Privacy and Data Protection (and more) for Big Data
|
|
|
- Phillip Garrett
- 10 years ago
- Views:
Transcription
1 Privacy and Data Protection (and more) for Big Data Marit Hansen Deputy Privacy and Information Commissioner Schleswig-Holstein, Germany Madrid, 25 February 2015
2 Setting of ULD Data Protection Authority (DPA) for both the public and private sector Also responsible for freedom of information Source: en.wikipedia.org/ wiki/schleswig-holstein Privacy and Data Protection for Big Data Source: 2
3 Overview European Data Protection Principles Examples of big data and potential effects Conclusion Privacy and Data Protection for Big Data 3
4 European Data Protection Principles For personal data: Lawfulness, e.g. statutory provision or consent Purpose limitation Necessity Transparency Data subject rights Data security Accountability Data Protection by Design? By Default? Privacy and Data Protection for Big Data 4
5 Data Protection by Design & by Default Data Protection by Design and by Default will be integrated in the upcoming European General Data Protection Regulation (Art. 23) Targeted at: data processors + producers of IT systems Objective: design systems + services from early on, for the full lifecycle a) in a data-minimising way b) with the most data protection-friendly pre-settings Not easy for Big Data if personal data are affected. Privacy and Data Protection for Big Data 5
6 Guidance from the Art. 29 Data Protection Working Party Documents 1. Opinion 03/2013 on Purpose Limitation (WP203, 2013) 2. Opinion 05/2014 on Anonymisation Techniques (WP216, 2014) 3. Statement [ ] on the impact of the development of big data on the protection of individuals [ ] (WP221, 2014) Take-away messages 1. Specified, explicit and legitimate purpose; functional separation; compatibility check for changed purposes 2. Case-by-case; avoid pitfalls; risks not excluded 3. Data protection law is still valid and must not be ignored. Cf. Carmela s Privacy and Data Protection talk for Big on Dataanonymity 6
![Statement [ ] on the impact of the development of big data on the protection of individuals [ ] (WP221, 2014) Take-away messages 1.](/docs-images/44/1843729/images/page_6.jpg "Specified, explicit and legitimate purpose; functional separation; compatibility check for changed purposes 2.")
7 Examples Privacy and Data Protection for Big Data 7
8 Example: Old-fashioned big data: on a legal basis Source: US Census Bureau Privacy and Data Protection for Big Data 8
9 required by law Census: usually anonymised Process is transparent for citizens No simple opt-out Controlled by Parliament Possible: going to court Misuse will be sanctioned Source: Quinn Dombrowski Privacy and Data Protection for Big Data 9
10 Example: combining Internet data Personal data processed, profiling algorithm Individual consequences possible Source: Thierry Gregorius Purpose limitation? Transparency? Data subject rights? Privacy and Data Protection for Big Data 10
11 Consequences for groups of individuals possible: social sorting Example: anonymised big data sorting people Not necessarily regulated in data protection law Transparency? Data subject rights? Fairness? Privacy and Data Protection for Big Data Source: Neubie 11
12 Reasons for not contributing to the data: Poor Old Privacyaware Example: Traffic planning biased data X Effect on decisions? Risk of manipulation? Privacy and Data Protection for Big Data Source: Mehmet Karatay Icons: Axialis Team 12
13 Big data with personal data Conclusion Within the data protection scope: lawfulness, consent, purpose limitation, data subject rights, Big data without personal data (check again: really no personal data?) Not within the data protection scope But maybe with consequences for individuals & society! Need for transparency & possibilities to intervene Currently lack of understanding and reliable concepts quick & dirty must not prevail & persist! Privacy and Data Protection for Big Data 13
14 Thank you for your attention! Marit Hansen
The Art of Intervenability for Privacy Engineering
The Art of Intervenability for Privacy Engineering Marit Hansen Deputy Privacy and Information Commissioner Schleswig-Holstein, Germany [email protected] Workshop Data Protection, Privacy,
The U.K. Information Commissioner s Office Report on Big Data and Data Protection
reau of National Affairs, Inc. (800-372-1033) http://www.bna.com WORLD DATA PROTECTION REPORT >>> News and analysis of data protection developments around the world. For the latest updates, visit www.bna.com
How To Counter SpIT
Countering SPAM over Internet Telephony (SPIT) Markus Hansen Independent Centre for Privacy Protection Schleswig-Holstein [email protected] International Symposium Privacy and Security in Internet
Cookies and consent. The Article 29 Working Party has identified seven types of cookies that are not subject to the consent requirement.
