Questions with respect to privacy and new technological developments

Slides:



Advertisements
Similar presentations
Public Sector Information & Data Protection: A plea for personal privacy settings for the re-use of PSI Bart van der Sloot Institute for Information Law.
Advertisements

PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR
Privacy and FOI Compliments and Conflicts David Banisar Privacy International © Privacy International 2009.
Data Protection & Privacy in the Information Age COMNET – Legal Frameworks for ICTs Malta 2013 Dr Antonio Ghio Dr Jeanine Rizzo.
DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
European Standards on Confidentiality and Privacy in Healthcare Dr Colin M Harper Division of Psychiatry & Neuroscience Queen’s University.
Data protection and European citizens’ initiatives
Threat Prevention and Detection (within Critical Infrastructures) under EU Data Protection Legislation– Purpose Specification and Limitation. Laurens Naudts.
Freedom of information and protection of personal data Hungarian experiences 5TH MEETING OF DATA PROTECTION AUTHORITIES 28 OCTOBER 2008.
Brussels Privacy Symposium on Identifiability
The Protection of Confidential Commercial or Industrial Information in Environmental Law: Analysis and Call for a Graded Concept of Protection Prof. Dr.
Privacy as a societal value
Brussels Privacy Symposium on Identifiability
Big Data regulation: a proposal for a three-stage rocket
THE NEW GENERAL DATA PROTECTION REGULATION: A EUROPEAN OR A GLOBAL STANDARD? Bart van der Sloot Senior Researcher Tilburg Institute for Law, Technology,
Issues of personal data protection in scientific research
Amandine Jambert - IT Experts Department
The General Data Protection Regulation act (GDPR)
Exchange of information between Member States
GDPR – Legal Aspects Desislava Krusteva, Attorney-at-Law, CIPP/E
Bart van der Sloot, Institute for Information Law
General Data Protection Regulation
General Data Protection Regulations Preparing for the upcoming changes in data protection law David Jones & Angharad Williams.
APP entities (organisations)
General Data Protection Regulation: Turning the black into white
EU Directive 95/46/EC (Paragraph 2) “Whereas data-processing systems are designed to serve man; whereas they must Respect their fundamental rights.
GENERAL DATA PROTECTION REGULATION (GDPR)
The Rise of Privacy: Complying with GDPR in the United States
State of the privacy union
Appropriate Data Sharing in Health and Social Care
G.D.P.R General Data Protection Regulations
The GDPR and research data
Bart van der Sloot Data Protection 2.0 The proposal for a General Data Protection Regulation Bart van.
ESF Monitoring & Evaluation and Data Protection in Spain
Ethical questions on the use of big data in official statistics
General Data Protection Regulation
Relocation CARNIVAL come one…come all
General Data Protection Regulation
Bart van der Sloot Data Protection 2.0 The proposal for a General Data Protection Regulation Bart van.
GDPR (679/2016) and Monitoring
GDPR Workshop MEU Symposium Prague 2018
Data Protection in a Tutorial Context
Big Data & the General Data Protection Regulation
Is Data Protection a Fundamental Right Protecting the Individual?
Information Handling Research Student Induction Day
Quality, efficiency and productivity: a challenge for official statistics EFTA/CROSTAT/EUROSTAT Strategic Management Seminar, Split, November 2007.
Is the Human Rights framework still fit for the Big Data era?
Public Sector Information & Data Protection: A plea for personal privacy settings for the re-use of PSI Bart van der Sloot Institute for Information Law.
Welcome IITA Inbound Insider Webinar: An Introduction to GDPR
Public Privacy: juridical & ethical perspective
General Data Protection regulation (GDPR)
The principle of proportionality and the contents of a contract
General Data Protection Regulation Q & A Session
Privacy in the Age of Big Data
Dr Elizabeth Lomas The General Data Protection Regulation (GDPR): Changing the data protection landscape Dr Elizabeth Lomas
Legal Aspects of Finance
The supervision of personal data processing by EU institutions and bodies => data protection and privacy, why it matters, for you as citizens and as EU.
Legislative Response to Data Inferences
Data Protection What can I do? GDPR Principles General Data Protection
Outline Background: development of the Commission’s position
Data protection & FOIA considerations
EU Data Protection Legislation
General Data Protection Regulation
General Data Protection Regulation (GDPR) and library authority data
European Economic Area’s General Data Protection Regulation
EU Data Privacy: What US Orgs Need to Do Now to Prepare for the GDPR
Should we also regulate non-personal data?
Presentation transcript:

Questions with respect to privacy and new technological developments Bart van der Sloot Institute for Information Law, University of Amsterdam, Netherlands

3 Questions (1) Is the concept of personal data still relevant? (2) Can we still regulate the gathering of/access to data? (3) Are the privacy responsibilities a problem for the development of new product?

(1) Is the concept of personal data still relevant? ‘personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person’

(1) Is the concept of personal data still relevant? However, it is also possible to influence people or have an impact on their lives by using non-personal, aggregate and meta data While the status of a datum (personal - non-personal; sensitive - non-senstive; content –meta data; identifying – anonymous; specific – aggregated; etc.) used to be relatively stable, these are currently rather fluid stages. Should we move to a more neutral terminology?

(2) Can we still regulate the gathering of/access to data? Most of the current privacy and data protection rules focuss on gathering and storing data: Purpose and purpose limmitation Safety and confidentiality Quality and transparancy Data minimalisation and storage limmitation

(2) Can we still regulate the gathering of/access to data? In practice, however, we see that citizens, companies and states alike gather large amounts of data. Can we instead or in addition also regulate: The analysis of data The use of data

(3) Are the privacy responsibilities a problem for the development of new product? The current legal regime mostly lays the responsibility for upholding the legal safeguards on one or a few selected organisations. ‘Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law’

(3) Are the privacy responsibilities a problem for the development of new product? In practice, however, we see that data streams are increasingly shared between departments, between organisations and crossing national borders. Data are combined, cross-pollinated with online/open-access data and harvested by algorithms. In such a diffuse situation, who is and should be responsible for upholding the legal obligations? Can the responsibility still be placed on one or a few organisations?

Three potential problems: (3) Are the privacy responsibilities a problem for the development of new product? Three potential problems: (1) Unclearity about division of responsibilities (2) New and stricter norms in General Data Protection Regulation (3) New and stricter norms on transnational data flows