legal & ethical data sharing prof.dr. Ronald Leenes r.e.leenes@uvt.nl TILT - Tilburg Institute for Law, Technology, and Society
|
|
- Eugenia Pearson
- 8 years ago
- Views:
Transcription
1 legal & ethical data sharing prof.dr. Ronald Leenes TILT - Tilburg Institute for Law, Technology, and Society
2 overview the problem revisited secondary use data protection regulation Data Protection Directive 95/46/EC e-privacy Directive 2002/58/EG privacy by design (D)PIA
3 the problem revisited Lots of data pass SURFnet raw data traffic data (metadata) What can be shared with academic researchers? Under which conditions?
4 traffic data (aka meta data)
5 packet dump
6 Directive 95/46/EC (data protection directive) Wet bescherming persoonsgegevens TILT - Tilburg Institute for Law, Technology, and Society
7 data protection goals facilitate free flow of information provide minimum level of data protection TILT - Tilburg Institute for Law, Technology, and Society
8 personal data means any information relating to an identified or identifiable person (the "data subject"). art 2 (a) Data Protection Directive 95/46/EC TILT - Tilburg Institute for Law, Technology, and Society
9 identifiable every person who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, mental, economic, cultural or social identity. art 2 (a) Data Protection Directive 95/46/EC TILT - Tilburg Institute for Law, Technology, and Society
10 Ronald Leenes TILT - Tilburg Institute for Law, Technology, and Society
11 TILT - Tilburg Institute for Law, Technology, and Society
12 social security # TILT - Tilburg Institute for Law, Technology, and Society
13 TILT - Tilburg Institute for Law, Technology, and Society
14 Jef Raskin, Apple Computer Inc. employee # 31 Jef Raskin died on 26 Feb 2005 TILT - Tilburg Institute for Law, Technology, and Society
15 TILT - Tilburg Institute for Law, Technology, and Society
16 TILT - Tilburg Institute for Law, Technology, and Society
17 we re often identifiable TILT - Tilburg Institute for Law, Technology, and Society
18 personal data identifiers + identifying sets of attributes name, address telephone number, student number, BSN hair color + height personal data age, name, hear color, weight, gender grades, income, buying habits TILT - Tilburg Institute for Law, Technology, and Society
19
20 extensional confusion TILT - Tilburg Institute for Law, Technology, and Society
21 named v. singled out TILT - Tilburg Institute for Law, Technology, and Society
22 IP address? TILT - Tilburg Institute for Law, Technology, and Society
23 fuzzy history Art 29 WP 1999 some IP s are personal data (static) 2000 for ISP s they are 2007 reasonable effort, but consider them personal data 2008 (search engines) IPs are pd (because of additional data) CBP 2001 (no), 2008 (yes) TILT - Tilburg Institute for Law, Technology, and Society
24 Munich case website operators are allowed to store the internet protocol (IP) addresses of their visitors without violating data protection legislation. Without additional information, IP addresses do not count as personal data, it said. TILT - Tilburg Institute for Law, Technology, and Society
25 Google: IPs are not PII (most of the time) TILT - Tilburg Institute for Law, Technology, and Society
26 "[ ] we gather certain information automatically and store it in log files. This information includes Internet Protocol (IP) addresses, browser type, Internet Service Provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data. We use this information, which does not identify individual users, to analyze trends, to administer the site, to track users movements around the site and to gather demographic information about our user base as a whole." Apple.com privacy policy TILT - Tilburg Institute for Law, Technology, and Society
27 named v. singled out TILT - Tilburg Institute for Law, Technology, and Society
28 Court of Justice EU 24 Nov. 2011, case 70/10 Scarlet v. SABAM IP addresses are protected personal data "because they allow those users to be precisely identified" TILT - Tilburg Institute for Law, Technology, and Society
29 lesson IP adresses are personal data (certainly for SURFnet affiliated organizations) TILT - Tilburg Institute for Law, Technology, and Society
30 GDPR art 4 (2) 'personal data' means any information relating to an identified or identifiable natural person ('data subject'); art 4 (2a) 'pseudonymous data' means personal data that cannot be attributed to a specific data subject without the use of additional information, as long as such additional information is kept separately and subject to technical and organisational measures to ensure non-attribution; TILT - Tilburg Institute for Law, Technology, and Society
31 , but Recital (24) When using online services, individuals may be associated with online identifiers provided by their devices, applications, tools and protocols, such as Internet Protocol addresses, cookie identifiers and Radio Frequency Identification tags, this Regulation should be applicable to processing involving such data, unless those identifiers do not relate to an identified or identifiable natural person. TILT - Tilburg Institute for Law, Technology, and Society
32 Directive 95/46/EC (data protection directive) TILT - Tilburg Institute for Law, Technology, and Society
33 fairness rinciples fair and lawful processing finality for specific and legitimate purposes proportionality adequate, relevant and non excessive transparency inform data subject
34 rinciples confidentiality keep data under control control user involvement and control
35 data sharing
36
37 SURFnet: ata purpose + proce processing ground
38 processing ground
39 unambigiously given consent rt. 7 legi necessary for performance of contract legal obligation vital interest of data subject public interest legitimate interest of controller
40 unambigiously given consent rt. 7 legi necessary for performance of contract legal obligation vital interest of data subject public interest legitimate interest of controller
41 legitmate interest art 7 f ) DPD processing is necessary for the purposes of the legitimate interests pursued by the controller [or by the third party or parties to whom the data are disclosed], except where such interests are overridden by the interests for fundamental rights and freedoms of the data subject which require protection under Article 1 (1).
