Ide kerülhet az előadás címe Data protection implications of the use of RPAS and recommendations – Budapest, 5th February 2015.

Slides:



Advertisements
Similar presentations
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
Advertisements

Convention for the protection of individual with regard to automatic processing of personal data “The purpose of this convention is to secure in the territory.
Data Protection Information Management / Jody McKenzie.
BIOMETRICS, CCTV & DATA PROTECTION By Drudeisha Madhub Data Protection Commissioner Date:
Ide kerülhet az előadás címe Enforcement of personal data protection in Hungary by Dr. Attila Péterfalvi "Business and Security" Research Center for Legal.
DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.
MEDIA LAW Copenhagen University SESSION 10 Dirk VOORHOOF Ghent University (->contact)
INTERNET and CODE OF CONDUCT
Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.
Information Commissioner’s Office: data protection Judith Jones Senior Policy Officer Strategic Liaison – public security 16 November 2011.
Data Protection Overview
Ide kerülhet az előadás címe Dr. Attila Péterfalvi: The Hungarian „case” (Independence of the DPA) Belgrade,
DATA PROTECTION OFFICE
Regulation of Personal Information Daniel Pettitt, Leon Sewell and Matthew Pallot.
Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.
Amicus Legal Consultants THE DEPLOYMENT OF SPECIAL INVESTIGATIVE MEANS IN PROACTIVE ANTI-CORRUPTION INVESTIGATIONS.
Ide kerülhet az előadás címe CCTV operation at work Belgrade, 11 th April 2013.
Data Protection Privacy in the Digital Age: the UN General Assembly Resolution Sophie Kwasny, 16 October th International Conference, Mauritius.
The Eighth Asian Bioethics Conference Biotechnology, Culture, and Human Values in Asia and Beyond Confidentiality and Genetic data: Ethical and Legal Rights.
Managing Risks Associated With Privacy Alison Baker- Senior Associate Hall & Wilcox 24 November
Data Protection Act AS Module Heathcote Ch. 12.
IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.
Data Protection Principles as Basic Foundation for Data Protection in EU/EEA Introduction to Data Protection Theory Seminar - AFIN Stephen.
An Introduction to the Privacy Act Privacy Act 1993 Promotes and protects individual privacy Is concerned with the privacy of information about people.
Data Protection: Workplace, Health and Safety. Employers’ responsibilities Employer obliged to provide safe place of work. Health and Safety Act 2004.
Human Rights Act, Privacy in the context of auditing Phil Huggins Chief Technologist, IRM PLC
1/29/ Ask Matt - November 2011 – FERPA – Surveillance Video and Emergencies Matt Carver, J.D., Director of Legal Services tel fax.
Ide kerülhet az előadás címe Role of Data Protection Authorities – boundaries between lawful and unlawful processing of personal data Budapest, 17 September.
Data Protection Principles as Basic Foundation for Data Protection in EU/EEA Introduction to Data Protection Theory Seminar - AFIN Stephen.
© University of Reading Lee Shailer 06 June 2016 Data Protection the basics.
Can you share? Yes you can!! Angus Council Adult Protection Maureen H Falconer, Senior Policy Officer Information Commissioner’s Office.
The EU General Data Protection Regulation Frank Rankin.
Data protection—training materials [Name and details of speaker]
Sharing Personal Data ‘What you need to know’ Corporate Information Governance Team Strategic Intelligence.
Regulations Related to Video Surveillance in Georgia Sarajevo, 18 th Meeting of CEEDPA The Office of the Personal Data Protection Inspector.
Presented by Ms. Teki Akuetteh LLM (IT and Telecom Law) 16/07/2013Data Protection Act, 2012: A call for Action1.
Protection of Personal Information Act An Analysis on the impact.
Agencija za zaštitu ličnih/osobnih podataka u Bosni i Hercegovini Агенција за заштиту личних података у Босни и Херцеговини Personal Data Protection Agency.
František Nonnemann Skopje, 9th October 2012 JHA DP aspects related to provision of information about public figures in CZ.
Data Protection Laws in the European Union John Armstrong CMS Cameron McKenna.
Ide kerülhet az előadás címe Julia Sziklay: Facial recognition – a relevant example of biometric data collection Sarajevo,
Regulation models addressing data protection issues in the EU concerning RFID technology Ioannis Iglezakis Assistant Professor in Computers & Law Faculty.
Students’ Unions 2011 Data Protection and Students’ Unions Mairead O’Reilly 19 July 2011.
Personal Data Protection
Privacy in the Digital Age: the UN General Assembly Resolution
Data Protection Officer’s Overview of the GDPR
Surveillance around the world
Situation Analysis Access to Court Decisions in Georgia
Ide kerülhet az előadás címe
Issues of personal data protection in scientific research
Presentation to GTMC on GDPR
GDPR – Legal Aspects Desislava Krusteva, Attorney-at-Law, CIPP/E
General Data Protection Regulation
Museums + Heritage webinar, 30 November 2017
Data Protection Update – GDPR or bust
Data Protection Legislation
Data Protection & Freedom of Information- An Introduction
GENERAL DATA PROTECTION REGULATION (GDPR)
Data Protection Reform in Local Government
GDPR - New Data Protection Regulation
FUNCTIONS AND ROLES OF POLICE IN DEMOCRATIC POLICING
State of the privacy union
G.D.P.R General Data Protection Regulations
The GDPR and research data
General Data Protection Regulation
Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .
Mathew Norman, Policy & Public Affairs Officer, RLA Wales
Overview of the recommendations regarding approximation of the Law on personal data protection to the new EU General data protection regulation Valerija.
The Freedom of Information and Data Protection Legislation An Overview
Data protection & FOIA considerations
Presentation transcript:

