Le banquier et le Data Protection Officer (DPO). D'une obligation d'information et de conseil à une obligation d'assistance / Banker and Data Protection Officer (DPO). From an obligation to provide information and advice to an obligation to provide assistance

Renucci, Antoine

10 July 2019

La mise en parallèle des activités de banquier et de Data protection Officer est particulièrement intéressante du point de vue de l’obligation d’information et de conseil, concept qui fait l’objet d’une importante mutation. Notre thèse est que cette obligation évolue de façon parallèle pour ces deux professionnels, mais prend in fine une option différente. Dans les deux cas, cette obligation tend à devenir une obligation d’assistance, mais elle est de nature différente : si dans sa forme classique avec le banquier, l’obligation d’assistance est passive, dans sa forme actuelle avec le DPO, elle est active. Cette divergence s’explique par les enjeux et les logiques qui ne sont pas identiques. Avec le Banquier, c’est la logique des affaires qui prime et il ne peut s’y ingérer. En revanche, avec le Data Protection Officer (DPO), c’est la logique de protection des personnes, et plus particulièrement de leurs données qui prime, ce qui justifie et même impose son ingérence. Il est donc logique que l’assistance soit passive dans un cas et active dans l’autre. / The parallel between banking and data protection officer activities is particularly interesting regarding the obligation to provide information and advice, a concept which is undergoing a major change. Our thesis is that this obligation evolves concomitantly for these two professionals but, in the end, takes a different way. In both cases, this obligation tends to become an obligation of assistance of a different nature : in its classical form, the banker has the obligation to provide a passive assistance, but in its current form, the assistance provided by the DPO, is active. This divergence is explained by the difference of needs and logic. In the case of the Banker, the business logic prevails and he can’t interfere. On the other hand, in the case of the Data Protection Officer (DPO), the protection prevails, especially the data protection, which justifies and even imposes his action. It is therefore logical that assistance provided should be passive in one case and active in the other.

Assistance

Banquier

Confidentialité

Data Protection Officer

Banker

Compliance

Problematické aspekty ochrany osobních údajů / Problematic Aspects of Personal Data Protection

Všetečková, Anna

January 2018

The thesis consists of five chapters, introduction and conclusion. The author of the thesis deals with introduction to the problematics of personal data protection and its relevance in the contemporary world in the introduction of the diploma thesis as well as with demarcation of the aims of the work. In the first chapter, the basic sources of legislation in the area of personal data protection are demarcated, both in Czech and in European and international level. In the second chapter, the attention is paid to the basics of the legislation in the area of personal data protection, whereas the author deals with demarcation of basic concepts, in the second subchapter she gives an overview of basic principles of personal data processing and in the third subchapter she summarizes legal titles for personal data processing. The institute of Data Protection Officer within the meaning of General Regulation is analysed in the third chapter. The first subchapter deals with demarcation of cases where the processor is obliged to designate the Data Protection Officer. The author pays attention to the problematics of requirements for qualification of the Data Protection Officer in the second subchapter. The major theme of third and fourth subchapter is demarcation of Data Protection Officers position to the controller...

Vybrané otázky aktuální právní úpravy osobních údajů v Evropské unii / Selected issues of the current legal regulation of protection of personal data in the European Union.

Švec, Martin

January 2018

The thesis "Selected issues of the current legal regulation of protection of personal data in the European Union" is focused on describing the development of personal data in the European Union and on current changes in this field of European law. The first chapter is focused on the historical development of the personal data protection on the European continent with the specific aim of looking at the development in the European Union. This chapter describes the progressive development of the right to the protection of personal data which was formed within the right to privacy because of technological developments. The first chapter also talks about personal data protection in primary and secondary legislation which became the foundation for the further development. The second chapter is devoted to the comparison of the former EU regulation of the personal data protection in the directive 95/46/ES with the new regulation in GDPR. The most important changes were chosen for the comparison together with the ones which were often discussed prior to GDPR coming into effect. The interim goal of this chapter is to explain to the reader the extent of changes which GDPR brings to the field of personal data protection. The third chapter is focused on the institute of the data protection officer which is a...

