European data protection law: corporate compliance and regulation
Gespeichert in:
| 1. Verfasser: | |
|---|---|
| Format: | Buch |
| Sprache: | English |
| Veröffentlicht: |
Oxford [u.a.]
Oxford Univ. Press
2007
|
| Ausgabe: | 2. ed. |
| Schlagworte: | |
| Online-Zugang: | Inhaltsverzeichnis |
| Beschreibung: | 1. Aufl. 2003 u.d.T.: European data privacy law and online business |
| Beschreibung: | XXXVII, 552 S. |
| ISBN: | 9780199283859 0199283850 |
Internformat
MARC
| LEADER | 00000nam a2200000zc 4500 | ||
|---|---|---|---|
| 001 | BV021821366 | ||
| 003 | DE-604 | ||
| 005 | 20110405 | ||
| 007 | t| | ||
| 008 | 061121s2007 xxk |||| 00||| eng d | ||
| 020 | |a 9780199283859 |9 978-0-19-928385-9 | ||
| 020 | |a 0199283850 |9 0-19-928385-0 | ||
| 035 | |a (OCoLC)77831086 | ||
| 035 | |a (DE-599)BVBBV021821366 | ||
| 040 | |a DE-604 |b ger |e aacr | ||
| 041 | 0 | |a eng | |
| 044 | |a xxk |c GB | ||
| 049 | |a DE-M382 |a DE-12 |a DE-703 |a DE-355 |a DE-739 | ||
| 050 | 0 | |a KJE6071 | |
| 082 | 0 | |a 342.2408/58 |2 22 | |
| 084 | |a PZ 4800 |0 (DE-625)141183: |2 rvk | ||
| 100 | 1 | |a Kuner, Christopher |e Verfasser |4 aut | |
| 245 | 1 | 0 | |a European data protection law |b corporate compliance and regulation |c Christopher Kuner |
| 250 | |a 2. ed. | ||
| 264 | 1 | |a Oxford [u.a.] |b Oxford Univ. Press |c 2007 | |
| 300 | |a XXXVII, 552 S. | ||
| 336 | |b txt |2 rdacontent | ||
| 337 | |b n |2 rdamedia | ||
| 338 | |b nc |2 rdacarrier | ||
| 500 | |a 1. Aufl. 2003 u.d.T.: European data privacy law and online business | ||
| 610 | 2 | 7 | |a Europäische Union |0 (DE-588)5098525-5 |2 gnd |9 rswk-swf |
| 650 | 7 | |a Databescherming |2 gtt | |
| 650 | 7 | |a E-commerce |2 gtt | |
| 650 | 7 | |a Europees recht |2 gtt | |
| 650 | 7 | |a Recht op privacy |2 gtt | |
| 650 | 4 | |a Europarecht | |
| 650 | 4 | |a Recht | |
| 650 | 4 | |a Data protection |x Law and legislation |z European Union countries | |
| 650 | 4 | |a Electronic commerce |x Law and legislation |z European Union countries | |
| 650 | 0 | 7 | |a Unternehmen |0 (DE-588)4061963-1 |2 gnd |9 rswk-swf |
| 650 | 0 | 7 | |a Datenschutz |0 (DE-588)4011134-9 |2 gnd |9 rswk-swf |
| 651 | 4 | |a Europäische Union. Mitgliedsstaaten | |
| 689 | 0 | 0 | |a Europäische Union |0 (DE-588)5098525-5 |D b |
| 689 | 0 | 1 | |a Datenschutz |0 (DE-588)4011134-9 |D s |
| 689 | 0 | 2 | |a Unternehmen |0 (DE-588)4061963-1 |D s |
| 689 | 0 | |5 DE-604 | |
| 856 | 4 | 2 | |m HBZ Datenaustausch |q application/pdf |u http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=015033503&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA |3 Inhaltsverzeichnis |
| 943 | 1 | |a oai:aleph.bib-bvb.de:BVB01-015033503 | |
Datensatz im Suchindex
| _version_ | 1820135514297073664 |
|---|---|
| adam_text |
CONTENTS—SUMMARY
Table ofCases xxv
Table ofPrimary and Secondary Legislation xxvi
Table of International Instruments xxxv
List ofAbbreviations xxxvii
1. European Data Protection Law and Institutions 1
2. Fundamental Legal Concepts 63
3. Applicable Law and Jurisdiction 109
4. International Data Transfers 151
5. Compliance Challenges and Strategies 233
Appendix 1. Useful Internet Links 325
Appendix 2. European Data Protection Authorities 327
Appendix 3. EU Data Protection Directive ('General Directive')
95/46/EC 335
Appendix 4. EU Directive on Privacy and Electronic
Communications 2002/58/EC 361
Appendix 5. EU Data Retention Directive 2006/24/EC 379
Appendix 6. United States Safe Harbor Principles and FAQs 391
Appendix 7. Standard Contractual Clauses for the Transfer of
Personal Data to Third Countries (Controller to Controller
Transfers) 409
Appendix 8. Standard Contractual Clauses for the Transfer of
Personal Data to Third Countries (Controller to Processor
Transfers) 439
Appendix 9. Forms and Precedents 453
xv
Appendix 10. Mail, Fax, Telephone and e mail Marketing
Requirements in EU Member States 465
Appendix 11. Summary of Notification Requirements for
Commercial and Human Resources Data in EU
Member States 471
Appendix 12. Standard Contractual Clauses Filing Requirements 483
Appendix 13. Selected Enforcement Measures in EU Member
States and Article 29 Working Party from
September 2002 through May 2006 487
Appendix 14. Documents adopted by Article 29 Working
Party through August 2006 503
Appendix 15. Binding Corporate Rules Materials 513
Glossary 533
Selected Bibliography 537
Index 543
Companion Website
This book will be updated by means of a companion Website, freely accessible
to all purchasers of the book. Key developments will be reported and analysed
on the Website on an occasional basis.