42 art 7 balance legitimate interest sees to daily operations of data processor but extends to support activities e.g. fraud detection SURFnet: network security fundamental rights interests data subject privacy security
43 The processing of traffic data to the extent strictly necessary for the purposes of ensuring network and information security, i.e. the ability of a network or an information system to resist, at a given level of confidence, accidental events or unlawful or malicious actions that compromise the availability, authenticity, integrity and confidentiality of stored or transmitted data, and the security of the related services offered by, or accessible via, these networks and systems, by providers of security technologies and services when acting as data controllers is subject to Article 7(f ) of Directive 95/46/ EC. This could, for example, include preventing unauthorised access to electronic communications networks and malicious code distribution and stopping denial of service attacks and damage to computer and electronic communication systems. Directive 2009/136/EC - recital 53
44 art. 6 purpose, secondary use article 6 (1) Member States shall provide that personal data must be: b) collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes. TILT - Tilburg Institute for Law, Technology, and Society
45 SURFnet: purpose To ensure the proper operation of the network and to protect its customers and users of the network.
46 SURFnet: purpose + ata processing shar ground academics: further processing compatible with purpose
47 sharing for research
48
49 research by academics?! two approaches extended networks security academics helping SURFnet limited by SURFnet s purpose specification academic research undefined function
50 3rd party controller processor data subject TILT - Tilburg Institute for Law, Technology, and Society
51 3rd party controller processor data subject TILT - Tilburg Institute for Law, Technology, and Society
52 3rd party controller processor data subject TILT - Tilburg Institute for Law, Technology, and Society
53 1. network security extending SURFnet s tasks SURFnet is controller (responsible!) academic researcher is processor (JANET model) Article Anyone acting under the authority of the responsible party or the processor, as well as the processor himself, where they have access to personal data, shall only process such data on the orders of the responsible party, except where otherwise required by law.
54 2. academic research Article 9 Wbp 1. Personal data shall not be further processed in a way incompatible with the purposes for which they have been obtained. 3. The further processing of personal data for historical, statistical or scientific purposes shall not be regarded as incompatible where the responsible party has made the necessary arrangements to ensure that the further processing is carried out solely for these specific purposes.
55 Article 10 conditions 1. Personal data shall not be kept in a form which allows the data subject to be identified for and longer than is necessary for achieving the purposes for which they were collected or subsequently processed. 2. Personal data may be kept for longer than provided under (1), where this is for scientific purposes, and where the responsible party has made the necessary arrangements to ensure that the data concerned are used solely for these specific purposes.
56 conditions Article Personal data shall only be processed where, given the purposes for which they are collected or subsequently processed, they are adequate, relevant and not excessive. 2. The responsible party shall take the necessary steps to ensure that personal data, given the purposes for which they are collected or subsequently processed, are correct and accurate.
57 general conditions
58 define research purpose adhere to this purpose general provide safeguards anonymise/pseudonymise as soon as possible delete original data keep data under control never process on an individual level never disclose data pointing to individuals never share (raw) data with 3rd parties without SURFnet approval security, security, security responsibilities: researcher -> SURFnet -> CBP
59 specific processor responsibilities: researcher -> SURFnet -> CBP do as told by SURFnet/agreed with SURFnet academic research responsibilities: researcher -> CBP do not process leading to individual effects
60 privacy by design art, not science
61 when does research pose privacy threats?
62 art. 8 legitimate ground f. the processing is necessary for upholding the legitimate interests of the responsible party or of a third party to whom the data are supplied, except where the interests or fundamental rights and freedoms of the data subject, in particular the right to protection of individual privacy, prevail.
