DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection.

Slides:



Advertisements
Similar presentations
Re-use of PSI Data Protection Issues Cécile de Terwangne Professor at the Law Faculty, Research Director at CRIDS University of Namur (Belgium) 2 nd LAPSI.
Advertisements

Public Sector Information & Data Protection: A plea for personal privacy settings for the re-use of PSI Bart van der Sloot Institute for Information Law.
PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR
European CommissionDirectorate-General Justice, Freedom and Security Data Protection 1 Conference on Cross Border Data Flows & Privacy October 15-16, 2007.
NATIONAL INFORMATION GOVERNANCE BOARD
Data Protection & Privacy in the Information Age COMNET – Legal Frameworks for ICTs Malta 2013 Dr Antonio Ghio Dr Jeanine Rizzo.
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
Convention for the protection of individual with regard to automatic processing of personal data “The purpose of this convention is to secure in the territory.
University Research Ethics Committee Workshop on procedure and data protection issues 30th May 2008.
Protection of Personal Data, Historical context In 1982, Iceland signed the Council of Europe Convention nr. 108 from 1981 for the Protection.
The Data Protection (Jersey) Law 2005.
Data Protection.
DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
Audiences NI Data Protection Workshop
Attorney at the Bars of Paris and Brussels Database exploitation & Data protection Thibault Verbiest Amsterdam 1 April 2005
Data Protection Overview
The Data Protection Act
Lawyer at the Brussels Bar Lecturer at the University of Strasbourg Assistant at the University of Brussels Data Protection & Electronic Communications.
European data protection and privacy regulations Johny GASSER Orange Business Services – Consulting & Solutions Integration International Cyber Center.
Monitoring of the internet: between the need of security, the interests of the economy and protection of the private life Hugo Lança Beja - Portugal.
LexisNexis Confidential EU Privacy Framework Michael Lamb LexisNexis Risk Solutions Vice President and Lead Counsel: Regulatory, Privacy & Policy May 19,
The Eighth Asian Bioethics Conference Biotechnology, Culture, and Human Values in Asia and Beyond Confidentiality and Genetic data: Ethical and Legal Rights.
Data Protection: An enabler? David Freeland, Senior Policy Officer 23 October 2014.
Data Protection Act & Freedom of Information Simon Mansell Corporate Governance and Information Team.
Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
DATA PROTECTION ACT 1998 Became law on 1 March 2000 Only applies to the use of personal data, that is data which relates to an identifiable living individual,
INTERNATIONAL E-DISCOVERY: WHEN CULTURES COLLIDE Alvin F. Lindsay Hogan & Hartson LLP.
Ioannis Iglezakis Data Protection. Definition of Data Protection The legal protection of individuals with regard to automatic processing of personal information.
The Framework for Privacy Policies in the UK: Is telling people what information is gathered about them part of the framework? Does it need to be? Emma.
Introduction Data protection is relevant to every individual, business or organisation today, not just Local Government. As well as protecting privacy,
Data Protection - Rights & Responsibilities Information Commissioner’s Office Orkney Practice Forum 4 th July 2007.
Data Protection Principles as Basic Foundation for Data Protection in EU/EEA Introduction to Data Protection Theory Seminar - AFIN Stephen.
Data Protection Act The Data Protection Act (DPA) is a balance between rights of the DATA SUBJECT and obligations of the DATA CONTROLLER DATA CONTROLLER.
DATA PROTECTION ACT INTRODUCTION The Data Protection Act 1998 came into force on the 1 st March It is more far reaching than its predecessor,
Data Protection Principles as Basic Foundation for Data Protection in EU/EEA Introduction to Data Protection Theory Seminar - AFIN Stephen.
© University of Reading Lee Shailer 06 June 2016 Data Protection the basics.
Sharing Information Legally Lindsay Ould London Borough of Lewisham.
Presented by Ms. Teki Akuetteh LLM (IT and Telecom Law) 16/07/2013Data Protection Act, 2012: A call for Action1.
Protection of Personal Information Act An Analysis on the impact.
Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.
TRANSBORDER DATA FLOWS INA MEIRING. THE PROTECTION OF PERSONAL INFORMATION ACT (“POPI”) > 'personal information' means information relating to an identifiable,
Data Protection Laws in the European Union John Armstrong CMS Cameron McKenna.
Students’ Unions 2011 Data Protection and Students’ Unions Mairead O’Reilly 19 July 2011.
Personal Data Protection
Luca De Matteis Justice counsellor (criminal law, data protection)
Issues of personal data protection in scientific research
General Data Protection Regulation (GDPR)
GDPR Overview Gydeline – October 2017
GDPR Overview Gydeline – October 2017
EU Directive 95/46/EC (Paragraph 2) “Whereas data-processing systems are designed to serve man; whereas they must Respect their fundamental rights.
Data Protection & Freedom of Information- An Introduction
GENERAL DATA PROTECTION REGULATION (GDPR)
The General Data Protection Regulation (GDPR)
New Data Protection Legislation
State of the privacy union
G.D.P.R General Data Protection Regulations
Data Protection principles
Relocation CARNIVAL come one…come all
Report on data protection legislation Case of Romania
IMPLICATIONS OF GDPR ROBERT BELL.
GDPR Workshop MEU Symposium Prague 2018
The activity of Art. 29. Working Party György Halmos
Information Handling Research Student Induction Day
PERSONAL INFORMATION BILL
Public Sector Information & Data Protection: A plea for personal privacy settings for the re-use of PSI Bart van der Sloot Institute for Information Law.
Welcome IITA Inbound Insider Webinar: An Introduction to GDPR
Public Privacy: juridical & ethical perspective
Legal Basis: CRITERIA FOR MAKING DATA PROCESSING LEGITIMATE
Dr Elizabeth Lomas The General Data Protection Regulation (GDPR): Changing the data protection landscape Dr Elizabeth Lomas
Presentation transcript:

