Presentation is loading. Please wait.

Presentation is loading. Please wait.

INFOBALT, Vilnius, 21 October 2002 1 Data protection and smart cards Karel Neuwirt The Office for Personal Data Protection The Office for Personal Data.

Published byHugo Dickerson Modified over 9 years ago

Similar presentations

Presentation on theme: "INFOBALT, Vilnius, 21 October 2002 1 Data protection and smart cards Karel Neuwirt The Office for Personal Data Protection The Office for Personal Data."— Presentation transcript:

1 INFOBALT, Vilnius, 21 October 2002 1 Data protection and smart cards Karel Neuwirt The Office for Personal Data Protection The Office for Personal Data Protection Czech Republic

2 It is no accident that the European approach to protecting personal data is nowadays most widely accepted, from the countries of Central and Eastern Europe to Canada, and from various countries in the Asia-Pacific area to Latin America, where safeguarding privacy is receiving a great deal of attention in the form of laws that make explicit reference to the systems of rules that have been adopted in Europe. Romano Prodi President of the EC, 2002

3 INFOBALT, Vilnius, 21 October 20023 … also potential risks involved in the use of new information technologies for both individuals and society. A clear regulatory framework will help to promote the opportunities and minimize risks. Governments need to co-operate in the international arena to this end… Guy de Vel Director General of Legal Affairs, 2002

4 INFOBALT, Vilnius, 21 October 20024 History of Privacy The Bible has numerous references to privacy 1361 – the Justice of the Peace Act (England) 1776 – Access to Public Record (Sweden) 1858 – prohibition the publication of private facts (France) 1889 – prohibition the publication of information relating to “personal or domestic affairs” (Norway)

5 INFOBALT, Vilnius, 21 October 20025 History of Data Protection  G. Orwell – “1984” - 1948 (Big Brother world)  Interest in the right of privacy increased in the 1960s and 1970s – advanced of information technology  Land of Hesse (Germany 1970) – the first data protection law in the world  Sweden (1973), Germany (1977), France (1978)

6 INFOBALT, Vilnius, 21 October 20026 Smart cards  Plastic card carried some personal data  Diners Club, 1950  Bank of America, credit card, 1960  Patent of Ronald Moreno, 1974  Bull memory card, 1985  ORGA multifunctional processor card

7 INFOBALT, Vilnius, 21 October 20027 Technology ? Key or carrier of data ?  Plastic card (data on surface)  Magnetic strip  Memory  Microprocessor  Laser memory  Cryptographic chip different level of data protection

8 INFOBALT, Vilnius, 21 October 20028 Smart card applications - authentication of authorized personnel - support legally recognized electronic signatures - citizen electronic identity card - social security identification of insured pers. - health passport card - local services (transport, loyalty, leisure …)

9 INFOBALT, Vilnius, 21 October 20029 Smart cards are - sensibly standardized - secure - really personal - portable - familiar to user - largely able for customization - widely offered on the market - without credible competition EC-Enterprise DG, 2002 EC-Enterprise DG, 2002

10 INFOBALT, Vilnius, 21 October 200210 Security framework Technology security: reliability, technical solutions, quality of components used in system, resistant to breakdowns and attacks. Implementation of international norms and standards defined by CEN and ISO Application security: security level in whole system (application). Risk management. Risk analysis.

11 INFOBALT, Vilnius, 21 October 200211 Protection of data is a fundamental issue for success is a fundamental issue for success of the application of the application - authorization access right to data - authorization access right to data - protection against unauthorized reading, modification, misuse - protection against unauthorized reading, modification, misuse - appropriate legislation - appropriate legislation - ethical issues - ethical issues

12 INFOBALT, Vilnius, 21 October 200212 Council of Europe Report on the protection of personal data with regard to the use of smart cards : www.coe.int/T/E/Legal_affairs/Legal_co- operation/Data_protection/ www.coe.int/T/E/Legal_affairs/Legal_co- operation/Data_protection/ Guiding Principles for the Protection of Personal Data with Regard to the Use of Smart Cards working document, CJ-PD, 2002 working document, CJ-PD, 2002

