Kurzus nemzetközi vendég- és részidős hallgatóknak
- Kar
- Állam- és Jogtudományi Kar
- Szervezet
- ÁJTK Nemzetközi Jogi Tanszék
- Kód
- JNX_ERASMUS:L12
- Cím
- International and European Personal Data Protection Law
- Tervezett félév
- Mindkét
- Meghirdetve
- 2023/24/2
- ECTS
- 5
- Nyelv
- en
- Oktatás célja
- Tantárgy tartalma
- Lecturer: Mateusz Gędźba – Krakow 2 weeks long block seminar on 26 February – 01 March and 15 – 19 April (8.00 – 10.00) I. International personal data protection law 1. Soft law a. Universal Declaration of Human Rights b. OECD guidelines c. Resolutions and recommendations issued by Council of Europe Committee of Ministers (examples: Resolution 73/22, Resolution 74/29, Recommendation Rec(2010)13 to member states on the protection of individuals with regard to automatic processing of personal data in the context of profiling (Profiling Recommendation), 23 November 2010) 2. Hard law a. European Convention on Human Rights: i. Description of relevant regulations (e.g. Article 8) ii. Case law of European Court of Human Rights – the landmark cases: 1. Axel Springer AG v. Germany (Application no. 39954/08) – balance between the right to data protection and freedom of expression; 2. Mosley v. The United Kingdom (Application no. 48009/08) – balance between the right to data protection and freedom of expression; 3. Biriuk v. Lithuania (Application no. No. 23373/03) - balance between the right to data protection and freedom of expression 4. Vereinigung Bildender Künstler v. Austria (Application no. 68354/01)– balance between the right to data protection and freedom of arts and sciences; 5. Társaság a Szabadságjogokért v. Hungary (Application no. 37374/05)– balance between the right to data protection and the right of access to documents.; 6. Vereinigung bildender Künstler v. Austria (Application no. No. 68345/01) - balance between the right to data protection and the freedom of the arts and sciences b. Council of Europe Convention n° 108 and its amendments i. History and territorial scope of the convention, it’s global character, ii. New draft of amending Protocol (published after the session of Committee of Ministers on 17 – 18 May 2018). II. Law of European Union: 1. Primary EU law a. Treaty on the functioning of European Union – art. 6 (1) with the coming into force of the Lisbon Treaty on 1 December 2009 turned the Charter of Fundamental Rights into EU primary law; b. Charter of Fundamental Rights of the EU art. 7 (respect for private and family life) and art. 8 (right to data protection), art. 52 (limitations of right to data protection). 2. Secondary law a. Historical sources: i. Directive 95/46/EC National (invalidated 25 May 2018); ii. Directive 2006/24/EC so called Data Retention Directive (invalidated 8 April 2014); b. Applicable sources: i. Directives: 1. Directive 2002/58/EC so called Directive on privacy and electronic communications; 2. Directive (EU) 2016/680 so called Police Directive; ii. Regulations: 1. Regulation (EU) 45/2011; 2. Regulation (EU) 2016/679 so called GDPR; iii. CJUE case law – landmark cases 1. Joined cases C-92/09 and C-93/09, Volker and Markus Schecke GbR (C-92/09) and Hartmut Eifert (C-93/09) v. Land Hessen; 2. Case C-131/12 Google Spain SL, Google Inc. v. Agencia Española de Protección de Datos (AEPD), Mario Costeja González; 3. Case C-582/14 Patrick Breyer v. Bundesrepublik Deutschland; 4. Case C-498/16 Maximilian Schrems v. Facebook Ireland Ltd., judgement of 25 January 2018; 5. Case C-210/16, Wirtschaftsakademie Schleswig-Holstein, judgment of 5 June 2018; 6. C-25/17 - Jehovan todistajat (Jehovah’s witnesses), judgement of 10 July 2018; 7. Case C-311/18 Data Protection Commissioner v Facebook Ireland and Maximillian Schrems (called “Schrems II case”), judgement of 16 July 2020; iv. Soft law: 1. Opinions of Article 29 Working Party (e.g. Opinion 4/2007 on the concept of personal data, WP 136, 20 June 2007); 2. Guidelines of European Data Protection Board (e.g. Guidelines 2/2018 on derogations of Article 49 under Regulation 2016/679, Guidelines 2/2019 on the processing of personal data under Article 6(1)(b) GDPR in the context of the provision of online services to data subjects). 