While the site will not attempt to provide comprehensive Updates, references
will be included from time to time to particularly significant developments
of which the author feels the readers should be made aware. The author
will provide updating commentary where appropriate. The companion
Website will also carry links to a large number of useful Websites referred to
in the book.
To register for free access, please visit:
http://www.oup.co.uk/law/practitioner/cws
and click on the link for European Data Protection Law: Corporate
Compliance and Regulation.
xvi
CONTENTS
Table ofCases xxv
Table ofPrimary and Secondary Legisladon xxvi
Table ofInternational Instruments xxxv
List ofAbbreviations xxxvii
1. European Data Protection Law and Institutions
A. Introduction 1.01
B. EU Institutions 1.04
(1) European Commission 1.08
(2) Council ofthe European Union 1.11
(3) European Parliament 1.13
(4) European Court of Justice 1.14
(5) European Data Protection Supervisor (EDPS) 1.16
(6) Article 29 Working Party 1.18
(7) Article 31 Committee 1.21
(8) Other institutions 1.25
C. EU Member States' Authorities 1.26
(1) Data protection authorities 1.26
(2) Other authorities and entities 1.34
D. Regulatory Instruments 1.35
(1) EU law 1.35
Treaties 1.35
General Directive 1.39
Directive on Privacy and Electronic Communications 1.49
Interaction ofthe General Directive and the Directive on
Privacy and Electronic Communications 1.51
Data Retention Directive 1.54
Further instruments 1.57
(2) Member State law 1.58
(3) Supremacy of EU law and Implementation of directives 1.61
(4) Standardization 1.70
E. Legislative Process 1.76
xvii
F. Non EU International Institutions 1.77
(1) Council ofEurope 1.77
(2) OECD 1 78
(3) United Nations 1 79
(4) Berlin Group 1 80
G. Enforcement ofthe Law 1 81
H. Future Directions 1 92
2. Fundamental Legal Concepts
A. Introduction 2.01
B. Access and Related Rights 2.02
C. Anonymous and Pseudonymous Data 2.08
D. Consent 2.13
E. Data Controllers and Data Processors 2.19
F. Data Minimization 2.30
G. Data Processing: Definition and Grounds 2.33
H. DataSubject 2.36
I. Data Transfer 2.42
J. Establishment 2.51
K. Freedom of Expression 2.54
L. Freedom of Information 2.62
M. FreeFlowofDatawithintheEU 2.68
N. Legitimacy 2.70
O. Personal Data 2.73
P. Processing 2.87
Q. Purpose Limitation 2.89
R. Sensitive Data 2.92
S. Third Party 2.99
3. ApplicableLawandJurisdiction
A. Introduction 3.01
B. DistinguishingChoiceofLawandJurisdiction 3.06
(1) Conflict oflaws and the General Directive 3.06
(2) Jurisdictional rules 3.09
xviii
C. The General Directive 3.12
(1) Overview 3.12
(2) Member State implementations 3 13
(3) Outline oflegal bases 3.20
Establishment of data Controller in the EU 3.21
Use of equipment in a Member State by a non EU data Controller 3.23
Application of EU law based on public international law 3.37
(4) Application to data processors 3 38
(5) Corporate structure 3.40
(6) Intra EU conflict oflaws 3.44
(7) Appointmentofarepresentativein the EU 3.48
(8) Outlook 3.51
D. The Directive on Privacy and Electronic Communications 3.52
(1) Overview 3.52
(2) Material scope 3.53
(3) Personal scope 3.57
(4) Geographie scope 3.58
(5) Applicable law and jurisdiction 3.59
(6) National implementations 3.62
E. The Directive on Data Retention 3.65
F. CaseStudies 3.68
(1) Introduction 3.68
(2) Websites based outside Europe 3.69
(3) Global companies 3.74
(4) Data transfers routed through a single Member State 3.78
4. International Data Transfers
A. Introduction 4.01
B. Selectinga Data Transfer Mechanism 4.05
C. Basic Principles 4.07
(1) Data transfers 4.07
(2) Legal bases for data export 4.10
(3) Legal basis for data processing 4.14
(4) Member State law 4.23
(5) Data transfer and applicable law 4.31
(6) Enforcement 4.35
(7) Onward transfers and processor to processor transfers 4.38
(8) Data imports into the EU 4.47
D. Adequacy Decisions 4.48
(1) Introduction 4.48
(2) Determining adequacy 4.53
xix
E. SafeHarbor 4.59
