Download presentation
Presentation is loading. Please wait.
Published byAva O'Rourke Modified over 11 years ago
1
PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR
Bart van der Sloot Institute for Information Law University of Amsterdam
2
Tension Tension between private and public
Interests Rights Distinction between access and re-use Access: 10 ECHR & transparency government Re-use: mostly commercial interest Distinction between collection and distribution Collection by government to fulfill their tasks Distribution from government to third party
3
PSI & DP PSI-Directive Recital (21): “This Directive should be implemented and applied in full compliance with the principles relating to the protection of personal data in accordance with Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and of the free movement of such data.” Article 1, §4: “This Directive leaves intact and in no way affects the level of protection of individuals with regard to the processing of personal data under the provisions of Community and national law, and in particular does not alter the obligations and rights set out in Directive 95/46/EC.” And Article 2, §5: “‘personal data’ means data as defined in Article 2(a) of Directive 95/46/EC.” full compliance with the principles relating to the protection of personal data in accordance with Directive 95/46/EC no way affects the level of protection of individuals with regard to the processing of personal data
4
Topics Personal data Fairly and lawfully Legitimate purpose
Information Rights Duties
5
Personal data Data relating to an identified or identifiable natural person ('data subject'); an identifiable person is one who can be identified, directly or indirectly Anonymization Direct personal Indirect data > Groups (geographical information, group profiling) Privacy by design
6
Fairly and Lawfully (2 times)
personal data must be collected for specified, explicit and legitimate purposes not further processed if incompatible with original purposes adequate, relevant and not excessive kept no longer than is necessary Who is responsible?
7
Who is responsible? Ground (2 times) data subject unambiguous consent;
Opt in - Opt out (freely given, specific and informed) Processing necessary for the public interest Commercial (prohibitions) - Non commercial Non sensitive – Sensitive (race, sex, political, religion) legitimate interests pursued except where privacy interest overridden: WP: Case by case Commercial (prohibitions)- Non Commercial Non sensitive - Sensitive Who is responsible?
8
Information (2 times) Who is responsible?
no later than when the data are first disclosed the identity of the controller the purposes of the processing; the categories of data concerned; the recipients or categories of recipients; the existence of the rights. Who is responsible?
9
Rights (2 times) Who is responsible? Right of access & information
Right of rectification, erasure or blocking Right of notification to third parties to whom the data have been disclosed of any rectification, erasure or blocking unless disproportionate. Right to object, especially in case of grounds of public interest and third party interest. Who is responsible?
10
Duties (2 times) Who is responsible? Confidentiality of processing
Security of processing Transfer to a third country of personal data only if the third country in question ensures an adequate level of protection. Who is responsible?
11
Who is responsible? 'processor' anybody that processes personal data on behalf of the controller; - No Duties 'controller' anybody who alone or jointly with others determines the purposes and means of the processing of personal data Third party requesting re-use = controller (Fairly &Lawfully, Grounds, Information, Rights, Duties) Government is responsible: Original controller Provider Legislator & enforcer
12
Problem? full compliance with the principles relating to the protection of personal data in accordance with Directive 95/46/EC no way affects the level of protection of individuals with regard to the processing of personal data
13
Proposal Access: right of privacy - right of access
Re-use: No right - Economical asset. Two times minimum harmonization Clarification might be necessary In Data Protection Directive In Public Sector Information Directive In Code of Conduct In Best current practices Academic debate
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.