Giuseppe Busia Segretario generale Garante per la protezione dei dati personali
|
|
- Philomena Eaton
- 8 years ago
- Views:
Transcription
1 mhealth enablers panel The Health & Mobile World Congress 2015 Giuseppe Busia Segretario generale Garante per la protezione dei dati personali 1
2 mhealth main concern Mobile Health (mhealth) raises many concerns about the appropriate processing of the data collected through apps or solutions by individuals, developers, health professionals, advertising companies and public authorities any personal data can become health data (if it is collected for the purpose of inferring health status) Therefore mhealth apps require a baseline of privacy and security protections appropriate to sensitive data 2
3 I dati EU pubblicati data protection devono essere: legal framework applicable to lifestyle and wellbeing Apps The relevant legal framework applicable: - Data Protection Directive (Directive 95/46/EC) - eprivacy Directive (Directive 2002/58/EC) These rules apply to any apps installed/used by users in the EU, regardless of the location of the app developer or the app store 3
4 Data Protection Directive The legal ground for processing personal data varies according to the nature of the data processed. Article 8 of the Data Protection Directive (95/46/EC) qualifies health data as a special category of data to which a higher level of data protection applies The processing of special categories of data is prohibited, unless an exception applies such as: the explicit consent of the data subject; except where in accordance with national law the prohibition to process such personal data cannot be lifted by the consent of the data subject (art. 8, 2 (a)) the vital interest of the data subject or of another person where the data subject is physically or legally incapable of giving his consent (art. 8, 2 (c)) where processing of the data is required for the purposes of preventive medicine, medical diagnosis, the provision of care or treatment or the management of healthcare services, and where those data are processed by a health professional or any professional bound by the obligation of secrecy (art. 8, 3) 4
5 Article 29 Working Party Opinions (1) WP29 Advice Paper on special categories of data (April 2011): the rationale behind Article 8 stricter legal regime Lifestyle and wellbeing apps can collect indifferently personal data of general nature (e.g. information on the data subject's hobbies) and health data (e.g. heartbeat or oxygenation of the blood) The data subject's explicit consent to the processing of his health data must be freely given, informed and specific The other principles relating to data quality (including data minimisation, data retention limitation and the adoption of appropriate safeguards in this regard) are applicable too (Article 6 of the Directive) 5
6 Article 29 Working Party Opinions (2) WP29 Opinion 02/2013 "on apps on smart devices seeks to clarify the legal obligations of each of the parties involved in the development and distribution of apps (February 2013): guidance to all the players, in particular the need to provide clear and unambiguous information about data processing to users the need for explicit consent of the user as the processing will be done for a distinct purpose than the one of the app developer the level of complexity of identifying the role of a third party can be well illustrated by the case of cloud computing providers (see also WP29 Opinion 05/2012 on Cloud Computing, July 2012) 6
7 Article 29 Working Party Opinions (3) WP29 Opinion 08/2014 on the Internet of Things (IoT) ehealth and and Quantified-self devices devices such as such body as trackers body trackers are always are carried always by carried users who by users who want want to record to record information information about about their own their habits own and habits lifestyles and lifestyles WP29 adopted on 16 September 2014, Opinion 8/2014 on the Internet of Things (IoT), which highlights the privacy and data protection challenges posed by the IoT and puts forward recommendations to help stakeholders comply with current EU data protection legislation for the development of a sustainable IoT WP29 stated that the quantified self focuses on motivating users to closely monitor their biological rhythms, it has many connections with e-health WP29 stressed that the application of Article 8 to sensitive data in the IoT requires that data controllers obtain the user s explicit consent, unless the data subject has made himself the data public 7
8 eprivacy Directive eprivacy Directive 2002/58/EC, as revised by Directive 2009/136/EC sets a specific standard to any entity worldwide that wishes to store or access information stored in devices of users located in the EEA. Cookies: the storing of information or the access to information already stored in the terminal equipment of a user is only allowed on condition that he has given his consent, having been provided with clear and comprehensive information about the purposes of the processing (Article 5(3) of this Directive). This consent requirement applies to any information (i.e. not limited to personal data as information can be any type of data stored on the device) This means that when installing an app, users should be given the choice to accept or refuse cookies or similar tracking technologies to be placed on their device In this regard, on 17 February 2015, WP29 issued a press release on the joint survey made by European regulators on website cookie usage 8