63 legal -> privacy <- ethics
64 Ann Cavoukian proactive not reactive; preventative not remedial privacy as the default setting privacy embedded into design full functionality positive sum, not zero-sum end-to-end security full lifecycle protection visbility and transparency keep it open respect for user privacy keep it user-centric
65 Jaap- Henk Hoepman h-p://arxiv.org/pdf/ v1.pdf
66 Privacy Impact Assessment Data Protection Impact Assessment
67 purposes raising awareness/sensitizing getting clear what you re doing establishing risks mitigating risks (account for compliance)
68 DPIA proposal DPIA at least includes a list of the recipients or categories of recipients of the personal data; a list of the intended transfers of data to a third country an assessment of the context of the data processing a general indication of the time limits for erasure of the different categories of data; a systematic description of the envisaged processing operations, the purposes of the processing and, if applicable, the legitimate interests pursued by the controller, an assessment of the necessity and proportionality of the processing operations in relation to the purposes
69 DPIA at least includes DPIA proposal (cont.) an assessment of the risks to the rights and freedoms of data subjects, a description of the measures envisaged to address the risks and minimise the volume of personal data which is processed a list of safeguards, security measures and mechanisms to ensure the protection of personal data, such as pseudonymisation an explanation which data protection by design and default practices have been implemented
70 disclaimer, for what it s worth Texts, marks, logos, names, graphics, images, photographs, illustrations, artwork, audio clips, video clips, and software copyrighted by their respective owners are used on these slides for non-commercial, educational and personal purposes only. Use of any copyrighted material is not authorized without the written consent of the copyright holder. Every effort has been made to respect the copyrights of other parties. If you believe that your copyright has been misused, please direct your correspondence to: r.e.leenes@tilburguniversity.edu stating your position and I shall endeavour to correct any misuse as early as possible. thanks to Kieran O Hara for providing this template
what can we do with botnet data?
what can we do with botnet data? prof.dr. Ronald Leenes r.e.leenes@uvt.nl TILT - Tilburg Institute for Law, Technology, and Society background SURFnet (Dutch NREN) was offered 700 GB of data obtained from
More informationOnline Privacy and Security Statement
SecurityScorecard Online Privacy and Security Statement SecurityScorecard Inc. is committed to protecting the privacy of individuals that interact with our websites. This policy discloses the Company s
More informationPRIVACY AND DATA SECURITY MODULE
"This project has been funded under the fourth AAL call, AAL-2011-4. This publication [communication] reflects the views only of the author, and the Commission cannot be held responsible for any use which
More informationLATISYS SAFE HARBOR POLICY
LATISYS SAFE HARBOR POLICY Latisys Corporation ( Latisys or Company ), a wholly-owned subsidiary of Zayo Group, LLC, is a global provider of bandwidth infrastructure services, including dark fiber, wavelengths,
More informationLegal Aspects of the MonIKA-Project - Privacy meets Cybersecurity
Legal Aspects of the MonIKA-Project - Privacy meets Cybersecurity Sebastian Meissner Security Incident Information Sharing Workshop Berlin, 26.07.2013 Introduction Opening question Privacy & cybersecurity:
More informationComments and proposals on the Chapter II of the General Data Protection Regulation
Comments and proposals on the Chapter II of the General Data Protection Regulation Ahead of the trialogue negotiations in September, EDRi, Access, Panoptykon Bits of Freedom, FIPR and Privacy International
More informationPrivacy Policy. What is Covered in This Privacy Policy. What Information Do We Collect, and How is it Used?
Privacy Policy The Friends of the Public Garden ("FoPG" or "We") is a non-profit corporation and the owner and operator of www.friendsof thepblicgarden.org (the "Website"), which is intended to supply
More informationUNILEVER PRIVACY PRINCIPLES UNILEVER PRIVACY POLICY
UNILEVER PRIVACY PRINCIPLES Unilever takes privacy seriously. The following five principles underpin our approach to respecting your privacy: 1. We value the trust that you place in us by giving us your
More informationPrivacy Policy Last Modified: April 3, 2015 1
Privacy Policy Last Modified: April 3, 2015 1 Introduction Jamberry Nails, LLC, a Utah limited liability company, U.S.A., (referred to herein as Jamberry, we, us and our ) understands the importance of
More informationPrivacy Policy - LuxTNT.com
Privacy Policy - LuxTNT.com Overview TNT Luxury Group Limited (the owner of LuxTNT.com). knows that you care how information about you is used and shared, and we appreciate your trust that we will do so
More information1. Introduction. 2. Sectoral Areas Affected. 3. Data Security. 4. Data Breach Requirements. 5. Traffic Data
1. Introduction Special data protection rules apply to the protection of Personal Data by Data Controllers in the electronic communications sector. These are in addition to the general obligations that
More informationCouncil of the European Union Brussels, 15 January 2015 (OR. en) NOTE German delegation Working Party on Information Exchange and Data Protection
Council of the European Union Brussels, 15 January 2015 (OR. en) Interinstitutional File: 2012/0011 (COD) 14705/1/14 REV 1 LIMITE DATAPROTECT 146 JAI 802 MI 805 DRS 135 DAPIX 150 FREMP 178 COMIX 568 CODEC
More informationTNS UK PRIVACY & COOKIE POLICY FOR SURVEYS ( Policy )
TNS UK PRIVACY & COOKIE POLICY FOR SURVEYS ( Policy ) Introduction Market and survey research serves an important function in society. Businesses and governments are able to make informed decisions through
More informationWelcome to our job search and application platform (the Platform ). Please read our Legal Terms (which includes our Privacy Policy) carefully.
