Data protection in 2020 at national and european level
By Mugurel Olariu, RPD protectie date
The pandemic year 2020 has left its mark on the entire range of activities in society, and therefore on the field of data protection.
Thus, at national level, ANSPDCP published a summary1 of the activity carried out, of which we present the following:
✔ received a total of 5480 complaints, notifications and notifications regarding security incidents, based on which 694 investigations were opened. As a result of the investigations:
■ 29 fines were applied in a total amount of 892115.95 lei.
■ 64 more warnings were applied and
■ 65 corrective measures were ordered.
✔ received a total of 5082 complaints, based on which 296 investigations were initiated.
✔ security incidents – data operators transmitted, both under the GDPR and Law no. 506/2004:
■ a number of 194 notifications, and
■ a number of 204 complaints regarding possible non-compliances with the provisions of the GDPR, on the basis of which a number of 398 ex officio investigations were opened.
✔ in the context of cooperation with other supervisory authorities in order to ensure mutual assistance, 56 requests regarding the application and compliance with Regulation (EU) 679/2016 were handled.
✔ number of 1151 requests for views on various issues related to the interpretation and application of Regulation (EU) 679/2016 was addressed.
✔ operators, the public and the persons concerned were also informed through the 62 answers provided to citizens and the media, according to Law no. 544/2001.
✔ operators continued to declare data protection officers, registering with the National Supervisory Authority a number of 2081 officers appointed by public and private sector operators. Throughout 2020, the National Supervisory Authority actively participated in meetings symposia and seminars, in the field of data protection, organized by various public institutions or private entities, including online, such as:
➤ at the GDPR National Conference “Data Protection – Solutions and responsibilities”, organized online by the Universul Juridic editorial group and the Romanian Journal for Personal Data Protection and Security (RRPSDCP), by giving a lecture on the role and competencies of the National Supervisory Authority;
➤ at the National Agency of Civil Servants, at the seminars occasioned during the project “Training in the field of personal data processing for the structures within the coordination, management and control system of FESI in Romania”;
➤ at the National Agency of Civil Servants, at the meeting on data protection within the European funds from 02.10.2020;
➤ at the Ministry of Public Works, Development and Administration, at the workshop on “Debating the issues highlighted in the process of analyzing the applicable legislation, situations and difficulties encountered in practice by public authorities and institutions regarding the main categories of administrative acts and contracts” organized within the project “Tools for systematization of legislation, monitoring and evaluation in public administration”;
➤ at the workshop “Mobility, a challenge for the application of GDPR”, by holding a lecture on practical and theoretical aspects related to the issue of securing personal data-bearing information at the level of mobile devices;
➤ at the European webinar “The DPO in times of Covid 19”, organized by the Association of Specialists in Privacy and Data Protection (ASCPD) together with the Confederation of European Data Protection Organizations (CEDPO);
➤ at the meeting of the Dapix Working Group, together with representatives of the Ministry of Administration and Interior;
➤ at a video conference with the members of the Romanian-American Chamber of Commerce (AmCham Romania).
The Authority also carried out activities to clarify, raise awareness and popularize the field of data protection, such as:
✔ telephone advice was provided to several operators in the public and private environment, on how to implement the provisions of Regulation (EU) 2016/679.
✔ participated in the meetings of some inter-institutional working groups in order to discuss the draft normative acts.
✔ participated in meetings with public authorities and institutions, including online, such as:
■ Directorate of Personnel Records and Database Administration,
■ The Romanian Office for Preventing and Combating Money Laundering,
■ National Bank of Romania,
■ Ministry of Education and Research,
■ Ministry of Regional Development and Public Administration,
■ Ministry of Administration and Interior,
■ The Romanian Digitization Authority.
✔ participated in the specialized parliamentary committees, including online in order to support proposals or draft laws aimed at aspects of personal data protection.
✔ regarding the private sector operators, during some video conferences but also working meetings at the headquarters of the Supervisory Authority, discussions were held on issues regarding the legal conditions of data processing in various fields of activity, including the transfer of personal data to countries outside the European Union, following the decision of the Court of Justice of the European Union in Schrems II (C- 311/18).
✔ meetings were held with:
■ Romanian-American Chamber of Commerce (AmCham),
■ The Romanian Association of Banks (ARB),
■ The Romanian Transmedia Audit Office (BRAT),
■ The Council of Foreign Investors (FIC),
■ Association for Technology and Internet (ApTI),
■ Privacy International Organization.
✔ he representatives of the Authority participated in the EDPBS Plenary Sessions, held online starting with March 2020.
✔ 60 press releases posted in the “News” section, as well as the information from the special section dedicated to GDPR – General Data Protection Regulation.
At European level, the European Data Protection Board has organized and carried out˙2 substantial specialized activities, of which we can summarize the following, without claiming to have exhausted them:
✦ 27 Plenary Meetings with the representatives of the 31 members.
✦ 12 specialized documents – 10 opinions / guidelines on subjects and 2 recommendations, with 8 public consultations.
✦ 32 opinions in the coherence mechanism for the national supervisory authorities, aiming at the Mandatory Corporate Rule, Monitoring Bodies or Certification Bodies.
✦ 31 replies to letters.
✦ 18 different documents, such as: contributions, statements, mandates, information notes, Frequently Asked Questions / FAQ.