9 WP29 recent letter to European Commission (1) WP29 recent letter to European Commission, clarifying Scope of Health Data Processed by Lifestyle and Wellbeing Apps (February 2015) In the Annex to this letter, the Working Party identifies criteria to determine when personal data qualifies as health data, a special category of data receiving enhanced protection under the EU Data Protection Directive 95/46/EC Scope of Health Data WP29 identifies three main scenarios: 1) data processed by the app or device is inherently/clearly medical data (i.e. data provides information about an individual s physical or mental health status generated in a professional medical context (e.g., healthcare providers); 2) raw sensor data processed by the app or device can be used, independently or in combination with other data, to draw conclusions about an individual s actual health status or health risks; 3) data allows for conclusions to be drawn about an individual s health status or health risks (irrespective of whether these conclusions are accurate or inaccurate, legitimate or illegitimate or otherwise adequate or inadequate). 9
10 WP29 recent letter to European Commission (2) Legal Requirements for Processing Health Data users of lifestyle and wellbeing apps do not have to comply with the Directive when the data is not transmitted outside their device, as this qualifies as purely personal use of personal data WP29 letter also underlines: the importance of providing clear and easily accessible information to the users before they install the app or buy the device the need to implement proper anonymization techniques and other security measures, such as privacy by design and data minimization Further Processing of Health Data for Historical, Statistical and Scientific Purposes WP29 would like the EC to make a clear statement that, under the Directive, further Processing of Health Data for Historical, Statistical and Scientific Purposes requires explicit consent, unless specific exceptions provided in national law apply 10
11 EC mhealth public consultation results The recently published results of the EC public consultation on mhealth well show how WP29 concerns are shared by different stakeholders (January 2015) From the analysis of comments from the 211 respondents (71% were from organizations and 29% were from individuals): there is a great interest in strong privacy and security tools, and strengthened enforcement of data protection rules not only among data protection stakeholders but also among european citizens The success of an mhealth concept is based on its capacity to generate TRUST from a wide range of users 11
12 2014 GPEN PRIVACY SWEEP On 10 September 2014, the Global Privacy Enforcement Network (GPEN) published the results of its privacy enforcement survey or sweep carried out earlier in 2014 with respect to popular mobile apps many raised concerns about mobile apps 12
13 About GPEN The GPEN Global Privacy Enforcement Network was established in 2008 upon recommendation by the OECD to foster cross-border cooperation among privacy regulators in an increasingly global market The informal network is comprised of 47 privacy enforcement authorities in 37 jurisdictions around the world 13
14 2014 App Sweep purpose Over the course of a week in May 2014, GPEN s sweepers (made up of 26 data protection authorities, including the Italian DPA, across 19 jurisdictions) participated in the survey by downloading and briefly interacting with the most popular apps released by developers in their respective jurisdictions, in an attempt to recreate a typical consumer s experience. GPEN 2014 App Sweep purpose was to increase public and commercial awareness of data protection rights and responsibilities as well as identify specific high-level issues which may become the focus of future enforcement actions and initiatives The results of the sweep suggest that a high proportion of the apps downloaded did not sufficiently explain how consumers personal information would be collected and used. 14
15 2014 App Sweep highlights - 3/4 of all apps examined requested one or more permissions, the most common of which included location, device ID, access to other accounts, camera and contacts - Some 59 % of apps left sweepers scrambling to find pre-installation privacy communications - For nearly one-third of the apps (31%), sweepers expressed concern about the nature of the permissions being sought - Some 43 % of apps did not tailor privacy communications to the small screen - Just a fraction of apps examined, 15 %, provided a clear explanation of how it would collect, use and disclose personal information 15
16 Italian DPA medical App Sweep The Italian DPA (Garante), as part of the "2014 GPEN Privacy Sweep, chose to sweep medical applications WHY medical Apps? Because it was not possible to postpone medical App evaluation in terms of usefulness/data protection requirements.and our decision was in line with the concerns that were voiced recently at European level in this regard (EC Green Paper on mhealth and public consultation on mhealth) The results of the italian sweeping activity show that the degree of transparency on the processing of user data and the permissions required them to download the selected medical App are, in some cases, not in line with the Italian data protection legislation 16
17 Italian DPA medical App Sweep highlights 50% of the medical apps surveyed by the Italian DPA's "sweepers" out of a sample including those with the highest number of downloads on the various platforms do not provide information on data use prior to installation (or else provide very general information or request excessive data compared to their features) In many cases the privacy notice is not tailored to the small screen size and is thus hard to decipher; in yet other cases the privacy notice is found, for instance, in the technical credits area of the given device 17
