News
Data protection and Luxembourg
At a time where the General Data Protection Regulation (“GDPR”) has been spoken and written about extensively in all European countries and where many companies are panic-stricken and wondering how to achieve compliance when it comes into force, including Luxembourg, it seems necessary to dedramatise the situation and to recall that the protection of data in Luxembourg is not a novelty.
The first regulation to this effect already dates from the late 1970’s with the Law of the 30th March 1979 organizing the digital identification of natural and legal persons.
The purpose of this Law was to create national registers collecting all relevant data such as surname, forename, sex, nationality, civil status, etc. for natural persons and denomination, headquarters, form, etc. for legal persons.
At the beginning of the 2000’s, Luxembourg adopted the first real regulation of data protection - as it is understood today - via the Act of 2 August 2002 on the protection of individuals with regard to the processing of personal data (“Loi modifiée du 2 août 2002 relative à la protection des personness à l’égard du traitement des données à caractère personnel”).
It goes without saying that this law was subsequently amended several times as well as supplemented by special laws such as the law of 30 May 2005 on data protection and electronic communications (“Loi modifiée du 30 mai 2005 relative à la protection des données et communications électroniques”).
Since 2007, the principle of data protection is comprehended in Luxembourg’s Constitution as its article 11 henceforth stipulates that "the State guarantees the protection of privacy, except for the exceptions laid down by law".
Data protection has always, in one way or another, played an important role in Luxembourg. The ancient qualification of “tax haven” to which critical minds will immediately think of is solely one aspect of this protection.
On the other hand, it is true – and the CNPD readily acknowledged it in its reports – Luxembourg struggled a little to see "a true culture of personal data protection in companies, administrations and public bodies".
To give an order of magnitude, the CNPD had received in 2015 only 724 advance notifications, 1,117 requests for authorization, 217 complaints and only 2 reports of violations of data.
Thus, while the issue of data protection is not new, the adoption and the implementation of the GDPR has at least allowed a renewal on this question and will probably, in the long run, enable this change of mentality.
For the few ones who perhaps managed to escape all the news on this topic, it is reminded that the new regulation is based on the increased accountability of all actors by:
- giving data subjects more control over their personal data (in particular by introducing new rights such as the right to portability, the right to be forgotten and the right to be informed in the event of data breaches),
- giving greater responsibility and accountability to the companies (through the creation of a DPO, supervision of the duration of data retention, subcontract traceability, implementation of new Data Loss Prevention tools, etc.) as well as to all data processing actors (i.e. Data Controller, Data processor) while reducing their administrative burdens toward their national Data Protection Authority (DPA),
- strengthening the role of the DPA such as the CNPD.
Though many companies worry about their ability to comply and its costs – since better protecting their clients’ data is going to request some time and internal changes – one must see these regulatory compliance issues as a competitive advantage for business.
Succeeding in creating an ethical and trustworthy framework for data processing today takes on a fundamental value for everyone, without exception, in the chain of personal data (from Data Subjects to Data Processors).
On the one hand, it is a matter of guaranteeing citizens high standards of protection of the private sphere and allowing them to the use of their personal data and, on the other hand, care must be taken not to slow down the development of the economic potential linked to technological development, such as the Big Data phenomenon, which can offer exceptional opportunities.
And this, Luxembourg, as a nation, understood it well.
Over the past few years, Luxembourg has experienced a major boost with the development of innovative technology companies, whether in the area of e-commerce, digital content, cloud computing, Big Data or Electronic payments.
At present time, Luxembourg offers a number of advantages for data centre operators (both private and public), with redundant, secure and high-speed fiber optic connections to the major Internet interconnection centres in Europe.
One thing for sure, data protection is a constant concern and in the midst of all future reflections.
Luxembourg is indeed particularly known for its high concentration of data centers with the highest level of security. Luxembourg has seven data centers of the most demanding Tier IV standard, corresponding to 30% of the total number of Tier IV data centers in Europe and 12% of the total number of Tier IV data centres on the planet.