13 INFOBALT, Vilnius, 21 October 200213 Key factors National legal frame Council of Europe and EU legislation Council of Europe and EU legislation Acceptance of all “players” – card holder, Acceptance of all “players” – card holder, card issuer, card users card issuer, card users Technology – user friendly and secure Technology – user friendly and secure technology technology High protected personal data High protected personal data

14 INFOBALT, Vilnius, 21 October 200214 Legislation Domestic data protection laws Convention 108 and Council of Europe Recommendations Convention 108 and Council of Europe Recommendations Directive 95/46/EC Directive 95/46/EC Directive 2002/58/EC Directive 2002/58/EC

15 INFOBALT, Vilnius, 21 October 200215 National legislation Collecting and processing personal data in systems which use smart cards should respect all the principles of personal data protection established by national legislation

16 INFOBALT, Vilnius, 21 October 200216 Legislation - Europe  Convention for the Protection of Human Rights and Fundamental Freedoms (Rome, 1950)  Convention for the Protection of Individuals with regard to the Automatic Processing of Personal Data (ETS 108, 1981)

17 INFOBALT, Vilnius, 21 October 200217 Legislation - Europe  Directive on the Protection of Individuals with regard to the Processing of Personal Data and on the Free Movement of such Data ( 95/46/EC, 1995 ) ( 95/46/EC, 1995 )  Directive on privacy and electronic communications ( 2002/58/EC, 2002)

18 INFOBALT, Vilnius, 21 October 200218 Convention 108 The 1 st legally binding international data protection instrument Strasbourg 28 January 1981 Article 8 Human Right Convention Ratification – all EU countries + Bulgaria, Czech Republic, Estonia, Hungary, Latvia, Lithuania, Poland, Romania, Slovakia, Slovenia Schengen acquis

19 INFOBALT, Vilnius, 21 October 200219 Additional Protocol  Additional Protocol to the Convention 108 regarding supervisory authorities and transborder data flows ETS no. 181 – 8.11.2001  Signature – 18 countries Slovakia, Lithuania, Czech Republic  Ratification – Sweden, Slovakia

20 INFOBALT, Vilnius, 21 October 200220 Directive 95/46/EC  Free internal market  Development of the information society  Remove obstacles to the free movement of the data but respect fundamental human rights but respect fundamental human rights  Harmonize national provisions in DP

21 INFOBALT, Vilnius, 21 October 200221 Directive 95/46/EC – cont. Applies to any operation or set of operations which is performed upon personal data – processing Personal data – the data relating to any identified or identifiable individual – data subject Controller – determines the purposes and the means of processing

22 INFOBALT, Vilnius, 21 October 200222 Directive 2002/58/EC Concerning processing of personal data and the protection of privacy in the electronic communications sectors (Directive on privacy and electronic communications) /repealed and replaced the Directive 97/66/EC/ /repealed and replaced the Directive 97/66/EC/ - Translates Directive 95/46/EC principles into the telecommunication sector - Unsolicited communications : opt-in (prior consent)

23 INFOBALT, Vilnius, 21 October 200223 eEurope Smart Card  Electronic cards – significant role in the information society  EU Conference in Lisbon – smart card in the framework of the eEurope 2000: An Information Society for All  More about the eESC – see presentation of Lutz Martiny, Chairman

24 INFOBALT, Vilnius, 21 October 200224 Specific risks  Increasing volume of data – attack against the card  Recording and processing of sensitive personal data  Payment operation  Health card

25 INFOBALT, Vilnius, 21 October 200225 Access to data Access by a cardholder – how to realize – how to realize Access by a third party – how to prevent – how to prevent Software level security - cryptography