LEGAL TERMS AND PRIVACY POLICY Welcome to our job search and application platform (the Platform ). Please read our Legal Terms (which includes our Privacy Policy) carefully. The Platform is accessible
More informationAlixPartners, LLP. General Data Protection Statement
AlixPartners, LLP General Data Protection Statement GENERAL DATA PROTECTION STATEMENT 1. INTRODUCTION 1.1 AlixPartners, LLP ( AlixPartners ) is committed to fulfilling its obligations under the data protection
More informationOpinion 04/2012 on Cookie Consent Exemption
ARTICLE 29 DATA PROTECTION WORKING PARTY 00879/12/EN WP 194 Opinion 04/2012 on Cookie Consent Exemption Adopted on 7 June 2012 This Working Party was set up under Article 29 of Directive 95/46/EC. It is
More informationData Protection. Processing and Transfer of Personal Data in Kvaerner. Binding Corporate Rules Public Document
Data Protection Processing and Transfer of Personal Data in Kvaerner Binding Corporate Rules Public Document 1 of 19 1 / 19 Table of contents 1 Introduction... 4 1.1 Scope... 4 1.2 Definitions... 4 1.2.1
More informationPrivacy & Big Data: Enable Big Data Analytics with Privacy by Design. Datenschutz-Vereinigung von Luxemburg Ronald Koorn DRAFT VERSION 8 March 2014
Privacy & Big Data: Enable Big Data Analytics with Privacy by Design Datenschutz-Vereinigung von Luxemburg Ronald Koorn DRAFT VERSION 8 March 2014 Agenda? What is 'Big Data'? Privacy Implications Privacy
More informationPrivacy Policy and Notice of Information Practices
Privacy Policy and Notice of Information Practices Effective Date: April 27, 2015 BioMarin Pharmaceutical Inc. ("BioMarin") respects the privacy of visitors to its websites and online services and values
More informationData protection compliance checklist
Data protection compliance checklist What is this checklist for? This checklist is drawn up on the basis of analysis of the relevant provisions of European law. Although European law aims at harmonizing
More informationHow We Use Your Personal Information On An Afinion International Ab And Afion International And Afinion Afion Afion
AFFINION INTERNATIONAL AB COMPANY PRIVACY AND COOKIES POLICY The privacy and cookies policy sets out how we use any personal information that you give to us, or that we may collect or otherwise process
More informationWebsite Privacy Policy
Rockford Mutual Insurance Company 527 Colman Center Drive, Rockford, Illinois 61108 (815) 229 1500 The last update to our Privacy Policy was posted on August 6, 2014. This document governs the privacy
More informationThe term Broadway Pet Stores refers we to the owner of the website whose registered office is 6-8 Muswell Hill Broadway, London, N10 3RT.
Website - Terms and Conditions Welcome to our website. If you continue to browse and use this website you are agreeing to comply with and be bound by the following terms and conditions of use, which together
More informationH&R Block Digital Tax Preparation, Online, and Mobile Application Privacy Practices and Principles
Privacy Notice H&R Block Digital Tax Preparation, Online, and Mobile Application Privacy Practices and Principles Protecting your information is important to us. The following guidelines set forth our
More informationPrivacy Policy for Data Collected by Blue State Digital
Privacy Policy for Data Collected by Blue State Digital Overview Blue State Digital LLC. ( Blue State Digital, BSD or we ) provides various services to non- profit entities and other related businesses
More informationIowa Student Loan Online Privacy Statement
Iowa Student Loan Online Privacy Statement Revision date: Jan.6, 2014 Iowa Student Loan Liquidity Corporation ("Iowa Student Loan") understands that you are concerned about the privacy and security of
More informationADVANCED CABLE COMMUNICATIONS WEBSITE PRIVACY POLICY COLLECTION AND USE OF INFORMATION FROM USERS
ADVANCED CABLE COMMUNICATIONS WEBSITE PRIVACY POLICY Advanced Cable Communications ( Company ) strives to offer visitors to its website (the Site ) the many advantages of Internet technology and to provide
More informationPrivacy Policy. Definitions
Privacy Policy Effective Date: This Private Policy was last revised January 22, 2014. This document governs the privacy policy of our Website, www.gbexllc.com. Any capitalized terms not defined herein
More informationMeasurabl, Inc. Attn: Measurabl Support 1014 W Washington St, San Diego CA, 92103 +1 619.719.1716
Measurabl, Inc. ( Company ) is committed to protecting your privacy. We have prepared this Privacy Policy to describe to you our practices regarding the Personal Data (as defined below) we collect from
More informationPrivacy Seminar - Social Networks
Privacy Seminar - Social Networks Robert Kleinpenning & Judith van Stegeren 5th June 2015 Defining social networks What is a social network anyway? Defining social networks What is a social network anyway?
