Privacy and Data Protection (and more) for Big Data



Similar documents
The Art of Intervenability for Privacy Engineering

Legal Aspects of the MonIKA-Project - Privacy meets Cybersecurity

The U.K. Information Commissioner s Office Report on Big Data and Data Protection

How To Counter SpIT

Cookies and consent. The Article 29 Working Party has identified seven types of cookies that are not subject to the consent requirement.

Index. Definitions. What is Data Protection? Rights of Individuals. The 8 Principles of Data Protection

Data Protection Policy

Guidance on political campaigning

Overview. Data protection in a swirl of change Cloud computing. Software as a service. Infrastructure as a service. Platform as a service

Privacy & Big Data: Enable Big Data Analytics with Privacy by Design. Datenschutz-Vereinigung von Luxemburg Ronald Koorn DRAFT VERSION 8 March 2014

legal & ethical data sharing prof.dr. Ronald Leenes r.e.leenes@uvt.nl TILT - Tilburg Institute for Law, Technology, and Society

Data Protection Act. Conducting privacy impact assessments code of practice

EUROPEAN DATA PROTECTION SUPERVISOR

Summary of feedback on Big data and data protection and ICO response

Data Protection for Fundraisers

OVERVIEW. stakeholder engagement mechanisms and WP29 consultation mechanisms respectively.

User tracking: Scope and Implementation eprivacy Directive Article 5(3)

2. Scope 2.1 This policy covers all the activities and processes of the University that uses personal information in whatever format.

Identification and Tracking of Individuals and Social Networks using the Electronic Product Code on RFID Tags

Privacy Challenges in the Internet of Things (IoT) a European Perspective

DER HESSISCHE DATENSCHUTZBEAUFTRAGTE

Corporate ICT & Data Management. Data Protection Policy

Third European Cyber Security Awareness Day BSA, European Parliament, 13 April Panel IV: Privacy and Cloud Computing

START UP LOANS PRIVACY AND DATA PROTECTION TERMS AND CONDITIONS

Declaration of Internet Rights Preamble

Data protection compliance checklist

Fax No: (0360) , Academic Plan

Offshoring and Privacy Aspects A case study under Dutch law from the perspective of an IT provider

EQUIPMENT OVERVIEW... 4 SETTING UP CALL MANAGER...5

Part A) I. Focus areas from the perspective of the German Government s on automated and connected driving

Multi-Jurisdictional Study: Cloud Computing Legal Requirements. Julien Debussche Associate January 2015

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS

1 Data Protection Principles

Data protection. Data sharing code of practice

Data Protection Good Practice Note

Overview of Employment and Employee Privacy Laws and Key Trends in Austria

Data Protection Act. Privacy & Security in the Information Age. April 26, Ministry of Communications, Ghana

DATA PROTECTION AND DATA STORAGE POLICY

Resolution on Privacy Protection in Social Network Services

Memorandum! Is Big Data the right recipe for Europe?

Sirius Legal. Legal aspects of privacy and data protection Credit Expo, 14 oktober 2015

The EDGE 2014 User Conference Information Governance Workshop

Tilburg University. U.S. Subpoenas and European data protection legislation Moerel, Lokke; Jansen, Nani; Koëter, Jeroen

Comments and proposals on the Chapter II of the General Data Protection Regulation

Selling Telematics Motor Insurance Policies. A Good Practice Guide

Data Protection Ensuring high level of privacy while promoting business innovation and competition

All rights reserved. 2011, EuroPriSe/ULD

DATA PROTECTION ACT 1998 COUNCIL POLICY

Opinion 04/2012 on Cookie Consent Exemption

Lunch & Learn: Big Data Analytics

Data protection. Wi-Fi location analytics

BEREC Monitoring quality of Internet access services in the context of Net Neutrality

Observations on international efforts to develop frameworks to enhance privacy while realising big data s benefits

23/1/15 Version 1.0 (final)

COCIR contribution to the public consultation on Personal Data Protection in the EU 1

Cloud Computing and Privacy Laws! Prof. Dr. Thomas Fetzer, LL.M. Technische Universität Dresden Law School

Opinion 03/2013 on purpose limitation

OSRAM BCR Binding Corporate Rules ( BCR ) for OSRAM Group Companies and Adopting Companies for the protection of personal data

Merthyr Tydfil County Borough Council. Data Protection Policy

ELECTRONIC MAIL ( ) September Version 3.1

EUROPEAN PARLIAMENT Committee on Industry, Research and Energy. of the Committee on Industry, Research and Energy

Personal information online code of practice

EU Data Protection and Information Security for Banking & Financial Service sectors 4 th December 2014

Cookies Compliance Advisory

INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER

Ethical issues in accessing and using big data

MRS/SRA. Data Protection Act 1998: Guidelines for social research. April 2013

Surveillance Camera Code of Practice. June 2013

DATA PROTECTION POLICY

The RFID agenda of the European Commission. Florent Frederix European Commission Directorate General Information Society and Media

Data Protection Policy June 2014

Opinion 06/2014 on the notion of legitimate interests of the data controller under Article 7 of Directive 95/46/EC

Privacy Rules for Customer, Supplier and Business Partner Data. Directive 7.08 Protection of Personal Data

Guidelines on data protection in EU financial services regulation

How To Answer A Data Protection Questionnaire

How To Understand The Data Protection Act

A guide for in-house lawyers

The reform of the EU Data Protection framework - Building trust in a digital and global world. 9/10 October 2012

Privacy & data protection in big data: Fact or Fiction?