18 Italian DPA further steps The italian medical App Sweep was not an investigation, nor was it intended to conclusively identify compliance issues or possible violations of privacy legislation Nevertheless - any profiles of privacy violation detected will be evaluated by the Garante - at the national level, we are planning an assessment in terms of needed inspections and any possible prescriptive measures/sanctions 18
19 2014 GPEN Sweep follow up letter On December 9, 2014, 23 privacy authorities from around the world have signed an open letter to the operators of seven app marketplaces (Apple, Google, Samsung, Microsoft, Nokia, BlackBerry and Amazon.com), urging them to make links to privacy policies mandatory for apps that collect personal information The Italian DPA, as well as all the other undersigned privacy enforcement authorities, strongly believe that an app marketplace operator should, acting as a responsible corporate citizen, make the basic commitment to require each app that can access or collect personal information, to provide users with timely access to the app s privacy policy 19
20 Which future of mhealth? mhealth apps will surely be a large part of the future of health care but there are still too many unresolved questions of what to do with mhealth. those issues of mhealth regulation and standardisation must become surmountable...thanks to our common efforts 20
COMMISSION STAFF WORKING DOCUMENT. on the existing EU legal framework applicable to lifestyle and wellbeing apps. Accompanying the document
EUROPEAN COMMISSION Brussels, 10.4.2014 SWD(2014) 135 final COMMISSION STAFF WORKING DOCUMENT on the existing EU legal framework applicable to lifestyle and wellbeing apps Accompanying the document GREEN
More informationANNEX - health data in apps and devices
ANNEX - health data in apps and devices Concept of health data in Directive 95/46/EC Article 8 of the Data Protection Directive (95/46/EC) qualifies health data as a special category of data to which a
More informationResponse of the German Medical Association
Response of the German Medical Association To the Green Paper on mobile Health ( mhealth ) of the European Commission Berlin, 3 July 2014 Bundesärztekammer Herbert-Lewin-Platz 1 10623 Berlin We are grateful
More informationLegal compliance for developers. Training materials (prepared by Tilburg University)
Legal compliance for developers using FI-STAR ehealth platform Training materials (prepared by Tilburg University) Target audience: Target audience and objectives developers & other potential users of
More informationWhat is Quantified Self (QS)?
Subtitle Title Content Quantified Self (QS) (Sensitive) Personal data Security risks QS Privacy risks QS Art. 29 Working Party (WP29) on QS WP29 on ehealth WP29 on Internet of Things (IoT) QS data at risk
More informationData protection compliance checklist
Data protection compliance checklist What is this checklist for? This checklist is drawn up on the basis of analysis of the relevant provisions of European law. Although European law aims at harmonizing
More informationEuropean Commission initiatives on e- and mhealth
European Commission initiatives on e- and mhealth Fundamental Rights Forum, 22 June 2016 WG 24: E-health: improving rights fulfilment through innovation Claudia Prettner, Unit for Health and Well-Being,
More informationInternational Working Group on Data Protection in Telecommunications
International Working Group on Data Protection in Telecommunications 675.42.10 4 April 2011 Working Paper Event Data Recorders (EDR) on Vehicles Privacy and data protection issues for governments and manufacturers
More informationDraft Code of Conduct on privacy for mobile health applications
Draft Code of Conduct on privacy for mobile health applications I. About this Code 1) Introduction To be drafted as a last step, when the rest of the Code is more or less stable Ed. 2) Purpose The purpose
More informationAIRBUS GROUP BINDING CORPORATE RULES
1 AIRBUS GROUP BINDING CORPORATE RULES 2 Introduction The Binding Corporate Rules (hereinafter BCRs ) of the Airbus Group finalize the Airbus Group s provisions on the protection of Personal Data. These
More informationWritten Contribution of the National Association of Statutory Health Insurance Funds of 16.11.2015
Written Contribution of the National Association of Statutory Health Insurance Funds of 16.11.2015 to the Public Consultation of the European Commission on Standards in the Digital : setting priorities
More informationUnder European law teleradiology is both a health service and an information society service.
ESR statement on the European Commission Staff Working Document on the applicability of the existing EU legal framework to telemedicine services (SWD 2012/413). The European Society of Radiology (ESR)
More informationOVERVIEW. stakeholder engagement mechanisms and WP29 consultation mechanisms respectively.
Joint work between experts from the Article 29 Working Party and from APEC Economies, on a referential for requirements for Binding Corporate Rules submitted to national Data Protection Authorities in
More informationGARANTE PER LA PROTEZIONE DEI DATI PERSONALI WHEREAS
[doc. web n. 1589969] Spamming: How to Lawfully Email Advertising Messages GARANTE PER LA PROTEZIONE DEI DATI PERSONALI Prof. Stefano Rodotà, President, Prof. Giuseppe Santaniello, Vice-President, Prof.
More informationMulti-Jurisdictional Study: Cloud Computing Legal Requirements. Julien Debussche Associate January 2015
Multi-Jurisdictional Study: Cloud Computing Legal Requirements Julien Debussche Associate January 2015 Content 1. General Legal Framework 2. Data Protection Legal Framework 3. Security Requirements 4.
