Presentation is loading. Please wait.

Presentation is loading. Please wait.

| Argentina | Belgium | Canada | France | Germany | Israel | Italy | Luxembourg | Mexico | Morocco | Norway | South Africa | Spain | Switzerland | Tunisia.

Published byLydia Parker Modified over 8 years ago

Similar presentations

Presentation on theme: "| Argentina | Belgium | Canada | France | Germany | Israel | Italy | Luxembourg | Mexico | Morocco | Norway | South Africa | Spain | Switzerland | Tunisia."— Presentation transcript:

1 | Argentina | Belgium | Canada | France | Germany | Israel | Italy | Luxembourg | Mexico | Morocco | Norway | South Africa | Spain | Switzerland | Tunisia | United Kingdom | USA HERE, THERE AND EVERYWHERE i.e. MOBILITY DATA UNDER EU LEGISLATION Raffaele ZALLONE r.zallone@studiozallone.it

2 Four «freedoms» are at the basis of E.U.: free circulation of goods, services, capitals, people Directive 95/46/EC on protection of..personal data «and on the free movement of such data» HERE, THERE AND EVERYWHERE i.e. MOBILITY DATA UNDER EU LEGISLATION r.zallone@studiozallone.it

3 Mobility data : ? ? ? No definition in the law Directive 2002/58/EC only defines “Location data” Location data is a static concept, while mobility data implies the concept of movement HERE, THERE AND EVERYWHERE i.e. MOBILITY DATA UNDER EU LEGISLATION r.zallone@studiozallone.it

4 Mobility can be related to: - The physical movement of a person in space and time (e.g. credit card data, airline data) - The physical movement of a device (e.g: RFID’s, mobile phones, tablets, etc) univocally linked to a person - The movement of personal information on a network or within an IT infrastructure (e.g.: Internet browsing data, cloud computing) HERE, THERE AND EVERYWHERE i.e. MOBILITY DATA UNDER EU LEGISLATION r.zallone@studiozallone.it

5 The data protection principles of EU Law: - Personal data must be processed for specific purposes and processed in a way compatible with such purposes (the purposes and the transaparency principles) - Personal data must be adequate, relevant and not excessive (quality principle) - Personal Data can be transferred only to countries providing adequate protection (location principle) HERE, THERE AND EVERYWHERE i.e. MOBILITY DATA UNDER EU LEGISLATION r.zallone@studiozallone.it

6 Mobility Data in EU – W.P. Article 29 RFID’s: W.P. 105 of January 19, 2005 Location data in VAS: W.P. 115 of November 25, 2005 Geo-location services on smartphones: W.P. 185 of May 16, 2011 HERE, THERE AND EVERYWHERE i.e. MOBILITY DATA UNDER EU LEGISLATION r.zallone@studiozallone.it

7 RFID’s : the data principles must be complied with Controllers must check that data being processed comply with quality principles If products are sold with imbedded RFID’s, at check out consumers must have the possibility to have them removed HERE, THERE AND EVERYWHERE i.e. MOBILITY DATA UNDER EU LEGISLATION r.zallone@studiozallone.it

8 W.P. 115 ON LOCATION DATA First EU documento to address smartphones Traffic data: necessary to supply the services. No consent required Other data: consent required “when processing sensitive data” Open issue: is consent required when not processing sensitive data? HERE, THERE AND EVERYWHERE i.e. MOBILITY DATA UNDER EU LEGISLATION r.zallone@studiozallone.it

9 W.P. 185 ON GEOLOCATION SERVICES OFFERED ON SMART MOBILE DEVICES Privacy risks: geo-location services: -may give “on intimate overview of habits and patterns” and -may reveal sensitive data when reveals “visits to hospital and/or religious places” -Allows constant monitoring, that could be done without informing the data subject -Risks of theft, burglary, physical aggression, stalking HERE, THERE AND EVERYWHERE i.e. MOBILITY DATA UNDER EU LEGISLATION r.zallone@studiozallone.it

10 Controllers: application providers, telecom operators, developers of operating system Legitimate grounds for processing: informed consent, specific and updated, with emphasis on unexpected purposes (behavioral mktg) Data subject right Retention period HERE, THERE AND EVERYWHERE i.e. MOBILITY DATA UNDER EU LEGISLATION r.zallone@studiozallone.it

11 From theory to practice ITALY Geo-location processing of buses allowed, even if potential control of bus drivers was possible (June 5, 2008) Geo-location processing on the part of Alpine Rescue organizations (Dec. 19, 2008) HERE, THERE AND EVERYWHERE i.e. MOBILITY DATA UNDER EU LEGISLATION r.zallone@studiozallone.it