(1) Introduction 4.59
(2) Membership 4.61
(3) Substantive principles 4.63
(4) Issues ^ 66
(5) Outlook 4.67
F. Contractual Clauses 4.68
(1) Introduction 4.68
(2) Evolution of the Standard contractual clauses 4.70
Controller to controller clauses 4.75
Controller to processor clauses 4.78
(3) Using the Standard contractual clauses in practice 4.81
Practical issues 4.81
Strategies for signing the clauses 4.92
(4) Ad hoc and national contracts 4.99
G. Exceptions 4.103
(1) Introduction 4.103
(2) Consent 4.105
(3) Transfers necessary for Performance ofacontract 4.107
(4) Transfers in the public interest or in defence of legal claims 4.112
H. Binding Corporate Rules (BCRs) 4.120
(1) Introduction 4.120
(2) Application and approval of BCRs 4.124
(3) Legal issues 4.128
(4) DraftingBCRs 4.135
(5) SubstanceofBCRs 4.138
Processing and flows of information 4.139
Data protection safeguards 4.140
Mechanism for reporting and notifying changes 4.141
Internal measures for ensuring compliance within
the organization 4.143
Verification of compliance 4.144
Complaint handling 4.145
Cooperation with the DPAs 4.146
Jurisdiction 4.148
Redress for individuals 4.149
Liability 4.150
Promoting awareness of BCRs 4.151
Binding natureof BCRs 4.152
(6) Implementation of BCRs 4.153
xx
5. Compliance Challenges and Strategies
A. Introduction 5.01
B. Developing a Data Protection Compliance Strategy 5.05
(1) Introduction 5.05
(2) Steps ofa compliance project 5.09
C. Legal Grounds for Processing Personal Data 5.26
(1) Introduction 5.26
(2) Legal grounds 5.28
(3) Application to compliance issues 5.29
D. Notification of Data Processing to the DPAs 5.30
(1) Introduction 5.30
(2) Member State law 5.36
(3) Compliance strategies 5.41
Is notification necessary? 5.46
What data processing should be notified? 5.48
Who should perform notification and how should it be done? 5.53
When should notification be made? 5.57
E. Processing of Employee Data 5.61
(1) Introduction 5.61
(2) Legal basis for data processing 5.62
(3) Monitoring employee Computer usage 5.63
An incremental approach to monitoring 5.68
Ensuring technical functionality of the network 5 72
Detecting significant deviations in System use 5.74
Dealing with significant misuse 5.78
Recommendations 5.81
(4) Whistleblower hotlines 5.86
Introduction 5.86
Conflict between EU and US law 5.90
Article 29 Working Party guidance 5.96
Remaining issues 5.98
(5) Works Councils 5.101
Introduction 5.101
Member State examples 5.104
(6) Placing employee information on the internet 5.116
F. Website Compliance 5.119
(1) Introduction 5.119
(2) Requirements for Websites 5.122
(3) Privacypolicies 5.126
(4) Highlights notices 5.132
xxi
G. Security and Security Breaches 5.135
(1) Introduction 5.135
(2) Legal Status of security breaches 5.140
The US experience 5.141
EUlaw 5.145
(3) Responding to security breaches 5.151
H. Corporate Acquisitions and Due Diligence 5.156
(1) Introduction 5.156
(2) 'Due diligence 5.157
Evaluating the data to be processed 5.161
Finding a legal basis for processing 5.163
Providing notice 5.167
Ensuring security 5.168
Providing a legal basis for transfers outside the EEA 5.170
(3) Corporate acquisitions 5.171
I. Outsourcing 5.173
(1) Introduction 5.173
(2) Legal issues 5.176
Types of outsourcing transactions 5.176
Contractual provisions 5.181
Security 5.184
International data transfers 5.185
DPAguidance 5.187
J. Marketing 5.189
(1) Introduction 5.189
(2) Specific issues 5.196
Member State implementations 5.196
Definition of e mail 5.201
Consent 5.203
Legal persons 5.206
Acquisition of addresses 5.208
Similar products and Services to existing customers 5.209
Opt outlists 5.212
K. Records Management 5.213
(1) Introduction 5.213
(2) Legal requirements 5.216
(3) Implementing a records management programme 5.222
xxii
Appendix 1. Usefid Internet Links 325
Appendix 2. European Data Protection Authorities 327
Appendix 3. EU Data Protection Directive ('General Directive')