Cookies and consent Cookies are small text files placed on a computer and accessed by the browser when opening a webpage. - DDMA 2012 The statutory requirements governing the placement of cookies were
Index. Definitions. What is Data Protection? Rights of Individuals. The 8 Principles of Data Protection
Data Protection Awareness Based on DIT s Data Protection Policy, the Data Protection Acts, 1988 & 2003 and guidance from the Office of the Data Protection Commissioner Index Definitions What is Data Protection?
Data Protection Policy
Data Protection Policy Responsible Officer Author Date effective from July 2009 Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date last amended December 2012 Review
Guidance on political campaigning
I ICO guidance Guidance on political campaigning 3 Guidance on political campaigning Data Protection Act Privacy and Electronic Communications Regulations Contents Introduction... 3 A. Why comply?... 5
Overview. Data protection in a swirl of change 28.03.2014. Cloud computing. Software as a service. Infrastructure as a service. Platform as a service
Data protection in a swirl of change Overview 1 Data protection issues in cloud computing 2 Consent for mobile applications Security Seminar 2014: Privacy Radboud University Nijmegen 3 The WhatsApp case
Privacy & Big Data: Enable Big Data Analytics with Privacy by Design. Datenschutz-Vereinigung von Luxemburg Ronald Koorn DRAFT VERSION 8 March 2014
Privacy & Big Data: Enable Big Data Analytics with Privacy by Design Datenschutz-Vereinigung von Luxemburg Ronald Koorn DRAFT VERSION 8 March 2014 Agenda? What is 'Big Data'? Privacy Implications Privacy
Data Protection Act. Conducting privacy impact assessments code of practice
Data Protection Act Conducting privacy impact assessments code of practice 1 Conducting privacy impact assessments code of practice Data Protection Act Contents Information Commissioner s foreword... 3
Summary of feedback on Big data and data protection and ICO response
Summary of feedback on Big data and data protection and ICO response Contents Introduction... 2 Question 1... 3 Impacts and benefits; privacy impact assessments (PIAs)... 3 New approaches to data protection...
Data Protection for Fundraisers
The Charity First Series Data Protection for Fundraisers Lawrence Simanowitz and Mairéad O Reilly The Charity First series aims to provide practical and straightforward guidance on the challenges confronting
OVERVIEW. stakeholder engagement mechanisms and WP29 consultation mechanisms respectively.
Joint work between experts from the Article 29 Working Party and from APEC Economies, on a referential for requirements for Binding Corporate Rules submitted to national Data Protection Authorities in
2. Scope 2.1 This policy covers all the activities and processes of the University that uses personal information in whatever format.
University of Westminster Personal Data Protection Policy For Compliance with the Data Protection Act 1998 1. Background 1.1 The Data Protection Act 1998 (DPA) defines personal data as data and information
Identification and Tracking of Individuals and Social Networks using the Electronic Product Code on RFID Tags
Identification and Tracking of Individuals and Social Networks using the Electronic Product Code on RFID Tags Markus Hansen Sebastian Meissner Independent Centre for Privacy Protection Schleswig-Holstein
Corporate ICT & Data Management. Data Protection Policy
90 Corporate ICT & Data Management Data Protection Policy Classification: Unclassified Date Created: January 2012 Date Reviewed January Version: 2.0 Author: Owner: Data Protection Policy V2 1 Version Control
Declaration of Internet Rights Preamble
Declaration of Internet Rights Preamble The Internet has played a decisive role in redefining public and private space, structuring relationships between people and between people and institutions. It
Data protection compliance checklist
Data protection compliance checklist What is this checklist for? This checklist is drawn up on the basis of analysis of the relevant provisions of European law. Although European law aims at harmonizing
Multi-Jurisdictional Study: Cloud Computing Legal Requirements. Julien Debussche Associate January 2015
Multi-Jurisdictional Study: Cloud Computing Legal Requirements Julien Debussche Associate January 2015 Content 1. General Legal Framework 2. Data Protection Legal Framework 3. Security Requirements 4.
BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS
BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS Mat Wright www.britishcouncil.org CONTENTS Purpose of the code 1 Scope of the code 1 The British Council s data protection commitment and
Data protection. Data sharing code of practice
Data protection Data sharing code of practice Contents 3 Contents 1. Information Commissioner s foreword 4 2. About this code 6 Who should use this code of practice? 7 How the code can help 7 The code
Data Protection Good Practice Note
Data Protection Good Practice Note This explanatory document explains what charities and voluntary organisations need to do to comply with the Data Protection Act 1988 as amended by the Data Protection
Overview of Employment and Employee Privacy Laws and Key Trends in Austria
P a g e 1 Privacy Interviews with Experts August 2011 Toronto / Washington DC / Brussels www.nymity.com Rainer Knyrim Attorney and Partner Preslmayr Attorneys at Law Vienna, Austria Overview of Employment
Data Protection Act. Privacy & Security in the Information Age. April 26, 2013. Ministry of Communications, Ghana
Data Protection Act Privacy & Security in the Information Age April 26, 2013 Agenda Privacy in The Information Age The right to privacy Why We Need Legislation Purpose of the Act The Data Protection Act
DATA PROTECTION AND DATA STORAGE POLICY
DATA PROTECTION AND DATA STORAGE POLICY 1. Purpose and Scope 1.1 This Data Protection and Data Storage Policy (the Policy ) applies to all personal data collected and dealt with by Centre 404, whether
Resolution on Privacy Protection in Social Network Services
30 th International Conference of Data Protection and Privacy Commissioners Strasbourg, 17 October 2008 Resolution on Privacy Protection in Social Network Services Proposer: Data Protection and Freedom
Memorandum! Is Big Data the right recipe for Europe?
has been around for years on account Ulrich Seldeslachts CEO, LSEC Leaders In Security (moderator) Data is a new class of economic asset; it s like currency, which means you have to do something with it
Tilburg University. U.S. Subpoenas and European data protection legislation Moerel, Lokke; Jansen, Nani; Koëter, Jeroen
Tilburg University U.S. Subpoenas and European data protection legislation Moerel, Lokke; Jansen, Nani; Koëter, Jeroen Published in: International Data Privacy Law Document version: Preprint (usually an
All rights reserved. 2011, EuroPriSe/ULD
January 2011 Position paper on certifiability of online behavioural advertising systems according to EuroPriSe Follow-up EuroPriSe - European Privacy Seal at the Unabhängiges Landeszentrum für Datenschutz
DATA PROTECTION ACT 1998 COUNCIL POLICY
DATA PROTECTION ACT 1998 COUNCIL POLICY Page 1 of 5 POLICY STATEMENT Blackpool Council recognises the need to fully comply with the requirements of the Data Protection Act 1998 (DPA) and the obligations
Opinion 04/2012 on Cookie Consent Exemption
ARTICLE 29 DATA PROTECTION WORKING PARTY 00879/12/EN WP 194 Opinion 04/2012 on Cookie Consent Exemption Adopted on 7 June 2012 This Working Party was set up under Article 29 of Directive 95/46/EC. It is
Lunch & Learn: Big Data Analytics
239767 Lunch & Learn: Big Data Analytics 13 April 2015 Sue McLean Alex van der Wolk 2015 Morrison & Foerster (UK) LLP All Rights Reserved mofo.com Lunch & Learn 2 nd Monday of each month 45 minutes via
Data protection. Wi-Fi location analytics
Data protection Wi-Fi location analytics ICO lo Wi-Fi location analytics Data Protection Act Contents Introduction... 2 Overview... 2 What the DPA says... 2 What is Wi-Fi analytics?... 3 Conduct a privacy
BEREC Monitoring quality of Internet access services in the context of Net Neutrality
BEREC Monitoring quality of Internet access services in the context of Net Neutrality BEUC statement Contact: Guillermo Beltrà - [email protected] Ref.: BEUC-X-2014-029 28/04/2014 BUREAU EUROPÉEN DES UNIONS
Observations on international efforts to develop frameworks to enhance privacy while realising big data s benefits
Big Data, Key Challenges: Privacy Protection & Cooperation Observations on international efforts to develop frameworks to enhance privacy while realising big data s benefits Seminar arranged by the Office
COCIR contribution to the public consultation on Personal Data Protection in the EU 1
COCIR contribution to the public consultation on Personal Data Protection in the EU 1 European Coordination Committee of the Radiological, Electromedical and Healthcare IT Industry Bd. A. Reyers 80, 1030
Cloud Computing and Privacy Laws! 17.7. 22.7. 2011 Prof. Dr. Thomas Fetzer, LL.M. Technische Universität Dresden Law School
DEUTSCH-FRANZÖSISCHE SOMMERUNIVERSITÄT! FÜR NACHWUCHSWISSENSCHAFTLER 2011! CLOUD COMPUTING : HERAUSFORDERUNGEN UND MÖGLICHKEITEN UNIVERSITÉ DʼÉTÉ FRANCO-ALLEMANDE POUR JEUNES CHERCHEURS 2011! CLOUD COMPUTING
Opinion 03/2013 on purpose limitation
ARTICLE 29 DATA PROTECTION WORKING PARTY 00569/13/EN WP 203 Opinion 03/2013 on purpose limitation Adopted on 2 April 2013 This Working Party was set up under Article 29 of Directive 95/46/EC. It is an
