Presentation is loading. Please wait.

Presentation is loading. Please wait.

Legislative Response to Data Inferences

Published byΔημόκριτος Αποστολίδης Modified over 5 years ago

Similar presentations

Presentation on theme: "Legislative Response to Data Inferences"— Presentation transcript:

1 Legislative Response to Data Inferences
Jody Blanke Mercer University CALSB 2019 Halifax

2 Minority Report

3 J. P. Martin - Canadian Tire

4 Don’t Even Think About Buying One of These

5 And Be Careful About Buying These

6 Congratulations, You’re Pregnant!

7 Basic Fair Information Principles
Notice/Awareness Choice/Consent Access/Participation Integrity/Security Enforcement/Redress

8 Before Google Became Evil

9 OECD Privacy Principles
Collection Limitation Principle Data Quality Principle Purpose Specification Principle Use Limitation Principle Security Safeguards Principle Openness Principle Individual Participation Principle Accountability Principle

10 GDPR – Basic Principles (Art. 5)
1. Personal data shall be: (a) processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’); (b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; (‘purpose limitation’); (c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’); (d) accurate and, where necessary, kept up to date; (‘accuracy’); (e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; (‘storage limitation’); (f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).

11 GDPR – Key Definitions ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; ‘profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

12 New Privacy Battlefronts
Profiling Algorithm transparency Data inferences

13 California Consumer Privacy Act
“Personal information” means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal information includes, but is not limited to, the following if it identifies, relates to, describes, is capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular consumer or household:

14 CCPA – Personal information includes:
(A) Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier Internet Protocol address, address, account name, social security number, driver’s license number, passport number, or other similar identifiers. . (D) Commercial information . . . (E) Biometric information. (F) Internet or other electronic network activity information . . . (G) Geolocation data. (H) Audio, electronic, visual, thermal, olfactory, or similar information. (I) Professional or employment-related information. (J) Education information . . . (K) Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

15 CCPA – Infer or inference
“Infer” or “inference” means the derivation of information, data, assumptions, or conclusions from facts, evidence, or another source of information or data.

16 What Does This All Mean?

17 CCPA as Model Legislation
Eight states have introduced legislation based largely upon the CCPA Five states include a broad definition of personal information, complete with the inferences drawn item Mississippi (died in committee) New Mexico North Dakota (language replaced with a one-year study of consumer data) Rhode Island Texas Two states include a broad definition of personal information, but without detailed examples, i.e., no inferences drawn item Maryland Massachusetts Hawaii defines “identifying information” to include “profiles about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, or aptitudes that are created from inferences from any other information collected from a consumer.”

18 Other Legislation Washington’s bill borrows language from both the CCPA and the GDPR It has GDPR-like rights of access, deletion, correction, purpose limitation, and storage limitation. It also addresses the principles of transparency and accountability. Its “targeted advertising” definition refers to an advertisement that is “selected based on personal data obtained or inferred over time from a consumer’s” online history A second Texas bill focuses on the processing of personal identifying information on the Internet It has a broad definition of “personal identifying information,” but does not include “inferences” Its definition of “collect” is “buying, renting, gathering, obtaining, receiving, inferring, creating or accessing any personal identifying information pertaining to an individual” It also addresses automated processing and sensitive data

19 Other Legislation Nevada has a bill that would expand its existing law by requiring Internet operators to provide consumers with the right to opt out of the sale of some of the information about the consumer kept by the operator. There is no language about inferences or profiles. New York has a bill that focuses on transparency of the consumer’s information. There is a very broad definition of personal information, but no language about inferences or profiles. It would apply to any entity that does business in New York.

Download ppt "Legislative Response to Data Inferences"

Similar presentations

Administrative Systems and the Law What you need to know to produce an oral presentation for Unit 7 When the presentations will take place Resources you.

Administrative Systems and the Law What you need to know to produce an oral presentation for Unit 7 When the presentations will take place Resources you.
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
TEAM 4 Case Study Mauritius: Mrs Nandini Kissoon-Luckputtya

TEAM 4 Case Study Mauritius: Mrs Nandini Kissoon-Luckputtya
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
DATA PROTECTION and Research University Research Ethics Committee – 08.05.2006 David Cauchi Office of the Data Protection Commissioner.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.
Data Protection & Freedom of Information The Practical Implications of Data Protection and Freedom of Information Caroline Dominey Data Protection Officer.

Data Protection & Freedom of Information The Practical Implications of Data Protection and Freedom of Information Caroline Dominey Data Protection Officer.
1 Pertemuan 7 Points of Exposure Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.

1 Pertemuan 7 Points of Exposure Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview

Data Protection Overview
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.

 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
Health & Social Care Apprenticeships & Diploma

Health & Social Care Apprenticeships & Diploma
EHRs and the European Union – current legislation and future directions. Dr Richard Fitton.

EHRs and the European Union – current legislation and future directions. Dr Richard Fitton.
The Data Protection Act 1998 The Eight Principles.

The Data Protection Act 1998 The Eight Principles.
GEOG3025 Confidentiality and social implications.

GEOG3025 Confidentiality and social implications.
IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.

IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.
Data Protection Corporate training 2012. Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.

Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
The Data Protection Act 1998. What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;

The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;
Legal issues The Data Protection Act 1998. Legal issues What the Act covers The misuse of personal data By organizations and businesses.

Legal issues The Data Protection Act Legal issues What the Act covers The misuse of personal data By organizations and businesses.
Data Protection Property Management Conference. What’s it got to do with me ? As a member of a management committee responsible for Guiding property you.

Data Protection Property Management Conference. What’s it got to do with me ? As a member of a management committee responsible for Guiding property you.
The Data Protection Act 1998. What the Act covers The misuse of personal data by organisations and businesses.

The Data Protection Act What the Act covers The misuse of personal data by organisations and businesses.

Similar presentations

Ads by Google