More informationData Protection Policy.
Data Protection Policy. Data Protection Policy Foreword 2 Foreword Ladies and Gentlemen, In the information age, we offer customers the means to be always connected, even in their cars. This requires data
More informationCOCIR contribution to the public consultation on Personal Data Protection in the EU 1
COCIR contribution to the public consultation on Personal Data Protection in the EU 1 European Coordination Committee of the Radiological, Electromedical and Healthcare IT Industry Bd. A. Reyers 80, 1030
More informationPlus500UK Limited. Statement on Privacy and Cookie Policy
Plus500UK Limited Statement on Privacy and Cookie Policy Statement on Privacy and Cookie Policy This website is operated by Plus500UK Limited ("we, us or our"). It is our policy to respect the confidentiality
More informationData protection issues on an EU outsourcing
Data protection issues on an EU outsourcing Saam Golshani, Alastair Gorrie and Diego Rigatti, Orrick Herrington & Sutcliffe www.practicallaw.com/8-380-8496 Outsourcing can mean subcontracting a process
More informationTrusted Personal Data Management A User-Centric Approach
GRUPPO TELECOM ITALIA Future Cloud Seminar Oulu, August 13th 2014 A User-Centric Approach SKIL Lab, Trento - Italy Why are we talking about #privacy and #personaldata today? 3 Our data footprint Every
More informationCommon position of national authorities within the CPC Network
Common position of national authorities within the CPC Network Assessment of proposals made by Apple, Google and relevant trade associations regarding in-app purchases in online games By letter dated 9
More informationTilburg University. U.S. Subpoenas and European data protection legislation Moerel, Lokke; Jansen, Nani; Koëter, Jeroen
Tilburg University U.S. Subpoenas and European data protection legislation Moerel, Lokke; Jansen, Nani; Koëter, Jeroen Published in: International Data Privacy Law Document version: Preprint (usually an
More information2015 GPEN Sweep Children s Privacy
2015 GPEN Sweep Children s Privacy Summary Observations Many websites and apps targeted at, or popular among, children are collecting personal information without offering kids and their parents adequate
More informationBinding Corporate Rules ( BCR ) Summary of Third Party Rights
Binding Corporate Rules ( BCR ) Summary of Third Party Rights This document contains in its Sections 3 9 all provision of the Binding Corporate Rules (BCR) for Siemens Group Companies and Other Adopting
More informationWorking Document 02/2013 providing guidance on obtaining consent for cookies
ARTICLE 29 DATA PROTECTION WORKING PARTY 1676/13/EN WP 208 Working Document 02/2013 providing guidance on obtaining consent for cookies Adopted on 2 October 2013 This Working Party was set up under Article
More informationBy Emily Hay and Jan Dhont, Data Privacy Department, Lorenz Brussels.
Getting a Clean Bill of Health for Privacy in Your Mobile App By Emily Hay and Jan Dhont, Data Privacy Department, Lorenz Brussels. I. Introduction to the legal regime and risks As the marketplace floods
More informationGreen Paper on mhealth apps Input from the European Chronic Disease Alliance (ECDA) 2 July 2014
Green Paper on mhealth apps Input from the European Chronic Disease Alliance (ECDA) 2 July 2014 About ECDA The European Chronic Disease Alliance (ECDA) is a Brussels-based alliance of 11 European health
More informationConnected car, big data, big brother?
Connected car, big data, big brother? Using geolocation in a trustworthy and compliant way Simon.Hania@tomtom.com Trends that threaten trust 2 Connected cars with downloadable apps Location services, cloud,
More informationProposal of regulation Com 2012 11/4 Directive 95/46/EC Conclusion
Page 1 sur 155 Proposal of regulation Com 2012 11/4 Directive 95/46/EC Conclusion Legal nature of the instrument Règlement Directive Directly applicable act in internal law 91 articles 34 articles Art.
