PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR

Slides:



Advertisements
Similar presentations
Re-use of PSI Data Protection Issues Cécile de Terwangne Professor at the Law Faculty, Research Director at CRIDS University of Namur (Belgium) 2 nd LAPSI.
Advertisements

Public Sector Information & Data Protection: A plea for personal privacy settings for the re-use of PSI Bart van der Sloot Institute for Information Law.
Prof. Cécile de Terwangne - LAPSI Workshop 7-8 October Re-use and Privacy/Data Protection Cécile de TERWANGNE Professor at the Law Faculty CRID.
European CommissionDirectorate-General Justice, Freedom and Security Data Protection 1 Conference on Cross Border Data Flows & Privacy October 15-16, 2007.
Identifying Data Protection Issues Developing Lifelong Learner Record Systems and ePortfolios in FE and HE: Planning for, and Coping with, Legal Issues.
Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Data Protection Billy Hawkes Data Protection Commissioner Irish Human Rights Commission 20 November 2010.
Data Protection & Privacy in the Information Age COMNET – Legal Frameworks for ICTs Malta 2013 Dr Antonio Ghio Dr Jeanine Rizzo.
DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.
The data retention directive: data protection aspects Frank Robben General manager Crossroads Bank for Social Security Sint-Pieterssteenweg 375 B-1040.
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
Convention for the protection of individual with regard to automatic processing of personal data “The purpose of this convention is to secure in the territory.
Protection of Personal Data, Historical context In 1982, Iceland signed the Council of Europe Convention nr. 108 from 1981 for the Protection.
The Data Protection (Jersey) Law 2005.
Data Protection.
DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.
1 1 Legal aspects of incident reporting and data collection : Fear of the Dark? Meeting on “Incident Reporting in Radiotherapy” 3rd of September – Federal.
Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Attorney at the Bars of Paris and Brussels Database exploitation & Data protection Thibault Verbiest Amsterdam 1 April 2005
Data Protection Overview
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
Lawyer at the Brussels Bar Lecturer at the University of Strasbourg Assistant at the University of Brussels Data Protection & Electronic Communications.
LexisNexis Confidential EU Privacy Framework Michael Lamb LexisNexis Risk Solutions Vice President and Lead Counsel: Regulatory, Privacy & Policy May 19,
The Data Protection Act 1998 The Eight Principles.
The Eighth Asian Bioethics Conference Biotechnology, Culture, and Human Values in Asia and Beyond Confidentiality and Genetic data: Ethical and Legal Rights.
Data Protection Compliance Professor Ian Walden Institute of Computer and Communications Law, Centre for Commercial Law Studies, Queen Mary, University.
Data Protection Act AS Module Heathcote Ch. 12.
IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.
Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
INTERNATIONAL E-DISCOVERY: WHEN CULTURES COLLIDE Alvin F. Lindsay Hogan & Hartson LLP.
WHOIS data The EU legal principles ICANN - GNSO meeting 2 March 2004 George Papapavlou, European Commission ICANN - GNSO meeting 2 March 2004 George Papapavlou,
The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;
The Framework for Privacy Policies in the UK: Is telling people what information is gathered about them part of the framework? Does it need to be? Emma.
Data protection and compliance in context 19 November 2007 Stewart Room Partner.
Data Protection Principles as Basic Foundation for Data Protection in EU/EEA Introduction to Data Protection Theory Seminar - AFIN Stephen.
Data Protection and research Rachael Maguire Records Manager.
DATA PROTECTION ACT INTRODUCTION The Data Protection Act 1998 came into force on the 1 st March It is more far reaching than its predecessor,
Data Protection Principles as Basic Foundation for Data Protection in EU/EEA Introduction to Data Protection Theory Seminar - AFIN Stephen.
Presentation Title Data Protection The new EU Regulation Insert your logo here.
The EU General Data Protection Regulation Frank Rankin.
Presented by Ms. Teki Akuetteh LLM (IT and Telecom Law) 16/07/2013Data Protection Act, 2012: A call for Action1.
Protection of Personal Information Act An Analysis on the impact.
Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.
František Nonnemann Skopje, 10th October 2012 JHA Data protection and re-use of PSI as a tool for public control–CZ approach.
TRANSBORDER DATA FLOWS INA MEIRING. THE PROTECTION OF PERSONAL INFORMATION ACT (“POPI”) > 'personal information' means information relating to an identifiable,
European Data Protection Supervisor TAIEX Seminar - Belgrade 9 February 2009 Principles of data protection and international legal framework Alfonso Scirocco.
Data Protection Laws in the European Union John Armstrong CMS Cameron McKenna.
General Data Protection Regulation (EU 2016/679)
Luca De Matteis Justice counsellor (criminal law, data protection)
Trevor Ellis Trainee Programmer (1981 – 28 years ago)
THE NEW GENERAL DATA PROTECTION REGULATION: A EUROPEAN OR A GLOBAL STANDARD? Bart van der Sloot Senior Researcher Tilburg Institute for Law, Technology,
Issues of personal data protection in scientific research
Data Protection: EU & International
Data Protection The Current Regime
General Data Protection Regulation
General Data Protection Regulation: Turning the black into white
Data Protection Legislation
EU Directive 95/46/EC (Paragraph 2) “Whereas data-processing systems are designed to serve man; whereas they must Respect their fundamental rights.
Data Protection & Freedom of Information- An Introduction
GENERAL DATA PROTECTION REGULATION (GDPR)
Transfers of personal data
Bart van der Sloot Data Protection 2.0 The proposal for a General Data Protection Regulation Bart van.
Data Protection principles
Bart van der Sloot Data Protection 2.0 The proposal for a General Data Protection Regulation Bart van.
The activity of Art. 29. Working Party György Halmos
Is Data Protection a Fundamental Right Protecting the Individual?
Public Sector Information & Data Protection: A plea for personal privacy settings for the re-use of PSI Bart van der Sloot Institute for Information Law.
Welcome IITA Inbound Insider Webinar: An Introduction to GDPR
Public Privacy: juridical & ethical perspective
Data Protection: The new EU Regulation
Presentation transcript:

PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR Bart van der Sloot Institute for Information Law University of Amsterdam

Tension Tension between private and public Interests Rights Distinction between access and re-use Access: 10 ECHR & transparency government Re-use: mostly commercial interest Distinction between collection and distribution Collection by government to fulfill their tasks Distribution from government to third party

PSI & DP PSI-Directive Recital (21): “This Directive should be implemented and applied in full compliance with the principles relating to the protection of personal data in accordance with Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and of the free movement of such data.” Article 1, §4: “This Directive leaves intact and in no way affects the level of protection of individuals with regard to the processing of personal data under the provisions of Community and national law, and in particular does not alter the obligations and rights set out in Directive 95/46/EC.” And Article 2, §5: “‘personal data’ means data as defined in Article 2(a) of Directive 95/46/EC.” full compliance with the principles relating to the protection of personal data in accordance with Directive 95/46/EC no way affects the level of protection of individuals with regard to the processing of personal data

Topics Personal data Fairly and lawfully Legitimate purpose Information Rights Duties

Personal data Data relating to an identified or identifiable natural person ('data subject'); an identifiable person is one who can be identified, directly or indirectly Anonymization Direct personal Indirect data > Groups (geographical information, group profiling) Privacy by design

Fairly and Lawfully (2 times) personal data must be collected for specified, explicit and legitimate purposes not further processed if incompatible with original purposes adequate, relevant and not excessive kept no longer than is necessary Who is responsible?

Who is responsible? Ground (2 times) data subject unambiguous consent; Opt in - Opt out (freely given, specific and informed) Processing necessary for the public interest Commercial (prohibitions) - Non commercial Non sensitive – Sensitive (race, sex, political, religion) legitimate interests pursued except where privacy interest overridden: WP: Case by case Commercial (prohibitions)- Non Commercial Non sensitive - Sensitive Who is responsible?

Information (2 times) Who is responsible? no later than when the data are first disclosed the identity of the controller the purposes of the processing; the categories of data concerned; the recipients or categories of recipients; the existence of the rights. Who is responsible?

Rights (2 times) Who is responsible? Right of access & information Right of rectification, erasure or blocking Right of notification to third parties to whom the data have been disclosed of any rectification, erasure or blocking unless disproportionate. Right to object, especially in case of grounds of public interest and third party interest. Who is responsible?

Duties (2 times) Who is responsible? Confidentiality of processing Security of processing Transfer to a third country of personal data only if the third country in question ensures an adequate level of protection. Who is responsible?

Who is responsible? 'processor' anybody that processes personal data on behalf of the controller; - No Duties 'controller' anybody who alone or jointly with others determines the purposes and means of the processing of personal data Third party requesting re-use = controller (Fairly &Lawfully, Grounds, Information, Rights, Duties) Government is responsible: Original controller Provider Legislator & enforcer

Problem? full compliance with the principles relating to the protection of personal data in accordance with Directive 95/46/EC no way affects the level of protection of individuals with regard to the processing of personal data

Proposal Access: right of privacy - right of access Re-use: No right - Economical asset. Two times minimum harmonization Clarification might be necessary In Data Protection Directive In Public Sector Information Directive In Code of Conduct In Best current practices Academic debate

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.