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection

DATA PROTECTION Data Protection Act General Provisions Processing for Research Purposes Procedure agreed with UREC

DATA PROTECTION ORIGIN Council of Europe – ETS 108 Convention on the protection of individuals with regard to automatic processing of personal data Data Protection Act CAP. 440 Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data

DATA PROTECTION WHAT IS DATA PROTECTION ACT? An Act that makes provision for the protection of individuals against the violation of their privacy rights by the processing of personal data.

DATA PROTECTION Key Terms in Data Protection Data Protection

DATA PROTECTION …any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity; DPA Art. 2 PERSONAL DATA

DATA PROTECTION …personal data that reveals race or ethnic origin, political opinions, religious or philosophical beliefs, membership of a trade union, health, or sex life; DPA Art. 2 SENSITIVE PERSONAL DATA

DATA PROTECTION …includes the collection, recording, organisation, storage, adaptation, alteration, retrieval, gathering, use, disclosure by transmission, dissemination or otherwise making information available, alignment or combination, blocking, erasure or destruction of such data DPA Art. 2 PROCESSING

DATA PROTECTION …any freely given, specific and informed indication of the wishes of the data subject by which he signifies his agreement to personal data relating to him being processed DPA Art. 2 CONSENT

DATA PROTECTION Criteria for Processing

DATA PROTECTION CRITERIA FOR PROCESSING PERSONAL DATA DPA Article 9 1. Unambiguous consent or 2. Contract performance or 3. Legal obligation or 4. Vital interests of data subject or 5. Public Interest / Official Authority or 6. Legitimate interest SENSITIVE PERSONAL DATA DPA Articles 12 & 13 1.Explicit Consent 2.Subject made data public 3.Conditions of employment 4.Vital Interests & data subject incapable of giving consent 5. Legal claims