Postavení pověřence pro ochranu osobních údajů ve světle pracovního práva / The position of the data protection officer in the light of labour law

Mojzíková, Kateřina

January 2018

The position of the data protection officer in the light of labour law Abstract The data protection officer is a specialist in law and practices in the area of data protection. His task is to help to controller and processor to fulfil their obligations associated with data processing. He can perform his function as an employee of a controller or a processor or on the basis of a service contract. His status has certain specifications that the character of some labour law provisions doesn't count with. Although uncertainty about the possibility to give him a dismissal or ask him for damages does not cause problems due to only recent changes of legal regulation yet, disputes that may arise in the future will be expected not only before the Czech courts. The main problem of the issue is, whether the labour law regulation can be extended without further delay to the employed data protection officer in the light of his specific independent position, which is guaranteed him by data protection law. The aim of the thesis is to try to solve problematic aspects of the establishment of the data protection officer in the light of Czech labour law institutes. The main purpose of the thesis is to assess the way in which the prohibition of penalizing the data protection officer is projected in the form of the employment...

Les données personnelles sensibles : contribution à l'évolution du droit fondamental à la protection des données personnelles : étude comparée : Union Européenne, Allemagne, France, Grèce, Royaume-Uni / No English title available

Koumpli, Christina

18 January 2019

La protection des données personnelles sensibles consistait, jusqu'au RGPD, en un contrôle préalable réalisé par une autorité indépendante, malgré l’obstacle posé à la libre circulation. Cette protection renforcée est aujourd'hui remplacée par l’obligation du responsable de traitement d’élaborer une étude d’impact. Une telle mutation implique un risque de pré-légitimation des traitements et peut être favorable au responsable de traitement. Or, est-elle conforme au droit fondamental à la protection des données personnelles ? La thèse interroge le contenu de ce droit et la validité du RGPD. À partir d'une étude comparative allant des années 1970 à nos jours, entre quatre pays et l’Union européenne, les données personnelles sensibles sont choisies comme moyen d'analyse en raison de la protection particulière dont elles font l’objet. Il est démontré qu’en termes juridiques, la conception préventive fait partie de l’histoire de la protection européenne des données et peut donner un sens à la protection et à son seul bénéficiaire, l’individu.Un tel sens serait d’ailleurs conforme aux Constitutions nationales qui garantissent aussi l’individu malgré leurs variations. Cependant, cette conception n’est pas forcement compatible avec l’art. 8 de la Charte des droits fondamentaux de l’UE. La thèse explique que cette disposition contient la garantie d’une conciliation (entre les libertés de l’UE et celles des individus) qui peut impliquer une réduction de la protection de ces dernières. Or, il revient à la CJUE, désormais seule compétente pour son interprétation, de dégager le contenu essentiel de ce droit ; objectif auquel la thèse pourrait contribuer. / Before the GDPR, protection of sensitive personal data consisted of a prior check by an independent authority despite limiting their free movement. This has been replaced by the obligation of the controller to prepare a privacy impact assessment. With this modification, one can assume a risk of pre-legitimization of data processing, putting the controller at an advantage. Is that compatible with the fundamental right to the protectionof personal data ? This thesis questions the content of this right and the validity of the GDPR. It is based on a comparative study from 1970s until present day between four European countries and the European Union, in which sensitive data are chosen as a meanto the analysis due to their particular protection. Research shows that in legal termsthe preventive conception is a part of the history of protection in the European Union. By limiting freedom of processing it gives meaning to protection and its only subject,the individual. Such an interpretation is compatible with National Constitutions despite their variations. However, the preventive conception of data protection is not so easily compatible with article 8 of the European Charter of Fundamental Rights. The thesis puts forward that this article contains the safeguard of a balancing, between EU liberties and individuals’ freedoms, which implicates reduced protection. It is up to the European Court of Justice to identify the essence of this right, an aim to which this thesis could contribute.

Droits fondamentaux

Conciliation

Protection des données personnelles

Article 8 Charte DFUE

RGPD

Données sensibles

Engagement de conformité

Étude d'impact

Contrôle préalable

Déclaration préalable

Délégué à la protection des données

Autorités indépendantes

Droit comparé

Fundamental rights

Balancing

Data protection

Article 8 EU Charter

GDPR

Sensitive data

Accountability

Privacy impact assessment

Prior check

Notification

Data protection officer

Independent authorities

Comparative law

342.085 8