More informationlegal & ethical data sharing prof.dr. Ronald Leenes r.e.leenes@uvt.nl TILT - Tilburg Institute for Law, Technology, and Society
legal & ethical data sharing prof.dr. Ronald Leenes r.e.leenes@uvt.nl TILT - Tilburg Institute for Law, Technology, and Society overview the problem revisited secondary use data protection regulation Data
More informationOverview. Data protection in a swirl of change 28.03.2014. Cloud computing. Software as a service. Infrastructure as a service. Platform as a service
Data protection in a swirl of change Overview 1 Data protection issues in cloud computing 2 Consent for mobile applications Security Seminar 2014: Privacy Radboud University Nijmegen 3 The WhatsApp case
More informationResolution on Privacy Protection in Social Network Services
30 th International Conference of Data Protection and Privacy Commissioners Strasbourg, 17 October 2008 Resolution on Privacy Protection in Social Network Services Proposer: Data Protection and Freedom
More informationGuidelines on Executive Order on Information and Consent Required in Case of Storing and Accessing Information in End-User Terminal Equipment
Guidelines on Executive Order on Information and Consent Required in Case of Storing and Accessing Information in End-User Terminal Equipment ("Cookie Order") 2nd version, April 2013 Preface...3 1. Introduction...5
More informationUNILEVER PRIVACY PRINCIPLES UNILEVER PRIVACY POLICY
UNILEVER PRIVACY PRINCIPLES Unilever takes privacy seriously. The following five principles underpin our approach to respecting your privacy: 1. We value the trust that you place in us by giving us your
More informationCloud Computing and Data Protection Compliance - Experiences from Norway
Cloud Computing and Data Protection Compliance - Experiences from Norway PhD Thomas Olsen Legal Aspects of Cloud Computing, UiO, 27 January 2015 www.svw.no Overview Cloud Computing Introduction to EU and
More informationGive Your Mobile App
Give Your Mobile App a Clean Bill of Health A Guide to Data Privacy to Ensure Your App is Legally Compliant Determine your legal responsibilities for data privacy during mobile app development Key insights
More informationComments and proposals on the Chapter II of the General Data Protection Regulation
Comments and proposals on the Chapter II of the General Data Protection Regulation Ahead of the trialogue negotiations in September, EDRi, Access, Panoptykon Bits of Freedom, FIPR and Privacy International
More informationArticle 29 Working Party Issues Opinion on Cloud Computing
Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,
More informationGSK Public policy positions
Safeguarding Personally Identifiable Information A Summary of GSK s Binding Corporate Rules The Issue The processing of Personally Identifiable Information (PII) 1 and Sensitive Personally Identifiable
More informationPRIVACY E COOKIES: LA PROTEZIONE DEI DATI NELL E-COMMERCE COOKIES AND PRIVACY: DATA PROTECTION LAW FOR E-COMMERCE BUSINESS
PRIVACY E COOKIES: LA PROTEZIONE DEI DATI NELL E-COMMERCE COOKIES AND PRIVACY: DATA PROTECTION LAW FOR E-COMMERCE BUSINESS Anna Frankum Partner: IP, IT and Commercial Agenda Overview of EU/UK Data Protection
More informationCOMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS
EUROPEAN COMMISSION Brussels, XXX [ ](2011) XXX draft COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS
More informationGuidelines on Data Protection. Draft. Version 3.1. Published by
Guidelines on Data Protection Draft Version 3.1 Published by National Information Technology Development Agency (NITDA) September 2013 Table of Contents Section One... 2 1.1 Preamble... 2 1.2 Authority...
More informationThe Future Of UK Pharmaceutical Best Practices --By Lincoln Tsang and Silvia Valverde, Arnold & Porter LLP
Published by Life Sciences Law360 on January 26, 2015. Also ran in Health Law360. The Future Of UK Pharmaceutical Best Practices --By Lincoln Tsang and Silvia Valverde, Arnold & Porter LLP Law360, New
More informationSelling Telematics Motor Insurance Policies. A Good Practice Guide
Selling Telematics Motor Insurance Policies A Good Practice Guide April 2013 1 INTRODUCTION 1.1 The purpose of the guidance This guidance sets out high-level actions that insurers should seek to achieve
More informationHealthcare Coalition on Data Protection
Healthcare Coalition on Data Protection Recommendations and joint statement supporting citizens interests in the benefits of data driven healthcare in a secure environment Representing leading actors in
More informationPrivacy in the Cloud A Microsoft Perspective
A Microsoft Perspective November 2010 The information contained in this document represents the current view of Microsoft Corp. on the issues discussed as of the date of publication. Because Microsoft
More informationE-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY
E-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY Oana Dolea 7 th Annual Leg@l.IT Conference March 26th, 2013 Montreal, Canada INTRODUCTION Mobile e-commerce vs. E-commerce Mobile e-commerce:
More informationZubi Advertising Privacy Policy
Zubi Advertising Privacy Policy This privacy policy applies to information collected by Zubi Advertising Services, Inc. ( Company, we or us ), on our Latino Emoji mobile application or via our Latino Emoji
More informationESTRO PRIVACY AND DATA SECURITY NOTICE
ESTRO PRIVACY AND DATA SECURITY NOTICE This Data Privacy and Security Policy is a dynamic document, which will reflect our continuing vigilance to properly handle and secure information that we are trusted
More informationCookies and consent. The Article 29 Working Party has identified seven types of cookies that are not subject to the consent requirement.