This is precisely for this reason and its know-how in handling sensitive data that Luxembourg has been chosen by Estonia for the creation and implementation of the first e-embassy (data embassy) in the world. A choice that was finalised by an official agreement only a few days ago.
This virtual embassy aims to ensure the digital continuity of the country, the ability to activate systems when necessary and to tap data from versions stored outside. The very secure server room – certified Tier 4 obviously – will contain important information from Estonian e-government, which will remain accessible even if the system on the national territory is out of service. The data embassy in Luxembourg must indeed store information on taxes, land, businesses, identity documents, pensions, legislation, census, etc.
Finally, with its "Digital Lëtzebuerg" initiative – a pool of experts coming from as diverse a background as the private, public or even academic sector working altogether toward the same objective since October 2014 already – the Luxembourg government aims to go always further to strengthen the country's position in the field of ICT and data protection.
Article provided by: Me Roy REDING et Me Cécile PORCHER, Luxembourg
Discover more about the Cloud Privacy Check(CPC) / Data Privacy Compliance(DPC) project
CPC project office: Dr. Tobias Höllwarth, tobias.hoellwarth@eurocloud.at
News Archiv
- Alle zeigen
- April 2024
- März 2024
- Februar 2024
- Jänner 2024
- Dezember 2023
- November 2023
- Oktober 2023
- September 2023
- August 2023
- Juli 2023
- Juni 2023
- Mai 2023
- April 2023
- März 2023
- Februar 2023
- Jänner 2023
- Dezember 2022
- November 2022
- Oktober 2022
- September 2022
- August 2022
- Juli 2022
- Mai 2022
- April 2022
- März 2022
- Februar 2022
- November 2021
- September 2021
- Juli 2021
- Mai 2021
- April 2021
- Dezember 2020
- November 2020
- Oktober 2020
- Juni 2020
- März 2020
- Dezember 2019
- Oktober 2019
- September 2019
- August 2019
- Juli 2019
- Juni 2019
- Mai 2019
- April 2019
- März 2019
- Februar 2019
- Jänner 2019
- Dezember 2018
- November 2018
- Oktober 2018
- September 2018
- August 2018
- Juli 2018
- Juni 2018
- Mai 2018
- April 2018
- März 2018
- Februar 2018
- Dezember 2017
- November 2017
- Oktober 2017
- September 2017
- August 2017
- Juli 2017
- Juni 2017
- Mai 2017
- April 2017
- März 2017
- Februar 2017
- November 2016
- Oktober 2016
- September 2016
- Juli 2016
- Juni 2016
- Mai 2016
- April 2016
- März 2016
- Februar 2016
- Jänner 2016
- Dezember 2015
- November 2015
- Oktober 2015
- September 2015
- August 2015
- Juli 2015
- Juni 2015
- Mai 2015
- April 2015
- März 2015
- Februar 2015
- Jänner 2015
- Dezember 2014
- November 2014
- Oktober 2014
- September 2014
- August 2014
- Juli 2014
- Juni 2014
- Mai 2014
- April 2014
- März 2014
- Februar 2014
- Jänner 2014
- Dezember 2013
- November 2013
- Oktober 2013
- September 2013
- August 2013
- Juli 2013
- Juni 2013
- Mai 2013
- April 2013
- März 2013
- Februar 2013
- Jänner 2013
- Dezember 2012
- November 2012
- Oktober 2012
- September 2012
- August 2012
- Juli 2012
- Juni 2012
- Mai 2012
- April 2012
- März 2012
- Februar 2012
- Jänner 2012
- Dezember 2011
- November 2011
- Oktober 2011
- September 2011
- Juli 2011
- Juni 2011
- Mai 2011
- April 2011
- März 2011
- Februar 2011
- Jänner 2011
- November 2010
- Oktober 2010
- September 2010
- Juli 2010