3. European Data Protection reform: a. Historical background (Directive 95/46/EC – adopted in a completely different environment i.e. different level of internet access, the first attempts of reform 2012 – first official drafts, one of the most heavily lobbied pieces of legislation in the history of EU). b. Current outcome (replacement of Directive 95/46/EC by GDPR, new regulations in the field of police related matters). c. General Data Protection Regulation (GDPR) – specific provisions i. Scope: 1. Direct result in EU (Article 288 TFEU, comparison between directive and regulation); 2. Applicability in EEA (incorporation of GDPR into EEA Agreement); 3. Applicability in the United Kingdom (incorportation of GDPR into internal law of the UK); 4. Material scope (comparison with convention n° 108, derogations listed in Article 2.2); 5. extraterritorial effect (establishment in EU, offering goods or services to EU citizens, monitoring the behavior of EU citizens – practical examples); ii. Key terms: 1. Personal data: a. where is the limit of it, indirect identification (example: IP number – is it personal data?); b. Special categories of personal data e.g. sensitive data (Article 6 of Convention n° 108, Article 9 GDPR, C-101/01, Bodil Lindqvist, 6 November 2003), personal data relating to criminal convictions (Article 10 GDPR, example of criminal background checks used in recruitment); 2. Data subject; 3. Processing – scope of the definition, case law: C-101/01, Bodil Lindqvist, 6 November 2003; 4. Filing system; 5. Controller and processor: a. Guidelines 07/2020 on the concepts of controller and processor in the GDPR, adopted on 7th July 2021; b. Concept - Article 29 Working Party (2010), Opinion 1/2010 on the concepts of ‘controller’ and ‘processor’, WP 169, Brussels, 16 February 2010; c. SWIFT case - Article 29 Working Party (2006), Opinion 10/2006 on the processing of personal data by the Society for Worldwide Interbank Financial Telecommunication (SWIFT), WP 128, Brussels, 22 November 2006; d. Comparison of the scope of liability; e. Data protection agreement – requirements of Article 28 GDPR. 6. Profiling – context: Big Data, Internet of Things (IoT), behavioral advertising, Article 29 Working Party Guidelines on Automated individual decision-making and Profiling for the purposes of Regulation 2016/679. 7. Pseudonymisation. 8. Supervisory Authority. 9. Supervisory Authority Concerned. iii. The main principles of personal data processing: 1. Fairness and lawfulness; a. Legal bases of processing (art. 6.1 GDPR); 2. Purpose limitation; 3. Proportionality; 4. Accuracy; 5. Storage limitation; 6. Integrity and confidentiality. iv. Data subject’s rights 1. “the old rights” – the rights which had existed before GDPR a. Right of access; b. Right of rectification; c. Right to file a claim with supervisory authority; 2. “the new rights” – the rights established by GDPR: a. Right to data portability; b. Right to restriction of processing; c. Right to be forgotten; d. Right to object and automated individual decisionmaking. v. Cross-broder data transfers: 1. General principle for transfers; 2. Adequacy decision; 3. Transfers subject to appropriate safeguards: a. legally binding and enforceable instrument between public authorities or bodies; b. binding corporate rules; c. standard data protection clauses adopted by the European Commission; d. standard data protection clauses adopted by the European Commission adopted by a supervisory authority and approved by the Commission; e. approved code of conduct; f. approved certification mechanism; 4. Impact of Schrems II case
- Számonkérés és értékelés
- Assessment Written (open book) exam ont he last lesson
Kurzus szakjai
| Név (kód) | Nyelv | Szint | Kötelező | Tanév | ... |
|---|---|---|---|---|---|
| Erasmus program keretében (ÁJTK-ERASMUS-NXXX) | hu | Kötelező | |||
| jogász (ÁJTK-JOG-NOHU) | hu | 7 | 1/5 |