26 INFOBALT, Vilnius, 21 October 200226 Data protection  Smart card and memory card  Contact and contactless card  Privacy Enhanced Technology (PET)  Specific risks in different applications

27 INFOBALT, Vilnius, 21 October 200227 Guiding Principles 12 Principles for the protection of individuals addressed to everyone in smart card application - SC issuer, project designer, managers, operators, and cardholder addressed to everyone in smart card application - SC issuer, project designer, managers, operators, and cardholder Principles for lawfully and fairly data collection and processing Application of Convention 108 principles Application of Convention 108 principles

28 INFOBALT, Vilnius, 21 October 200228 Guiding Principles – cont. SC processing of identification data, “ordinary” personal data and sensitive data Cardholder (data subject) rights Traces of use of smart card Biometric data

29 INFOBALT, Vilnius, 21 October 200229 Relevant CoE documents Recommendations : R(99)14 – on universal community service concerning new communication and information services R(99)5 – for the protection of privacy on the Internet R(97)5 – on the protection of medical data R(95)4 – on the protection of personal data in the area of telecommunication services with particular reference to telephone services R(90)19 – on the protection of personal data used for payment and other related operations

30 INFOBALT, Vilnius, 21 October 200230 Relevant CoE documents R(89)2 – on the protection of personal data used for employment purposes R(86)1 – on the protection of personal data used for social security purposes R(85)20 – on the protection of personal data used for the purposes of direct marketing Draft Recommendation R(2002)… on the protection of personal data collected and processed for insurance purposes

31 INFOBALT, Vilnius, 21 October 200231 Legislation - Europe  Recommendations of Council of Europe  Decision of the European Commission  Working Party according the Article 29 (WP 29)  Judgments of the European Court of Human Rights (Strasbourg)  Conference of the European Commissioners for Data Protection (2001-Athens, 2002-Bonn)  Berlin Group (data protection in telecommunication sector)  CEE and Baltic countries meetings (2002- Prague, Vilnius)

32 INFOBALT, Vilnius, 21 October 200232 CEEC web  http://www.ceecprivacy.org Legal instruments Discussion forum Links to CEEC webs

33 INFOBALT, Vilnius, 21 October 200233 Thank you for your attention The Office for Personal Data ProtectionThe Office for Personal Data Protection Havelkova 22, CZ-130 00 Prague 3 Havelkova 22, CZ-130 00 Prague 3 Czech Republic Czech Republic tel.: +420 22100 8288 tel.: +420 22100 8288 fax: +420 22271 8943 fax: +420 22271 8943 info@uoou.cz info@uoou.cz http:// www.uoou.cz http:// www.uoou.cz

Download ppt "INFOBALT, Vilnius, 21 October 2002 1 Data protection and smart cards Karel Neuwirt The Office for Personal Data Protection The Office for Personal Data."

Similar presentations

Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Data Protection Billy Hawkes Data Protection Commissioner Irish Human Rights Commission 20 November 2010.

Data Protection Billy Hawkes Data Protection Commissioner Irish Human Rights Commission 20 November 2010.
The Oviedo Convention from the Perspective of DG Research Dr. Lino PAULA European Commission DG Research, Governance and Ethics Unit.

The Oviedo Convention from the Perspective of DG Research Dr. Lino PAULA European Commission DG Research, Governance and Ethics Unit.
THE POSITION OF JOBSEEKERS Paul Minderhoud Centre for Migration Law Coordinator Network on Free Movement of Workers.

THE POSITION OF JOBSEEKERS Paul Minderhoud Centre for Migration Law Coordinator Network on Free Movement of Workers.
Slide 1 Whois Workshop, ICANN Montreal Meeting Topic, June 2003 Privacy and Data protection consideration of the Whois directories discussion Diana ALONSO.

Slide 1 Whois Workshop, ICANN Montreal Meeting Topic, June 2003 Privacy and Data protection consideration of the Whois directories discussion Diana ALONSO.
The Geopolitics of Personal Data and the Governance of Privacy Colin J. Bennett Department of Political Science University of Victoria BC, Canada www.colinbennett.ca.

