in conjunction with
15th International Conference on Business Information Systems (BIS 2012)
Vilnius, Lithuania
May 21 or 22 or 23, 2012
Deadline for submissions: March 16 (11:59pm CET), 2012
The Legal Informatics and Legal Information Technology (LIT) Workshop is an annual event which gathers people interested in broadly understood Legal Informatics and its applications. The LIT 2012 meeting will take place in Vilnius, Lithuania as part of the 15th International Conference on Business Information Systems. As a continuation of previous editions, we invite people dealing with different domains closely related to legal matter and Information Technology.
The 5th Legal Informatics and Legal Information Technology Workshop will be a multi-disciplinary, one-day workshop that will bring together practitioners and researchers to investigate challenges and opportunities in the emerging trends on the verge of law and IT. The workshop will examine vital issues, including law-related business processes, legal ontologies, description frameworks, discussing new research and innovative applications in Law, Information Technology as well as Insurance. The workshop is receptive to all papers dealing with any topic in these interdisciplinary domains.
Topics
Alternative & online Dispute Resolution
Computational models for legal reasoning
Information extraction & categorization of legal documents
Information Technology & Crime Prevention
Information Technology & Dispute Resolution
Knowledge Discovery & Data Mining in Law
Knowledge management in the legal domain
Law & Future Internet technologoies
Legal argumentation
Legal aspects of BIS
Legal aspects of IT
Legal discourse modeling and legal reasoning
Legal electronic agents
Legal Expert Systems
Legal ontologies - creation, use & lifecycles
Legal reasoning and its computer representation
Natural language processing in law
Question answering retrieval for law and governmental services
Risk management & trust in law
Semantic indexing of legal documents
Semantic Web technologies in law and e-government
Specialized knowledge representation and logics for law
Specific legal domains appliances (systems in civil, tax, commercial, insurance law)
Text mining and knowledge extraction in law
Validation of legal knowledge
Submission
Long papers: max. 12 pages
Work-in-progress reports: max. 6 pages
Papers must be submitted in PDF format according to Springer LNBIP template available from http://www.springer.com/computer/lncs?SGWID=0-164-6-791344-0.
The authors should include a 100-word abstract at the beginning of the paper, which clearly presents the achievement or contribution of the paper. Furthermore 4-7 keywords should describe the content of the submission.
Submission system is available at http://www.easychair.org/conferences/?conf=lit2012.
Papers approved for presentation at LIT 2012 will be published in BIS 2012 workshop post-conference proceedings, as a volume in Springer's Lecture Notes in Business Information Processing (LNBIP) series. The volume will be edited by Witold Abramowicz. BIS 2012 Workshops proceedings will be distributed to BIS 2012 participants in October 2012 by regular mail.
Workshop format
All authors of accepted papers as well as other participants will be asked to read accepted papers abstracts before the workshop (papers will be available on-line in advance) to facilitate discussion.
Workshop participants will be also invited to take part in the BIS conference and other BIS workshops.
Important dates
March 16 (11:59pm CET), 2012 - submission deadline for papers
April 15, 2012 - notification of acceptance/rejection
April 30, 2012 - submission of final papers
May 21 or 22 or 23, 2012 - the workshop
Organizers
Poznan University of Economics, Department of Information Systems
Chairs
Erich Schweighofer
Piotr Stolarski
John Zeleznikow
Program Committee (to be extended)
Emilia Bellucci, Victoria University, Australia
Daniele Bourcier, CNRS-CERSA Paris, France
Tania Cristina D'Agostini Bueno, Presidente da Diretoria Executiva IJURIS, Brasil
Tom van Engers, Leibniz Center for Law, Netherlands
Rafal Morek, University of Warsaw, Poland
Marta Poblet, Autonomous University of Barcelona, Spain
Erich Schweighofer, University of Vienna, Austria
Ken Satoh, National Institute of Informatics and Sokendai, Japan
Piotr Stolarski, Poznan University of Economics, Poland
Andrew Stranieri, University of Ballarat, Australia
John Zeleznikow, Victoria University, Australia
Tomasz Żurek, Maria Curie-Skłodowska University, Poland
News, Comments and Opinions on information law and legal informatics. Στο παρόν ιστολόγιο μπορείτε να βρείτε ειδήσεις και νέα από το χώρο του δικαίου των νέων τεχνολογιών.
Σάββατο 25 Φεβρουαρίου 2012
Κυριακή 12 Φεβρουαρίου 2012
CJEU decision on temporary reproduction
The CJEU clarified certain aspects of the exemption for certain acts of temporary reproduction in its decisions of 17 January in case C-302/10. In more particular, the reference for a preliminary ruling concerns the interpretation of Article 5(1) and (5) of Directive 2001/29/EC of the European Parliament and of the Council of 22 May 2001 on the harmonisation of certain aspects of copyright and related rights in the information society.
This reference has been made in the context of proceedings between Infopaq International A/S (‘Infopaq’) and Danske Dagblades Forening (‘DDF’) concerning the dismissal of Infopaq’s application for a declaration that it was not required to obtain the consent of the rightholders for acts of reproduction of newspaper articles using an automated process consisting in the scanning of those articles and their conversion into a digital file followed by electronic processing of that file.
The Danish Court referred the following questions to the Court for a preliminary ruling:
‘1. Is the stage of the technological process at which temporary acts of reproduction take place relevant to whether they constitute “an integral and essential part of a technological process”, within the meaning of Article 5(1) of Directive 2001/29?
2. Can temporary acts of reproduction be an “integral and essential part of a technological process” if they consist of manual scanning of entire newspaper articles whereby the latter are transformed from a printed medium into a digital medium?
3. Does the concept of “lawful use”, within the meaning of Article 5(1) of Directive 2001/29, include any form of use which does not require the copyright holder’s consent?