95/46/EC 335
1. Implementation 335
2. Text 337
Appendix 4. EU Directive on Privacy and Electronic
Communications 2002/58/EC 361
1. Implementation 361
2. Text 362
Appendix 5. EU Data Retention Directive 2006/24/EC 379
Appendix 6. United States Safe Harbor Principles and FAQs 391
1. Safe harbor privacy principles issued by the U.S.
Department of Commerce on 21 July 2000 391
2. Frequently Asked Questions issued by the U.S.
Department of Commerce on 21 July 2000 394
Appendix 7. Standard Contractual Clauses for the Transfer of
Personal Data to Third Countries (Controller to Controller
Transfers) 409
1. SETI (2001) 409
2. SET II (2004, Industry Alternative Clauses) 424
Appendix 8. Standard Contractual Clauses for the Transfer of
Personal Data to Third Countries (Controller to Processor
Transfers) 439
Appendix 9. Forms and Precedents 453
1. CEN (European Committee for Standardization)
Article 17 Model Contra« 453
2. Sample safe harbor onward transfer agreement
(for transfers to agents' or data processors) 460
3. Sample Website privacy policy (füll version) 461
4. Sample Website privacy policy (highlights 463
notice version)
xxiii
Appendix 10. Mail, Fax, Telephone and E mail Marketing
Requirements in EU Member States 465
Appendix 11. Summary of Notification Requirements for Commercial
and Human Resources Data in EU Member States 471
Appendix 12. Standard Contractual Clauses Filing Requirements 483
Appendix 13. Selected Enforcement Measures in EU Member
States and Article 29 Working Party from
September 2002 through May 2006 487
Appendix 14. Documents Adopted by Article 29 Working Party
through August 2006 503
Appendix 15. Binding Corporate Rules Materials 513
1. ICC Standard application form for approval 513
ofBCRs
2. Decision of Austrian DPA approving BCRs 528
of an Austrian bank
Glossary 533
SelectedBibliography 537
Index 543
xxiv |
| adam_txt |
CONTENTS—SUMMARY
Table ofCases xxv
Table ofPrimary and Secondary Legislation xxvi
Table of International Instruments xxxv
List ofAbbreviations xxxvii
1. European Data Protection Law and Institutions 1
2. Fundamental Legal Concepts 63
3. Applicable Law and Jurisdiction 109
4. International Data Transfers 151
5. Compliance Challenges and Strategies 233
Appendix 1. Useful Internet Links 325
Appendix 2. European Data Protection Authorities 327
Appendix 3. EU Data Protection Directive ('General Directive')
95/46/EC 335
Appendix 4. EU Directive on Privacy and Electronic
Communications 2002/58/EC 361
Appendix 5. EU Data Retention Directive 2006/24/EC 379
Appendix 6. United States Safe Harbor Principles and FAQs 391
Appendix 7. Standard Contractual Clauses for the Transfer of
Personal Data to Third Countries (Controller to Controller
Transfers) 409
Appendix 8. Standard Contractual Clauses for the Transfer of
Personal Data to Third Countries (Controller to Processor
Transfers) 439
Appendix 9. Forms and Precedents 453
xv
Appendix 10. Mail, Fax, Telephone and e mail Marketing
Requirements in EU Member States 465
Appendix 11. Summary of Notification Requirements for
Commercial and Human Resources Data in EU
Member States 471
Appendix 12. Standard Contractual Clauses Filing Requirements 483
Appendix 13. Selected Enforcement Measures in EU Member
States and Article 29 Working Party from
September 2002 through May 2006 487
Appendix 14. Documents adopted by Article 29 Working
Party through August 2006 503
Appendix 15. Binding Corporate Rules Materials 513
Glossary 533
Selected Bibliography 537
Index 543
Companion Website
This book will be updated by means of a companion Website, freely accessible
to all purchasers of the book. Key developments will be reported and analysed
on the Website on an occasional basis.
While the site will not attempt to provide comprehensive Updates, references
will be included from time to time to particularly significant developments
of which the author feels the readers should be made aware. The author
will provide updating commentary where appropriate. The companion
Website will also carry links to a large number of useful Websites referred to
in the book.
