Approximation of data protection and access to public information

Slides:



Advertisements
Similar presentations
Commercial confidentiality and PSI Razvan Dinca University of Bucharest.
Advertisements

Public Sector Information & Data Protection: A plea for personal privacy settings for the re-use of PSI Bart van der Sloot Institute for Information Law.
PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR
DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.
PUBLIC RECORDS DISPUTE RESOLUTION PROCEDURE SCOTT R. SWIER ASSISTANT ATTORNEY GENERAL.
Search and Seizure on the Premises of the Danish Parliament (the Folketing) Conditions, background and practice.
Code of Federal Regulations Title 42, Chapter 1, Subchapter A Part 2 – CONFIDENTIALITY OF ALCOHOL AND DRUG ABUSE PATIENTS BRYANT D. MILLER CAC II, MAC,
Conflict and Consent: Managing Disclosure in Human Subjects Research University of Miami Human Subjects Research Office Conflict of Interest Symposium.
DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.
European Ombudsman Access to environmental information Task Force on Access to Information Geneva, 4 December 2014.
APPLICATION FOR ACCESS (PAIA) Mandatory protection (which must be refused in terms of Chap 4 subject to S46) DENIAL OF ACCESS (PAIA) Internal Appeal to.
LexisNexis Confidential EU Privacy Framework Michael Lamb LexisNexis Risk Solutions Vice President and Lead Counsel: Regulatory, Privacy & Policy May 19,
E-COMMERCE AND PRIVACY LAWS IN THE UAE Rindala Beydoun Senior Legal Counsel Al Tamimi & Company.
Access to Public Information in Slovenia Nataša Pirc Musar, LL.B. Commissioner for Access to Public Information The Hague – 24 th -25 th November, 2004.
The Eighth Asian Bioethics Conference Biotechnology, Culture, and Human Values in Asia and Beyond Confidentiality and Genetic data: Ethical and Legal Rights.
Privacy and the Civil Commitment Process Allyson K. Tysinger Assistant Attorney General June 4-5, 2008.
© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.
The application of certain restrictions on access to environmental information in accordance with AC Personal Data Ana Barreira Instituto.
Presentation on the application of the restrictions on access to environmental information provided by article 4 (4) (d)-(f) of the Convention (agenda.
Intellectual Property Rights Economy and Ownership of Results in IST Projects The Research Council of Norway Niels Peter Thorshaug.
Seminar on the Swiss Rules of International Arbitration Evidence & Hearings under the Swiss Rules Belgrade, 9 December 2015 University.
Data Subjects’ Rights Isabelle Chatelier. 8 June 2011 Charter of Fundamental Rights Article 8(2) "Everyone has the right of access to data which has been.
The EU and Access to Environmental Information Unit D4 European Commission, Directorate General for the Environment 1.
DATA PROTECTION ACT INTRODUCTION The Data Protection Act 1998 came into force on the 1 st March It is more far reaching than its predecessor,
Presented by Ms. Teki Akuetteh LLM (IT and Telecom Law) 16/07/2013Data Protection Act, 2012: A call for Action1.
Agencija za zaštitu ličnih/osobnih podataka u Bosni i Hercegovini Агенција за заштиту личних података у Босни и Херцеговини Personal Data Protection Agency.
How to strike the right balance between access to public information and data protection Nataša Pirc Musar Information Commissioner, Republic of Slovenia.
Juvenile Legislative Update 2013 Confidentiality of Records and Interagency Sharing of Educational Records.
Protection of Trade Secret in Future Japanese Patent Litigation
Personal Data Protection
Brussels Privacy Symposium on Identifiability
EU Law Law 326.
Brussels Privacy Symposium on Identifiability
Processing for archiving purposes in the GDPR
Situation Analysis Access to Court Decisions in Georgia
New systematization of EU legal instruments in the Lisbon Treaty
Issues of personal data protection in scientific research
General Data Protection Regulation (GDPR)
HIPAA Administrative Simplification
Recognition and enforcement of foreign judgments and arbitral awards in Russia Roman Zaitsev, PhD, Partner 05/09/2018.
Updates to Expedited Review Procedures
Recognition and Enforcement of Foreign Judgments and Arbitral Awards
Data Subjects’ Rights.
GENERAL DATA PROTECTION REGULATION (GDPR)
Transfers of personal data
A Resource for OFTC Faculty and Staff April 2013
Discrimination on the basis of disability
(Follow-up of the discussion at the 66th CA meeting)
Function of the International Court of Justice (ICJ):
Is Data Protection a Fundamental Right Protecting the Individual?
Arbitration Proceedings II
ACCOUNTING ETHICS Conf.univ.dr. Victor-Octavian Müller.
Judicial Training on EU Taxation Law
Exploring 45 CFR , Criteria for IRB Approval of Research
Public Sector Information & Data Protection: A plea for personal privacy settings for the re-use of PSI Bart van der Sloot Institute for Information Law.
Item 4.1 Recent activities in confidentiality and micro data access
IAPP TRUSTe SYMPOSIUM 9-11 JUNE 2004
The impact of article 47 CFREU on national caselaw between general principles and sectorial Application Jacek Chlebny, professor at the University of Łódź,
ACCOUNTING ETHICS Conf.univ.dr. Victor-Octavian Müller.
Data Protection in Law Enforcement Area Chapter 9a of the draft law
Legal Basis: CRITERIA FOR MAKING DATA PROCESSING LEGITIMATE
Personal data protection in public institutions – effective approach
Why are we processing data
ACCOUNTING ETHICS Conf.univ.dr. Victor-Octavian Müller.
EUROPEAN UNION CITIZENSHIP
ACCOUNTING ETHICS Conf.univ.dr. Victor-Octavian Müller.
ACCOUNTING ETHICS Lect. Victor-Octavian Müller, Ph.D.
The Aarhus Convention and Biosafety
European Union Law Daniele Gallo
EITI - Grievance mechanisms
Presentation transcript:

Approximation of data protection and access to public information Waltraut Kotschy Ludwig-Boltzmann Institute for Human Rights, Vienna Round table, Kiev, 25 October, 2018

General clarification Add to Art. 2: “This Law does not impair the data subject’s right to access his/her own data according to Art. 15 of the Law of Ukraine on personal data protection” Delete Article 10 of the Law on Access to public information

How shall access be granted? By publication  „open data“ By giving information upon request Add to Art. 5: that „provision of information upon request“ can also be fulfilled by access to documents; decide, whether it must be explicitly requested

Restricted access Art. 6 foresees 3 categories of information for which access may be restricted: 1) confidential information 2) secret information 3) information for internal use only Add a 4th category: ‚4) personal information‘

Personal information Create a new Article 91 dealing with personal information 1) Define “personal information“: = data about identified or identifiable individuals (= congruent with Law on Personal Data Protection) 2) clarify that „data protection“ cannot be a reason for restricting access to public information if the data subject requires access!! (but access could be denied for other reasons than data protection)  proposal: restriction because of data protection can only pertain to „information which contains personal data about natural persons other than the requestor”

Specific problem How do you want to treat personal data about civil servants showing up in a document, involved in a case, ………….? Their legitimate interest in data protection should in principle not override the public interest in access to public information Possible solutions: No protection for data relating to the exercise of public functions, or De-personalize, unless explicit and reasoned request for disclosure …???

Access to a third person‘s data Data concerning another person than the requestor are protected under the Law on personal data protection vis-à-vis the requestor Access to such data can therefore be granted only in compliance with the Law on personal data protection:  either data are de-personalized  or a reason for legitimate disclosure according to the Law on personal data protection exists

De-personalization In the case of open data: names and other identifiers must be left out in publications (how to treat data about the civil servants involved?) In case of giving information about public information: names and other identifiers are not mentioned In case of access ot documents: names and other identifiers must be ‚blackened‘

Reasons for legitimate disclosure Law on personal data protection: Consent of the data subject(s) Vital interest of the data subject or of a third person A special legal provision allowing access Legitimate interests of the requestor or a third person in disclosure, overriding the data protection interests of the data subject(s) How shall ‚overriding‘ be determined? Could some criteria be given? Like ‚undue harm‘….

Procedure Request for access comes in Request must be examined; if the requested data contain personal information Is it information about the requestor? Is identity of the requestor certified? If it is not information about the requestor: is de-personalization feasible? if not: it there a reason for legitimate disclosure? Whenever personal information is involved, more time is needed for examination  timeframe for answering request should be harmonized with access-request under Data Protection Law