Cookies and consent Cookies are small text files placed on a computer and accessed by the browser when opening a webpage. - DDMA 2012 The statutory requirements governing the placement of cookies were
More informationehealth The issues that matter
ehealth The issues that matter Contents Technology outpacing regulation 4 A new frontier for data privacy 6 Product liability and jurisdictional issues 8 Cyber security rules under observation 10 Your
More informationARTICLE 29 Data Protection Working Party
ARTICLE 29 Data Protection Working Party 11601/EN WP 90 Opinion 5/2004 on unsolicited communications for marketing purposes under Article 13 of Directive 2002/58/EC Adopted on 27 February 2004 This Working
More informationApplication of Data Protection Concepts to Cloud Computing
Application of Data Protection Concepts to Cloud Computing By Denitza Toptchiyska Abstract: The fast technological development and growing use of cloud computing services require implementation of effective
More informationEUROPEAN DATA PROTECTION SUPERVISOR
C 47/6 Official Journal of the European Union 25.2.2010 EUROPEAN DATA PROTECTION SUPERVISOR Opinion of the European Data Protection Supervisor on the Communication from the Commission on an Action Plan
More informationSouth East Asia: Data Protection Update
Data Privacy and Security Team To: Our Clients and Friends September 2013 South East Asia: Data Protection Update Europe has had data protection laws in place for over a decade. Such laws regulate how
More informationCOMMUNIQUÉ ON PRINCIPLES FOR INTERNET POLICY-MAKING OECD HIGH LEVEL MEETING ON THE INTERNET ECONOMY,
COMMUNIQUÉ ON PRINCIPLES FOR INTERNET POLICY-MAKING OECD HIGH LEVEL MEETING ON THE INTERNET ECONOMY, 28-29 JUNE 2011 The Seoul Declaration on the Future of the Internet Economy adopted at the 2008 OECD
More informationOpinion 8/2014 on the on Recent Developments on the Internet of Things
ARTICLE 29 DATA PROTECTION WORKING PARTY 14/EN WP 223 Opinion 8/2014 on the on Recent Developments on the Internet of Things Adopted on 16 September 2014 This Working Party was set up under Article 29
More informationEuropean Privacy Reporter
Is this email not displaying correctly? Try the web version or print version. ISSUE 02 European Privacy Reporter An Update on Legal Developments in European Privacy and Data Protection November 2012 In
More informationCorporate Policy. Data Protection for Data of Customers & Partners.
Corporate Policy. Data Protection for Data of Customers & Partners. 02 Preamble Ladies and gentlemen, Dear employees, The electronic processing of virtually all sales procedures, globalization and growing
More informationBriefly summarised, SURFmarket has submitted the following questions to the Dutch DPA:
UNOFFICIAL TRANSLATION Written opinion on the application of the Wet bescherming persoonsgegevens [Dutch Data Protection Act] in the case of a contract for cloud computing services from an American provider
More informationPrivacy Challenges in the Internet of Things (IoT) a European Perspective
Privacy Challenges in the Internet of Things (IoT) a European Perspective Alicja Gniewek, PhD Student Interdisciplinary Centre for Security, Reliability and Trust Weicker Building, Université du Luxembourg
More informationPRESIDENT S DECISION No. 40. of 27 August 2013. Regarding Data Protection at the European University Institute. (EUI Data Protection Policy)
PRESIDENT S DECISION No. 40 of 27 August 2013 Regarding Data Protection at the European University Institute (EUI Data Protection Policy) THE PRESIDENT OF THE EUROPEAN UNIVERSITY INSTITUTE, Having regard
More informationIAPP PRIVACY ACADEMY
IAPP PRIVACY ACADEMY KEEPING UP WITH EMERGING STANDARDS FOR MOBILE PRIVACY Joanne McNabb Julie Mayer Tim Tobin Director of Privacy Staff Attorney Partner Education & Policy Northwest Regional Office Hogan
More informationBig Data for Mutuals. Marc Dautlich 25 November 2013
Big Data for Mutuals Marc Dautlich 25 November 2013 Agenda BIG DATA What is it? OPPORTUNITIES What are they? LEGAL CHALLENGES How do we overcome them? LEGAL REFORM What can we do now to minimise impact?