DATA PROTECTION Data Protection Principles Principles

DATA PROTECTION Personal Data to be: 1. processed fairly and lawfully 2. processed in accordance with good practice 3. collected for specific, explicitly stated & legitimate purposes 4. processed for reasons compatible with the purpose it was collected 5. adequate and relevant to the processing purpose 6. not more than required for the processing purpose 7. correct and, if necessary, up to date 8. rectified 9. not kept for longer than necessary for the processing purpose DPA Art. 7 THE NINE PRINCIPLES for good information handling

DATA PROTECTION Rights of Rights of Data Subjects Data Subjects

DATA PROTECTION INFORMATION TO DATA SUBJECT The data subject should be informed with at least the following: a)identity and habitual residence or principal place of business of controller; b)purposes of processing; c)any further information such as: i) recipients or categories of recipients of data ii) whether reply to any questions is obligatory or voluntary, and possible consequence of failure to reply iii) existence of right of access, right to rectify and where applicable right to erase data. DPA Art. 19 RIGHTS OF DATA SUBJECTS (1)

DATA PROTECTION Request of Data Subject must be: at reasonable intervals in writing signed by data subject Data Controller to provide: without excessive delay without expense written information in an intelligible form DPA Art. 21 RIGHT OF ACCESS RIGHTS OF DATA SUBJECTS (2)

DATA PROTECTION The Data Subject may request rectification, blocking or erasure of his personal data. If the request is justified, the Data Controller shall rectify, block or erase such personal data accordingly. notify third parties about such an event, unless this involves a disproportionate effort. DPA Art. 22 RECTIFICATION RIGHTS OF DATA SUBJECTS (3)

DATA PROTECTION Security Measures

DATA PROTECTION APPROPRIATE SAFEGUARDS These include: Access controls to information e.g. passwords, access rights/privileges, encryption etc. Physical Security safeguards e.g. locking of file cabinets, computers, offices etc. Awareness

DATA PROTECTION Processing For Research Purposes Research Purposes

DATA PROTECTION THE DATA PROTECTION ACT APPLIES WHEN: Research is about individuals Research involves personal data Individuals are identifiable DATA PROTECTION IN RESEARCH

DATA PROTECTION Sensitive Personal Data may be processed for Research Purposes: On Public Interest grounds With the approval of the Commissioner, on the advice of a Research Ethics Committee DPA Art 16 PROCESSING CONCERNING RESEARCH

DATA PROTECTION Specific Data Protection matters in research include: Personal and Sensitive Data Identifiable VS Anonymous Data Consent – When do I need consent?? Dealing with children and vulnerable persons Retention of Data DPA Art 16 PROCESSING CONCERNING RESEARCH

DATA PROTECTION CREATING THE RIGHT BALANCE RIGHTS OF PRIVACY OF INDIVIDUAL NEED TO CARRY OUT RESEARCH BETWEEN:

DATA PROTECTION Procedure agreed With UREC With UREC

DATA PROTECTION Proposal Form for ethical approval is submitted by researcher Research Proposals are examined by the Faculty Research Ethics Committee and by the UREC Approval is given if proposals are satisfactory Approval from the UREC is deemed to be an adequate advice for the approval by the Commissioner Researcher may proceed with the project once this is approved by the UREC RESEARCH INVOLVING SENSITIVE PERSONAL DATA PROCEDURE (1)

DATA PROTECTION A list of approved projects is periodically forwarded to the Commissioner for final approval The UREC may always consult the Commissioner in case of problems with particular projects OBJECTIVES Allow the researcher ample time to proceed with the study The Researcher is not required to obtain an approval directly from the Commissioner PROCEDURE (2)

DATA PROTECTION Data Protection Principles Rights of Data Subjects OBJECTIVES Inform researchers and ensure that these principles and rights are respected It is important that all faculties use the same form in order to provide the same conditions and information to students INCLUDES PROPOSAL FORM

DATA PROTECTION Office of the Commissioner for Data Protection Website: FURTHER INFORMATION

DATA PROTECTION THANK YOU! Floor is open for discussion

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.