12 The Netherlands Tom-Tom navigation system – Dec. 2011 Processed personal data and passed them to third parties (police, but also commercial parties) Tom-Tom has undertaken to require consent by Feb. 2012 Only anonymous and aggregate data to third parties: no violation of Law HERE, THERE AND EVERYWHERE i.e. MOBILITY DATA UNDER EU LEGISLATION r.zallone@studiozallone.it

13 CONCLUSIONS So far limited attention but interest raising Proposed EU Regulation calls for fines up to 2% of w/w turnover Things to do: - check processing in light of data protection principles - make sure a comprehensive notice is available to users - be specific in indicating purposes of processing - if notice is OK, then consent can be obtained through a conduct (e.g. use of the device) HERE, THERE AND EVERYWHERE i.e. MOBILITY DATA UNDER EU LEGISLATION r.zallone@studiozallone.it

Download ppt "| Argentina | Belgium | Canada | France | Germany | Israel | Italy | Luxembourg | Mexico | Morocco | Norway | South Africa | Spain | Switzerland | Tunisia."

Similar presentations

Public Sector Information & Data Protection: A plea for personal privacy settings for the re-use of PSI Bart van der Sloot Institute for Information Law.

Public Sector Information & Data Protection: A plea for personal privacy settings for the re-use of PSI Bart van der Sloot Institute for Information Law.
PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR

PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR
Data Protection Billy Hawkes Data Protection Commissioner Irish Human Rights Commission 20 November 2010.

Data Protection Billy Hawkes Data Protection Commissioner Irish Human Rights Commission 20 November 2010.
The Gathering Cloud computing - Legal considerations David Goodbrand, Partner 28 February 2013 Aberdeen Edinburgh Glasgow.

The Gathering Cloud computing - Legal considerations David Goodbrand, Partner 28 February 2013 Aberdeen Edinburgh Glasgow.
Net Neutrality, What Else? Wim Nauwelaerts Partner Hunton & Williams.

Net Neutrality, What Else? Wim Nauwelaerts Partner Hunton & Williams.
Innovation through participation Attributes Release Working Group European data protection directive REFEDS meeting 22th Apr, 2012

Innovation through participation Attributes Release Working Group European data protection directive REFEDS meeting 22th Apr, 2012
EU Cross-Border Care Directive from the Primary Care perspective Results of a simulation Rita Baeten Gothenburg, 3 September 2012.

EU Cross-Border Care Directive from the Primary Care perspective Results of a simulation Rita Baeten Gothenburg, 3 September 2012.
Global Information Systems

Global Information Systems
The European Union legal framework for clinical data access: The European Union legal framework for clinical data access: potential challenges and opportunities.

The European Union legal framework for clinical data access: The European Union legal framework for clinical data access: potential challenges and opportunities.
Lecture to Carleton University, Center for European Studies, December 1, 2010.

Lecture to Carleton University, Center for European Studies, December 1, 2010.
What if my organization conducts business across borders ? Your footnote Privacy and “Personal Information” have different meanings in different countries;

What if my organization conducts business across borders ? Your footnote Privacy and “Personal Information” have different meanings in different countries;
Anomalous Aspects of Transfer of Personal Data from the E.U. to the U.S. Stephen R. Bell Willkie Farr & Gallagher ABA Section of International Law New.

Anomalous Aspects of Transfer of Personal Data from the E.U. to the U.S. Stephen R. Bell Willkie Farr & Gallagher ABA Section of International Law New.
Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
DATA PROTECTION AND PATIENT CONFIDENTIALITY IN RESEARCH Nic Drew Data Protection Manager University Hospital of Wales  2074 6677  2074 5626 

DATA PROTECTION AND PATIENT CONFIDENTIALITY IN RESEARCH Nic Drew Data Protection Manager University Hospital of Wales   
Audiences NI Data Protection Workshop

Audiences NI Data Protection Workshop
Class 13 Internet Privacy Law European Privacy.

Class 13 Internet Privacy Law European Privacy.
THE CHOICES WE MAKE THAT MATTER – International Data Privacy/Protection JILL L. UREY, ASSISTANT GENERAL COUNSEL MID-ATLANTIC CIO FORUM NOVEMBER 20, 2014.

THE CHOICES WE MAKE THAT MATTER – International Data Privacy/Protection JILL L. UREY, ASSISTANT GENERAL COUNSEL MID-ATLANTIC CIO FORUM NOVEMBER 20, 2014.
Attorney at the Bars of Paris and Brussels Database exploitation & Data protection Thibault Verbiest Amsterdam 1 April 2005

Attorney at the Bars of Paris and Brussels Database exploitation & Data protection Thibault Verbiest Amsterdam 1 April 2005
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.

 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
Lawyer at the Brussels Bar Lecturer at the University of Strasbourg Assistant at the University of Brussels Data Protection & Electronic Communications.

Lawyer at the Brussels Bar Lecturer at the University of Strasbourg Assistant at the University of Brussels Data Protection & Electronic Communications.

Similar presentations

Ads by Google