To register for free access, please visit:
http://www.oup.co.uk/law/practitioner/cws
and click on the link for European Data Protection Law: Corporate
Compliance and Regulation.
xvi
CONTENTS
Table ofCases xxv
Table ofPrimary and Secondary Legisladon xxvi
Table ofInternational Instruments xxxv
List ofAbbreviations xxxvii
1. European Data Protection Law and Institutions
A. Introduction 1.01
B. EU Institutions 1.04
(1) European Commission 1.08
(2) Council ofthe European Union 1.11
(3) European Parliament 1.13
(4) European Court of Justice 1.14
(5) European Data Protection Supervisor (EDPS) 1.16
(6) Article 29 Working Party 1.18
(7) Article 31 Committee 1.21
(8) Other institutions 1.25
C. EU Member States' Authorities 1.26
(1) Data protection authorities 1.26
(2) Other authorities and entities 1.34
D. Regulatory Instruments 1.35
(1) EU law 1.35
Treaties 1.35
General Directive 1.39
Directive on Privacy and Electronic Communications 1.49
Interaction ofthe General Directive and the Directive on
Privacy and Electronic Communications 1.51
Data Retention Directive 1.54
Further instruments 1.57
(2) Member State law 1.58
(3) Supremacy of EU law and Implementation of directives 1.61
(4) Standardization 1.70
E. Legislative Process 1.76
xvii
F. Non EU International Institutions 1.77
(1) Council ofEurope 1.77
(2) OECD 1 78
(3) United Nations 1 79
(4) Berlin Group 1 80
G. Enforcement ofthe Law 1 81
H. Future Directions 1 92
2. Fundamental Legal Concepts
A. Introduction 2.01
B. Access and Related Rights 2.02
C. Anonymous and Pseudonymous Data 2.08
D. Consent 2.13
E. Data Controllers and Data Processors 2.19
F. Data Minimization 2.30
G. Data Processing: Definition and Grounds 2.33
H. DataSubject 2.36
I. Data Transfer 2.42
J. Establishment 2.51
K. Freedom of Expression 2.54
L. Freedom of Information 2.62
M. FreeFlowofDatawithintheEU 2.68
N. Legitimacy 2.70
O. Personal Data 2.73
P. Processing 2.87
Q. Purpose Limitation 2.89
R. Sensitive Data 2.92
S. Third Party 2.99
3. ApplicableLawandJurisdiction
A. Introduction 3.01
B. DistinguishingChoiceofLawandJurisdiction 3.06
(1) Conflict oflaws and the General Directive 3.06
(2) Jurisdictional rules 3.09
xviii
C. The General Directive 3.12
(1) Overview 3.12
(2) Member State implementations 3 13
(3) Outline oflegal bases 3.20
Establishment of data Controller in the EU 3.21
Use of equipment in a Member State by a non EU data Controller 3.23
Application of EU law based on public international law 3.37
(4) Application to data processors 3 38
(5) Corporate structure 3.40
(6) Intra EU conflict oflaws 3.44
(7) Appointmentofarepresentativein the EU 3.48
(8) Outlook 3.51
D. The Directive on Privacy and Electronic Communications 3.52
(1) Overview 3.52
(2) Material scope 3.53
(3) Personal scope 3.57
(4) Geographie scope 3.58
(5) Applicable law and jurisdiction 3.59
(6) National implementations 3.62
E. The Directive on Data Retention 3.65
F. CaseStudies 3.68
(1) Introduction 3.68
(2) Websites based outside Europe 3.69
(3) Global companies 3.74
(4) Data transfers routed through a single Member State 3.78
4. International Data Transfers
A. Introduction 4.01
B. Selectinga Data Transfer Mechanism 4.05
C. Basic Principles 4.07
(1) Data transfers 4.07
(2) Legal bases for data export 4.10
(3) Legal basis for data processing 4.14
(4) Member State law 4.23
(5) Data transfer and applicable law 4.31
(6) Enforcement 4.35
(7) Onward transfers and processor to processor transfers 4.38
(8) Data imports into the EU 4.47
D. Adequacy Decisions 4.48
(1) Introduction 4.48
(2) Determining adequacy 4.53
xix
E. SafeHarbor 4.59
(1) Introduction 4.59
(2) Membership 4.61
(3) Substantive principles 4.63
(4) Issues ^ 66
(5) Outlook 4.67
F. Contractual Clauses 4.68
(1) Introduction 4.68