OSRAM BCR Binding Corporate Rules ( BCR ) for OSRAM Group Companies and Adopting Companies for the protection of personal data
OSRAM BCR Binding Corporate Rules ( BCR ) for OSRAM Group Companies and Adopting Companies for the protection of personal data Terms Adopting company an OSRAM associated company in Germany or overseas
Merthyr Tydfil County Borough Council. Data Protection Policy
Merthyr Tydfil County Borough Council Data Protection Policy 2014 Cyfarthfa High School is a Rights Respecting School, we recognise the importance of ensuring that the United Nations Convention of the
ELECTRONIC MAIL (E-MAIL) September 2014. Version 3.1
ELECTRONIC MAIL (E-MAIL) September 2014 Version 3.1 Western Health and Social Care Trust Page 0 of 6 E-mail Policy V3.1 Policy Title ELECTRONIC MAIL (E-MAIL) POLICY Policy Reference Number CORP09/006 Original
Personal information online code of practice
Data protection Personal information online code of practice On 26 May 2011, the rules on using cookies changed. This guidance reflects the law before that date. Our advice on the new cookies Regulations
INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER
INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER 3 APPLIES TO: ALL STAFF 4 COMMITTEE & DATE APPROVED: AUDIT COMMITTEE
MRS/SRA. Data Protection Act 1998: Guidelines for social research. April 2013
MRS/SRA Data Protection Act 1998: Guidelines for social research April 2013 1 CONTENTS Page Foreword 3 Acknowledgements 4 Introduction 5 10 Section A: Principles of the Data Protection Act 1998 11 19 (plus
Surveillance Camera Code of Practice. June 2013
Surveillance Camera Code of Practice June 2013 Surveillance Camera Code of Practice Presented to Parliament Pursuant to Section 30 (1) (a) of the Protection of Freedoms Act 2012 June 2013 London: The Stationery
DATA PROTECTION POLICY
DATA PROTECTION POLICY DATA PROTECTION POLICY Document Control Information Title Data Protection Policy Version V1.0 Author Diana Watt Date Approved 21 February 2013 Review Date Annually, on the anniversary
The RFID agenda of the European Commission. Florent Frederix European Commission Directorate General Information Society and Media
The RFID agenda of the European Commission RFID i Danmark 2011 May 3, 2011, IT-University in Copenhagen Florent Frederix European Commission Directorate General Information Society and Media This document
Data Protection Policy June 2014
Data Protection Policy June 2014 Approving authority: Consultation via: Court Audit and Risk Committee, University Executive, Secretary's Board, Information Governance and Security Group Approval date:
Opinion 06/2014 on the notion of legitimate interests of the data controller under Article 7 of Directive 95/46/EC
ARTICLE 29 DATA PROTECTION WORKING PARTY 844/14/EN WP 217 Opinion 06/2014 on the notion of legitimate interests of the data controller under Article 7 of Directive 95/46/EC Adopted on 9 April 2014 This
7.08.2 Privacy Rules for Customer, Supplier and Business Partner Data. Directive 7.08 Protection of Personal Data
Akzo Nobel N.V. Executive Committee Rules 7.08.2 Privacy Rules for Customer, Supplier and Business Partner Data Source Directive Content Owner Directive 7.08 Protection of Personal Data AkzoNobel Legal
Guidelines on data protection in EU financial services regulation
Guidelines on data protection in EU financial services regulation 1 Contents Table of Contents 10-point checklist for analysing data protection and privacy...4 1. Data protection and financial services
How To Answer A Data Protection Questionnaire
SELF-ASSESSMENT QUESTIONNAIRE: COMPLIANCE WITH DATA PROTECTION OBLIGATIONS WHEN PROCESSING PERSONAL DATA. This Questionnaire is aimed at those who have responsibilities for data protection, and should
How To Understand The Data Protection Act
DATA PROTECTION ACT 2002 The Basics Purpose of the Act Balance the rights of an individual with an organisation s legitimate need to process personal data Promote openness and transparency Establish and
A guide for in-house lawyers
A guide for in-house lawyers June 2015 The Proposed EU General Data Protection Regulation Index Introduction to the Regulation - 3 Progress of the Regulation - 4 Using this Guide - 5 Conceptual Overview
The reform of the EU Data Protection framework - Building trust in a digital and global world. 9/10 October 2012
The reform of the EU Data Protection framework - Building trust in a digital and global world 9/10 October 2012 Questionnaire addressed to national Parliaments Please, find attached a number of questions
Network Neutrality Revisited: Challenges and responses in the EU and in the US
Network Neutrality Revisited: Challenges and responses in the EU and in the US J. Scott Marcus The opinions expressed are the sole responsibility of the author and do not necessarily represent the official
New EU Data Protection legislation comes into force today. What does this mean for your business?