4. Does the concept of “lawful use”, within the meaning of Article 5(1) of Directive 2001/29, include the scanning by a commercial business of entire newspaper articles and subsequent processing of the reproduction, for use in the business’s summary writing, even where the rightholder has not given consent to those acts, if the other requirements in the provision are satisfied?
Is it relevant to the answer to the question whether the 11 words are stored after the data capture process is terminated?
5. What criteria should be used to assess whether temporary acts of reproduction have “independent economic significance”, within the meaning of Article 5(1) of Directive 2001/29 if the other requirements in the provision are satisfied?
6. Can the user’s efficiency gains from temporary acts of reproduction be taken into account in assessing whether the acts have “independent economic significance”, within the meaning of Article 5(1) of Directive 2001/29?
7. Can the scanning by a commercial business of entire newspaper articles and the subsequent processing of the reproduction, be regarded as constituting “certain special cases which do not conflict with a normal exploitation” of the newspaper articles and “not unreasonably [prejudicing] the legitimate interests of the rightholder”, pursuant to Article 5(5) of Directive 2001/29, if the requirements in Article 5(1) of the directive are satisfied?
Is it relevant to the answer to the question whether the 11 words are stored after the data capture process is terminated?’
The Court (Third Chamber) ruled that:
1) Article 5(1) of Directive 2001/29/EC of the European Parliament and of the Council of 22 May 2001 on the harmonisation of certain aspects of copyright and related rights in the information society must be interpreted as meaning that the acts of temporary reproduction carried out during a ‘data capture’ process, such as those in issue in the main proceedings,
– fulfil the condition that those acts must constitute an integral and essential part of a technological process, notwithstanding the fact that they initiate and terminate that process and involve human intervention;
– fulfil the condition that those acts of reproduction must pursue a sole purpose, namely to enable the lawful use of a protected work or a protected subject-matter;
– fulfil the condition that those acts must not have an independent economic significance provided, first, that the implementation of those acts does not enable the generation of an additional profit going beyond that derived from the lawful use of the protected work and, secondly, that the acts of temporary reproduction do not lead to a modification of that work.
2) Article 5(5) of Directive 2001/29 must be interpreted as meaning that, if they fulfil all the conditions laid down in Article 5(1) of that directive, the acts of temporary reproduction carried out during a ‘data capture’ process, such as those in issue in the main proceedings, must be regarded as fulfilling the condition that the acts of reproduction may not conflict with a normal exploitation of the work or unreasonably prejudice the legitimate interests of the rightholder.
See: Johan Axhamn, (Faculty of Law, Stockholm University), Infopaq II – The CJEU elucidates some aspects of the exemption for certain acts of temporary reproduction, available at: http://kluwercopyrightblog.com/2012/02/07/infopaq-ii-%E2%80%93-the-cjeu-elucidates-some-aspects-of-the-exemption-for-certain-forms-of-temporary-reproduction/
Τετάρτη 8 Φεβρουαρίου 2012
Media coverage of celebrities’ private lives
The European Court of Human Rights delivered on Febraury, 7, two Grand Chamber judgments, in the cases of Axel Springer AG v. Germany (application no. 39954/08) and Von Hannover v. Germany (no. 2) (application nos. 40660/08 and 60641/08),which are both final.
In the case Axel Springer AG, the Court held, by a majority, that there had been a violation of Article 10 (freedom of expression) of the European Convention on Human Rights. In the case Von Hannover (no. 2), the Court held, unanimously, that there had been no violation of Article 8 (right to respect for private and family life) of the Convention.
Both cases concerned the publication in the media of articles and, in the second case, of
photos depicting the private life of well-known people.
In the case Axel Springer AG, the daily newspaper Bild, which is owned by the applicant company, in 2004 published a front-page article about X, a well-known television actor, being arrested in a tent at the Munich beer festival for possession of cocaine. The article was supplemented by a more detailed article on another page and was illustrated by three pictures of X. It mentioned that X, who had played the role of a police superintendent in a popular TV series since 1998, had previously been given a suspended prison sentence for possession of drugs in July 2000. The newspaper published a second article in July 2005, which reported on X being convicted and fined for illegal possession of drugs after he had made a full confession. Immediately after the first article appeared, X brought injunction proceedings against Springer with the Hamburg Regional Court, which granted his request and prohibited any further publication of the article and the photos. This decision was upheld by the Court of Appeal.
In November 2005, Hamburg Regional Court prohibited any further publication of almost the entire article, on pain of penalty for non-compliance, and ordered Springer to pay an agreed penalty. The court held in particular that the right to protection of X’s personality rights prevailed over the public’s interest in being informed, even if the truth of the facts related by the daily had not been disputed. The case had not concerned a serious offence and there was no particular public interest in knowing about X’s offence. The judgment was upheld by the Hamburg Court of Appeal and, in December 2006, by the Federal Court of Justice. In another set of proceedings concerning the second article, about X’s conviction, the Hamburg Regional Court granted his application on essentially the same grounds as those set out in its judgment on the first article. The judgment was upheld by the Hamburg Court of Appeal and, in June 2007, by the Federal Court of Justice. In March 2008, the Federal Constitutional Court declined to consider constitutional appeals lodged by the applicant company against the decisions.
Subsequently, Axel Springer AG complained to the ECHR, under Article 10, about the injunction prohibiting any further publication of the articles.
In its judgement, the ECHR held that the restrictions imposed on the company had not been reasonably proportionate to the legitimate aim of protecting the actor’s private life and that there had accordingly been a violation of Article 10.
