1 Privacy issues on pan-European White Pages service 4rd TF-LSD Meeting Amsterdam, 29.10.2001 Peter Gietz

Slides:

Advertisements

Similar presentations

PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR

Advertisements

The data retention directive: data protection aspects Frank Robben General manager Crossroads Bank for Social Security Sint-Pieterssteenweg 375 B-1040.

CcTLD Meetings Rome 2004 WHOIS & Data Privacy Jean-Christophe Vignes Registry Liaison Manager.

The Data Protection (Jersey) Law 2005.

Slide 1 Whois Workshop, ICANN Montreal Meeting Topic, June 2003 Privacy and Data protection consideration of the Whois directories discussion Diana ALONSO.

Introduction to Online Data Collection (OLDC) Community Based Abstinence Education September, 2009.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

1 Concept for deliverable on privacy issues on pan-European White Pages service 3rd TF-LSD Meeting Antalya, Peter Gietz

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.

1 Pertemuan 7 Points of Exposure Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.

EU: Bilateral Agreements of Member States

P3P: Platform for Privacy Preferences Charlin Lu Sensitive Information in a Wired World November 11, 2003.

EU: Bilateral Agreements of Member States. Formerly concluded international agreements of Member States with third countries Article 351 TFEU The rights.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

Workshop on registered electronic mail policies and implementation Ankara, March 2015 Davide Mula REM country practice in legal infrastructure,

FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.

Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Secure Knowledge Management: and.

9 - 1 © 2007 Prentice Hall, Business Law, sixth edition, Henry R. Cheeseman Chapter 17: E-Contracts and Licensing.

Copyright © 2004 by Prentice-Hall. All rights reserved. PowerPoint Slides to Accompany BUSINESS LAW E-Commerce and Digital Law International Law and Ethics.

Attorney at the Bars of Paris and Brussels Database exploitation & Data protection Thibault Verbiest Amsterdam 1 April 2005

Lawyer at the Brussels Bar Lecturer at the University of Strasbourg Assistant at the University of Brussels Data Protection & Electronic Communications.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public.

Office of Information Technology Balancing Technology and Privacy – the Directory Conundrum January 2007 Copyright Barbara Hope and Lori Kasamatsu 2007.

NRCCL (University of Oslo, Faculty of Law) Hyperlinks and search engines(I) Jon Bing Norwegian Research Center for Computers and Law Master Lecture 16.

European Grid Initiative Technical Forum 21 September 2011, Lyon The Digital Agenda for Europe What about the Cloud? Carl-Christian Buhr European Commission.

Dr Sharon Azzopardi. k What is Convergence? A Union of Media Print Television Camera Telephone Radio Internet A Union of Services Data Voice Video.

E-commerce Vocabulary Terms. E-commerce Buying and selling of goods, services, or information via World Wide Web, , or other pathways on the Internet.

Shib-Grid Integrated Authorization (Shintau) George Inman (University of Kent) TF-EMC2 Meeting Prague, 5 th September 2007.

The European influence on privacy law and practice Nigel Waters, Pacific Privacy Consulting International Dimension of E-commerce and Cyberspace Regulation.

French Legislation on CRIS Jacques Millet

Data Protection Compliance Professor Ian Walden Institute of Computer and Communications Law, Centre for Commercial Law Studies, Queen Mary, University.

EU actions on Web- Accessibility Funka Accessibility Days

Data Protection Act AS Module Heathcote Ch. 12.

The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;

The Framework for Privacy Policies in the UK: Is telling people what information is gathered about them part of the framework? Does it need to be? Emma.

U.S. Department of Commerce Web Advisory Group Minding Your Own Business The Platform for Privacy Preferences Project.

PLWMW2© 2000 Adrian Tribe1 Public Library Web Sites and the Data Protection Act 1998 Adrian Tribe Birkbeck, University of London.

© 2004 The IPR-Helpdesk is a project of the European Commission DG Enterprise, co-financed within the fifth framework programme of the European Community.

Authentication and Authorisation for Research and Collaboration Uros Stevanovic AARC F2F, Milano Accounting and logging data protection.

Federations, the Data Protection Directive and WP29 TF-EMC2 Mikael Linden, CSC, the Finnish IT Center for Science.

© 2010 Pearson Education, Inc., publishing as Prentice-Hall 1 INTERNET LAW AND E-COMMERCE © 2010 Pearson Education, Inc., publishing as Prentice-Hall CHAPTER.

1 News about the privacy document 6 th TF-LSD Meeting Limerick Peter Gietz

Personal data processed in cloud infrastructures: main legal aspects Avv. Enrico Pelino Attorney at Law at Bologna Bar, Italy Senior Associate at ICTlegalconsulting.

Presented by Eliot Christian, USGS Accessibility, usability, and preservation of government information (Section 207 of the E-Government Act) April 28,

1 TAIEX JHA Workshop on data protection and cloud computing Data transfers to third countries and standard contractual clauses Skopje, 29 May 2014.

Data protection—training materials [Name and details of speaker]

CMPE 494 Service-Oriented Architectures and Web Services Platform for Privacy Preferences Project (P3P) İDRİS YILDIZ

Presented by Ms. Teki Akuetteh LLM (IT and Telecom Law) 16/07/2013Data Protection Act, 2012: A call for Action1.

Protection of Personal Information Act An Analysis on the impact.