More informationPublic Health England, an executive agency of the Department of Health ("We") are committed to protecting and respecting your privacy.
PRIVACY POLICY 2015 PLEASE READ THIS PRIVACY POLICY CAREFULLY BEFORE USING THIS SITE Public Health England, an executive agency of the Department of Health ("We") are committed to protecting and respecting
More informationESTRO PRIVACY AND DATA SECURITY NOTICE
ESTRO PRIVACY AND DATA SECURITY NOTICE This Data Privacy and Security Policy is a dynamic document, which will reflect our continuing vigilance to properly handle and secure information that we are trusted
More information4-column document Net neutrality provisions (including recitals)
4-column document Net neutrality provisions (including recitals) [Text for technical discussions. It does not express any position of the Commission or its services] Proposal for a REGULATION OF THE EUROPEAN
More informationPRIVACY POLICY. 1. Definitions and Interpretation In this Policy the following terms shall have the following meanings:
PRIVACY POLICY BACKGROUND: This Policy applies as between you, the User of this Website and Fernhay the owner and provider of this Website. This Policy applies to our use of any and all Data collected
More informationPrivacy and Data Protection Impact Assessment Framework for RFID Applications. 12 January 2011
Privacy and Data Protection Impact Assessment Framework for RFID Applications 12 January 2011 1 INDEX 1. Introduction...3 1.1. Key Concepts...4 1.2. Internal Procedures...5 2. The PIA Process...6 2.1.
More informationINFORMATION WE MAY COLLECT FROM YOU
Privacy Policy ABOUT Prolific Academic Ltd. ("We") are committed to protecting and respecting your privacy. This policy (together with our terms of use and any other documents referred to on it) sets out
More informationDARTFISH PRIVACY POLICY
OUR COMMITMENT TO PRIVACY DARTFISH PRIVACY POLICY Our Privacy Policy was developed as an extension of our commitment to combine the highestquality products and services with the highest level of integrity
More informationPRIVACY POLICY. 1. Definitions and Interpretation In this Policy the following terms shall have the following meanings:
PRIVACY POLICY BACKGROUND: This Policy applies as between you, the User of this Website and Ideagen Plc the owner and provider of this Website. This Policy applies to our use of any and all Data collected
More informationDISCLAIMER, TERMS & CONDITIONS OF USE
DISCLAIMER, TERMS & CONDITIONS OF USE Welcome to Universal Devices, Inc.'s online website. By accessing and using this website, you acknowledge that you have read, agree to, and are aware of the following
More informationInformation Privacy Policy
Information Privacy Policy pol-032 Version: 2.01 Last amendment: Oct 2014 Next Review: Aug 2017 Approved By: Council Date: 04 May 2005 Contact Officer: Director, Strategic Services and Governance INTRODUCTION
More informationGuidelines on Data Protection. Draft. Version 3.1. Published by
Guidelines on Data Protection Draft Version 3.1 Published by National Information Technology Development Agency (NITDA) September 2013 Table of Contents Section One... 2 1.1 Preamble... 2 1.2 Authority...
