Legislative Response to Data Inferences

Slides:



Advertisements
Similar presentations
Administrative Systems and the Law What you need to know to produce an oral presentation for Unit 7 When the presentations will take place Resources you.
Advertisements

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
TEAM 4 Case Study Mauritius: Mrs Nandini Kissoon-Luckputtya
The Data Protection (Jersey) Law 2005.
DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.
Data Protection & Freedom of Information The Practical Implications of Data Protection and Freedom of Information Caroline Dominey Data Protection Officer.
1 Pertemuan 7 Points of Exposure Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
Health & Social Care Apprenticeships & Diploma
EHRs and the European Union – current legislation and future directions. Dr Richard Fitton.
The Data Protection Act 1998 The Eight Principles.
GEOG3025 Confidentiality and social implications.
IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.
Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;
Legal issues The Data Protection Act Legal issues What the Act covers The misuse of personal data By organizations and businesses.
Data Protection Property Management Conference. What’s it got to do with me ? As a member of a management committee responsible for Guiding property you.
The Data Protection Act What the Act covers The misuse of personal data by organisations and businesses.
PROTECTION OF PERSONAL DATA. OECD GUIDELINES: BASIC PRINCIPLES OF NATIONAL APPLICATION Collection Limitation Principle There should be limits to the collection.
Data Protection Principles as Basic Foundation for Data Protection in EU/EEA Introduction to Data Protection Theory Seminar - AFIN Stephen.
The Protection of Personal Information Bill 13 February
Computer Laws Data Protection Act 1998 Computer Misuse Act 1990.
Computing, Ethics & The Law. The Law Copyright, Designs and Patents Act (1988) Computer Misuse Act (1990) Data Protection Act (1998) (8 Main Principles)
DATA PROTECTION ACT INTRODUCTION The Data Protection Act 1998 came into force on the 1 st March It is more far reaching than its predecessor,
Data Protection Principles as Basic Foundation for Data Protection in EU/EEA Introduction to Data Protection Theory Seminar - AFIN Stephen.
DATA PROTECTION ACT DATA PROTECTION ACT  Gives rights to data subjects (i.e. people who have data stored about them on a computer)  Information.
© University of Reading Lee Shailer 06 June 2016 Data Protection the basics.
Data protection—training materials [Name and details of speaker]
Uses of brain imaging data: privacy and governance implications Dr. Hester Ward Medical Director, Information Services Division, (ISD) Consultant in Public.
Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.
General Data Protection Regulation (EU 2016/679)
The Data Protection Act 1998
The Data Protection Act 1998
Trevor Ellis Trainee Programmer (1981 – 28 years ago)
Level 2 Diploma in Customer Service
Issues of personal data protection in scientific research
GDPR – Legal Aspects Desislava Krusteva, Attorney-at-Law, CIPP/E
General Data Protection Regulation
Data Protection Act.
The Data Protection Act 1998
Data Protection Update – GDPR or bust
Anonymised information
GDPR Overview GDPR - General Data Protection Regulations
Data Protection & Freedom of Information- An Introduction
GENERAL DATA PROTECTION REGULATION (GDPR)
6 Principles of the GDPR and SQL Provision
Introduction to GDPR 09/11/2018.
The General Data Protection Regulation (GDPR)
New Data Protection Legislation
State of the privacy union
G.D.P.R General Data Protection Regulations
FEK årskonferanse 28. februar 2018.
Unit 2: Global Information
General Data Protection Regulation
Data Protection principles
OECD Guidelines Collection Limitation: should be limited to personal data, obtained by lawful and fair means, and (where appropriate) with knowledge and.
Preparing for GDPR Sharing experiences of the process and using the British Canoeing Toolkit bit.ly/BCGDPRToolkit
GDPR Workshop MEU Symposium Prague 2018
General Data Protection Regulations 2018
The General Data Protection Regulation: Are You Ready?
PERSONAL INFORMATION BILL
Welcome IITA Inbound Insider Webinar: An Introduction to GDPR
Privacy and Cyber Security for Payroll Pros: A Global Perspective
Hot Topic 1: GDPR and Traffic Data Systems
Dr Elizabeth Lomas The General Data Protection Regulation (GDPR): Changing the data protection landscape Dr Elizabeth Lomas
Data Protection What can I do? GDPR Principles General Data Protection
General Data Protection Regulation Community Councils
Presentation transcript:

Legislative Response to Data Inferences Jody Blanke Mercer University CALSB 2019 Halifax

Minority Report https://www.youtube.com/watch?v=ITjsb22-EwQ

J. P. Martin - Canadian Tire

Don’t Even Think About Buying One of These

And Be Careful About Buying These

Congratulations, You’re Pregnant!

Basic Fair Information Principles Notice/Awareness Choice/Consent Access/Participation Integrity/Security Enforcement/Redress

Before Google Became Evil

OECD Privacy Principles Collection Limitation Principle Data Quality Principle Purpose Specification Principle Use Limitation Principle Security Safeguards Principle Openness Principle Individual Participation Principle Accountability Principle

GDPR – Basic Principles (Art. 5) 1. Personal data shall be: (a) processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’); (b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; . . . (‘purpose limitation’); (c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’); (d) accurate and, where necessary, kept up to date; . . . (‘accuracy’); (e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; . . . (‘storage limitation’); (f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).

GDPR – Key Definitions ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; ‘profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

New Privacy Battlefronts Profiling Algorithm transparency Data inferences

California Consumer Privacy Act “Personal information” means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal information includes, but is not limited to, the following if it identifies, relates to, describes, is capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular consumer or household:

CCPA – Personal information includes: (A) Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers. . (D) Commercial information . . . (E) Biometric information. (F) Internet or other electronic network activity information . . . (G) Geolocation data. (H) Audio, electronic, visual, thermal, olfactory, or similar information. (I) Professional or employment-related information. (J) Education information . . . (K) Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

CCPA – Infer or inference “Infer” or “inference” means the derivation of information, data, assumptions, or conclusions from facts, evidence, or another source of information or data.

What Does This All Mean?

CCPA as Model Legislation Eight states have introduced legislation based largely upon the CCPA Five states include a broad definition of personal information, complete with the inferences drawn item Mississippi (died in committee) New Mexico North Dakota (language replaced with a one-year study of consumer data) Rhode Island Texas Two states include a broad definition of personal information, but without detailed examples, i.e., no inferences drawn item Maryland Massachusetts Hawaii defines “identifying information” to include “profiles about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, or aptitudes that are created from inferences from any other information collected from a consumer.”

Other Legislation Washington’s bill borrows language from both the CCPA and the GDPR It has GDPR-like rights of access, deletion, correction, purpose limitation, and storage limitation. It also addresses the principles of transparency and accountability. Its “targeted advertising” definition refers to an advertisement that is “selected based on personal data obtained or inferred over time from a consumer’s” online history A second Texas bill focuses on the processing of personal identifying information on the Internet It has a broad definition of “personal identifying information,” but does not include “inferences” Its definition of “collect” is “buying, renting, gathering, obtaining, receiving, inferring, creating or accessing any personal identifying information pertaining to an individual” It also addresses automated processing and sensitive data

Other Legislation Nevada has a bill that would expand its existing law by requiring Internet operators to provide consumers with the right to opt out of the sale of some of the information about the consumer kept by the operator. There is no language about inferences or profiles. New York has a bill that focuses on transparency of the consumer’s information. There is a very broad definition of personal information, but no language about inferences or profiles. It would apply to any entity that does business in New York.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.