The Court based its decision on the consideration that Springer’s interest in publishing the articles was solely due precisely to the fact that it was a wellknown actor who had committed an offence – which would not have been reported on if committed by a person unknown to the public – it underlined that the actor had been arrested in public at the Munich beer festival. The actor’s expectation that his private life would be effectively protected had furthermore been reduced by the fact that he had previously revealed details about his private life in a number of interviews.
Furthermore, it noted that nothing suggested that Springer had not undertaken a balancing exercise between its interest in publishing the information and the actor’s right to respect for his private life. Given that Springer had obtained confirmation of the information conveyed by the prosecuting authorities, it did not have sufficiently strong grounds for believing that it should preserve the actor’s anonymity. It could therefore not be said to have acted in bad faith. In that context, the Court also noted that all the information revealed by Springer on the day on which the first article appeared was confirmed by the prosecutor to other magazines and to television channels. It also noted that the articles had not revealed details about the actor’s private life, but had mainly concerned the circumstances of his arrest and the outcome of the criminal proceedings against him.
In the case of Von Hannover (no. 2), Princess Caroline has been trying to prevent the publication of photos of her private life in the press since the early 1990s. Two series of photos, published in 1993 and 1997 respectively in German magazines had been the subject of three sets of proceedings before the German courts. In particular, leading judgments of the Federal Court of Justice of 1995 and of the Federal Constitutional Court of 1999 dismissed her claims. Those proceedings were the subject of the European Court of Human Rights’ judgment in Caroline von Hannover v. Germany (no. 59320/00) of 24.06.2004, in which the Court held that the court decisions had infringed Princess Caroline’s right to respect for her private life under Article 8.
Relying on that judgment, Princess Caroline and Prince Ernst August subsequently brought several sets of proceedings before the civil courts seeking an injunction against the publication of further photos, showing them during a skiing holiday and taken without their consent, which had appeared in the German magazines Frau im Spiegel and Frau Aktuell between 2002 and 2004.
The Federal Court of Justice granted Princess Caroline’s claim as regards the
publication of two of the photos in dispute in a judgment of 6 March 2007 (no. VI ZR
51/06) – stating that they did not contribute to a debate of general interest - it
dismissed her claim as regards another photo which had appeared in February 2002 in
Frau im Spiegel. Further, the Federal Constitutional Court dismissed Princess Caroline’s constitutional complaint, rejecting in particular the allegation that the German courts had disregarded or taken insufficient account of the Court’s case-law. On 16 June 2008, the Federal Constitutional Court declined, without giving reasons, to consider further constitutional complaints brought by the applicants concerning the same photo and a similar photo published in Frau aktuell.
The ECHR held that the German courts had carefully balanced the right of the publishing companies to freedom of expression against the right of the applicants to respect for their private life. In doing so, they had explicitly taken into account the Court’s case law, including its 2004 judgment in Caroline von Hannover v. Germany. There had accordingly been no violation of Article 8.
The Court helda that the fact that the German Federal Court of Justice had assessed the information value of the photo in question – the only one against which it had not granted an injunction – in the light of the article that was published together with it could not be criticised under the Convention. The Court could accept that the photo, in the context of the article, did at least to some degree contribute to a debate of general interest. The German courts’ characterisation of Prince Rainier’s illness as an event of contemporary society could not be considered unreasonable. It was worth underlining that the German courts had granted the injunction prohibiting the publication of two other photos showing the applicants in similar circumstances, precisely on the grounds that they were being published for entertainment purposes alone.
Furthermore, irrespective of the question to what extent Caroline von Hannover assumed official functions on behalf of the Principality of Monaco, it could not be claimed that the applicants, who were undeniably very well known, were ordinary private individuals. They had to be regarded as public figures. The German courts had concluded that the applicants had not provided any evidence that the photos had been taken in a climate of general harassment, as they had alleged, or that they had been taken secretly. In the circumstances of the case, the question as to how the pictures had been taken had required no more detailed examination by the courts, as the applicants had not put forward any relevant arguments in that regard.
Proposal for a Directive in criminal matters
On 25.2.1012 the EU Commission submitted the Proposal for a Directive on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data [COM(2012) 10 final]. This proposal is part of the legislative package for the reform of data protection legislation (see Commission proposes a comprehensive reform of the data protection rules).
The proposal is based on Article 16(2) TFEU, which is a new, specific legal basis introduced by the Lisbon Treaty for the adoption of rules relating to the protection of individuals with regard to the processing of personal data by Union institutions, bodies, offices and agencies, and by the Member States when carrying out activities which fall within the scope of Union law, and the rules relating to the free movement of such data. The proposal aims to ensure a consistent and high level of data protection in this field, thereby enhancing mutual trust between police and judicial authorities of different Member States and facilitating the free flow of data and co-operation between police and judicial authorities.
Explanation of the Proposal:
Article 1 defines the subject matter of the Directive, i.e. rules relating to processing of personal data for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal offences, and sets out the Directive's two-fold objective, i.e. to protect the fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data while guaranteeing a high level of public safety, and to ensure the exchange of personal data between competent authorities within the Union.
Article 2 defines the scope of application of the Directive. The scope of the Directive is not limited to cross-border data processing but applies to all processing activities carried out by 'competent authorities' (as defined in Article 3(14)) for the purposes of the Directive. The Directive applies neither to processing in the course of an activity which falls outside the scope of Union law, nor to processing by Union institutions, bodies, offices and agencies, which is subject to Regulation (EC) No 45/2001 and other specific legislation.
Article 3 contains definitions of terms used in the Directive. While some definitions are taken over from Directive 95/46/EC and Framework Decision 2008/977/JHA, others are modified, complemented with additional or newly introduced elements. New definitions are those of ‘personal data breach’, ‘genetic data’ and ‘biometric data’, ‘competent authorities’ (based on Article 87 TFEU and Article 2(h) of Framework Decision 2008/977/JHA) and, of a 'child’, based on the UN Convention on the Rights of the Child Article 4 sets out the principles relating to processing of personal data reflecting Article 6 of Directive 95/46/EC and Article 3 of Framework Decision 2008/977/JHA, while adjusting them to the particular context of this Directive.