More informationDublin City University
Dublin City University Data Protection Policy Data Protection Policy Contents Purpose... 1 Scope... 1 Data Protection Principles... 1 Disclosure of Personal Data... 2 Summary of Responsibilities... 3 Rights
More information1. Important Information
We at ViewPoint (ViewPoint Government Solutions, Inc. and our affiliates) are committed to protecting your privacy. This Privacy Policy applies to both our websites (Websites), including www.viewpointcloud.com,
More informationTerms of Use: VSmart, Variants, and Components
Terms of Use: VSmart, Variants, and Components Animal Care Technologies ("ACT") operates this and other websites (the Site ) to provide VSmart, a customer/client survey resource (the "Service"). By accessing
More informationZubi Advertising Privacy Policy
Zubi Advertising Privacy Policy This privacy policy applies to information collected by Zubi Advertising Services, Inc. ( Company, we or us ), on our Latino Emoji mobile application or via our Latino Emoji
More informationAIRBUS GROUP BINDING CORPORATE RULES
1 AIRBUS GROUP BINDING CORPORATE RULES 2 Introduction The Binding Corporate Rules (hereinafter BCRs ) of the Airbus Group finalize the Airbus Group s provisions on the protection of Personal Data. These
More information(BETA DRAFT)PRIVACY DISCLOSURES
(BETA DRAFT)PRIVACY DISCLOSURES Information Collection & Use Registration In order to use this Web site, you must first complete the registration form and create a user name and password. During registration
More informationYOUR PRIVACY IS IMPORTANT TO SANDERSONS ARCHIVING SOLUTIONS LIMITED
YOUR PRIVACY IS IMPORTANT TO SANDERSONS ARCHIVING SOLUTIONS LIMITED SANDERSONS ARCHIVING SOLUTIONS LIMITED WEB SITE PRIVACY POLICY Policy last updated: 22 nd December 2014 This Policy is adopted by Sandersons
More informationDATA PROTECTION AND DATA STORAGE POLICY
DATA PROTECTION AND DATA STORAGE POLICY 1. Purpose and Scope 1.1 This Data Protection and Data Storage Policy (the Policy ) applies to all personal data collected and dealt with by Centre 404, whether
More informationCouncil of the European Union Brussels, 27 November 2015 (OR. en)
Council of the European Union Brussels, 27 November 2015 (OR. en) Interinstitutional File: 2012/0011 (COD) 14481/15 LIMITE DATAPROTECT 215 JAI 914 MI 755 DIGIT 100 DAPIX 223 FREMP 276 COMIX 622 CODEC 1569
More informationJohnson Controls Privacy Notice
Johnson Controls Privacy Notice Johnson Controls, Inc. and its affiliated companies (collectively Johnson Controls, we, us or our) care about your privacy and are committed to protecting your personal
More informationMulti-Jurisdictional Study: Cloud Computing Legal Requirements. Julien Debussche Associate January 2015
Multi-Jurisdictional Study: Cloud Computing Legal Requirements Julien Debussche Associate January 2015 Content 1. General Legal Framework 2. Data Protection Legal Framework 3. Security Requirements 4.
More informationPlus500UK Limited. Statement on Privacy and Cookie Policy
Plus500UK Limited Statement on Privacy and Cookie Policy Statement on Privacy and Cookie Policy This website is operated by Plus500UK Limited ("we, us or our"). It is our policy to respect the confidentiality
More informationREGULATION (EU) No XXX/2016 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
REGULATION (EU) No XXX/2016 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General
More informationData Sharing Protocol
Data Sharing Protocol Agreement for Sharing Data Between Partners of the South Dublin Childrens Services Committee Version 0.4 Final Draft June 2009 Contents 1 Preface...3 2 Introduction & Overview...3
More informationPlease read this Policy carefully. Your continued use of our sites means that you understand and consent to the terms of this Policy.
EFFECTIVE: February 2016 Version 1.2 CHECK 'N GO PRIVACY POLICY This Privacy Policy ("Policy") applies to the use of Check 'n Go (the "Company") online sites and any Company affiliate or subsidiary sites.
More informationDaltrak Building Services Pty Ltd ABN: 44 069 781 933. Privacy Policy Manual
Daltrak Building Services Pty Ltd ABN: 44 069 781 933 Privacy Policy Manual Table Of Contents 1. Introduction Page 2 2. Australian Privacy Principles (APP s) Page 3 3. Kinds Of Personal Information That
More informationCookies Compliance Advisory
Cookies Compliance Advisory Note: this is an advisory notice that summarises the current position of the Article 29 Working Group and makes suggestions as to how organisations might practically achieve
More informationAll copyright, trade mark, design rights, patent and other intellectual property rights (registered or unregistered) in the Content belongs to us.
LEO Pharma Terms of use We/ Us/ Our You/Your Website Content LEO Laboratories Limited a company registered in the United kingdom under number 662129) known as LEO Pharma (LEO Pharma) and companies affiliated
More informationElectronic business conditions of use
Electronic business conditions of use This document provides Water Corporation s Electronic Business Conditions of Use. These are to be applied to all applications, which are developed for external users
More informationThe terminology used in this document is presented below: a limited company registered in Finland. BI: 2582416-1
Bookndo Privacy and Security Statement The terminology used in this document is presented below: Gearent Oy: Bookndo: The Website: Service Provider: a limited company registered in Finland. BI: 2582416-1
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Issued by: Senior Information Risk Owner Policy Classification: Policy No: POLIG001 Information Governance Issue No: 1 Date Issued: 18/11/2013 Page No: 1 of 16 Review Date:
More informationVyve Broadband Website Privacy Policy. What Information About Me Is Collected and Stored?
Vyve Broadband Website Privacy Policy Effective: July 31, 2015 Vyve Broadband ( Vyve, we, us, our ) is committed to letting you know how we will collect and use your information. This Website Privacy Policy
More informationThank you for visiting this website, which is owned by Essendant Co.