(2) Evolution of the Standard contractual clauses 4.70
Controller to controller clauses 4.75
Controller to processor clauses 4.78
(3) Using the Standard contractual clauses in practice 4.81
Practical issues 4.81
Strategies for signing the clauses 4.92
(4) Ad hoc and national contracts 4.99
G. Exceptions 4.103
(1) Introduction 4.103
(2) Consent 4.105
(3) Transfers necessary for Performance ofacontract 4.107
(4) Transfers in the public interest or in defence of legal claims 4.112
H. Binding Corporate Rules (BCRs) 4.120
(1) Introduction 4.120
(2) Application and approval of BCRs 4.124
(3) Legal issues 4.128
(4) DraftingBCRs 4.135
(5) SubstanceofBCRs 4.138
Processing and flows of information 4.139
Data protection safeguards 4.140
Mechanism for reporting and notifying changes 4.141
Internal measures for ensuring compliance within
the organization 4.143
Verification of compliance 4.144
Complaint handling 4.145
Cooperation with the DPAs 4.146
Jurisdiction 4.148
Redress for individuals 4.149
Liability 4.150
Promoting awareness of BCRs 4.151
Binding natureof BCRs 4.152
(6) Implementation of BCRs 4.153
xx
5. Compliance Challenges and Strategies
A. Introduction 5.01
B. Developing a Data Protection Compliance Strategy 5.05
(1) Introduction 5.05
(2) Steps ofa compliance project 5.09
C. Legal Grounds for Processing Personal Data 5.26
(1) Introduction 5.26
(2) Legal grounds 5.28
(3) Application to compliance issues 5.29
D. Notification of Data Processing to the DPAs 5.30
(1) Introduction 5.30
(2) Member State law 5.36
(3) Compliance strategies 5.41
Is notification necessary? 5.46
What data processing should be notified? 5.48
Who should perform notification and how should it be done? 5.53
When should notification be made? 5.57
E. Processing of Employee Data 5.61
(1) Introduction 5.61
(2) Legal basis for data processing 5.62
(3) Monitoring employee Computer usage 5.63
An incremental approach to monitoring 5.68
Ensuring technical functionality of the network 5 72
Detecting significant deviations in System use 5.74
Dealing with significant misuse 5.78
Recommendations 5.81
(4) Whistleblower hotlines 5.86
Introduction 5.86
Conflict between EU and US law 5.90
Article 29 Working Party guidance 5.96
Remaining issues 5.98
(5) Works Councils 5.101
Introduction 5.101
Member State examples 5.104
(6) Placing employee information on the internet 5.116
F. Website Compliance 5.119
(1) Introduction 5.119
(2) Requirements for Websites 5.122
(3) Privacypolicies 5.126
(4) Highlights notices 5.132
xxi
G. Security and Security Breaches 5.135
(1) Introduction 5.135
(2) Legal Status of security breaches 5.140
The US experience 5.141
EUlaw 5.145
(3) Responding to security breaches 5.151
H. Corporate Acquisitions and Due Diligence 5.156
(1) Introduction 5.156
(2) 'Due diligence 5.157
Evaluating the data to be processed 5.161
Finding a legal basis for processing 5.163
Providing notice 5.167
Ensuring security 5.168
Providing a legal basis for transfers outside the EEA 5.170
(3) Corporate acquisitions 5.171
I. Outsourcing 5.173
(1) Introduction 5.173
(2) Legal issues 5.176
Types of outsourcing transactions 5.176
Contractual provisions 5.181
Security 5.184
International data transfers 5.185
DPAguidance 5.187
J. Marketing 5.189
(1) Introduction 5.189
(2) Specific issues 5.196
Member State implementations 5.196
Definition of e mail 5.201
Consent 5.203
Legal persons 5.206
Acquisition of addresses 5.208
Similar products and Services to existing customers 5.209
Opt outlists 5.212
K. Records Management 5.213
(1) Introduction 5.213
(2) Legal requirements 5.216
(3) Implementing a records management programme 5.222
xxii
Appendix 1. Usefid Internet Links 325
Appendix 2. European Data Protection Authorities 327
Appendix 3. EU Data Protection Directive ('General Directive')