Article 5 requires the distinction, as far as possible; between personal data of different categories of data subjects. This is a new provision, included neither in Directive 95/46/EC nor in Framework Decision 2008/977/JHA, but which had been proposed by the Commission
in its original proposal for the Framework Decision23. It is inspired by the Council of Europe's Recommendation No R (87)15. Similar rules already exist for Europol and Eurojust.
Article 6 on different degrees of accuracy and reliability reflects principle 3.2 of Council of Europe Recommendation No R (87)15. Similar rules, as also included in the Commission's proposal for the Framework Decision, exist for Europol.
Article 7 sets out the grounds for lawful processing, when necessary for the performance of a task carried out by a competent authority based on national law, to comply with a legal obligation to which the data controller is subject, in order to protect the vital interests of the data subject or another person or to prevent an immediate and serious threat to public security. The other grounds for lawful processing in Article 7 of Directive 95/46/EC are not appropriate for the processing in the area of police and criminal justice.
Article 8 sets out a general prohibition of processing special categories of personal data and the exceptions from this general rule, building on Article 8 of Directive 95/46/EC and adding genetic data, following ECtHR case law Article 9 establishes a prohibition of measures based solely on automated processing of personal data if not authorised by law providing appropriate safeguards, in line with Article 7 of Framework Decision 2008/977/JHA.
Article 10 introduces the obligation for Member States to ensure easily accessible and understandable information, inspired in particular by principle 10 of the Madrid Resolution on international standards on the protection of personal data and privacy28, and to oblige controllers to provide procedures and mechanisms for facilitating the exercise of the data subject's rights. This includes the requirement that the exercise of the rights shall be in principle free of charge.
Article 11 specifies the obligation for Member States to ensure the information towards the data subject. These obligations are building on Articles 10 and 11 of Directive 95/46/EC,without separate articles differentiating whether the information is collected from the data
subject or not, and enlarging the information to be provided. It lays down exemptions from the obligation to inform, when such exemptions are proportionate and necessary in a democratic society for the exercise of the tasks of competent authorities (inspired by Article 13 of Directive 95/46/EC and Article 17 Framework Decision 2008/977/JHA).
Article 12 provides the obligation for Member States to ensure the data subject's right of access to their personal data. It follows Article 12(a) of Directive 95/46/EC, adding new elements for the information of the data subjects (on the storage period, their rights to rectification, erasure, or restriction and to lodge a complaint).
Article 13 provides that Member States may adopt legislative measures restricting the right of access if required by the specific nature of data processing in the areas of police and criminal justice, and on the information of the data subject on a restriction of access, following Article 17(2) and (3) of Framework Decision 2008/977/JHA.
Article 14 introduces the rule that in cases where direct access is restricted, the data subject must be informed on the possibility of indirect access via the supervisory authority, which should exercise the right on their behalf and must inform the data subject on the outcome of its verifications.
Article 15 on the right to rectification follows Article 12(b) of Directive 95/46/EC, and, as regards the obligations in case of a refusal, Article 18(1) of Framework Decision 2008/977/JHA.
Article 16 on the right to erasure follows Article 12(b) of Directive 95/46, and, as regards the obligations in case of a refusal, Article 18(1) of Framework Decision 2008/977/JHA. It integrates also the right to have the processing marked in certain cases, replacing the ambiguous terminology "blocking", used by Article 12(b) of Directive 95/46/EC and Article 18(1) of Framework Decision 2008/977/JHA.
Article 17 on the rectification, erasure and restriction of processing in judicial proceedings provides clarification based on Article 4(4) of Framework Decision 2008/977/JHA.
Article 18 describes the responsibility of the controller to comply with this Directive and to ensure compliance, including the adoption of policies and mechanisms for ensuring compliance.
Article 19 sets out that the Member States must ensure the compliance of the controller with the obligations arising from the principles of data protection by design and by default.
Article 20 on joint controllers clarifies the status of joint controllers as regards their internal relationship.
Article 21 clarifies the position and obligation of processors, following partly Article 17(2) of Directive 95/46/EC, and adding new elements, including that a processor that processes data beyond the controller's instructions is to be considered a co-controller.
Article 22 on processing under the authority of the controller and processor follows Article 16 of Directive 95/46/EC.
Article 23 introduces the obligation for controllers and processors to maintain documentation of all processing systems and procedures under their responsibility.
Article 24 concerns the keeping of records, in line with Article 10(1) of Framework Decision 2008/977, whilst providing further clarifications.
Article 25 clarifies the obligations of the controller and the processor regarding co-operation with the supervisory authority.
Article 26 concerns the cases where consultation with the supervisory authority is mandatory prior to the processing, based on Article 23 of Framework Decision 2008/977/JHA.
Article 27 on the security of processing is based on the current Article 17(1) of Directive 95/46 on the security of processing, and Article 22 of Framework Decision 2008/977/JHA, extending the related obligations to processors, irrespective of their contract with the
controller.
Articles 28 and 29 introduce an obligation to notify personal data breaches, inspired by the personal data breach notification in Article 4(3) of the e-Privacy Directive 2002/58/EC, clarifying and separating the obligations to notify the supervisory authority (Article 28) and to communicate, in qualified circumstances, to the data subject (Article 29). Article 29 also provides for exemptions by referring to Article 11(4).
Article 30 introduces an obligation for the controller to appoint a mandatory data protection officer who should fulfil the tasks listed in Article 32. Where several competent authorities are acting under the supervision of a central authority, functioning as controller, at least this central authority should designate such a data protection officer. Article 18(2) of Directive
95/46/EC provided the possibility for Member States to introduce such requirement as a surrogate to the general notification requirement of that Directive.
