On 18th October 2016, ISC will organize a seminar which will examine the impact of the EU’s General Data Protection Regulation (GDPR) on the operation of R&D and science and on collaborative research in the EU and with its global partners. The seminar will also explore how the planned European Cloud Initiative will deal with the implications of the GDPR. Further information and registration are available at:
www.iscintelligence.com/event.php
The growing globalisation of data flows, via social networks, cloud computing, search engines, location-based services, etc, increases the risk that people can lose control of their own data. According to Article 8 of the Charter of Fundamental Rights of the European Union, "protection of personal data" is upheld under the following claims:
1. Everyone has the right to the protection of personal data concerning him or her.
2. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified.
3. Compliance with these rules shall be subject to control by an independent authority.
Under EU law, personal data can only be gathered legally under strict conditions, for a legitimate purpose. Furthermore, persons or organisations which collect and manage personal information must protect it from misuse and must respect certain rights of the data owners which are guaranteed by EU law.
Every day within the EU, businesses, public authorities and individuals transfer vast amounts of personal data across borders. Conflicting data protection rules in different countries would disrupt international exchanges. Individuals might also be unwilling to transfer personal data abroad if they were uncertain about the level of protection in other countries.
Therefore, common EU rules have been established to ensure that personal data enjoys a high standard of protection everywhere in the EU. However, the EU's current data protection laws date from 1995, before the Internet came into widespread use, and does not cover data processed for law enforcement purposes. Today, 250 million people use the Internet daily in Europe.
A revision of this directive is in progress which aims to put people in control of their personal data, build trust in social media and online shopping and upgrade the protection of data processed by police and judicial authorities.The new rules will update existing legal principles and apply them to the new online environment, so as to ensure effective protection of the fundamental right to data protection and improve certainty as to the law for companies.
The new rules will also replace the current patchwork of national laws with a single set of rules, which should make it easier for companies to move across the EU while at the same time strengthening citizens' rights.
The EU also created the position of European Data Protection Supervisor (EDPS) in 2001. The responsibility of the EDPS is to make sure that all EU institutions and bodies respect people’s right to privacy when processing their personal data.
ISC will on 18 October 2016 organize a seminar which will examine the impact of the EU’s General Data Protection Regulation (GDPR) on the operation of R&D and science and on collaborative research in the EU and with its global partners. The seminar will also explore how the planned European Cloud Initiative will deal with the implications of the GDPR.
The GDPR entered into force on 24 May 2016 and will apply from 25 May 2018. The regulation is aimed at empowering the citizens as owners of personal data, as well as establishing legal certainty for business based on clear and uniform rules. The GDPR will apply to all organizations in and outside the EU that deal with the personal data of EU individuals. Science-based and research organizations will need to take advantage of the two-year transition period up to 25 May 2018 to prepare for a significant increase in their data protection responsibilities and advance their privacy compliance programmes.
More information is available at:http://www.iscintelligence.com/event.php?id=308
The following inforation pertains tot he period up to the COmmission's proposal foe the GPPR
The growing globalisation of data flows, via social networks, cloud computing, search engines, location-based services, etc, increases the risk that people can lose control of their own data. According to Article 8 of the Charter of Fundamental Rights of the European Union, "protection of personal data" is upheld under the following claims:
1. Everyone has the right to the protection of personal data concerning him or her.
2. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified.
3. Compliance with these rules shall be subject to control by an independent authority.
Under EU law, personal data can only be gathered legally under strict conditions, for a legitimate purpose. Furthermore, persons or organisations which collect and manage personal information must protect it from misuse and must respect certain rights of the data owners which are guaranteed by EU law.
Every day within the EU, businesses, public authorities and individuals transfer vast amounts of personal data across borders. Conflicting data protection rules in different countries would disrupt international exchanges. Individuals might also be unwilling to transfer personal data abroad if they were uncertain about the level of protection in other countries.
Therefore, common EU rules have been established to ensure that personal data enjoys a high standard of protection everywhere in the EU. However, the EU's current data protection laws date from 1995, before the Internet came into widespread use, and does not cover data processed for law enforcement purposes. Today, 250 million people use the Internet daily in Europe.
A revision of this directive is in progress which aims to put people in control of their personal data, build trust in social media and online shopping and upgrade the protection of data processed by police and judicial authorities.The new rules will update existing legal principles and apply them to the new online environment, so as to ensure effective protection of the fundamental right to data protection and improve certainty as to the law for companies.
The new rules will also replace the current patchwork of national laws with a single set of rules, which should make it easier for companies to move across the EU while at the same time strengthening citizens' rights.
The EU also created the position of European Data Protection Supervisor (EDPS) in 2001. The responsibility of the EDPS is to make sure that all EU institutions and bodies respect people’s right to privacy when processing their personal data.
The 1995 Directive on Data Protection was adopted to guarantee privacy rights of data subjects and ensure the free flow of personal data within the European Union, although it is set to be replaced by a regulation which seeks to adapt the rules to the new challenges brought by globalisation and new technologies.
