-
Recent Posts
- Why data protection law is uniquely equipped to let us fight a pandemic with personal data
- A US Bill from 1974 shares so much DNA with the GDPR, it could be its ancestor
- Planet49 CJEU Judgment brings some ‘Cookie Consent’ Certainty to Planet Online Tracking
- The CJEU decides lack of access to personal data does not unmake a joint controller: A look at Wirtschaftsakademie
- Brief case-law companion for the GDPR professional
- Exam scripts are partly personal data and other practical findings of the CJEU in Nowak
- A Conversation with Giovanni Buttarelli about The Future of Data Protection: setting the stage for an EU Digital Regulator
- Why did Facebook just receive (one of) the biggest data protection fine(s) on record
- Exam scripts and examiner’s corrections are personal data of the exam candidate (AG Kokott Opinion in Nowak)
- Highlights of the draft LIBE report on the ePrivacy Reg
Archives
Tags roulette
AG Mengozzi Article 8 Charter article 29 working party big data CJEU cloud computing CNIL data portability data protection Data Protection Directive data protection laws data protection officer data protection reform data protection regulation directive 95/46 directive 95/46/EC EDPS European Commission European Data Protection Supervisor European Parliament Facebook Gabriela Zanfir GDPR Google personal data PNR privacy right to be forgotten Surveillance technology Viviane RedingCategories
RSS
Meta
All about personal data protection and privacy
EPIC.ORG news- An error has occurred; the feed is probably down. Try again later.
- EDRi
- Commission launches internet fee consultation full of biased questions
- Will the European Union allow politicians to use your personal data for political advertising?
- EDRi-gram, 31 May 2023
- Sex, religion and race are advertising taboos, except for power-hungry politicians
- USA border plan requires “continuous and systematic” transfers of biometric data
- €1.2 billion GDPR fine for Meta over US mass surveillance
- 5 years of the GDPR: National authorities let down European legislator
- Romania: CSA Regulation will make journalistic investigations of child abuse impossible
- Open letter: Gender-inclusive and safe digital world that is free from violence for all
- Chaos Communication Camp 2023
- European Data Protection Supervisor
- An error has occurred; the feed is probably down. Try again later.
- CNIL
- Journées RGPD les 13 et 14 juin à Rennes
- Fusion de la carte Vitale et de la carte d’identité : les points d’attention de la CNIL concernant la protection des données
- Clôture de l’injonction prononcée à l’encontre de MICROSOFT IRELAND OPERATIONS LIMITED
- Remise du prix « Protection de la vie privée » 2022 par la CNIL et l’Inria
- Données de santé et utilisation des cookies : DOCTISSIMO sanctionné par une amende de 380 000 euros
- Le rapport annuel 2022 de la CNIL
- Intelligence artificielle : le plan d’action de la CNIL
- Évolution des pratiques du web en matière de cookies : la CNIL évalue l’impact de son plan d’action
- Privacy Research Day : découvrez le programme et inscrivez-vous gratuitement à l’évènement
- Accompagnement renforcé : la CNIL sélectionne 3 entreprises du numérique à fort potentiel
- ICO
- ICO reprimands Thames Valley Police for releasing witness details to suspected criminals
- John Edwards, Information Commissioner, delivers a keynote speech at the Data and the Future of Financial Services Summit
- ICO statement on Capita incident
- Statement in response to the Open Rights Group’s report
- ICO issues Ministry of Justice with reprimand after confidential personal information left in prison holding area
- “It’s important not to get caught out.” - New SARs guidance for employers issued
- Information Commissioner John Edwards' opening remarks at the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE), delivered on 23 May 2023.
- ICO fines two businesses £180,000 for making unlawful marketing calls
- ICO takes action against both Plymouth City Council and Norfolk County Council for failing to respond to information access requests
- ICO takes action against Shropshire Council for failing to respond to Freedom of Information requests
- Privacy Commissioner Canada
- Announcement: Commissioner welcomes conclusion of the U.S. Federal Trade Commission’s investigation into Ashley Madison breach
- Announcement: OPC blog post: learn how identifiers on your phone can be used to track you
- Don’t repeat past mistakes, Privacy Commissioner warns as government reviews national security framework - December 6, 2016
- Media Advisory: Privacy guardians to unveil recommendations on modernizing Canada’s national security framework - December 5, 2016
- Announcement: Contributions Program launches call for innovative research and knowledge translation proposals - November 30, 2016
- Announcement: Commissioner shares views on Security of Canada Information Sharing Act with Parliament
- Announcement: Commissioner shares views on Bill C-22 with Parliament
- Announcement: OPC posts new summaries of cases involving businesses
- Media surveillance highlights privacy risk to all Canadians
- Announcement: Privacy Commissioner launches Privacy Tech-Know blog series
pdpEcho 
Good news for privacy specialists: EU will oblige big companies and public institutions to name data protection officers!
There is an entire section (Section 4 of Chapter IV) in the proposed regulation dedicated to the “data protection officer”. It builds on Article 18(2) of Directive 95/46/EC which provided the possibility for Member States to introduce such requirement as a surrogate of a general notification requirement.
According to Article 35 of the proposed regulation, a data protection officer shall be designated in the following cases:
– when the processing is carried out by a public authority or body;
– when the processing is carried out by an enterprise employing 250 persons or more;
– the core activities of the controller or the processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects.
The Regulation, at Article 35(5) also imposes strict characteristics for the person who will be designated data protection officer, as he or she must be appointed “on the basis of “professional qualities and, in particular, expert knowledge of data protection”. By which we understand that companies and public institutions are not allowed to simply name one of their current employees in such a position, unless the current employee receives adequate qualifications in the data protection field.
Article 35(7) establishes a minimum period of employment to 2 years, while Article 35(10) states that data subjects shall have the right to contact the data protection officer on all issues related to the processing of the data subject’s data and to request exercising the rights under this Regulation.
A quite independent position
The data protection officer will enjoy as much independence as possible in the context of an employment relationship. As such, Article 36(2) imposes to the controller or processor to “ensure that the data protection officer performs the duties and tasks independently and does not receive any instructions as regards the exercise of the function. The data protection officer shall directly report to the management of the controller or the processor”.
These developments are huge in the data protection field and they show that EU takes as serious as possible the threats of intruding in individuals’ private life by a weak protection of their personal data.
Tomorrow I’ll write about the specific tasks a data protection officer will have, according to the proposed regulation.
Share this:
Like this:
3 Comments
Posted in Comments, News
Tagged data protection officers, data protection regulation, directive 95/46/EC, eu data protection reform, privacy, privacy officers, public institutions