95/46/EC 335
1. Implementation 335
2. Text 337
Appendix 4. EU Directive on Privacy and Electronic
Communications 2002/58/EC 361
1. Implementation 361
2. Text 362
Appendix 5. EU Data Retention Directive 2006/24/EC 379
Appendix 6. United States Safe Harbor Principles and FAQs 391
1. Safe harbor privacy principles issued by the U.S.
Department of Commerce on 21 July 2000 391
2. Frequently Asked Questions issued by the U.S.
Department of Commerce on 21 July 2000 394
Appendix 7. Standard Contractual Clauses for the Transfer of
Personal Data to Third Countries (Controller to Controller
Transfers) 409
1. SETI (2001) 409
2. SET II (2004, Industry Alternative Clauses) 424
Appendix 8. Standard Contractual Clauses for the Transfer of
Personal Data to Third Countries (Controller to Processor
Transfers) 439
Appendix 9. Forms and Precedents 453
1. CEN (European Committee for Standardization)
Article 17 Model Contra« 453
2. Sample safe harbor onward transfer agreement
(for transfers to agents' or data processors) 460
3. Sample Website privacy policy (füll version) 461
4. Sample Website privacy policy (highlights 463
notice version)
xxiii
Appendix 10. Mail, Fax, Telephone and E mail Marketing
Requirements in EU Member States 465
Appendix 11. Summary of Notification Requirements for Commercial
and Human Resources Data in EU Member States 471
Appendix 12. Standard Contractual Clauses Filing Requirements 483
Appendix 13. Selected Enforcement Measures in EU Member
States and Article 29 Working Party from
September 2002 through May 2006 487
Appendix 14. Documents Adopted by Article 29 Working Party
through August 2006 503
Appendix 15. Binding Corporate Rules Materials 513
1. ICC Standard application form for approval 513
ofBCRs
2. Decision of Austrian DPA approving BCRs 528
of an Austrian bank
Glossary 533
SelectedBibliography 537
Index 543
xxiv |
| any_adam_object | 1 |
| any_adam_object_boolean | 1 |
| author | Kuner, Christopher |
| author_facet | Kuner, Christopher |
| author_role | aut |
| author_sort | Kuner, Christopher |
| author_variant | c k ck |
| building | Verbundindex |
| bvnumber | BV021821366 |
| callnumber-first | K - Law |
| callnumber-label | KJE6071 |
| callnumber-raw | KJE6071 |
| callnumber-search | KJE6071 |
| callnumber-sort | KJE 46071 |
| classification_rvk | PZ 4800 |
| ctrlnum | (OCoLC)77831086 (DE-599)BVBBV021821366 |
| dewey-full | 342.2408/58 |
| dewey-hundreds | 300 - Social sciences |
| dewey-ones | 342 - Constitutional and administrative law |
| dewey-raw | 342.2408/58 |
| dewey-search | 342.2408/58 |
| dewey-sort | 3342.2408 258 |
| dewey-tens | 340 - Law |
| discipline | Rechtswissenschaft |
| discipline_str_mv | Rechtswissenschaft |
| edition | 2. ed. |
| format | Book |
| fullrecord | <?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>00000nam a2200000zc 4500</leader><controlfield tag="001">BV021821366</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="005">20110405</controlfield><controlfield tag="007">t|</controlfield><controlfield tag="008">061121s2007 xxk |||| 00||| eng d</controlfield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9780199283859</subfield><subfield code="9">978-0-19-928385-9</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">0199283850</subfield><subfield code="9">0-19-928385-0</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)77831086</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)BVBBV021821366</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield><subfield code="e">aacr</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="044" ind1=" " ind2=" "><subfield code="a">xxk</subfield><subfield code="c">GB</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-M382</subfield><subfield code="a">DE-12</subfield><subfield code="a">DE-703</subfield><subfield code="a">DE-355</subfield><subfield code="a">DE-739</subfield></datafield><datafield tag="050" ind1=" " ind2="0"><subfield code="a">KJE6071</subfield></datafield><datafield tag="082" ind1="0" ind2=" "><subfield code="a">342.2408/58</subfield><subfield code="2">22</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">PZ 4800</subfield><subfield code="0">(DE-625)141183:</subfield><subfield code="2">rvk</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Kuner, Christopher</subfield><subfield code="e">Verfasser</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">European data protection law</subfield><subfield code="b">corporate compliance and regulation</subfield><subfield code="c">Christopher Kuner</subfield></datafield><datafield tag="250" ind1=" " ind2=" "><subfield code="a">2. ed.</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Oxford [u.a.]</subfield><subfield code="b">Oxford Univ. Press</subfield><subfield code="c">2007</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">XXXVII, 552 S.</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">n</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">nc</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">1. Aufl. 2003 u.d.T.: European data privacy law and online business</subfield></datafield><datafield tag="610" ind1="2" ind2="7"><subfield code="a">Europäische Union</subfield><subfield code="0">(DE-588)5098525-5</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Databescherming</subfield><subfield code="2">gtt</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">E-commerce</subfield><subfield code="2">gtt</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Europees recht</subfield><subfield code="2">gtt</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Recht op privacy</subfield><subfield