European Data Protection Supervisor Cybercrime and Data protection
European Data Protection Supervisor Cybercrime and Data protection Hielke HIJMANS Head of Unit Policy & Consultations CRIM, EP, 17 September 12
European Data Protection Supervisor EDPS • A supervisor for the institutions • Based on Regulation 45/2001 (and Art 16 TFEU) • Needed to harmonise level of protection within institutions with level in Member States (public and private sector). • Wide responsibility ensuring respect of fundamental rights by EU-institutions. • Not only supervision but also “consultation” and “cooperation”. • Intervention CJEU CRIM, EP, 17 September 12
European Data Protection Supervisor Introductory remarks – The fight of cybercrime may involve processing of personal data; risks of intrusions privacy – Wide variety of activities with different consequences (focus mostly content) – Cooperation with ISPs – Purpose limitation and proportionality CRIM, EP, 17 September 12
European Data Protection Supervisor Applicable data protection law – Police and judicial authorities are bound by the ex 3 rd pillar framework; complicated framework – For ISPs situation appliable law unclear, when they assist in fight cybercrime – What will data protection reform package clarify? CRIM, EP, 17 September 12
European Data Protection Supervisor Data protection in substance • Preventing cybercrime as it obliges data controllers to analyse risks and take appropriate security measures • DPIA, Data protection by Design, Accountability • Security breaches • Security audits CRIM, EP, 17 September 12
European Data Protection Supervisor Cooperation ISPs – WP 29: No systematic obligations of surveillance; deep packet inspections – EDPS: proportional approach needed – CJEU (Sabam): Hosting service provider may not be asked to carry out general monitoring of information it stores. – Need to strike a balance between the different interests at stake. CRIM, EP, 17 September 12
European Data Protection Supervisor European Cybercrime Center – EDPS Opinion June 2012 – Clear definitions, scope and procedures – Direct access Europol to widest array of public, private and open source actors. CRIM, EP, 17 September 12
European Data Protection Supervisor Conclusion – avoid systematic surveillance by ISPs and other providers – systematic tracking and tracing of users is itself in clear breach of fundamental legal principles – establishing new centres of combating cybercrime should embed from the beginning data protection and privacy safeguards; – we should only provide for targeted measures, where required and proportionate, with all appropriate safeguards. CRIM, EP, 17 September 12
European Data Protection Supervisor THANK YOU! More information: www. edps. europa. eu edps@edps. europa. eu Postal address: Rue Wiertz 60 - MO 63 B-1047 Brussels CRIM, EP, 17 September 12
- Slides: 9