More informationWork programme 2016 2018
ARTICLE 29 Data Protection Working Party 417/16/EN WP235 Work programme 2016 2018 Adopted on 2 February 2016 This Working Party was set up under Article 29 of Directive 95/46/EC. It is an independent European
More informationData privacy guidelines for using Wellnomics Risk Management. Wellnomics White Paper
Data privacy guidelines for using Wellnomics Risk Management Wellnomics White Paper Wellnomics Limited www.wellnomics.com 2008-2010 Wellnomics Limited Ref 062010 Data Privacy Guidelines using Wellnomics
More informationS Z E C S K A Y Ü g y v é d i
EMPLOYEE MONITORING FROM THE PERSPECTIVE OF HUNGARIAN DATA PROTECTION LAWS While employers oftentimes wish to monitor the behavior of their employees, which generally is a rightful intention, it is also
More informationCLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES:
CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES: Privacy Responsibilities and Considerations Cloud computing is the delivery of computing services over the Internet, and it offers many potential
More informationDeclaration of Internet Rights Preamble
Declaration of Internet Rights Preamble The Internet has played a decisive role in redefining public and private space, structuring relationships between people and between people and institutions. It
More informationData Protection Act. Conducting privacy impact assessments code of practice
Data Protection Act Conducting privacy impact assessments code of practice 1 Conducting privacy impact assessments code of practice Data Protection Act Contents Information Commissioner s foreword... 3
More informationThe reform of the EU Data Protection framework - Building trust in a digital and global world. 9/10 October 2012
The reform of the EU Data Protection framework - Building trust in a digital and global world 9/10 October 2012 Questionnaire addressed to national Parliaments Please, find attached a number of questions
More informationUnless otherwise stated, our SaaS Products and our Downloadable Products are treated the same for the purposes of this document.
Privacy Policy This Privacy Policy explains what information Fundwave Pte Ltd and its related entities ("Fundwave") collect about you and why, what we do with that information, how we share it, and how
More informationPRIVACY POLICY. 1. Definitions and Interpretation In this Policy the following terms shall have the following meanings:
PRIVACY POLICY BACKGROUND: This Policy applies as between you, the User of this Website and DisplayNote Technologies Limited the owner and provider of this Website. This Policy applies to our use of any
More informationData Protection. Processing and Transfer of Personal Data in Kvaerner. Binding Corporate Rules Public Document
Data Protection Processing and Transfer of Personal Data in Kvaerner Binding Corporate Rules Public Document 1 of 19 1 / 19 Table of contents 1 Introduction... 4 1.1 Scope... 4 1.2 Definitions... 4 1.2.1
More informationBRING YOUR OWN DEVICE
BRING YOUR OWN DEVICE Legal Analysis & Practical TIPs for an effective BYOD corporate Policy CONTENTS 1. What is BYOD? 2. Benefits and risks of BYOD in Europe 3. BYOD and existing Policies 4. Legal issues
More informationData Protection Standard
Data Protection Standard Processing and Transfer of Personal Data in Aker Solutions (Binding Corporate Rules) Aker Solutions www.akersolutions.com Table of contents 1 Introduction... 3 1.1 Scope... 3 1.2
More informationCloud Security under the EU Data Protection Directive and draft General Data Protection Regulation
ENISA EU28 Cloud Security Conference 16 June 2015 Cloud Security under the EU Data Protection Directive and draft General Data Protection Regulation Kuan Hon Senior Researcher, Cloud Legal Project & Microsoft
More informationThe Netherlands response to the public consultation on the revision of the European Commission s Impact Assessment guidelines
The Netherlands response to the public consultation on the revision of the European Commission s Impact Assessment guidelines Introduction Robust impact assessment is a vital element of both the Dutch
More information7.0 Information Security Protections The aggregation and analysis of large collections of data and the development
7.0 Information Security Protections The aggregation and analysis of large collections of data and the development of interconnected information systems designed to facilitate information sharing is revolutionizing
More informationOPINION MAY 2012 ON CLOUD COMPUTING Article 29 Data Protection Working Party (July 1, 2012)
OPINION MAY 2012 ON CLOUD COMPUTING Article 29 Data Protection Working Party (July 1, 2012) ARTICLE 29 DATA PROTECTION WORKING PARTY 01037/12/EN WP 196 Opinion 05/2012 on Cloud Computing Adopted July 1
More informationOnline and Mobile Privacy Notice ( Privacy Notice )
Online and Mobile Privacy Notice ( Privacy Notice ) Introduction This Privacy Notice applies to the operations of Cigna Global Health Benefits and its affiliated companies listed at the end of this Privacy
More information7 August 2015. I. Introduction
Suggestions for privacy-related questions to be included in the list of issues on Hungary, Human Rights Committee, 115th session, October-November 2015 I. Introduction 7 August 2015 Article 17 of the International
More informationPolicy Statement. Employee privacy, data protection and human resources. Prepared by the Commission on E-Business, IT and Telecoms. I.