code="2">gtt</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Europarecht</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Recht</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Data protection</subfield><subfield code="x">Law and legislation</subfield><subfield code="z">European Union countries</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Electronic commerce</subfield><subfield code="x">Law and legislation</subfield><subfield code="z">European Union countries</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Unternehmen</subfield><subfield code="0">(DE-588)4061963-1</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Datenschutz</subfield><subfield code="0">(DE-588)4011134-9</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="651" ind1=" " ind2="4"><subfield code="a">Europäische Union. Mitgliedsstaaten</subfield></datafield><datafield tag="689" ind1="0" ind2="0"><subfield code="a">Europäische Union</subfield><subfield code="0">(DE-588)5098525-5</subfield><subfield code="D">b</subfield></datafield><datafield tag="689" ind1="0" ind2="1"><subfield code="a">Datenschutz</subfield><subfield code="0">(DE-588)4011134-9</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="2"><subfield code="a">Unternehmen</subfield><subfield code="0">(DE-588)4061963-1</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2=" "><subfield code="5">DE-604</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="m">HBZ Datenaustausch</subfield><subfield code="q">application/pdf</subfield><subfield code="u">http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=015033503&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA</subfield><subfield code="3">Inhaltsverzeichnis</subfield></datafield><datafield tag="943" ind1="1" ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-015033503</subfield></datafield></record></collection> |
| geographic | Europäische Union. Mitgliedsstaaten |
| geographic_facet | Europäische Union. Mitgliedsstaaten |
| id | DE-604.BV021821366 |
| illustrated | Not Illustrated |
| index_date | 2024-07-02T15:54:22Z |
| indexdate | 2025-01-02T11:14:51Z |
| institution | BVB |
| isbn | 9780199283859 0199283850 |
| language | English |
| oai_aleph_id | oai:aleph.bib-bvb.de:BVB01-015033503 |
| oclc_num | 77831086 |
| open_access_boolean | |
| owner | DE-M382 DE-12 DE-703 DE-355 DE-BY-UBR DE-739 |
| owner_facet | DE-M382 DE-12 DE-703 DE-355 DE-BY-UBR DE-739 |
| physical | XXXVII, 552 S. |
| publishDate | 2007 |
| publishDateSearch | 2007 |
| publishDateSort | 2007 |
| publisher | Oxford Univ. Press |
| record_format | marc |
| spelling | Kuner, Christopher Verfasser aut European data protection law corporate compliance and regulation Christopher Kuner 2. ed. Oxford [u.a.] Oxford Univ. Press 2007 XXXVII, 552 S. txt rdacontent n rdamedia nc rdacarrier 1. Aufl. 2003 u.d.T.: European data privacy law and online business Europäische Union (DE-588)5098525-5 gnd rswk-swf Databescherming gtt E-commerce gtt Europees recht gtt Recht op privacy gtt Europarecht Recht Data protection Law and legislation European Union countries Electronic commerce Law and legislation European Union countries Unternehmen (DE-588)4061963-1 gnd rswk-swf Datenschutz (DE-588)4011134-9 gnd rswk-swf Europäische Union. Mitgliedsstaaten Europäische Union (DE-588)5098525-5 b Datenschutz (DE-588)4011134-9 s Unternehmen (DE-588)4061963-1 s DE-604 HBZ Datenaustausch application/pdf http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=015033503&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA Inhaltsverzeichnis |
| spellingShingle | Kuner, Christopher European data protection law corporate compliance and regulation Europäische Union (DE-588)5098525-5 gnd Databescherming gtt E-commerce gtt Europees recht gtt Recht op privacy gtt Europarecht Recht Data protection Law and legislation European Union countries Electronic commerce Law and legislation European Union countries Unternehmen (DE-588)4061963-1 gnd Datenschutz (DE-588)4011134-9 gnd |
| subject_GND | (DE-588)5098525-5 (DE-588)4061963-1 (DE-588)4011134-9 |
| title | European data protection law corporate compliance and regulation |
| title_auth | European data protection law corporate compliance and regulation |
| title_exact_search | European data protection law corporate compliance and regulation |
| title_exact_search_txtP | European data protection law corporate compliance and regulation |
| title_full | European data protection law corporate compliance and regulation Christopher Kuner |
| title_fullStr | European data protection law corporate compliance and regulation Christopher Kuner |
| title_full_unstemmed | European data protection law corporate compliance and regulation Christopher Kuner |
| title_short | European data protection law |
| title_sort | european data protection law corporate compliance and regulation |
| title_sub | corporate compliance and regulation |
| topic | Europäische Union (DE-588)5098525-5 gnd Databescherming gtt E-commerce gtt Europees recht gtt Recht op privacy gtt Europarecht Recht Data protection Law and legislation European Union countries Electronic commerce Law and legislation European Union countries Unternehmen (DE-588)4061963-1 gnd Datenschutz (DE-588)4011134-9 gnd |
| topic_facet | Europäische Union Databescherming E-commerce Europees recht Recht op privacy Europarecht Recht Data protection Law and legislation European Union countries Electronic commerce Law and legislation European Union countries Unternehmen Datenschutz Europäische Union. Mitgliedsstaaten |
| url | http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=015033503&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA |
| work_keys_str_mv | AT kunerchristopher europeandataprotectionlawcorporatecomplianceandregulation |