Privacy and Personal Data Protection: Legal Context and Social Perception



Similar documents
Marion GARNIER. Marketing Lille

Corporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data

ARTICLE 29 Data Protection Working Party

Iowa Student Loan Online Privacy Statement

Guidelines on Executive Order on Information and Consent Required in Case of Storing and Accessing Information in End-User Terminal Equipment

DARTFISH PRIVACY POLICY

AIRBUS GROUP BINDING CORPORATE RULES

ONLINE PRIVACY POLICY

OVERVIEW. stakeholder engagement mechanisms and WP29 consultation mechanisms respectively.

Panel 1. Greater Regulation of Special Threats to Privacy. Data Protection in the 21st Century

Data Protection. Processing and Transfer of Personal Data in Kvaerner. Binding Corporate Rules Public Document

Guidelines on data protection in EU financial services regulation

GSK Public policy positions

Proposal of regulation Com /4 Directive 95/46/EC Conclusion

ARTICLE 29 Data Protection Working Party

technical factsheet 176

Binding Corporate Rules ( BCR ) Summary of Third Party Rights

COMMISSION STAFF WORKING DOCUMENT. on the existing EU legal framework applicable to lifestyle and wellbeing apps. Accompanying the document

Working Document 02/2013 providing guidance on obtaining consent for cookies

PRIVACY POLICY. 1. Definitions and Interpretation In this Policy the following terms shall have the following meanings:

INTERNATIONAL SOS. Data Protection Policy. Version 1.05

Google: Trust, Choice, and Privacy

Personal Data Act (1998:204);

An overview of UK data protection law

Bibliothèque numérique de l enssib

Table of contents: ***

Politique de sécurité de l information Information Security Policy

Declaration of Internet Rights Preamble

Questions and answers

Introduction Les failles les plus courantes Les injections SQL. Failles Web. Maxime Arthaud. net7. Jeudi 03 avril 2014.

// CODE OF ETHICS FOR DENTISTS IN THE EUROPEAN UNION

Cloud Computing and Privacy Laws! Prof. Dr. Thomas Fetzer, LL.M. Technische Universität Dresden Law School

"Internationalization vs. Localization: The Translation of Videogame Advertising"

The Data Protection Landscape. Before and after GDPR: General Data Protection Regulation

DailyMailz may collect and process the following personal information about you:

Response of the Northern Ireland Human Rights Commission on the Health and Social Care (Control of Data Processing) NIA Bill 52/11-16

GUIDE OF HOW TO WRITE BIBLIOGRAPHICAL REFERENCES. 1- THE OBJECTIVE OF A BIBLIOGRAPHY.. p.2

Information sharing. Advice for practitioners providing safeguarding services to children, young people, parents and carers

1. Introduction. 2. Sectoral Areas Affected. 3. Data Security. 4. Data Breach Requirements. 5. Traffic Data

Monitoring Employee Communications: Data Protection and Privacy Issues

DATA Dr. Jan Krancke, VP Regulatory Strategy & Projects CERRE Expert Workshop, Brussels. re3rerererewr

FRANCE. Chapter XX OVERVIEW

Opinion 2/2010 on online behavioural advertising

Into the Cloud: How will the Draft EU Data Protection Regulation affect cloud computing service providers and users?

Liste d'adresses URL

BRING YOUR OWN DEVICE

Opinion 03/2013 on purpose limitation

Data Protection Policy

PRIVACY POLICY. I. Introduction. II. Information We Collect

Derbyshire Constabulary GUIDANCE ON THE SAFE USE OF THE INTERNET AND SOCIAL MEDIA BY POLICE OFFICERS AND POLICE STAFF POLICY REFERENCE 09/268

How To Write A Report On A Recipe Card

Privacy Policy on the Collection, Use, Disclosure and Retention of Personal Health Information and De-Identified Data, 2010

DATA PROTECTION IN DIRECT MARKETING

7 August I. Introduction

Privacy Policy and Notice of Information Practices

AdvancedMD Online Privacy Statement

Freedom of information guidance Exemptions guidance Section 41 Information provided in confidence

INERTIA ETHICS MANUAL

International Paralympic Committee Medical Code. December 2011

PRESIDENT S DECISION No. 40. of 27 August Regarding Data Protection at the European University Institute. (EUI Data Protection Policy)

Code of Conduct for Healthcare Support Workers in Wales

Position of the retail and wholesale sector on the Draft Data Protection Regulation in view of the trilogue 2015

on the transfer of personal data from the European Union

Sylvain Gagne, B.A., M.A., Ph.D.

