docSome Milestones of Data Protection in the US, Germany and
download 
Denúncia Transcrição
Some Milestones of Data Protection in the US, Germany and
26.05.2016 Karen Topaz Druckman/Bettina Kahil-Wolff Some Milestones of Data Protection in the US, Germany and Switzerland DifferentCulturalNorms Continental ◊ Given names U.S. ◊ Salaries ◊ Nudity on TV ◊ Access to court filings ◊ Notification of authorities when moving ◊ Names of parties/ victims 2 Swiss-US Legal Forum on Privacy and Safe Harbor 1. 26.05.2016 DifferentNo1onsofPrivacy Continental ◊ Honor and reputation U.S. ◊ Liberty, sanctity of home ◊ Prevent unwanted public exposure ◊ Protection from gov’t. interference, persecution ◊ Enemy = media ◊ Enemy = the state ◊ Importance of freedom of speech 3 LegalFramework Continental US ◊ Systematic structure ◊ Ad-hoc adoption of sectorial legislation ◊ General fundamental principles in Code ◊ General fundamental principles in Common Law ◊ Laws define structure of coherent legal system ◊ Laws solve specific problems not adequately addressed by the Common Law 4 Swiss-US Legal Forum on Privacy and Safe Harbor 2. 26.05.2016 «RighttoPrivacy» ◊ Re: marriage, intimate relations, reproductive rights ◊ First Amendment case law 5 Collec1on,Introduc1onofEvidence/ Criminal ◊ Requires state action ◊ 4th Amendment case law 6 Swiss-US Legal Forum on Privacy and Safe Harbor 3. 26.05.2016 FederalStatutes ◊ Children’s Online Privacy Protection Act (COPPA) ◊ Fair Credit Reporting Act and the Controlling the Assault of Non-solicited Pornography and Marketing Act known as the CAN-SPAM ◊ Financial Services Modernization Act (Gramm-Leach-Bliley) Act; the Dodd-Frank Act Wall Street Reform and Consumer Protection Act ◊ Health Insurance Portability and Accountability Act (HIPAA) ◊ Electronic Communications Privacy Act; Computer Fraud and Abuse Act ◊ White House: Consumer Bill of Rights 7 StateLaw ◊ «Privacy Torts» • Intrusion upon seclusion or solitude, or into private affairs; • Public disclosure of embarrassing private facts; • Publicity which places a person in a false light in the public eye • Appropriation of one’s name or likeness. ◊ Legislation • E.g. California “Shine the Light” law 8 Swiss-US Legal Forum on Privacy and Safe Harbor 4. Milestones of Data Protection: Germany, Switzerland and the US* 1 SWISS-US Legal Forum May 26 2016 (CEDIDAC, ISDC, Faculty of Law - University of Lausanne 1. The European Union is about to renew its data protection framework. The Draft General Data Protection Regulation, repealing Directive 95/46/EC, is supposed to provide strong protection against unlawful use of personal data1. From the US, the Commission has obtained the promise that US companies that offer goods and services in the EU be required to inform concerned parties of any data breach, to respect an individual’s wishes concerning the transmission of his or her personal data between service providers, and to observe the “right to be forgotten”2. 2. EU-Data Protection goes back to 1969 when the European Court of Justice first admitted the existence of an unwritten fundamental right to remain unidentified and the necessity of justifying proportional reasons in order to restrict this right (ECJ case 29-69 Erich Stauder v. City of Ulm, Rec. 1969, 419). 3. But the foundations of fundamental rights and data protection in particular go back much further. In 1948, when Western Germany was governed by the US, Great Britain and France, U.S. General Lucius D. Clay insisted on the fact that the new Germany must have a Constitution built on democracy and on fundamental rights. His idea became reality: the German Constitution of 1949 grants the rights of “dignity for human beings” and “individual freedom” (Art. 1 § 1, Art. 2 § 1 Grundgesetz für die Bundesrepublik Deutschland vom 23. Mai 1949). 4. For the Federal Constitutional Court of Germany this includes the right to choose between sharing personal data, or keeping this information secret. In 1969, the same year as the decision in the Stauder case, the Court held that dignity of individuals includes the right of privacy (the Court was faced with a determination of whether a census of the German population was consistent with fundamental rights, BVerfGE 27, 1 Microzensus: “Das Grundgesetz (gewährt) dem einzelnen Bürger einen unantastbaren Bereich privater Lebensgestalung, der der Einwirkung der öffentlichen Gewalt entzogen ist” Erw. C. II. 1. a)). 5. In 1983, in a judgment called “Volkszählungsurteil”, the Federal Constitutional Court held that rights to dignity and freedom give rise to a specific rule the Court named “fundamental right of informational self-determination” and explained that, in a society based on fundamental rights, the citizen must have control over all personal data3 (BVerfGE 65,1 Volkszählungsurteil, Erw. C. II. 1. a): “Mit dem Recht auf informationelle Selbstbestimmung wären eine Gesellschaftsordnung und eine diese ermöglichende Rechtsordnung nicht vereinbar, in die Bürger nicht mehr wissen können, wer was wann und bei welcher Gelegenheit über sie weiß”. 