[Gnso-rds-pdp-privacy] SUMMARY | Opinion of the European Data Protection Supervisor: Europe's Role in Shaping the Future of Internet Governance (23 June 2014)
Ayden Fabien Férdeline
ayden at ferdeline.com
Mon Apr 11 08:56:16 UTC 2016
Opinion of the European Data Protection Supervisor: Europe's Role in Shaping the Future of Internet Governance (23 June 2014)
Summary: * This document calls for all Internet policy discussions to take into
consideration the internationally-recognised, fundamental rights of privacy
and data protection. Such rights are:
* 1) at the basis of users' online interactions, 2) should be protected online as well as offline, and 3) “are not negotiable”.
* The current WHOIS system is named as “an example of a data protection issue
which has to be addressed” because of its “authentication and data retention
requirements.” It must be replaced “with a solution taking account, inter
alia, of privacy concerns.”
* Data protection authorities must be represented in multi-stakeholder Internet
governance processes and must ensure that respect for fundamental rights are
assured for all users regardless of their means and capabilities. They should
also should work to ensure the harmonisation of data protection rules at a
global level.
* Data controllers have a responsibility to:
* provide transparent and easily accessible and understandable information, should provide procedures and mechanisms for exercising a data subject's
rights, must provide information on storage periods, must provide information on rights to lodge a complaint, and must provide information in relation to the international transfer of data
and to the source from which the data is originating.
* Users have the right to be forgotten and to erasure. In balancing the right
to erasure against the freedom of information, the former overrides the
general public's right to be informed, unless the data subject plays a role
in public life that justifies interference with his/her right to privacy.
* There is a close relationship between technological design and data
protection. The principles of data protection-by-design and by-default could serve as significant enablers of trust on the Internet. Accordingly
the inclusion of optimal data protection standards in the development of
technology at the early design phase is encouraged.
* Conflicts of law arise in connection with the Internet, jeopardising users'
rights to privacy and data protection, and these need to be solved. “Given
the global and cross-border nature of the Internet, personal data is often
transferred to and processed in jurisdictions other than those in which users
have submitted their data, exposing them to the risk of lower or no data
protection. In addition, controllers processing personal data on the Internet
may be faced with conflicting laws and obligations and must choose between
violating foreign obligations or EU data protection safeguards … which in
consequence undermines the data protection safeguards afforded to users under
EU law.”
* Google v AEPD might provide some guidance on answering this question – in this judgement
the Court of Justice of the European Union ruled that the presence of an
establishment on the territory of an EU Member State and the relationship
between the activities of that establishment and the data processing at issue
can be used to decide the applicability of EU data protection law to a
processing carried out online.
* “From a European perspective, we would encourage controllers processing the
personal data of EU individuals on the Internet to increase the transparency
and the amount of information they provide to users in relation to the law(s)
they are subject to and the data protection rules they are bound to apply,
including laws on access to data by government bodies, jurisdictions where
data may be processed, and what safeguards have been implemented to protect
users' data.”
Ayden Férdeline Statement of Interest
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-privacy/attachments/20160411/f7f44e34/attachment-0001.html>
More information about the Gnso-rds-pdp-privacy
mailing list