HI PSSA Project Support for Harm onization of the I CT Policies in Sub-Sahara Africa, Meeting w ith the Zim babw e I CT Ministry and Data Protection Stakeholders PRESENTATI ON ON SADC DATA PROTECTI ON MODEL LAW Pria Chetty, International Legal Expert on Data Protection International Telecommunication Union
Sum m ary of the Content Purpose of Data Protection Law Objectives of Data Protection Model Law Provisions of the Data Protection Model Law Key Fram es of I nquiry for Transposition of the Model Law Questionnaire – Revisit research and analysis for new developm ents and deeper analysis
Purpose of Data Protection Law Harm onised approaches Give effect to right to privacy I CT technology developm ents im pacts right to the protection of personal data in com m ercial activities as w ell as in electronic governm ent ( eGov) activities I llegitim ate and unlaw ful m onitoring of individuals Autom ated decision m aking Data protection regulation - ensure that the benefits of using inform ation and com m unication technologies is not concurrent w ith w eakened protection of personal data
Overview of the SADC Model Law
Objectives of Model Law Give effect to principles of data protection Place lim itations on the processing of personal data Provide for the rights of the data subject Describe the responsibilities of the Data Controller Establishm ent of the Data Protection Authority Com bat violations of privacy likely to arise from the collection, processing, transm ission, storage and use of personal dataactivities
Definitions Data Data subject Data Controller Data Protection Authority Personal data Sensitive Data Processing
Scope = Processing of personal data perform w holly or partly by autom ated m eans, and to the processing of personal data otherw ise than by autom ated m eans of personal data w hich form s part of a filing system or is intended to form part of a filing system ≠ Processing of personal data by a natural person in the course of purely personal or household activities Cannot restrict: the w ays of production of inform ation w hich are available according to a national law or as perm itted in the rules that govern legal proceedings; and the pow er of the judiciary to constrain a w itness to testify or to produce evidence
Scope of Application Processing of personal data carried out in the context of the effective and actual activities of any controller perm anently established on [ given country] territory or in a place w here [ given country] law applies by virtue of international public law ; Processing of personal data by a controller w ho is not perm anently established on [ given country] territory, if the m eans used, w hich can be autom atic or other m eans located on [ given country] territory, are not the sam e as the m eans used for processing personal data only for the purposes of transit of personal data through [ given country] territory
Quality of the Data • Adequate, relevant and not excessive to the purpose • Accurate and up-to-date • Etc. Law fulness of Processing • Generality - the processing of personal data is necessary and that the personal data is processed fairly and law fully • Purpose - specified, explicit and legitim ate • Sensitive data processing w ith consent • Etc.
Duties of the Data Controller: • I nform the data subject of the purpose of collection • Confidentiality • Security safeguards • Notification to the Protection Authority • Transparency of the processing • Accountability
Rights of the Data Subject: • Right of access • Right of rectification, deletion, tem porary lim itation of access • Restrictions on autom ated decision m aking
Protection Authority and Judicial Authority • I ndependent and adm inistrative authority • Role, Status and com position • Com petencies • Financing ( Parliam ent Grant) • Liability of the Data Controller • Sanctions, W arnings, Notices, Fines • Preserve Data subject’s recourse through the judicial authority • Preserve Data subject’s access to the judicial authority
Lim itations: • National Security • Journalism Transborder Flow s: • Mem ber States of SADC – Establish necessity of transfer • Non m em ber States of SADC - Personal data shall only be transferred to recipients, other than Mem ber States of the SADC, w hich are not subject to national law adopted pursuant to this m odel law , if an adequate level of protection is ensured in the country of the recipient or w ithin the recipient international organization and the data is transferred solely to allow tasks covered by the com petence of the controller to be carried out
Transposition of the Model Law
Transposition Fram es of I nquiry I nternational and regional fram ew orks establish the prim ary them es, intent and functional requirem ents for data protection regulation. W ithin Zim babw e, enquire: 1 . Designated national data protection legislation Prevalence of regulation that has a bearing on the 2 . right to privacy and protection of personal inform ation in Zim babw e.
Transposition Fram es of I nquiry Definitions of personal inform ation and sensitive inform ation, Principles of data protection Nature and functions of the Data Protection Regulator Regulation of Transborder flow s of personal inform ation Nature of the Constitutional right to privacy Privacy in Consum er Protection Privacy in Electronic Com m unications Rights of Access To I nform ation versus the right to privacy
Transposition Fram es of I nquiry Special Considerations: W histleblow ing inform ation, Health Records, Labour Law s, Medical Ethics, Credit I nform ation Regulations Lim itations on Privacy: Crim inal Procedure, national security legislation Status and am endm ents: ICT Policy Constitutional right to privacy Communications regulation Consumer Protection regulation
Thank You Questions? Pria Chetty I TU I nternational Expert: Data Protection Mirirai Svotw a Ministry of Transport, Com m unications and I nfrastructural Developm ent) National Expert: Data Protection
Recommend
More recommend