The Geopolitics of Personal Data and the Governance of Privacy Colin J. Bennett Department of Political Science University of Victoria BC, Canada
Privacy and security: Is Europe going banana? Jean-Marc Van Gyseghem Head of Unit « Liberties in the information society » CRID – University.

Privacy and security: Is Europe going banana? Jean-Marc Van Gyseghem Head of Unit « Liberties in the information society » CRID – University.
SEPA The Single Euro Payments Area January 2008. SEPA Single Euro Payments Area or Single European Payments Area *) A single market for payment transactions.

SEPA The Single Euro Payments Area January SEPA Single Euro Payments Area or Single European Payments Area *) A single market for payment transactions.
The rights of people with disabilities: the Council of Europe approach Zero Project Conference 2015 The rights of people with disabilities: the Council.

The rights of people with disabilities: the Council of Europe approach Zero Project Conference 2015 The rights of people with disabilities: the Council.
Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Enforcement in the field of data protection

Enforcement in the field of data protection
Republic of Moldova: general presentation Geographical position: South-Eastern Europe Territory: 33,8 thousand км 2 (situated between the Danube, Prut.

Republic of Moldova: general presentation Geographical position: South-Eastern Europe Territory: 33,8 thousand км 2 (situated between the Danube, Prut.
Instituto de Acceso a la Información Pública del Distrito Federal

Instituto de Acceso a la Información Pública del Distrito Federal
Email Marketing - Best Practice from a Legal Point of View Yvonne Cunnane - Information Technology Law Group 30 November 2006.

Marketing - Best Practice from a Legal Point of View Yvonne Cunnane - Information Technology Law Group 30 November 2006.
IT security seminar Copenhagen, April 4th 2002 M. Jean-Michel HUBERT Chairman of the French Regulation Authority IRG Chairman.

IT security seminar Copenhagen, April 4th 2002 M. Jean-Michel HUBERT Chairman of the French Regulation Authority IRG Chairman.
COMMISSION FOR PERSONAL DATA PROTECTION 14 TH Meeting, CEEDPA 20-21 may, Kyiv LEGAL FRAMEWORK FOR DATA PROTECTION, COMPETENCES AND PRIORITIES OF THE COMMISSION.

COMMISSION FOR PERSONAL DATA PROTECTION 14 TH Meeting, CEEDPA may, Kyiv LEGAL FRAMEWORK FOR DATA PROTECTION, COMPETENCES AND PRIORITIES OF THE COMMISSION.
EUROPEAN UNION. Basic info: The European Union is a political-economic union of 28 member states. Motto: “United in diversity” European flag: 12 stars.

EUROPEAN UNION. Basic info: The European Union is a political-economic union of 28 member states. Motto: “United in diversity” European flag: 12 stars.
Access to records in Latvia: legal and practical issues Gatis Karlsons The National Archives of Latvia EBNA/ EAG, Vilnius, October 8-9, 2013.

Access to records in Latvia: legal and practical issues Gatis Karlsons The National Archives of Latvia EBNA/ EAG, Vilnius, October 8-9, 2013.
Oviedo Convention and Its Protocols – Impact on Polish Law International Bioethics Conference Oviedo Convention in Central and Eastern European Countries.

Oviedo Convention and Its Protocols – Impact on Polish Law International Bioethics Conference Oviedo Convention in Central and Eastern European Countries.
Public Voice Symposium, Wroclaw, 13 Sept. 2004 1 Best Practices for DPA’s: The Citizens Perspective Karel Neuwirt The Office for Personal Data Protection.

Public Voice Symposium, Wroclaw, 13 Sept Best Practices for DPA’s: The Citizens Perspective Karel Neuwirt The Office for Personal Data Protection.

Similar presentations

Ads by Google