1 Privacy and Personal Data Protection: Legal Context and Social Perception Estelle De Marco Inthemis FIA 2011 Budapest Economics of Privacy Wednesday 18 May 2011
2 Privacy (12 UDHR, 17 ICCPR, 8 ECHR, 7 EU Charter, Constitutions, civ. and crim. Laws) Protected spheres and aspects: Privacy, home, family, correspondances / honour and reputation Secret / freedom Content Concept that suffers from «an embarrassment of meanings»  «Right to be left alone» , «to make decisions into his zone of privacy»  Concept that «cannot be understood independently from society»  More precise definitions: e.g. F. Terré (identity, origins, health, moral/(extra)conjugal, fam. life, friendship, participation in private assembly)  More extensive ECHR: ex. relations with the outside world, even professional; selfdetermination; personal autonomy; own personality development  Proposed definition: whole set of pieces of pers. information that have their subject as common denominator, their private nature being determined according to the legitimacy or illegitimacy of third parties controlling it (knowledge/transcription/divulgation)  Personal Data protection (8 ECHR, 8 EU Charter, Conv. 108, Dir 1995/46, Dir. 2002/58 mod. 2009/136) : personal data are elements of private life, even disclosed/processed  D. J. Solove;  S. Warren and L. Brandeis;  USA Supreme Court;  F. Terré;  E Court HR;  E. De Marco.
3 Personal Data Protection: Dir. 95/46/EC 2002/58/EC modif. 2009/136/EC Criteria of application of EU and National laws : Establishment Use of processing means (including user s terminals + software mobile phone, calculating facilities, java scripts, cookies to store and retrieve pers. data.. WP 179)  Conditions for collecting/processing personal data: The data subject has unambiguously given his prior consent, o Unless legitimate interest pursued by the controller or 3 rd party interest which cannot override user s rights o Imperative for: Processing traffic data for marketing purposes or added value services Using location data (general terms & conditions: not enough, WP 115 ) Sending direct marketing communications using (or not) automatic calling machines (unless similar products/services) Sending any cookie (browsers predetermined to accept: not enough, WP 171, ) Collecting sensitive data, unless P.D. manifestly made public by the subject; separate opt in consent if through cookies ) Transfering PD to 3 rd countries that do not ensure an adequate level of protection
4 Personal Data Protection: Dir. 95/46/EC 2002/58/EC modif. 2009/136/EC Consent must be informed (at least controller s identity, purposes) Cookies and use of location data extended imperative information; for instance: identity of the serving and collecting entity / creation of a profile to serve targ. ads  Collection for specified, explicit, legitimate purposes prohibition of further processing in an incompatible way Ex. behavioural advertising > impossible to enrich with other information Data quality: processed fairly and lawfully; adequate, relevant and not excessive; accurate and keep up to date Data kept for no longer than is necessary Location data: should not be stored once the service has been provided (WP 115)  Right of access, of erasure, to object: Compelling legitimate grounds or for direct marketing purposes Use of location data / processing of traffic data for marketing purposes / cookies Direct marketing communication: opportunity to object each time Obligation to notify the supervisory authority Obligations of security and confidentiality
5 Internet users perception of privacy / privacy commercial exploitation Perceptions vs legal definitions  Personal data: affective link, different data depending on the individual Privacy: value of freedom (secret/autonomy), intimacy, dignity, subjectivity Tendencies Different classes: e.g. reluctants, disinterested, negociators, friendly [11, 12] Fears: hack. > whoever > commerc. (61% 75%) > State > colleagues > fam. [13, 14] More positive attitude when informed about collection/follow up, prior consent and right to object, confidence in the enterprise, secured environment   Sensitive info. more easily disclosed where a benefit is expected [7, 10]; variables influencing seek advantages: cultural, behavioural, socio demographics, experience...  23% of users are ready to monetize their data  less than 20% are ready to choose a feepaying model without advertising [15, SN] compar.: more knowledgeable people seem to be the ones who release the more added value information (ex.  y. o., young male managers) but they seem to see those information as «lessprivate»thanother data ( and postal address, phone, private photos ) [10, 11, 12] C. Lancelot Miltgen;  Survey TNS/Sofres for Microsoft;  Survey Ninjam/Iligo;  ETO/Market Audit