Yannig Roth, PhD Candidate

Constitutional Identity in European Constitutionalism Prof. Dr. Rainer Arnold, University of Regensburg, Germany

"Templating as a Strategy for Translating Official Documents from Spanish to English"

Adaptive Business Management Systems Privacy Policy

The Art of Intervenability for Privacy Engineering

Privacy Rules for Customer, Supplier and Business Partner Data. Directive 7.08 Protection of Personal Data

Align Technology. Data Protection Binding Corporate Rules Controller Policy Align Technology, Inc. All rights reserved.

Multi-Jurisdictional Study: Cloud Computing Legal Requirements. Julien Debussche Associate January 2015

Cloud computing and personal data protection. Gwendal LE GRAND Director of technology and innovation CNIL

Privacy vs Data Protection. PRESENTATION TITLE GOES HERE Eric A. Hibbard, CISSP, CISA Hitachi Data Systems

Transcription:

Privacy and Personal Data Protection: Legal Context and Social Perception Estelle De Marco Inthemis FIA 2011 Budapest Economics of Privacy Wednesday 18 May 2011

Privacy (12 UDHR, 17 ICCPR, 8 ECHR, 7 EU Charter, Constitutions, civ. and crim. Laws) Protected spheres and aspects: Privacy, home, family, correspondances / honour and reputation Secret / freedom Content Concept that suffers from «an embarrassment of meanings» [1] «Right to be left alone» [2], «to make decisions into his zone of privacy» [3] Concept that «cannot be understood independently from society» [1] More precise definitions: e.g. F. Terré (identity, origins, health, moral/(extra)conjugal, fam. life, friendship, participation in private assembly) [4] More extensive ECHR: ex. relations with the outside world, even professional; selfdetermination; personal autonomy; own personality development [5] Proposed definition: whole set of pieces of pers. information that have their subject as common denominator, their private nature being determined according to the legitimacy or illegitimacy of third parties controlling it (knowledge/transcription/divulgation) [6] Personal Data protection (8 ECHR, 8 EU Charter, Conv. 108, Dir 1995/46, Dir. 2002/58 mod. 2009/136) : personal data are elements of private life, even disclosed/processed [1] D. J. Solove; [2] S. Warren and L. Brandeis; [3] USA Supreme Court; [4] F. Terré; [5] E Court HR; [6] E. De Marco.

Personal Data Protection: Dir. 95/46/EC 2002/58/EC modif. 2009/136/EC Criteria of application of EU and National laws : Establishment Use of processing means (including user s terminals + software mobile phone, calculating facilities, java scripts, cookies to store and retrieve pers. data.. WP 179) [7] Conditions for collecting/processing personal data: The data subject has unambiguously given his prior consent, o Unless legitimate interest pursued by the controller or 3 rd party interest which cannot override user s rights o Imperative for: Processing traffic data for marketing purposes or added value services Using location data (general terms & conditions: not enough, WP 115 [8]) Sending direct marketing communications using (or not) automatic calling machines (unless similar products/services) Sending any cookie (browsers predetermined to accept: not enough, WP 171, [9]) Collecting sensitive data, unless P.D. manifestly made public by the subject; separate opt in consent if through cookies [9]) Transfering PD to 3 rd countries that do not ensure an adequate level of protection

Personal Data Protection: Dir. 95/46/EC 2002/58/EC modif. 2009/136/EC Consent must be informed (at least controller s identity, purposes) Cookies and use of location data extended imperative information; for instance: identity of the serving and collecting entity / creation of a profile to serve targ. ads [8] Collection for specified, explicit, legitimate purposes prohibition of further processing in an incompatible way Ex. behavioural advertising > impossible to enrich with other information Data quality: processed fairly and lawfully; adequate, relevant and not excessive; accurate and keep up to date Data kept for no longer than is necessary Location data: should not be stored once the service has been provided (WP 115) [8] Right of access, of erasure, to object: Compelling legitimate grounds or for direct marketing purposes Use of location data / processing of traffic data for marketing purposes / cookies Direct marketing communication: opportunity to object each time Obligation to notify the supervisory authority Obligations of security and confidentiality