-1- WORKSHOP ON DATA PROTECTION AND DATA TRANSFERS TO THIRD COUNTRIES Technical and organizational security measures Skopje, 16 May - 17 May 2011 María.

E-C OMMERCE : T HE E -C ONSUMER AND THE ATTACKS AGAINST THE PERSONAL DATA Nomikou Eirini Attorney at Law, Piraeus Bar Association Master Degree in Web.

František Nonnemann Skopje, 10th October 2012 JHA Data protection and re-use of PSI as a tool for public control–CZ approach.

TRANSBORDER DATA FLOWS INA MEIRING. THE PROTECTION OF PERSONAL INFORMATION ACT (“POPI”) > 'personal information' means information relating to an identifiable,

AEMCPresentation to GWCFPAGE 1 AEMC and Rule changes Presentation to AEMO Gas Wholesale Consultative Forum Kamlesh Khelawan Director This presentation.

© CENTER FOR INFORMATION TECHNOLOGY SERVICES UNIVERSITY OF OSLO USIT Page 1 Re: Study on the privacy issues arising with the public pan-European White.

Students’ Unions 2011 Data Protection and Students’ Unions Mairead O’Reilly 19 July 2011.

BUILD SECURE PRODUCTS AND SERVICES

Session 5 – Data safety / security

THE NEW GENERAL DATA PROTECTION REGULATION: A EUROPEAN OR A GLOBAL STANDARD? Bart van der Sloot Senior Researcher Tilburg Institute for Law, Technology,

Data Protection Legislation

The European Union General Data Protection Regulation (GDPR)

GENERAL DATA PROTECTION REGULATION (GDPR)

Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .

E-Contracts and Internet Law

2nd TF-LSD meeting, Amsterdam, 2. February 2001

GDPR Workshop MEU Symposium Prague 2018

The activity of Art. 29. Working Party György Halmos

Data Privacy by Design Expanding Security for bepress Users

Presentation transcript:

1 Privacy issues on pan-European White Pages service 4rd TF-LSD Meeting Amsterdam, Peter Gietz

2 Agenda  Some more texts  P3P  NEEDS solution  Privacy issues of the CIP WPS  Organizational and technical solutions

3 New valuable texts  Commission of the European Communities: Proposal for a Directive of the European Parliament and the Council concerning the processing of personal data and the protection of prvacy in the electronic communications sector, Brussels, , COM(2000) 385 final, 2000/0189 (COD) Changes to Directive 97/66/EC to enlargen the scope from telephone to general data traffic

4 Other texts  Data protection in the European Union Introductory text that discusses the matter for the user  Directory Workshop: Data Privacy Protection, , ISSS/WS-DIR, /dataprot.htm /dataprot.htm Short and introductory

5 P3P a new standard  The Platform for Privacy Preferences 1.0. (P3P1.0) Specification, W3C Working Draft 28. September 2001 Concerns privacy of information supplied to Web sites RDF/XML descriptions of privacy policies that can be automatically processed in HTTP client server communication

6 P3P vocabulary excerpt  Data categories, e.g.: Physical contact information Online contact information Computer information  Consequences Human readable description of the results of agreeing to a proposal  Purpose Purposes for collecting data  Recipients Who else than the service provider gets access to the data

7 P3P and Directories  When using Webgateways with possibilities to add or modify data P3P usage is obvious  Data structures could be used: To store privacy statements of directory services to store user privacy preferences  More research is needed

8 Who else is working on this?  Walter M. Tveter, University of Oslo: Privacy aspects of the NEEDS project Educational institutions (EIs) are owner and controller and thus responsible NRNs are processors and service provider on their behalf EIs grant rights to NRNs via contract NRNs grant rights to other NRNs via contract EIs have all contacts to subjects and national data protection agencies

9 Privacy Issues  Controller and processor are the maintainers of the actual data server  Do the maintainer of the index service have the same legal bindings to the data subject?  If not all data subjects have consented to transmission to unadequate legislation countries, transmission to those countries has to be prevented

10 Organizational Solutions Define and stick to purpose of service Call for a data protection officer Define who is the controller and who is processor Define and restrict population of data subjects Define procedures how the data are gathered and processed Inform data subjects about e.g. via Who collected data What data For what purpose About the rights of the data subject

11 Organizational Solut. contd. Define procedure of informing the data subjects about rights and data updates Define how data subjects can make use of their rights (e.g. via signed , Web-Formular) Better have user consent when he applies for a user account Only collect minimum set of data attributes Publish and disseminate all organizational definitions in a policy text

12 Technical Solutions Establish adequate security against loss, damage and unlawful access or manipulation of the data Restrict maximum number of retrievable entries Disallow wildcards Restrict number of searchable attributes Do robots detection and refuse services to them

13 Issue of export to third countries:  Either: Restrict access to user from countries with adequate privacy legislation Disallow access from proxies  Or: Let the subject decide to be visable Only in it‘s own institution Only within the own country (???) Only within the EU World wide

14 Technical Solut. contd. Encrypt Indexobjects while on the net Define Crawler policies Only let registered crawlers access the data Enforce digital signatures for -consent of the data subjects

15 How to proceed?  We should restrict ourselfes to EC-Direcives But not quote a lot of it  A template privacy policy text should be included  A template privacy policy P3P definition should be included?  Contact Working Party?