The directive defines the conditions under which personal data can be legally collected and used, whether by automated or non-automated means. The directive confers on individuals the right to a judicial remedy on violation of nationally defined data protection rights and compensation for any resulting damage.
Regulation (EC) No 45/2001 sets similar rules to ensure the protection of personal data by European Union institutions and bodies.
On the 25th of January 2012, the Commission proposed a reform of the EU's 1995 data protection rules. The Commission´s initiative aims to enhance the rights of data subjects through greater control of their data, more transparency, and greater enforcement of European data protection rules. The Commission´s proposed regulation aims to replace the directive for the unification of data protection rules at EU level to increase legal certainty and reduce administrative costs for enterprises.
The main changes proposed by the Commission:
The lead committee in the European Parliament working on the Draft Regulation was the Committee on Civil Liberties, Justice and Home Affairs (LIBE), headed by rapporteur Jan Philipp Albrecht.
Jan Phillip Albrecht’s report generally supports the aims of the Commission’s proposal, which are to establish a comprehensive approach to data protection, to strengthen online privacy rights, and to eliminate the fragmentation of 27 different national data protection laws which is costly for businesses. The report also reinforces certain elements of the Commission’s proposal, particularly on individual’s rights.
The Report’s main contributions:
While there is a strong will on the part of the Commission and most of the European Parliament Committees involved to reinforce individuals’ right to data protection through stronger clauses and greater enforcement, the European Parliament’s Industry, Research and Innovation Committee (ITRE), led by MEP Seán Kelly, and the Council have proposed a more flexible approach which takes the interests of SMEs into account and minimises burdensome and costly administrative procedures. The Commission is open to discussion on further flexibility where it does not undermine the objective to maintain a high level of personal data protection.
Given the European Union’s policy of support to SMEs, the ‘Think Small First’ principle, and Viviane Reding’s (Commissioner responsible for justice, fundamental rights and citizenship), public statements, it is likely that the Commission will attempt to facilitate the inclusion of amendments which minimise unnecessary costs for businesses where possible and without increasing the risk to data privacy. In parallel, the Council has instructed the DAPIX Working Party to devise more flexible rules which may reduce administrative costs for businesses where the risk to data privacy is low. The final Regulation will most likely imply fewer costs for businesses than the Draft Regulation, but the manner in which this will be achieved is yet to be determined.
Noting the European Parliament Industry Committee’s desire to extend and reinforce exemptions for SMEs, the Commission has expressed openness to further discussion on calibrating obligations to the needs and nature of SMEs yet has warned against the possible added complexity and red-tape associated with the Council’s proposed risk-based approach to obligations.
On the whole, the Commission has stated its desire to achieve an optimal balance of data subjects’ rights and minimal constraints for businesses.
The European Parliament voted on the amended data protection package on 12 March 2014 and would like to reach an agreement with the Council of the European Union by the end of 2014.
The Regulation will enter into force two years after it will have been adopted by the Council and the Parliament.
In order to protect individuals’ privacy, technological, sociological and ethical dimensions of security need to be taken into consideration on a global scale. Key challenges for a policy framework include:
In the context of a staff briefing organised by ISC in US Congress in June 2012, Sean Kelly MEP discussed EU data protection with the Obama Administration.
Sean Kelly MEP has met with the US General Counsel of the Commerce Department, Cameron Kerry, on the increasingly important issue of online privacy, as co-author of the European Parliament's Data Protection report.
General Counsel Kerry, who was nominated to the post by President Barack Obama, and is also the brother of former US Presidential candidate John Kerry, met with Kelly at the Department of Commerce.
More information (http://www.siliconrepublic.com/enterprise/item/27613-irish-mep-to-discuss-eu-dat)
ISC has been active on media and policy-maker engagement to raise awareness on the implications of the General Data Protection Regulation for health and science research.
On 28 January 2015, ISC and BBMRI-ERIC, one of the largest Health Research Infrastructures in Europe, organised a roundtable on data protection entitled ‘Data Protection for Health: Enabling Research for Health’, which aimed to address options to ensure that a balance is struck between the protection of personal data and facilitating scientific research which leads to advances and innovations in our data driven knowledge and economy. The views of medical researchers and patients on the impact of the data protection Regulation on scientific research were shared with other stakeholders, including Commission officials.
More information (http://www.iscintelligence.com/event.php?id=255)
On 22 April 2015, ISC and BBMRI-ERIC will coordinate a day of action around the General Data Protection Regulation entitled ‘Data for Health and Science’ on which a host of research organisations, patient organisations, and academics will engage with EU policy-makers on the General Data Protection Regulation to explain how scientific research can be best supported by the proposed legislation to achieve innovation and discoveries and in the case of health, how research and healthcare can be enabled to ensure optimal treatments and medicines for patients. This will include a seminar and a series of meetings between the participating organisations and EU policy-makers.
More information on the Day of Action (http://www.iscintelligence.com/event.php?id=261) and the seminar (http://www.iscintelligence.com/event.php?id=262)