International Chamber of Commerce The world business organization Policy Statement Employee privacy, data protection and human resources Prepared by the Commission on E-Business, IT and Telecoms I. Introduction
More informationFISHER & PAYKEL PRIVACY POLICY
FISHER & PAYKEL PRIVACY POLICY 1. About this Policy Fisher & Paykel Australia Pty Limited (ABN 71 000 042 080) and its related companies ('we', 'us', 'our') understands the importance of, and is committed
More informationThe Manitowoc Company, Inc.
The Manitowoc Company, Inc. DATA PROTECTION POLICY 11FitzPatrick & Associates 4/5/04 1 Proprietary Material Version 4.0 CONTENTS PART 1 - Policy Statement PART 2 - Processing Personal Data PART 3 - Organisational
More informationThe Digital Marketing Ecosystem: Trends, Risks and Obligations
The Digital Marketing Ecosystem: Trends, Risks and Obligations Teena H. Lee, Vice President, Privacy and E-commerce Counsel The Estée Lauder Companies Inc. Bridget C. Treacy, Partner, Hunton & Williams
More informationPIPEDA and Online Backup White Paper
PIPEDA and Online Backup White Paper The cloud computing era has seen a phenomenal growth of the data backup service industry. Backup service providers, by nature of their business, are compelled to collect
More informationSimplified Arrangements to Provide Information and Obtain Consent Regarding Cookies - 8 may 2014 THE ITALIAN DATA PROTECTION AUTHORITY
[versione italiana] Simplified Arrangements to Provide Information and Obtain Consent Regarding Cookies - 8 may 2014 THE ITALIAN DATA PROTECTION AUTHORITY Having convened today, in the presence of Mr.
More informationThe EFPIA Disclosure Code: Your Questions Answered
The EFPIA Disclosure Code: Your Questions Answered Working together: why do the pharmaceutical industry and healthcare professionals work together? 1 Why does industry pay health professionals to provide
More informationLots of clouds: a stormy weather for information privacy?
Lots of clouds: a stormy weather for information privacy? Michel Jaccard Sylvain Métille Web idest.pro Twitter @idestavocats Introduction Purpose: know what you do, why you do it, the risks and the best
More informationOnline Security, Traffic Data and IP Addresses. Review of the Regulatory Framework for Electronic Communications
Brussels, October 8 th 2008 Online Security, Traffic Data and IP Addresses Review of the Regulatory Framework for Electronic Communications Francisco Mingorance Senior Director Government Affairs franciscom@bsa.org
More informationeprivacy GmbH Criteria Catalogue "eprivacyapp" June 2015
eprivacy GmbH Criteria Catalogue "eprivacyapp" June 2015 The eprivacyapp seal for data security and data protection from eprivacy GmbH certifies the respective requester that his/her offer is compliant
More information1. Introduction. 2. Sectoral Areas Affected. 3. Data Security. 4. Data Breach Requirements. 5. Traffic Data
1. Introduction Special data protection rules apply to the protection of Personal Data by Data Controllers in the electronic communications sector. These are in addition to the general obligations that
More informationCorporate Compliance: A Global Perspective
Corporate Compliance: A Global Perspective 6/27/2012 37 Offices in 18 Countries Current Compliance Environment Ever-intensifying regulatory burden new areas of regulation existing regulations becoming
More informationContracting with a Cloud Service Provider DATA PROTECTION WORKSHOP NJERI OLWENY, MICROSOFT
Contracting with a Cloud Service Provider DATA PROTECTION WORKSHOP NJERI OLWENY, MICROSOFT Overview Cloud computing offers great opportunities for organizations, including schools, hospitals and businesses
More informationARTICLE 29 DATA PROTECTION WORKING PARTY
ARTICLE 29 DATA PROTECTION WORKING PARTY 01037/12/EN WP 196 Opinion 05/2012 on Cloud Computing Adopted July 1 st 2012 This Working Party was set up under Article 29 of Directive 95/46/EC. It is an independent
More informationEU Policy on RFID & Privacy
EU Policy on RFID & Privacy Developments 2007, Outlook 2008 Andreas Krisch http://www.edri.org/ http://www.unwatched.org/ 24C3, 30.12.2007 European Digital Rights (EDRi) Umbrella
More informationOpinion 02/2013 on apps on smart devices
ARTICLE 29 DATA PROTECTION WORKING PARTY 00461/13/EN WP 202 Opinion 02/2013 on apps on smart devices Adopted on 27 February 2013 This Working Party was set up under Article 29 of Directive 95/46/EC. It
More informationMEMBI PRIVACY POLICY
MEMBI 1 PURPOSE OF OUR POLICY 1.1 Membi Limited (Company Number 09775238) of 396a Kingston Road, Kingston Road, London SW20 8LL, United Kingdom (Membi, we, us or our) provides the services offered on the
More information