Article 31 sets out the standing of the data protection officer.
Article 32 provides the tasks of the data protection officer.
Article 33 sets out the general principles for data transfers to third countries or international organisations in the area of police co-operation and judicial co-operation in criminal matters, including onward transfers. It clarifies that transfers to third countries may take place only if the transfer is necessary for the prevention, investigation, detection or prosecution of criminal
offences or the execution of criminal penalties.
Article 34 lays down that transfers to a third country may take place in relation to which the Commission has adopted an adequacy decision under Regulation …./../201X or specifically in the area of police co-operation and judicial co-operation in criminal matters, or, in the absence of such decisions, where appropriate safeguards are in place. As long as adequacy decisions do not exist, the Directive ensures that transfers can continue to take place on the basis of appropriate safeguards and derogations. It furthermore sets out the criteria for the Commission’s assessment of an adequate or not adequate level of protection, and expressly includes the rule of law, judicial redress and independent supervision. The article also provides for the possibility for the Commission to assess the level of protection afforded by a territory or a processing sector within a third country. It introduces that a general adequacy
decision adopted, following the procedures under Article 38 of the General Data Protection Regulation, shall be applicable within the scope of this Directive. Alternatively an adequacy decision can be adopted by the Commission exclusively for the purposes of this Directive.
Article 35 defines the appropriate safeguards needed prior to international transfers, in the absence of a Commission adequacy decision. These safeguards may be adduced by a legally binding instrument such as an international agreement. Alternatively, the data controller may on the basis of an assessment of the circumstances surrounding the transfer conclude that they
exist.
Article 36 spells out the derogations for data transfer based on Article 26 of Directive 95/46/EC and Article 13 of Framework Decision 2008/977/JHA.
Article 37 obliges Member States to provide that the controller informs the recipient of any processing restrictions and takes all reasonable steps to ensure that these restrictions are met by recipients of the personal data in the third country or international organisation.
Article 38 explicitly provides for international co-operation mechanisms for the protection of personal data between the Commission and the supervisory authorities of third countries, in particular those considered offering an adequate level of protection, taking into account the OECD’s Recommendation on Cross-border Co-operation in the Enforcement of Laws Protecting Privacy of 12 June 2007.
Article 39 obliges Member States to establish supervisory authorities, following Article 28(1) of Directive 95/46/EC and Article 25 Framework Decision 2008/977/JHA, enlarging the mission of these authorities to contribute to the consistent application of the Directive
throughout the Union, which may be the supervisory authority established under the General Data Protection Regulation.
Article 40 clarifies the conditions for the independence of supervisory authorities, implementing case law of the Court of Justice of the EU29, inspired also by Article 44 of Regulation (EC) No 45/200130.
Article 41 provides general conditions for the members of the supervisory authority, implementing the relevant case law31, inspired also by Article 42(2)-(6) of Regulation (EC) 45/2001.
Article 42 sets out rules on the establishment of the supervisory authority, including on conditions for its members, to be provided by the Member States by law.
Article 43 on professional secrecy of the members and staff of the supervisory authority follows Article 28(7) of Directive 95/46/EC and Article 25(4) Framework Decision 2008/977/JHA.
Article 44 sets out the competence of the supervisory authorities, based on Article 28(6) of Directive 95/46/EC and Article 25(1) Framework Decision 2008/977/JHA. Courts, when acting in their judicial authority, are exempted from the monitoring by the supervisory
authority, but not from the application of the substantive rules on data protection.
Article 45 provides the obligation of Member States to provide for the duties of the supervisory authority, including hearing and investigating complaints and promoting the awareness of the public on risk, rules, safeguards and rights. A particular duty of the
supervisory authorities in the context of this Directive is, where direct access is refused or restricted, to exercise the right of access on behalf of data subjects and to check the lawfulness of the data processing.
Article 46 provides the powers of the supervisory authority, based on Article 28(3) of Directive 95/46/EC, Article 25(2) and (3) of Framework Decision 2008/977/JHA.Article 47 obliges the supervisory authorities to draw up annual activity reports, based on Article 28(5) of Directive 95/46/EC.
Article 48 introduces rules on mandatory mutual assistance whereas Article 28 (6)2 of Directive 95/46/EC provided simply a general obligation to co-operate, without specifying further.
Article 49 provides that the European Data Protection Advisory Board, established by the General Data Protection Regulation, exercises its tasks also in relation to processing activities within the scope of this Directive. In order to provide complementary support, the
Commission will seek the advice of representatives of authorities competent for the prevention, investigation, detection and prosecution of criminal penalties of the Member States, as well as representatives of Europol and Eurojust, by means of an expert group on the
law-enforcement related aspects of data protection.
Article 50 provides the right of any data subject to lodge a complaint with a supervisory authority, based on Article 28(4) of Directive 95/46/EC, and relates to any infringement of the Directive in relation to the complainant. It also specifies the bodies, organisations or associations which may lodge a complaint on behalf of the data subject and also in case of a personal data breach independently of a data subject's complaint.
Article 51 concerns the right to a judicial remedy against a supervisory authority. It builds on the general provision of Article 28(3) of Directive 95/46/EC and provides specifically that the data subject may launch a court action for obliging the supervisory authority to act on a complaint.
Article 52 concerns the right to a judicial remedy against a controller or processor, based on Article 22 of Directive 95/46/EC and Article 20 of Framework Decision 2008/977/JHA.
Article 53 introduces common rules for court proceedings, including the rights of bodies, organisations or associations to represent data subjects before the courts, and the right of supervisory authorities to engage in legal proceedings. The obligation of Member States to ensure rapid court actions is inspired by Article 18(1) of the e-Commerce Directive
2000/31/EC.