Essendant Online Privacy Policy Thank you for visiting this website, which is owned by Essendant Co. Please take a few minutes to review this Policy. It describes how we will collect, use, and share information
More informationDeclaration of Internet Rights Preamble
Declaration of Internet Rights Preamble The Internet has played a decisive role in redefining public and private space, structuring relationships between people and between people and institutions. It
More informationPrivacy and Electronic Communications Regulations
ICO lo Notification of PECR security breaches Privacy and Electronic Communications Regulations Contents Introduction... 2 Overview... 2 Relevant security breaches... 3 What is a service provider?... 3
More informationDISCLOSURES WEB PRIVACY POLICY
DISCLOSURES WEB PRIVACY POLICY This Privacy Policy governs your use of this website and any content, products or services made available from or through this website including any sub domains thereof ("Website").
More informationPRESIDENT S DECISION No. 40. of 27 August 2013. Regarding Data Protection at the European University Institute. (EUI Data Protection Policy)
PRESIDENT S DECISION No. 40 of 27 August 2013 Regarding Data Protection at the European University Institute (EUI Data Protection Policy) THE PRESIDENT OF THE EUROPEAN UNIVERSITY INSTITUTE, Having regard
More informationEstée Lauder Companies Global Jobs Website Privacy Policy
Effective Date: August 14, 2014 Estée Lauder Companies Global Jobs Website Privacy Policy The Estée Lauder Companies ( we, us, or our ) respects your concerns about privacy and value the relationship we
More informationMEDJOBBERS.COM & JOBBERS INC TERMS AND CONDITIONS
MEDJOBBERS.COM & JOBBERS INC TERMS AND CONDITIONS Introduction: These terms and conditions govern your use of this website; by using MedJobbers and Jobbers sites, you accept these terms and conditions
More informationDailyMailz may collect and process the following personal information about you:
Privacy Policy DailyMailz is committed to preserving the privacy of all visitors to its website www.dailymailz.nl ("Website"). This privacy policy along with DailyMailz s terms and conditions of use and
More informationProposal of regulation Com 2012 11/4 Directive 95/46/EC Conclusion
Page 1 sur 155 Proposal of regulation Com 2012 11/4 Directive 95/46/EC Conclusion Legal nature of the instrument Règlement Directive Directly applicable act in internal law 91 articles 34 articles Art.
More informationData Protection A Guide for Users
Data Protection A Guide for Users EUROPEAN PARLIAMENT Contents Contents 3 Introduction 4 Data protection standards making a difference in the European Parliament 5 Data protection the actors 6 Data protection
More informationPrivacy Policy GetYou
Privacy Policy GetYou How We Use and Manage Your Data Key Information GetYou respects your right to privacy in the on-line world when you use our service and communicate electronically with us. We put
More informationPrivacy Policy and Terms of Use
Privacy Policy and Terms of Use Pencils of Promise, Inc. ( PoP, we, us or our ) shares your concern about the protection of your personal information online. This Privacy Policy and Terms of Use ( Policy
More informationPRIVACY POLICY. 1. Definitions and Interpretation In this Policy the following terms shall have the following meanings:
PRIVACY POLICY BACKGROUND: This Policy applies as between you, the User of this Website and DisplayNote Technologies Limited the owner and provider of this Website. This Policy applies to our use of any
More informationOnline Security, Traffic Data and IP Addresses. Review of the Regulatory Framework for Electronic Communications
Brussels, October 8 th 2008 Online Security, Traffic Data and IP Addresses Review of the Regulatory Framework for Electronic Communications Francisco Mingorance Senior Director Government Affairs franciscom@bsa.org
More informationPrivacy Policy documents for
Privacy Policy documents for Praendex Incorporated doing business as PI Worldwide Product User Privacy Policy - For Customers, as well as those invited to our websites to complete a PI Survey or SSAT General
More informationGiuseppe Busia Segretario generale Garante per la protezione dei dati personali
mhealth enablers panel The Health & Wellness @ Mobile World Congress 2015 Giuseppe Busia Segretario generale Garante per la protezione dei dati personali 1 mhealth main concern Mobile Health (mhealth)
More informationAcceptable Use Policy
Sell your Products Online and Web by Numbers are brands of Web by Numbers Ltd (hereinafter referred to as Web by Numbers ) Acceptable Use Policy Web by Numbers has created this Acceptable Use Policy (AUP)
More informationInformation Sharing Policy
Information Sharing Policy REFERENCE NUMBER IG 010 / 0v3 February 2013 VERSION V1.0 APPROVING COMMITTEE & DATE Clinical Executive Committee 5.2.13 REVIEW DUE DATE February 2016 West Lancashire CCG is committed
More informationAcceptable Use Policy
Acceptable Use Policy TERMS & CONDITIONS www.tagadab.com INTRODUCTION Tagadab has created this (AUP) for our customers to protect our resources, our customer s resources, and to ensure that Tagadab Ltd
More informationRMS. Privacy Policy for RMS Hosting Plus and RMS(one) Guiding Principles
RMS Privacy Policy for RMS Hosting Plus and RMS(one) Guiding Principles RMS Privacy Policy for RMS Hosting Plus and RMS(one) Guiding Principles RMS aims to provide the most secure, the most private, and
More informationROHIT GROUP OF COMPANIES PRIVACY POLICY This privacy policy is subject to change without notice. It was last updated on July 23, 2014.