6 References  D. J. Solove, A taxonomy of privacy, University of Pennsylvania Law Review, vol. 154, n 3, Jan  S. Warren and L. Brandeis, "The right to privacy ", Harvard Law Review, vol. IV, 15 Dec. 1890, n 5.  USA Supreme Court, 1965; see P. Tabatoni, "avant propos", in La protection de la vie privée dans la société de l information, dir. P. Tabatoni, tome 1, cahier des sciences morales et politiques, PUF, 1 st ed., Jan. 2002, p. 4.  F. Terré, "la vie privée" in La protection de la vie privée dans la société de l information, dir. of P. Tabatoni, tome 3, PUF, janv. 2002, pp  Niemietz v. Germany, judgment of 16 December 1992, Series A no. 251 B; Copland v. the United Kingdom, n 62617/00, 3 April 2007; Pierre Kayser, La protection de la vie privée par le droit, PU d'aix Marseille/Economica, 3 rd ed., 1995, page 45, referring to the decision X. v. Island, decision of the Commission, 18 May 1976, year 1976, req. n 6825/74, page 343; P.G. and J.H. v. the United Kingdom, no /98, ECHR 2001, IX, 56, Series A, n 280 B, p. 28, 24; Key case law issues, the concepts of "private and family life", European Court of Human Rights, 24/01/2007, referring to Pretty v. The United Kingdom, n 2346/02, ECHR 2002, III, 61, 67.  E. De Marco, L anonymat sur Internet et le droit, thesis, UM1, 2005, ANRT (ISBN: ; Ref.: 05MON10067).  Article 29 Data Protection Working Party, Opinion 8/2010 on applicable law, 16 December 2010, WP179.
7 References  Article 29 Data Protection Working Party, Opinion on the use of location data with a view to providing value added services, November 2005, WP 115.  Article 29 Data Protection Working Party, Opinion 2/2010 on online behavioural advertising, 22 June 2010, WP 171.  C. Lancelot Miltgen, "Vie privée et Internet: influence des caractéristiques individuelles et situationnelles sur les attitudes et les comportements des internautes face àla collecte des données personnelles", cahier de recherche DMSP n 317 et actes du congrès AFM Tunis 2003,  C. Lancelot Miltgen et C. Gauzente, "Vie privée et partage de données personnelles en ligne : une approche typologique", cahier de recherche DMSP n 356, april 2006,  C. Lancelot Miltgen, "Dévoilement de données personnelles et contreparties attendues en e commerce : une approche typologique et interculturelle", Système d information et management (SIM), vol. 15, n 4, dec. 2010, pp  Survey TNS/Sofres for Microsoft, May 2010, sofres.com/points devue/612b63531dcf46f9b9fc7c2b49480f04.aspx.  Ninjam/Iligo, Etude sur le rapport des internautes français àla confidentialité des données numériques, 23/11/2010.  ETO and Market audit, Baromètre de l intrusion, 2010.
DIRECTORATE GENERAL FOR INTERNAL POLICIES POLICY DEPARTMENT C: CITIZENS' RIGHTS AND CONSTITUTIONAL AFFAIRS CIVIL LIBERTIES, JUSTICE AND HOME AFFAIRS Protection of Personal Data in Work-related Relations
ARTICLE 29 Data Protection Working Party 00451/06/EN WP 118 Working Party 29 Opinion 2/2006 on privacy issues related to the provision of email screening services Adopted on 21 February 2006 This Working
Council of the European Union Brussels, 19 December 2014 (OR. en) Interinstitutional File: 2012/0011 (COD) 15395/14 LIMITE NOTE From: To: No. prev. doc.: DATAPROTECT 165 JAI 860 MI 965 DRS 167 DAPIX 167
EUROPEAN COMMISSION Brussels, 25.1.2012 COM(2012) 11 final 2012/0011 (COD) Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of individuals with regard to the processing
EXPLANATORY MEMORANDUM FEDERATION OF EUROPEAN DIRECT MARKETING EUROPEAN CODE OF PRACTICE FOR THE USE OF PERSONAL DATA IN DIRECT MARKETING FEDMA represents the direct marketing sector at the European level.