Article 54 obliges Member States to provide for the right to compensation. It builds on Article 23 of Directive 95/46/EC and Article 19(1) of Framework Decision 2008/977/JHA, extends this right on damages caused by processors and clarifies the liability of co-controllers and coprocessors.
Article 55 obliges Member States to lay down rules on penalties, to sanction infringements of the Directive, and to ensure their implementation.
Article 56 contains standard provisions for the exercise of delegations in line with Article 290 TFEU. This allows the legislator to delegate to the Commission the power to adopt nonlegislative acts of general application to supplement or amend certain non-essential elements of a legislative act (quasi-legislative acts).
Article 57 contains the provision for the Committee procedure needed for conferring implementing powers on the Commission in cases where, in accordance with Article 291 TFEU, uniform conditions for implementing legally binding acts of the Union are needed.
The examination procedure applies.
The proposal is based on Article 16(2) TFEU, which is a new, specific legal basis introduced by the Lisbon Treaty for the adoption of rules relating to the protection of individuals with regard to the processing of personal data by Union institutions, bodies, offices and agencies, and by the Member States when carrying out activities which fall within the scope of Union law, and the rules relating to the free movement of such data. The proposal aims to ensure a consistent and high level of data protection in this field, thereby enhancing mutual trust between police and judicial authorities of different Member States and facilitating the free flow of data and co-operation between police and judicial authorities.
Explanation of the Proposal:
Article 1 defines the subject matter of the Directive, i.e. rules relating to processing of personal data for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal offences, and sets out the Directive's two-fold objective, i.e. to protect the fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data while guaranteeing a high level of public safety, and to ensure the exchange of personal data between competent authorities within the Union.
Article 2 defines the scope of application of the Directive. The scope of the Directive is not limited to cross-border data processing but applies to all processing activities carried out by 'competent authorities' (as defined in Article 3(14)) for the purposes of the Directive. The Directive applies neither to processing in the course of an activity which falls outside the scope of Union law, nor to processing by Union institutions, bodies, offices and agencies, which is subject to Regulation (EC) No 45/2001 and other specific legislation.
Article 3 contains definitions of terms used in the Directive. While some definitions are taken over from Directive 95/46/EC and Framework Decision 2008/977/JHA, others are modified, complemented with additional or newly introduced elements. New definitions are those of ‘personal data breach’, ‘genetic data’ and ‘biometric data’, ‘competent authorities’ (based on Article 87 TFEU and Article 2(h) of Framework Decision 2008/977/JHA) and, of a 'child’, based on the UN Convention on the Rights of the Child Article 4 sets out the principles relating to processing of personal data reflecting Article 6 of Directive 95/46/EC and Article 3 of Framework Decision 2008/977/JHA, while adjusting them to the particular context of this Directive.
Article 5 requires the distinction, as far as possible; between personal data of different categories of data subjects. This is a new provision, included neither in Directive 95/46/EC nor in Framework Decision 2008/977/JHA, but which had been proposed by the Commission
in its original proposal for the Framework Decision23. It is inspired by the Council of Europe's Recommendation No R (87)15. Similar rules already exist for Europol and Eurojust.
Article 6 on different degrees of accuracy and reliability reflects principle 3.2 of Council of Europe Recommendation No R (87)15. Similar rules, as also included in the Commission's proposal for the Framework Decision, exist for Europol.
Article 7 sets out the grounds for lawful processing, when necessary for the performance of a task carried out by a competent authority based on national law, to comply with a legal obligation to which the data controller is subject, in order to protect the vital interests of the data subject or another person or to prevent an immediate and serious threat to public security. The other grounds for lawful processing in Article 7 of Directive 95/46/EC are not appropriate for the processing in the area of police and criminal justice.
Article 8 sets out a general prohibition of processing special categories of personal data and the exceptions from this general rule, building on Article 8 of Directive 95/46/EC and adding genetic data, following ECtHR case law Article 9 establishes a prohibition of measures based solely on automated processing of personal data if not authorised by law providing appropriate safeguards, in line with Article 7 of Framework Decision 2008/977/JHA.
Article 10 introduces the obligation for Member States to ensure easily accessible and understandable information, inspired in particular by principle 10 of the Madrid Resolution on international standards on the protection of personal data and privacy28, and to oblige controllers to provide procedures and mechanisms for facilitating the exercise of the data subject's rights. This includes the requirement that the exercise of the rights shall be in principle free of charge.
Article 11 specifies the obligation for Member States to ensure the information towards the data subject. These obligations are building on Articles 10 and 11 of Directive 95/46/EC,without separate articles differentiating whether the information is collected from the data
subject or not, and enlarging the information to be provided. It lays down exemptions from the obligation to inform, when such exemptions are proportionate and necessary in a democratic society for the exercise of the tasks of competent authorities (inspired by Article 13 of Directive 95/46/EC and Article 17 Framework Decision 2008/977/JHA).
Article 12 provides the obligation for Member States to ensure the data subject's right of access to their personal data. It follows Article 12(a) of Directive 95/46/EC, adding new elements for the information of the data subjects (on the storage period, their rights to rectification, erasure, or restriction and to lodge a complaint).
Article 13 provides that Member States may adopt legislative measures restricting the right of access if required by the specific nature of data processing in the areas of police and criminal justice, and on the information of the data subject on a restriction of access, following Article 17(2) and (3) of Framework Decision 2008/977/JHA.
Article 14 introduces the rule that in cases where direct access is restricted, the data subject must be informed on the possibility of indirect access via the supervisory authority, which should exercise the right on their behalf and must inform the data subject on the outcome of its verifications.
Article 15 on the right to rectification follows Article 12(b) of Directive 95/46/EC, and, as regards the obligations in case of a refusal, Article 18(1) of Framework Decision 2008/977/JHA.