5. Without the influence of the U.S. the country would not have gotten onto the right path so quickly and adopted a Constitution based on Fundamental Rights. The Microzensus case was decided just one year after Alan F. Westin’s article about “Privacy and Freedom” was published in the Washington & Lee Law Review stressing the need for legislation to safeguard the right of privacy against public surveillance4. In Berger v. New York US 41 (1967), the US Supreme Court relied on the 4th Amendment to invalidate a New York eavesdropping law. It would not have been the first time that great ideas crossed the Atlantic. 1 2 3 4 COM(2012) 11 final and COM(2016)214 final.). http://ec.europa.eu/justice/data-protection/files/privacy-shield-adequacy-decision_en.pdf Confirmed by BVerfGE 115, 320 Rasterfahndung; in BVerfGE 120, 274 Onlinedurchsuchung, the Court held that the Constitution also protects the integrity of IT-Systems as a whole (Grundrecht auf Vertraulichkeit und Integrität informationstechnischer Systeme). See, for a good summary, Claudio Franzius, Das Recht auf informationelle Selbstbestimmung, ZJS 2015, 259. Alan F. Westin, Privacy and Freedom, Washington and Lee Law Review 1968, Volume 25, Issue 1, Article 20. Bettina Kahil-Wolff, Unil - for the US Law see the contribution of Karen Druckman Milestones of Data Protection: Germany, Switzerland and the US* 2 SWISS-US Legal Forum May 26 2016 (CEDIDAC, ISDC, Faculty of Law - University of Lausanne 6. And the idea of privacy swept over other European countries as well. The Constitutional law of Germany was a source of inspiration for the ECJ, as demonstrated by the Stauder case and in the subsequent case law. The Council of State in France, le Conseil d’État français - the highest court in administrative matters - refers to the Constitutional Court of Germany and the Fundamental right of informational self determination: “1° (…) les intéressés doivent disposer d’un droit de regard et conserver la maîtrise sur les données qui les concernent : c’est ce que (le Conseil) nomme, après la Cour constitutionnelle d’Allemagne, “l’autodétermination informationnelle”5. 7. The European Court of Justice does not use the term, but the key elements are laid down in European law. Art. 8 EU-Charter of Fundamental rights grants “the right to the protection of personal data” and statutory law adopted by the EU legislator must respect this right (e.g. ECJ joint cases C-92/09 and 93/09 Schecke and Eifert, ECLI:EU:C:2010:662, § n° 46). With Directive 95/46, that grants “the right to privacy with the respect to the processing of personal data” (Art. 1 § 1 Directive 95/46), the EU set a milestone: data protection is mandatory not only for the administration but also for private persons6. 8. Swiss data protection law, especially the Federal Act on Data Protection7 and Art. 8 of the Civil Code, preserves the Fundamental right of informational self determination; according to the Swiss Federal Court Google Street violates this right if it shows pictures of people on the internet8. Since 2000, the EU-Commission considers that Switzerland provides an adequate level of protection for personal data and meets the requirements of Art. 25 of Directive 95/46/EC9. A US-Swiss Safe Harbor Framework is intended to simplify the business related data flow between Switzerland and the United States10. Data protection is also guarantied in other fields such as Social Security (see Art. 21 US-Swiss Social Security Agreement11). 5 6 7 8 9 10 11 Conseil d’État de France, Le numérique et les droits fondamentaux, rapport du Conseil d’Etat 2014, in Les rapports du Conseil d’Etat (ancienne collection - Étude et documents du Conseil d’État) http://www.cil.cnrs.fr/CIL/IMG/pdf/conseil_etat_numerique-2.pdf; Jean-Philippe Foegle, Le Conseil d’État, héraut de la revolution numérique - Protection des données personnelles (Conseil d’Etat), La Revue des Droits de l’Homme, décembre 2014, https://revdh.revues.org/1038 Michael Ronellenfitsch, Der Vorrang des Rechts auf informationelle Selbstbestimmung nach Art. 1 Abs. 1 i.V.m. Art. 2 Abs. 1 GG vor dem AEUV, C. II. a), https://www.datenschutz.hessen.de/download.php?download_ID=189; see also Gloria Gonzáles Fuster, The Emergence of Personal Data Protection as a Fundamental Right of the EU, Springer Verlag, Berlin 2014. Loi fédérale sur la protection des données (LPD), RS 235.1. ATF 138 II 346 ; see also ATF 141 I FINMA) Adequancy Decision 2000/518/EC of July 26 2000, OJ 2000 L 215/1. http://www.edoeb.admin.ch/dokumentation/00153/00262/00278/index.html?lang=en; http://www.export.gov/safeharbor/ The Convention was signed on December 3rd 2012, entered into force on August 1st 2014 and is replaces an earlier agreement from 1979; https://www.ssa.gov/international/Agreement_Texts/switzrld.html Bettina Kahil-Wolff, Unil - for the US Law see the contribution of Karen Druckman