ARTICLE 29 DATA PROTECTION WORKING PARTY 1676/13/EN WP 208 Working Document 02/2013 providing guidance on obtaining consent for cookies Adopted on 2 October 2013 This Working Party was set up under Article
Data protection Personal information online code of practice On 26 May 2011, the rules on using cookies changed. This guidance reflects the law before that date. Our advice on the new cookies Regulations
Corporate Policy. Data Protection for Data of Customers & Partners. 02 Preamble Ladies and gentlemen, Dear employees, The electronic processing of virtually all sales procedures, globalization and growing
Freedom of information guidance Exemptions guidance Section 41 Information provided in confidence 14 May 2008 Contents Introduction 2 What information may be covered by this exemption? 3 Was the information
International Working Group on Data Protection in Telecommunications 675.48.12 Working Paper on Big Data and Privacy Privacy principles under pressure in the age of Big Data analytics 55th Meeting, 5 6
101010 100101 1010 101 Factsheet on the Right to be 100 Forgotten ruling (C-131/12) 101 101 1) What is the case about and what did 100 the Court rule? 10 In 2010 a Spanish citizen lodged a complaint against
2011 CONSUMER U.S. INTELLECTUAL DATA PRIVACY PROPERTY ENFORCEMENT IN A NETWORKED COORDINATOR WORLD: COVER ANNUAL TITLE REPORT HERE ON A FRAMEWORK FOR PROTECTING PRIVACY INTELLECTUAL AND PROMOTING PROPERTY
20.6.2012 Official Journal of the European Union C 177/1 I (Resolutions, recommendations and opinions) OPINIONS EUROPEAN DATA PROTECTION SUPERVISOR Opinion of the European Data Protection Supervisor on
Data Protection Policy. Data Protection Policy Foreword 2 Foreword Ladies and Gentlemen, In the information age, we offer customers the means to be always connected, even in their cars. This requires data
Privacy Level Agreement Working Group Privacy Level Agreement Outline for the Sale of Cloud Services in the European Union February 2013 The PLA Outline has been developed within CSA by an expert working
845(E) Joint Recommendation Concerning Provisions on the Protection of Marks, and Other Industrial Property Rights in Signs, on the Internet (with Explanatory Notes) Adopted by the Assembly of the Paris
ARTICLE 29 DATA PROTECTION WORKING PARTY 01037/12/EN WP 196 Opinion 05/2012 on Cloud Computing Adopted July 1 st 2012 This Working Party was set up under Article 29 of Directive 95/46/EC. It is an independent
Data protection Anonymisation: managing data protection risk code of practice 2 xx Contents 3 Contents Information Commissioner s foreword 4 Appendix 1 Glossary 48 1. About this code 6 2. Anonymisation
AFRICAN UNION CONVENTION ON CYBER SECURITY AND PERSONAL DATA PROTECTION EX.CL/846(XXV) AFRICAN UNION UNION AFRICAINE UNIÃO AFRICANA P.O. Box: 3243, Addis Ababa, Ethiopia, Tel.: +251-115 18 24 02 Fax: +251-115
Australian Code for the Responsible Conduct of Research REVISION OF THE JOINT NHMRC/AVCC STATEMENT AND GUIDELINES ON RESEARCH PRACTICE AUSTRALIAN CODE FOR THE RESPONSIBLE CONDUCT OF RESEARCH [This Code
Public Sector Data Sharing: Guidance on the Law Section 1 - Introduction Section 2 - Overview of existing legal framework Section 3 - Power to share data Section 4 - The Data Protection Act 1998 Section
The Guide to Data Protection Contents Introduction 1 Key definitions of the Data Protection Act 4 The Data Protection Principles 19 1. Processing personal data fairly and lawfully (Principle 1) 20 2. Processing
Council of the European Union Brussels, 27 April 2015 (OR. en) Interinstitutional File: 2013/0309 (COD) 8337/15 LIMITE TELECOM 97 COMPET 169 MI 268 CONSOM 68 CODEC 603 NOTE From: Presidency To: Delegations
The International Labour Organization The International Labour Organization was founded in 1919 to promote social justice and, thereby, to contribute to universal and lasting peace. Its tripartite structure
Implications of the European Commission s proposal for a general data protection regulation for Final report to the Information Commissioner s Office Prepared by May 2013 About is one of Europe's leading