Article 16 on the right to erasure follows Article 12(b) of Directive 95/46, and, as regards the obligations in case of a refusal, Article 18(1) of Framework Decision 2008/977/JHA. It integrates also the right to have the processing marked in certain cases, replacing the ambiguous terminology "blocking", used by Article 12(b) of Directive 95/46/EC and Article 18(1) of Framework Decision 2008/977/JHA.
Article 17 on the rectification, erasure and restriction of processing in judicial proceedings provides clarification based on Article 4(4) of Framework Decision 2008/977/JHA.
Article 18 describes the responsibility of the controller to comply with this Directive and to ensure compliance, including the adoption of policies and mechanisms for ensuring compliance.
Article 19 sets out that the Member States must ensure the compliance of the controller with the obligations arising from the principles of data protection by design and by default.
Article 20 on joint controllers clarifies the status of joint controllers as regards their internal relationship.
Article 21 clarifies the position and obligation of processors, following partly Article 17(2) of Directive 95/46/EC, and adding new elements, including that a processor that processes data beyond the controller's instructions is to be considered a co-controller.
Article 22 on processing under the authority of the controller and processor follows Article 16 of Directive 95/46/EC.
Article 23 introduces the obligation for controllers and processors to maintain documentation of all processing systems and procedures under their responsibility.
Article 24 concerns the keeping of records, in line with Article 10(1) of Framework Decision 2008/977, whilst providing further clarifications.
Article 25 clarifies the obligations of the controller and the processor regarding co-operation with the supervisory authority.
Article 26 concerns the cases where consultation with the supervisory authority is mandatory prior to the processing, based on Article 23 of Framework Decision 2008/977/JHA.
Article 27 on the security of processing is based on the current Article 17(1) of Directive 95/46 on the security of processing, and Article 22 of Framework Decision 2008/977/JHA, extending the related obligations to processors, irrespective of their contract with the
controller.
Articles 28 and 29 introduce an obligation to notify personal data breaches, inspired by the personal data breach notification in Article 4(3) of the e-Privacy Directive 2002/58/EC, clarifying and separating the obligations to notify the supervisory authority (Article 28) and to communicate, in qualified circumstances, to the data subject (Article 29). Article 29 also provides for exemptions by referring to Article 11(4).
Article 30 introduces an obligation for the controller to appoint a mandatory data protection officer who should fulfil the tasks listed in Article 32. Where several competent authorities are acting under the supervision of a central authority, functioning as controller, at least this central authority should designate such a data protection officer. Article 18(2) of Directive
95/46/EC provided the possibility for Member States to introduce such requirement as a surrogate to the general notification requirement of that Directive.
Article 31 sets out the standing of the data protection officer.
Article 32 provides the tasks of the data protection officer.
Article 33 sets out the general principles for data transfers to third countries or international organisations in the area of police co-operation and judicial co-operation in criminal matters, including onward transfers. It clarifies that transfers to third countries may take place only if the transfer is necessary for the prevention, investigation, detection or prosecution of criminal
offences or the execution of criminal penalties.
Article 34 lays down that transfers to a third country may take place in relation to which the Commission has adopted an adequacy decision under Regulation …./../201X or specifically in the area of police co-operation and judicial co-operation in criminal matters, or, in the absence of such decisions, where appropriate safeguards are in place. As long as adequacy decisions do not exist, the Directive ensures that transfers can continue to take place on the basis of appropriate safeguards and derogations. It furthermore sets out the criteria for the Commission’s assessment of an adequate or not adequate level of protection, and expressly includes the rule of law, judicial redress and independent supervision. The article also provides for the possibility for the Commission to assess the level of protection afforded by a territory or a processing sector within a third country. It introduces that a general adequacy
decision adopted, following the procedures under Article 38 of the General Data Protection Regulation, shall be applicable within the scope of this Directive. Alternatively an adequacy decision can be adopted by the Commission exclusively for the purposes of this Directive.
Article 35 defines the appropriate safeguards needed prior to international transfers, in the absence of a Commission adequacy decision. These safeguards may be adduced by a legally binding instrument such as an international agreement. Alternatively, the data controller may on the basis of an assessment of the circumstances surrounding the transfer conclude that they
exist.
Article 36 spells out the derogations for data transfer based on Article 26 of Directive 95/46/EC and Article 13 of Framework Decision 2008/977/JHA.
Article 37 obliges Member States to provide that the controller informs the recipient of any processing restrictions and takes all reasonable steps to ensure that these restrictions are met by recipients of the personal data in the third country or international organisation.
Article 38 explicitly provides for international co-operation mechanisms for the protection of personal data between the Commission and the supervisory authorities of third countries, in particular those considered offering an adequate level of protection, taking into account the OECD’s Recommendation on Cross-border Co-operation in the Enforcement of Laws Protecting Privacy of 12 June 2007.
Article 39 obliges Member States to establish supervisory authorities, following Article 28(1) of Directive 95/46/EC and Article 25 Framework Decision 2008/977/JHA, enlarging the mission of these authorities to contribute to the consistent application of the Directive
throughout the Union, which may be the supervisory authority established under the General Data Protection Regulation.
Article 40 clarifies the conditions for the independence of supervisory authorities, implementing case law of the Court of Justice of the EU29, inspired also by Article 44 of Regulation (EC) No 45/200130.
Article 41 provides general conditions for the members of the supervisory authority, implementing the relevant case law31, inspired also by Article 42(2)-(6) of Regulation (EC) 45/2001.
Article 42 sets out rules on the establishment of the supervisory authority, including on conditions for its members, to be provided by the Member States by law.