ROHIT GROUP OF COMPANIES PRIVACY POLICY This privacy policy is subject to change without notice. It was last updated on July 23, 2014. The Rohit Group of Companies ( Rohit Group, Company, our, we ) understands
More informationINFORMATION SECURITY POLICY. Contents. Introduction 2. Policy Statement 3. Information Security at RCA 5. Annexes
INFORMATION SECURITY POLICY Ratified by RCA Senate, February 2007 Contents Introduction 2 Policy Statement 3 Information Security at RCA 5 Annexes A. Applicable legislation and interpretation 8 B. Most
More informationBriefly summarised, SURFmarket has submitted the following questions to the Dutch DPA:
UNOFFICIAL TRANSLATION Written opinion on the application of the Wet bescherming persoonsgegevens [Dutch Data Protection Act] in the case of a contract for cloud computing services from an American provider
More informationCentralNic Privacy Policy Last Updated: July 31, 2012 Page 1 of 12. CentralNic. Version 1.0. July 31, 2012. https://www.centralnic.
CentralNic Privacy Policy Last Updated: July 31, 2012 Page 1 of 12 CentralNic Privacy Policy Version 1.0 July 31, 2012 https://www.centralnic.com/ CentralNic Privacy Policy Last Updated: February 6, 2012
More informationon the Proposal for a Regulation of the European Parliament and of the Council laying
Opinion of the European Data Protection Supervisor on the Proposal for a Regulation of the European Parliament and of the Council laying down measures concerning the European single market for electronic
More informationCouncil of the European Union Brussels, 15 December 2015 (OR. en)
Council of the European Union Brussels, 15 December 2015 (OR. en) Interinstitutional File: 2012/0011 (COD) 15039/15 LIMITE DATAPROTECT 229 JAI 976 MI 786 DIGIT 108 DAPIX 235 FREMP 295 COMIX 663 CODEC 1676
More informationHow To Protect Decd Information From Harm
Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the
More informationSAP Splash Privacy Statement
SAP Splash Privacy Statement The SAP Splash Privacy Statement (this Privacy Statement ) applies to the use of this website, http://www.experiencesplash.com (the Website ) and any other subdomains or webpages
More informationLast updated: 30 May 2016. Credit Suisse Privacy Policy
Last updated: 30 May 2016 Credit Suisse Please read this privacy policy (the ) as it describes how we intend to collect, use, store, share, and safeguard your information. By accessing, visiting or using
More informationZep Inc.: Global Online Privacy Notice
Zep Inc.: Global Online Privacy Notice Effective Date: March 26, 2015 We at Zep Inc., along with our affiliates (collectively, Zep ), respect your concerns about privacy. This Global Online Privacy Notice
More informationArticle 29 Working Party Issues Opinion on Cloud Computing
Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,
More informationailexpert MailExpert Security form
ailexpert MailExpert Security form Data security and confidentiality are two of our top priorities at MailExpert. The MailExpert platform was designed in such a way that ensures our customer s security
More information9565/15 CHS/VH/np 1 DGD2C
Council of the European Union Brussels, 11 June 2015 (OR. en) Interinstitutional File: 2012/0011 (COD) 9565/15 NOTE From: To: Presidency Council No. prev. doc.: 9398/15 Subject: DATAPROTECT 97 JAI 420
More informationInformation Collected. Type of Information Collected. We may collect two general types of information when you use the Site:
Privacy Policy (Last revised March 1, 2016) This website is owned and operated by Temple Square Hospitality Corporation ( Operator ). The following Privacy Policy (the Policy ) describes how Operator collects,
More informationCHAPTER I GENERAL PROVISIONS
Proposal for a regulation of the European Parliament and of the Council on the protection of individual with regard to the processing of personal data and on the free movement of such data (General Data
More informationWe may collect the following types of information during your visit on our Site:
Privacy Policy This Privacy Policy (the Policy ) governs the use and collection of information that Horizon Broadcasting Group, LLC (collectively, "we," "our" or the "website") obtains from you while you
More informationprovided by you upon registration at one of our websites or for one of our games;
Data Privacy Policy This data privacy policy informs you of which personal data is being collected by gamefabrik GmbH as part of our Internet services and games. It also explains how that data is processed
More information