Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright JNT Association 20071 Federated Identity and Data Protection Law Andrew Cormack, Eva Kassenaar, Mikael Linden, Walter Martin Tveter.

Published byErick Barker Modified over 9 years ago

Similar presentations

Presentation on theme: "Copyright JNT Association 20071 Federated Identity and Data Protection Law Andrew Cormack, Eva Kassenaar, Mikael Linden, Walter Martin Tveter."— Presentation transcript:

1 Copyright JNT Association 20071 Federated Identity and Data Protection Law Andrew Cormack, Eva Kassenaar, Mikael Linden, Walter Martin Tveter

2 Copyright JNT Association 20072 Which Law? Directive 95/46/EC –Processing of personal data allowed when Required to perform contact with data subject, or Required to satisfy legal duty, or If data subject gives free, informed consent –And does not withdraw it –Different conditions apply to each of these NB National laws may vary this a bit

3 Copyright JNT Association 20073 What does it mean for FAM? FAM can be a good thing IF it satisfies the relevant conditions –Which look like good practice anyway… –See next two slides Which use RFC-speak... And not too much law-speak…

4 Copyright JNT Association 20074 Identity Providers Must identify which services are necessary for education/research –Must consider whether personally identifiable information is necessary for those services, or whether anonymous identifiers or attributes are sufficient; –Must inform users what information will be released to which service providers, for what purpose(s). –May release that necessary personally identifiable information to those services; May seek users’ informed, free consent to release personal data to other services that are not necessary for education/research –Must inform users what information will be released to which service providers, for what purpose(s); –Must maintain records of individuals who have consented; –Must allow consent to be withdrawn at any time; –Must only release personal information where consent is currently in effect. Should have a data processor/data controller agreement with all service providers to whom personally identifiable data is released. Must ensure adequate protection of any data released to services outside the European Economic Area.

5 Copyright JNT Association 20075 Service Providers Must consider whether personally identifiable information is necessary for their service, or whether anonymous identifiers or attributes can be used; –Should obtain that information from home organisations; –Should have a data processor/data controller agreement with all home organisations from whom personally identifiable data is obtained; –If no such agreement is in place, must inform users what personal information will be obtained, by which service providers, for what purpose(s). May request personal information from users –Must inform users what information will be released to which service providers, for what purpose(s); –Must ensure that users who do not provide information are not unreasonably disadvantaged; –Must maintain records of individuals who have consented; –Must allow consent to be withdrawn at any time; Must cease processing data when consent is withdrawn

6 Copyright JNT Association 20076 What next? Keep this, in case we’re challenged? Publish it for information (not advice)? Get it validated by authorities? Something else?

Download ppt "Copyright JNT Association 20071 Federated Identity and Data Protection Law Andrew Cormack, Eva Kassenaar, Mikael Linden, Walter Martin Tveter."

Similar presentations

PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR

PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR
NIGB Legal requirements for use of personal data in research OnCore UK / NRES Training workshop Ethical Principles relating to consent for use of samples.

NIGB Legal requirements for use of personal data in research OnCore UK / NRES Training workshop Ethical Principles relating to consent for use of samples.
NATIONAL INFORMATION GOVERNANCE BOARD

NATIONAL INFORMATION GOVERNANCE BOARD
DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.
THE FOLLOWING SLIDES EXPLAIN THE REQUIRED ELEMENTS THAT MUST BE INCLUDED FOR A HIPAA AUTHORIZATION TO BE VALID HIPAA Authorizations.

THE FOLLOWING SLIDES EXPLAIN THE REQUIRED ELEMENTS THAT MUST BE INCLUDED FOR A HIPAA AUTHORIZATION TO BE VALID HIPAA Authorizations.
Innovation through participation Attributes Release Working Group European data protection directive REFEDS meeting 22th Apr, 2012

Innovation through participation Attributes Release Working Group European data protection directive REFEDS meeting 22th Apr, 2012
DATA PROTECTION and Research University Research Ethics Committee – 08.05.2006 David Cauchi Office of the Data Protection Commissioner.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.
Data Protection & Freedom of Information The Practical Implications of Data Protection and Freedom of Information Caroline Dominey Data Protection Officer.

Data Protection & Freedom of Information The Practical Implications of Data Protection and Freedom of Information Caroline Dominey Data Protection Officer.
Cooperative Research IRB Brownbag, 3/4/08. ISU Policy Cooperative research projects are those projects which involve more than one institution. The official.

Cooperative Research IRB Brownbag, 3/4/08. ISU Policy Cooperative research projects are those projects which involve more than one institution. The official.
Data Protection Data Protection Acts 1988 & 2003 Directive 95/46/EC Privacy.

Data Protection Data Protection Acts 1988 & 2003 Directive 95/46/EC Privacy.
8 Criteria for IRB Approval of Research 45 CFR 46.111(a)

8 Criteria for IRB Approval of Research 45 CFR (a)
4/3/20011 Ethics in Special Education Assessment and Testing and Maintenance of Student Information.

4/3/20011 Ethics in Special Education Assessment and Testing and Maintenance of Student Information.
Www.nationalsmartcardproject.org.uk www.scnf.org.uk National Smartcard Project Work Package 8 – Information Law Report.

National Smartcard Project Work Package 8 – Information Law Report.
An overview of the Data Protection Act 1998. Legal framework The Data Protection Act 1998 came into force in March 2001, replacing the Data Protection.

An overview of the Data Protection Act Legal framework The Data Protection Act 1998 came into force in March 2001, replacing the Data Protection.
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.

 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
The Legal Framework Can you work out which slide each bullet point should go on?!

The Legal Framework Can you work out which slide each bullet point should go on?!
Workshop on Health Examination Surveys (HES) Legal and ethical issues Susanna Conti, M. Kanieff, G. Rago Istituto Superiore di Sanità (ISS) (National Public.

Workshop on Health Examination Surveys (HES) Legal and ethical issues Susanna Conti, M. Kanieff, G. Rago Istituto Superiore di Sanità (ISS) (National Public.
Data protection supervision authority’s practice concerning exception provided in par. 2 of article 5 of Directive 2002/58/EC DIJANA ŠINKŪNIENĖ State Data.

Data protection supervision authority’s practice concerning exception provided in par. 2 of article 5 of Directive 2002/58/EC DIJANA ŠINKŪNIENĖ State Data.
Computers, the law and ethics  Lesson Objective: Understand some of the legal & ethical issues in developing computer systems  Learning Outcome: Know.

Computers, the law and ethics  Lesson Objective: Understand some of the legal & ethical issues in developing computer systems  Learning Outcome: Know.
Guidelines for data preparation - ESRC Datasets Policy Louise Corti ESDS/UKDA Social Science Data Archives for Social Historians: creating, depositing.

Guidelines for data preparation - ESRC Datasets Policy Louise Corti ESDS/UKDA Social Science Data Archives for Social Historians: creating, depositing.

Similar presentations

Ads by Google