24 th May 2016 New EU Data Protection legislation comes into force today. What does this mean for your business? After years of discussion and proposals, the General Data Protection Regulation ( GDPR )
Privacy and Transparency for Decision Making. Simone Fischer-Hübner Karlstad University, Sweden MDAI 2015
Privacy and Transparency for Decision Making Simone Fischer-Hübner Karlstad University, Sweden MDAI 2015 Content I. Profiling, Big Data & Decision Making - Privacy Challenges II. III. IV. Peer Profiling
The Data Protection Landscape. Before and after GDPR: General Data Protection Regulation
The Data Protection Landscape Before and after GDPR: General Data Protection Regulation Data Protection regulations across Europe Current regulations & guidance European Directives 95/46/EC (Data Protection)
European Commission initiatives on e- and mhealth
European Commission initiatives on e- and mhealth Fundamental Rights Forum, 22 June 2016 WG 24: E-health: improving rights fulfilment through innovation Claudia Prettner, Unit for Health and Well-Being,
Information Governance Checklist and Privacy Impact Assessments
Information Governance Checklist and Privacy Impact Assessments Authorship: Committee Approved: Chris Wallace Information Governance Manager Quality and Clinical Governance Committee Approved date: 1 Feb
Data Protection & Cyber Security Law Update 1 st October 2015
Data Protection & Cyber Security Law Update 1 st October 2015 Robert Bond, Partner Janine Regan, Associate Viktoria Protokova, Data Protection Executive charlesrussellspeechlys.com Brief introduction to
Table of contents: ***
Table of contents: *** In Europe the issue of personal data protection is settled by European Parliament s and European Council s Directive 95/46/WE of October 24, 1995 (which is basis of Polish regulations)
ARTICLE 29 DATA PROTECTION WORKING PARTY
ARTICLE 29 DATA PROTECTION WORKING PARTY 16/EN WP 238 Opinion 01/2016 on the EU U.S. Privacy Shield draft adequacy decision Adopted on 13 April 2016 This Working Party was set up under Article 29 of Directive
Data protection legislation influence on cloud computing from local as well as EU perspective
mag. Andrej Tomšič Deputy Information Commissioner Information Commissioner Data protection legislation influence on cloud computing from local as well as EU perspective CLASS conference 2012 I Cloud Assisted
Do you have a private life at your workplace?
Do you have a private life at your workplace? Privacy in the workplace in EC institutions and bodies Giovanni Buttarelli In the course of his supervisory activities, the EDPS has published positions on
work Privacy Your Your right to Rights Know
Your right to Privacy Know Your Rights www.worksmart.org.uk at work Everyone has the right to a private life even when they re at work. But new technology is making it easier than ever for employers to
Policy and Procedure for approving, monitoring and reviewing personal data processing agreements
Policy and Procedure for approving, monitoring and reviewing personal data processing agreements 1 Personal data processing by external suppliers, contractors, agents and partners Policy and Procedure
UNIVERSITY COLLEGE LONDON CCTV POLICY. Endorsed by the Security Working Group - 17 October 2012
UNIVERSITY COLLEGE LONDON CCTV POLICY Endorsed by the Security Working Group - 17 October 2012 Endorsed by the Infrastructure IT Services Strategy Group - 18 October 2012 Reviewed and endorsed (with one
Office of Fair Trading (OFT) Online Targeting of Advertising and Prices Market Study Response by the Internet Advertising Bureau
Office of Fair Trading (OFT) Online Targeting of Advertising and Prices Market Study Response by the Internet Advertising Bureau 1. Introduction The Internet Advertising Bureau (IAB) is the UK industry