Zaštita ličnih podataka Iskustva iz Republike Slovenije Podgorica, Nataša Pirc Musar Information Commissioner

Access to public information v. Data protection Can one body handel both?

Situation in Slovenia What we do and how we do it?

Trust in the Information Commissioner (public poll Jan 2010)

Trust in supervisory authorities (public poll Oct 2010) INFORMATION COMMISSIONER OMBUDSMAN POLICE GEN. DIRECTOR STATE PROSECUTOR DOES NOT TRUST / TRUSTS

Situation in Slovenia Formal supervisory procedures

Informacijski povjerenik Poverenica, 3 zamjenika i vođa inspektora 32 zaposlenih  18 na zaštiti osobnih podataka, 10 na pristupu informacijama, 4 u administraciji 9 (11) inspektora Aktivan od (ujedinjenje Poverenika i Inspekcije za lične podatke)  Snažne komeptencije po Zakonu o inspekcijskom nadzoru  Predlog za zatvaranje rukovalaca (ako ne plate kaznu),  Novčane kazne,  Podnošenje prijave krivičnog djela,  Ulaz u kancelarije, pregled kompjutera...

Inspection procedures

Structure of procedures ( )

Misdemeanour procedures (2009)

2009: 163 violation procedures –Public sector: 41 –Private sector: 70 –Natural persons: warnings 93 decisions –67 cautions –26 fines 12 payment orders 21 appeals to the court Fines: –Legal person.: to EUR –Responsible person: 830 to EUR  Largest fine: – EUR for data controller – EUR for responsible person

Data subject’s access 2009: 70 demands –2008: 43 demands Some interesting cases, e.g. access to retained traffic data on telephone calls Number of requests (complaints) for access to individual’s own data

Situation in Slovenia Awareness raising toolbox

Opinions 2009: 1334 requests for opinion –2008: 853 requests for opinion On-line publication ( opinions) Main areas: –Offcial procedures – judicial, administrative and police procedures (67), –Employment relationships (64), –Transfer of personal data between data controllers(45), –Internet related(43), –Health data (33),

Guidelines

Identity theft – self assesment test adapted from NOR DPA original

Facebook profile

Data protection The challenges

Data protection challenges –Location privacy Google Street View, Google Earth – what is next? –Probably other angles between vertical and horizontal pictures, higher frequency and perhaps “real-time view-it-all?” Drivers’ privacy –Electronic toll collection and other location-based services –Personal profiles and behavioural marketing Personalized, customized ads All media covered: internet, print, (digital TV)! Smart videosurveillance, audience measurement… –Changing attitudes towards privacy DPA’s awareness raising toolbox Can we influence it al all? –REAL concern when statemets are made such as: “Privacy as a social norm is a matter of past!” by____, CEO of______ “If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place.” by____, CEO of______

Data protection challenges cont. –Worklapce privacy Many complaints Draft bill prepared –Identity theft Abuse of publicly available data Abuse of private data –Data business Interconnection of databases Outsourcing of personal data / cloud computing –Digital dataveillance e.g. automated analysis of computer and telephone network traffic (i.e. Data retention...) Creation of extensive personal profiles and activity histories; can be used for many reasons – can lead to errosion of privacy –Let’s have a closer look at some of them …

“The problem with the nothing to hide argument is with its underlying assumption that privacy is about hiding bad things.“ Daniel Solove

Thank you for your attention! IC website in English