable for data subjects either: more theoretical rights, but real execution of rights will be more difficult
![Page 8: Opinion about the draft privacy regulation of the EC Frank Robben General manager eHealth-platform Willebroekkaai 38 B-1000 Brussels E-mail: Frank.Robben@ehealth.fgov.beFrank.Robben@ehealth.fgov.be.](https://reader036.fdocuments.net/reader036/viewer/2022072011/56649e025503460f94aed21b/html5/thumbnails/8.jpg)
823/01/2013
Proposal limitation of the European legal framework to basic
objectives and principles that foster confidence of citizens in ICT rather than a very extensive regulation primarily in the economic interest of multinational companies
adaptation of the actual directive to the ICT-evolution
no increase of costs and administrative burden for governments, PME’s and DPA’s
if a regulation is necessary for multinational companies• limitation of the field of application to those companies• installation of a powerful European DPA that deals with those
companies
![Page 9: Opinion about the draft privacy regulation of the EC Frank Robben General manager eHealth-platform Willebroekkaai 38 B-1000 Brussels E-mail: Frank.Robben@ehealth.fgov.beFrank.Robben@ehealth.fgov.be.](https://reader036.fdocuments.net/reader036/viewer/2022072011/56649e025503460f94aed21b/html5/thumbnails/9.jpg)
Th@nk you !
Any questions ?