Ide kerülhet az előadás címe Data protection implications of the use of RPAS and recommendations – Budapest, 5th February 2015

Data protection implications of the use of drones Benefits are numerous for Industry Agriculture Commerce Governmental use Private use BUT Privacy at stake !!!  NAIH issued an opinion on 14th November 2014 ( NOW available in English)

Main reasons: by using drones personal data are processed most of the time atypical data processing activity no analogy can be used for such a data processing Why atypical? not because of the mere use of drones but because of the variety of accessories it can be mounted on a drone and the fact that they are designed to process personal data data processing is done from the air (unusual) by small device often undetectable which is capable of moving very fast possibility of gathering data without purpose limitation (more difficult to comply with the purpose limitation principle than not to comply with) unprecedentedly large breadth of view capable of following persons, objects fully automated data processing, no possibility of changing the processing environment when in the air large amount of data collected (ideal for bulk data gathering, database building, multipurpose use) data processing is done where and from it was not done before undetectable, even if detected no information on data processor ideal for spying, bullying

Why no analogy can be used? Drone vs. Modelling, sport aircraft, hot air balloons, imaging from the air: size, functionality, noise, perceptibility etc. are not the same Drone vs. CCTV: CCTV is fix while the drone is moving (very fast) Drone vs. Google Street View: Goggle Street View is not repetitive, done from cars, low altitude (don’t see above fences), not capable of moving fast, no possibility of streaming, online processing

Main conclusions: the fear of being observed may alter the behaviour of people; the use of drones makes the violation of people’s dignity easier and simpler than ever before; for the time being, the technology is complicated; there is an extremely high risk of non-compliant data processing; a high degree of vulnerability in human dignity; a high degree of vulnerability in the privacy of the home and private property; the significance of negative impacts on the right to freedom and safety, on the freedom of association and assembly, on religious freedom, on the freedom of expression and on the principle of non-discrimination

Opinion on the use of drones Recommendations for the Legislator Governmental users Commercial users Advices for private users

Main aim of the recommendations: for the government users data processing by drones should be conducted for the purposes laid down in the relevant legislation and should not be used for secret surveillance, bulk data gathering data pooling unlawful profiling for the commercial users enforcement of data protection and privacy legislation mandatory administrative permit procedure fundamental rights affected by the technology should remain under adequate protection for private users: the scope of Privacy Act to be extended to the private use when it is in public spaces registration, identification of users

Recommendations for the legislator A dministrative permit procedure for authorising the drone to operate which includes a data protection impact assessment done by a national authority (DPA can assist in difficult case or can issue guidelines for specific sectors) 5 main questions: Is the purpose of the data processing is legal? Is the legal base of the data processing is appropriate? Is the data processing necessary, proportionate in order to achieve the aim of the data processing? Is the data processing is within the purpose? Has the data controller complied with its obligation of information?

during the procedure the authority has to check the legality and compliance of the followings: name, address and contact person of the data controller and /or data processor purpose, location, time and timeframe of the data processing details of how the data subject(s) has(ve) been informed details of the data storing system and the main characteristics of the data security measures details of the technology used for unmasking, blurring, anonymisation the unnecessary personal data details of data erasure details on how access rights can be exercised

Mechanism for informing data subjects depending on the nature of operation the authority has to decide on case-by-case basis BUT, minimum requirements: use of a identifying technology (can be universal or customised) possibility of checking the flying itinerary of the RPAS in advance (for a reasonable time) in real time afterwards (for a reasonable time) when sufficient online offline

Mechanism for guaranteeing the exercise of access rights mandatory registration  information on data controller mandatory operating permission + mandatory information to data subjects  information on data processing data subject has to have all the necessary information in order to decide on his/her rights to privacy and to data protection, i.e. access rights before, during and after the data processing operation data subject can turn to the contact person of the data controller they can agree on the details how he/she wants to exercise the rights of access, BUT minimum requirement: at the official premises of the data controller with the data subject present (other way can also be envisaged if consented by both parties, ex: sending the video by , uploading to a restricted area, etc…)

data subject shall request information on personal data processed on him/her request the rectification, correction of his/her personal data request deletion of his/her personal data when not possible request that the data is made unidentifiable request the blocking of his/her personal data

Advices for private users Inappropriate use of drones may easily constitute a crime or infringement (Section 219 of the Criminal Code, Section 166 of the Act on Infringement, Section 222 of the Criminal Code) For data processing by drones the provisions of the Privacy Act shall apply when it is used in public spaces. Subjects of data processing by drones shall be informed in a way it enables them to act efficiently in the protection of their personal rights and personal data. Drones may record large amounts of data of third persons and may largely infringe upon the privacy of third persons. These data and privacy shall be protected in line with the stipulations of the Privacy Act and this recommendation. Drones may not be used to observe and track others (unless a prior written consent has been obtained from the data subject) Recordings that violate other people’s dignity may not be taken by drones, not even for private use. Special attention shall be paid to the protection of the personal data of minors and vulnerable people even when using drones. Drones may not be used for activities that are of the authorities’ competency (e.g. public safety, law enforcement, catastrophe relief, etc.). When using drones for private purposes, the data controller shall fully comply with the obligation of registration and identification

Thank you! Dr. Attila Péterfalvi, president H-1125 Budapest, Szilágyi Erzsébet fasor 22/c. H-1530 Budapest, Pf. 5. Tel.: Fax: