navigating the privacy sea christian runte
DESCRIPTION
TRANSCRIPT
IFCLA – Helsinki, 10 June 2010
Navigating the Privacy SeaChristian M. Runte, CMS Hasche Sigle
Christian Runte | Navigating the Privacy Sea | IFCLA – Helsinki, 10 June 20102
1. The Privacy Sea
2. How to Navigate it
Christian Runte | Navigating the Privacy Sea | IFCLA – Helsinki, 10 June 20103
Christian Runte | Navigating the Privacy Sea | IFCLA – Helsinki, 10 June 20104
Christian Runte | Navigating the Privacy Sea | IFCLA – Helsinki, 10 June 20105
Why the Sea Got Rough
Advanced technology (internet, increased storage capability), and increased relevance of data processing
Online transactions rapidly replacing "anonymous" real transactions; online transactions require identification and thus personal data
Changes in legislation (data breach notification etc.)
Aftermath of 9/11, online surveillance
Media coverage of data breaches and other privacy issues in the public sector (UK CD-ROMs, German tax data) and in the private sector (Facebook, Google, in Germany: Lidl, Deutsche Telekom etc.)
Christian Runte | Navigating the Privacy Sea | IFCLA – Helsinki, 10 June 20106
How Fragmented is Privacy Law?
EU level
One general directive (95/46/EC) but numerous other regulations, directives and decisions which also contain data protection provisions
Some better known: 2002/58/EC etc.
Some more hidden: Regulation 80/2009 etc.
Consultation process for new general directive 95/46/EC
"Harmonized diversity"
Implementation in member states differs, sometimes significantly
Differences in processes, formalities and bureaucracy
No single authority for the EU or even within some member states
Christian Runte | Navigating the Privacy Sea | IFCLA – Helsinki, 10 June 20107
Regulatory Authorities Dealing with Data Protection Aspects: Germany
Federal Level: 1 (+1)
Länder Level: 25
Further Authorities for Churches, Public Broadcasting, Public Healthcare etc.
Art. 28 [1] Directive 95/46/EC:"authorities shall act with completeindependence in exercising the functions…"
ECJ, 9 March 2010: Germany systemin violation of Art. 28 [1]
22
12
11
3
111
3
21
1
12
Christian Runte | Navigating the Privacy Sea | IFCLA – Helsinki, 10 June 20108
Everything Converging in the Cloud?
"Everything is content"
Convergence of technology and media delivery
Convergence of substantial law?
Possible but likely to be very slow
Overhaul of General Directive 95/46 (e.g. data breach)
Geographical convergence?
Which jurisdiction applies?
More jurisdictions will apply
Technical innovations (in particular cloud computing) will make it more complicated to be compliant in all relevant jurisdictions
Christian Runte | Navigating the Privacy Sea | IFCLA – Helsinki, 10 June 20109
Navigating it
Christian Runte | Navigating the Privacy Sea | IFCLA – Helsinki, 10 June 201010
Challenges
More cases will require advice for more than one jurisdiction
Knowledge of the local law
Contact to relevant authorities
The challenge is the number of countries and authorities involved and the number of local advisor you may need
Cost
Consistent advice
Requires management of
the client
and local advisors
Christian Runte | Navigating the Privacy Sea | IFCLA – Helsinki, 10 June 201011
A Possible Approach
Prepare your (local) memo first
Managing multiple jurisdictions
Do some local reconnaissance• General ressources
• Websites• Online Materials
Prepare questionnaire• Clearly defined questions• Provide your local answers as well
Budget, no quote
Direct contact between client and local counsel
Christian Runte | Navigating the Privacy Sea | IFCLA – Helsinki, 10 June 201012
Après Nous le Déluge
Public perception of data protection and privacy will not vanish, media will drive the process
Overhaul of Directive 95/46, consultation process
More convergence?
It's not a breach, it's a service
Data Breach Laws | ICAF – Berlin, 25 February 201013
Last page