Article 43 on professional secrecy of the members and staff of the supervisory authority follows Article 28(7) of Directive 95/46/EC and Article 25(4) Framework Decision 2008/977/JHA.
Article 44 sets out the competence of the supervisory authorities, based on Article 28(6) of Directive 95/46/EC and Article 25(1) Framework Decision 2008/977/JHA. Courts, when acting in their judicial authority, are exempted from the monitoring by the supervisory
authority, but not from the application of the substantive rules on data protection.
Article 45 provides the obligation of Member States to provide for the duties of the supervisory authority, including hearing and investigating complaints and promoting the awareness of the public on risk, rules, safeguards and rights. A particular duty of the
supervisory authorities in the context of this Directive is, where direct access is refused or restricted, to exercise the right of access on behalf of data subjects and to check the lawfulness of the data processing.
Article 46 provides the powers of the supervisory authority, based on Article 28(3) of Directive 95/46/EC, Article 25(2) and (3) of Framework Decision 2008/977/JHA.Article 47 obliges the supervisory authorities to draw up annual activity reports, based on Article 28(5) of Directive 95/46/EC.
Article 48 introduces rules on mandatory mutual assistance whereas Article 28 (6)2 of Directive 95/46/EC provided simply a general obligation to co-operate, without specifying further.
Article 49 provides that the European Data Protection Advisory Board, established by the General Data Protection Regulation, exercises its tasks also in relation to processing activities within the scope of this Directive. In order to provide complementary support, the
Commission will seek the advice of representatives of authorities competent for the prevention, investigation, detection and prosecution of criminal penalties of the Member States, as well as representatives of Europol and Eurojust, by means of an expert group on the
law-enforcement related aspects of data protection.
Article 50 provides the right of any data subject to lodge a complaint with a supervisory authority, based on Article 28(4) of Directive 95/46/EC, and relates to any infringement of the Directive in relation to the complainant. It also specifies the bodies, organisations or associations which may lodge a complaint on behalf of the data subject and also in case of a personal data breach independently of a data subject's complaint.
Article 51 concerns the right to a judicial remedy against a supervisory authority. It builds on the general provision of Article 28(3) of Directive 95/46/EC and provides specifically that the data subject may launch a court action for obliging the supervisory authority to act on a complaint.
Article 52 concerns the right to a judicial remedy against a controller or processor, based on Article 22 of Directive 95/46/EC and Article 20 of Framework Decision 2008/977/JHA.
Article 53 introduces common rules for court proceedings, including the rights of bodies, organisations or associations to represent data subjects before the courts, and the right of supervisory authorities to engage in legal proceedings. The obligation of Member States to ensure rapid court actions is inspired by Article 18(1) of the e-Commerce Directive
2000/31/EC.
Article 54 obliges Member States to provide for the right to compensation. It builds on Article 23 of Directive 95/46/EC and Article 19(1) of Framework Decision 2008/977/JHA, extends this right on damages caused by processors and clarifies the liability of co-controllers and coprocessors.
Article 55 obliges Member States to lay down rules on penalties, to sanction infringements of the Directive, and to ensure their implementation.
Article 56 contains standard provisions for the exercise of delegations in line with Article 290 TFEU. This allows the legislator to delegate to the Commission the power to adopt nonlegislative acts of general application to supplement or amend certain non-essential elements of a legislative act (quasi-legislative acts).
Article 57 contains the provision for the Committee procedure needed for conferring implementing powers on the Commission in cases where, in accordance with Article 291 TFEU, uniform conditions for implementing legally binding acts of the Union are needed.
The examination procedure applies.
Κυριακή 5 Φεβρουαρίου 2012
FREE, ONLINE COURSE ON DIGITAL LAW PRACTICE
Posted Wed, 01/25/2012 - by Austin Groothuis
Because of technological, economic, and market pressures, the way we practice law is rapidly evolving. Law students, are you prepared for these changes in law practice? Law faculty, are you preparing your students? CALI is offering a FREE nine-week online course on Topics in Digital Law Practice to help address these issues starting Friday, February 10, 2012 at 2pm ET.
Register here.
About the Course
This course is designed to provide an overview of the changes that are occurring in the practice of law today, especially with respect to technology. It will introduce law students for real-world situations that they will encounter in the job market and point law professors to new avenues to cover in their courses.
The course will run for one hour a week for nine weeks and will feature a different guest speaker each week. Each class will be delivered via webcast and will have a 30 minute lecture presentation followed by a question & answer period and an online, interactive homework assignment for all course students to complete. There will be no formal assessment like midterms or a final exam.
The audience for this seminar is primarily law students and law faculty who will be given priority. Anyone else can join the course for one or all of the sessions. The presentations will be recorded and posted to the course blog.
The course is free, but you must register.
See in more detail the CALI website
Because of technological, economic, and market pressures, the way we practice law is rapidly evolving. Law students, are you prepared for these changes in law practice? Law faculty, are you preparing your students? CALI is offering a FREE nine-week online course on Topics in Digital Law Practice to help address these issues starting Friday, February 10, 2012 at 2pm ET.
Register here.
About the Course
This course is designed to provide an overview of the changes that are occurring in the practice of law today, especially with respect to technology. It will introduce law students for real-world situations that they will encounter in the job market and point law professors to new avenues to cover in their courses.
The course will run for one hour a week for nine weeks and will feature a different guest speaker each week. Each class will be delivered via webcast and will have a 30 minute lecture presentation followed by a question & answer period and an online, interactive homework assignment for all course students to complete. There will be no formal assessment like midterms or a final exam.
The audience for this seminar is primarily law students and law faculty who will be given priority. Anyone else can join the course for one or all of the sessions. The presentations will be recorded and posted to the course blog.
The course is free, but you must register.
See in more detail the CALI website
Εγγραφή σε:
Αναρτήσεις (Atom)