1 / 7

Practical experience of cooperation and coordination during DP investigations and audits

Practical experience of cooperation and coordination during DP investigations and audits. Ultan O’Carroll Technology Advisor Office of Data Protection Commissioner. Outline. Background to IE legislation and office Toolbox Experience. Background.

pilchera
Download Presentation

Practical experience of cooperation and coordination during DP investigations and audits

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Practical experience of cooperation and coordination during DP investigations and audits Ultan O’CarrollTechnology AdvisorOffice of Data Protection Commissioner

  2. Outline • Background to IE legislation and office • Toolbox • Experience

  3. Background • IE small – population and economic weight. Office of Data Protection Commissioner is small, but budget increasing, commitment to more. • Increasing numbers of IT multinationals in IE • IE transposed EU 95/46/EC in 1988 (2003) and ePrivacy in 2011. • Roles of enforcer, ombudsman, education, transparency (registration) • proactive : audit and outreach, code of practice • reactive : complaints, investigation, breach

  4. Toolbox • Audit - "may carry out or cause to be carried out" - identify areas of concern related to protection of personal data, make recommendations. Audit generally non-adversarial, best-practice • Education - guidance notes, help desk, compliance, speaking/presentation, annual report, schools visits. • Enforcement – soft and hard, corrective rather than punitive. Non adversarial, no fines. Threat of offence for non-compliance. • And….

  5. Authorised Officers • Powerful tool from Article 24 of IE legislation • can second Individuals or organisations, other DPAs • Shared resources in government • May request organisations to nominate 3rd parties • Have used for specialist resources – eg legal and technology; but means officers act under Irish regulation • But also – GPEN, OECD, International Conf of DP Comms, MoU, “Coordinated” actions, standards & seals

  6. Experience • Audit reports on FB and LI made reference to previous DPA activity, and communications with EU WP29. Communications and consistency important. • Confidentiality remains to be observed. EU 28.6 and 28.7, (CoE Convention 108, Article 13, 15). Open to challenge ? • For future audits IE will need more cooperation between DPAs and to make use of 3rd parties. • New EU Regs - One-stop-shop ? Jurisdiction, secondment, resourcing

  7. Summary Small office, lots to do. Cooperation and resource allocation important, useful Good experience, with some limits Future will require more cooperation !

More Related