Internet users perception of privacy / privacy commercial exploitation Perceptions vs legal definitions [10] Personal data: affective link, different data depending on the individual Privacy: value of freedom (secret/autonomy), intimacy, dignity, subjectivity Tendencies Different classes: e.g. reluctants, disinterested, negociators, friendly [11, 12] Fears: hack. > whoever > commerc. (61% 75%) > State > colleagues > fam. [13, 14] More positive attitude when informed about collection/follow up, prior consent and right to object, confidence in the enterprise, secured environment [10] [15] Sensitive info. more easily disclosed where a benefit is expected [7, 10]; variables influencing seek advantages: cultural, behavioural, socio demographics, experience... [12] 23% of users are ready to monetize their data [14] less than 20% are ready to choose a feepaying model without advertising [15, SN] compar.: more knowledgeable people seem to be the ones who release the more added value information (ex. [13] 18 34 y. o., young male managers) but they seem to see those information as «lessprivate»thanother data (email and postal address, phone, private photos ) [10, 11, 12] C. Lancelot Miltgen; [13] Survey TNS/Sofres for Microsoft; [14] Survey Ninjam/Iligo; [15] ETO/Market Audit

References [1] D. J. Solove, A taxonomy of privacy, University of Pennsylvania Law Review, vol. 154, n 3, Jan. 2006. [2] S. Warren and L. Brandeis, "The right to privacy ", Harvard Law Review, vol. IV, 15 Dec. 1890, n 5. [3] USA Supreme Court, 1965; see P. Tabatoni, "avant propos", in La protection de la vie privée dans la société de l information, dir. P. Tabatoni, tome 1, cahier des sciences morales et politiques, PUF, 1 st ed., Jan. 2002, p. 4. [4] F. Terré, "la vie privée" in La protection de la vie privée dans la société de l information, dir. of P. Tabatoni, tome 3, PUF, janv. 2002, pp. 138 139. [5] Niemietz v. Germany, judgment of 16 December 1992, Series A no. 251 B; Copland v. the United Kingdom, n 62617/00, 3 April 2007; Pierre Kayser, La protection de la vie privée par le droit, PU d'aix Marseille/Economica, 3 rd ed., 1995, page 45, referring to the decision X. v. Island, decision of the Commission, 18 May 1976, year 1976, req. n 6825/74, page 343; P.G. and J.H. v. the United Kingdom, no. 44787/98, ECHR 2001, IX, 56, Series A, n 280 B, p. 28, 24; Key case law issues, the concepts of "private and family life", European Court of Human Rights, 24/01/2007, http://tinyurl.com/3om8tks, referring to Pretty v. The United Kingdom, n 2346/02, ECHR 2002, III, 61, 67. [6] E. De Marco, L anonymat sur Internet et le droit, thesis, UM1, 2005, ANRT (ISBN: 978 2 7295 6899 3 ; Ref.: 05MON10067). [7] Article 29 Data Protection Working Party, Opinion 8/2010 on applicable law, 16 December 2010, WP179.

References [8] Article 29 Data Protection Working Party, Opinion on the use of location data with a view to providing value added services, November 2005, WP 115. [9] Article 29 Data Protection Working Party, Opinion 2/2010 on online behavioural advertising, 22 June 2010, WP 171. [10] C. Lancelot Miltgen, "Vie privée et Internet: influence des caractéristiques individuelles et situationnelles sur les attitudes et les comportements des internautes face àla collecte des données personnelles", cahier de recherche DMSP n 317 et actes du congrès AFM Tunis 2003, http://tinyurl.com/62623wj. [11] C. Lancelot Miltgen et C. Gauzente, "Vie privée et partage de données personnelles en ligne : une approche typologique", cahier de recherche DMSP n 356, april 2006, http://www.dmsp.dauphine.fr/fileadmin/mediatheque/edogest/pdf/cr356.pdf. [12] C. Lancelot Miltgen, "Dévoilement de données personnelles et contreparties attendues en e commerce : une approche typologique et interculturelle", Système d information et management (SIM), vol. 15, n 4, dec. 2010, pp. 45 91. [13] Survey TNS/Sofres for Microsoft, May 2010, http://www.tns sofres.com/points devue/612b63531dcf46f9b9fc7c2b49480f04.aspx. [14] Ninjam/Iligo, Etude sur le rapport des internautes français àla confidentialité des données numériques, 23/11/2010. [15] ETO and Market audit, Baromètre de l intrusion, 2010.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information