Network Neutrality Revisited: Challenges and responses in the EU and in the US

Final Version 1.0 December 2015

New EU Data Protection legislation comes into force today. What does this mean for your business?

Workshop on Cloud Computing, Social Networking and Online Behavioural Advertising

Privacy and Transparency for Decision Making. Simone Fischer-Hübner Karlstad University, Sweden MDAI 2015

The Data Protection Landscape. Before and after GDPR: General Data Protection Regulation

European Commission initiatives on e- and mhealth

Information Governance Checklist and Privacy Impact Assessments

Data Protection & Cyber Security Law Update 1 st October 2015

Table of contents: ***

ARTICLE 29 DATA PROTECTION WORKING PARTY

Privacy Impact Assessment and Information Governance Checklist

Data protection legislation influence on cloud computing from local as well as EU perspective

Barnet Partnership Information Sharing Protocol

Do you have a private life at your workplace?

Insights and Commentary from Dentons

work Privacy Your Your right to Rights Know

White paper. The Essential Guide to the EU Data Law Changes. your technology, expertly marketed

Policy and Procedure for approving, monitoring and reviewing personal data processing agreements

UNIVERSITY COLLEGE LONDON CCTV POLICY. Endorsed by the Security Working Group - 17 October 2012

Office of Fair Trading (OFT) Online Targeting of Advertising and Prices Market Study Response by the Internet Advertising Bureau

Transcription:

Privacy and Data Protection (and more) for Big Data Marit Hansen Deputy Privacy and Information Commissioner Schleswig-Holstein, Germany marit.hansen@datenschutzzentrum.de Madrid, 25 February 2015

Setting of ULD Data Protection Authority (DPA) for both the public and private sector Also responsible for freedom of information Source: en.wikipedia.org/ wiki/schleswig-holstein Privacy and Data Protection for Big Data Source: www.maps-for-free.com 2

Overview European Data Protection Principles Examples of big data and potential effects Conclusion Privacy and Data Protection for Big Data 3

European Data Protection Principles For personal data: Lawfulness, e.g. statutory provision or consent Purpose limitation Necessity Transparency Data subject rights Data security Accountability Data Protection by Design? By Default? Privacy and Data Protection for Big Data 4

Data Protection by Design & by Default Data Protection by Design and by Default will be integrated in the upcoming European General Data Protection Regulation (Art. 23) Targeted at: data processors + producers of IT systems Objective: design systems + services from early on, for the full lifecycle a) in a data-minimising way b) with the most data protection-friendly pre-settings Not easy for Big Data if personal data are affected. Privacy and Data Protection for Big Data 5

Guidance from the Art. 29 Data Protection Working Party Documents 1. Opinion 03/2013 on Purpose Limitation (WP203, 2013) 2. Opinion 05/2014 on Anonymisation Techniques (WP216, 2014) 3. Statement [ ] on the impact of the development of big data on the protection of individuals [ ] (WP221, 2014) Take-away messages 1. Specified, explicit and legitimate purpose; functional separation; compatibility check for changed purposes 2. Case-by-case; avoid pitfalls; risks not excluded 3. Data protection law is still valid and must not be ignored. Cf. Carmela s Privacy and Data Protection talk for Big on Dataanonymity 6

Examples Privacy and Data Protection for Big Data 7

Example: Old-fashioned big data: on a legal basis Source: US Census Bureau Privacy and Data Protection for Big Data 8

required by law Census: usually anonymised Process is transparent for citizens No simple opt-out Controlled by Parliament Possible: going to court Misuse will be sanctioned Source: Quinn Dombrowski Privacy and Data Protection for Big Data 9

Example: combining Internet data Personal data processed, profiling algorithm Individual consequences possible Source: Thierry Gregorius Purpose limitation? Transparency? Data subject rights? Privacy and Data Protection for Big Data 10

Consequences for groups of individuals possible: social sorting www.datenschutzzentrum.de Example: anonymised big data sorting people Not necessarily regulated in data protection law Transparency? Data subject rights? Fairness? Privacy and Data Protection for Big Data Source: Neubie 11

Reasons for not contributing to the data: Poor Old Privacyaware www.datenschutzzentrum.de Example: Traffic planning biased data X Effect on decisions? Risk of manipulation? Privacy and Data Protection for Big Data Source: Mehmet Karatay Icons: Axialis Team 12

Big data with personal data Conclusion Within the data protection scope: lawfulness, consent, purpose limitation, data subject rights, Big data without personal data (check again: really no personal data?) Not within the data protection scope But maybe with consequences for individuals & society! Need for transparency & possibilities to intervene Currently lack of understanding and reliable concepts quick & dirty must not prevail & persist! Privacy and Data Protection for Big Data 13

Thank you for your attention! Marit Hansen marit.hansen@datenschutzzentrum.de

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information