SlideShare a Scribd company logo

Paperless Lab Academy 'legal aspects of big data analytics'

Download as PPTX, PDF
Axon Lawyers
Axon Lawyers

Legal aspects of big data analytics

Law
1 of 44
LEGAL ASPECTS OF BIG DATA ANALYTICS 15 April 2015, Paperless Lab Academy Sofie van der Meulen www.axonlawyers.com #PaperlessLabAcademy@sofievdmeulen
2
Overview • Definition of Big Data • Legal perspective of data • Big Data, Data Protection & Privacy • Looking forward: the General Data Protection Regulation Example big data analytics: https://www.youtube.com/watch?v=CeEDAchrc1U
Where do we find Big Data? © Daan Roosegaarde ‘Big Data is everywhere’ – Financial Times 27 June 2014
Legal definition of Big Data =
What is Big Data? European Commission 2 July 2014 (COM(2014) 442 final): “The term “Big Data” refers to large amounts of different types of data produced with high velocity from a high number of various types of sources. Handling today’s highly variable and real-time datasets requires new tools and methods, such as powerful processors, software and algorithms, going beyond traditional “data-mining” tools designed to handle mainly low- variety, small scale and static datasets, often manually.”
Big Data - EU European Commission 25 March 2015: “Big data is a goldmine, but it also raises important challenges, from ownership to data protection to standards. These need to be addressed to unlock its potential.” To be able to seize opportunities the Commission aims to make “sure that the relevant legal framework and policies, such as on interoperability, data protection, security and IPR are data-friendly, leading to more regulatory certainty for business and creating consumer trust in data technologies” http://europa.eu/rapid/press-release_IP-15-4653_en.htm https://ec.europa.eu/digital-agenda/en/
8 http://ec.europa.eu/information_society/newsroom/image/infographic_big%20data%20export%20indd_1200px _6288.jpg
Definition of Data in IT ISO/IEC 2382-1:1993 (Information technology — Vocabulary — Part 1: Fundamental terms) Data ‘A reinterpretable representation of information in a formalized manner suitable for communication, interpretation, or processing. Data can be processed by humans or by automatic means.’ Information (in information processing) ‘Knowledge concerning objects, such as facts, events, things, processes, or ideas, including concepts, that within a certain context has a particular meaning.’ https://www.iso.org/obp/ui/#iso:std:iso-iec:2382:-1:ed-3:v1:en
ISO/IEC 2382-1:1993 10
Legal perspective on data? • No legal definition of ‘data’ • No rights in data (no property or ownership concept) • Rights and obligations in relation to data Data law: • Data regulation (focus on data protection) • Contracting • IP rights (copyright, database right)
IP: Copyright Protects the original form or expression of information but not the underlying information itself. • “original” only if “selection or arrangement of contents is author’s own intellectual creation”. • Infringement by translation or making an altered version. Successful claim needs to show at least: • That copyright exists (pragmatic approach ‘what is worth copying is worth protection’) • Claimant owns the copyright • Work is within copyright (life plus 70 years for software and databases) • Infringement (substantial part is reproduced without authorisation)
IP: Databases EU Database rights (Directive 96/9) • Excludes programs used in making/operating database Database: “a collection of independent works*, data or other materials which (a) are arranged in a systematic or methodological way and (b) are individually accessible by electronic or other means” • Maker’s right where substantial investment (qualitatively/ quantitatively) in making the database. • Lasts 15 years from initial creation. ‘Refreshed’ if any substantial change is made. • Infringed by ‘extraction and re-utilisation’ of substantial parts or repeated and systematic re-utilisation of insubstantial parts.
Contracting IP in contracts. Attention should be paid to: • Scope of rights being licensed • Use of the data and derived data (and what is permitted in the terms of the provider?) • Warranties of compliance with regulations • Liabilities • Duration and termination of supply and post-term use Coming up: Big Data - data protection & privacy
15 What is privacy?
“I was Patient Zero,” said Lewinsky, now 41, to an auditorium full of 1,000- plus high-achieving millennials at Forbes’ inaugural 30 Under 30 summit in Philadelphia. “The first person to have their reputation completely destroyed worldwide via the Internet.” https://www.ted.com/talks/monica_lewinsky_the_price_of_shame?languag e=en ‘(…)…Don't matter if I step on the scene Or sneak away to the Philippines They still gon' put pictures of my derriere in the magazine You want a piece of me? You want a piece of me’ (Britney Spears – Lyrics ‘Piece of me’) Ask Monica Lewinsky… Ask Britney Spears… Ask Jennifer Lawrence…
You want a piece of me? • Privacy policy Tell people WHY you want their data, tell them HOW you handle the data and WHAT you are going to do with it. • Privacy by design Make privacy and security part of the development of your products.
Data protection in the EU European Commission Greenpaper on mHealth: one of the issues “at stake”: data protection, including security Current legal framework: Data Protection Directive (95/46/EC) in flux: General Data Protection Regulation proposal EU approach: fundamental right (Article 8 European Convention on Human Rights) -> emphasis on data subject interests
Big Data – Data processing? Definition of ‘processing’: ‘Any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.’ (Data Protection Directive).
Parties involved in processing • Controller: ‘The natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data’ • Processor: ‘A natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller’ • Third party • Data subject - Right to access - Right to correction - Right to erasure - Right to objection
21
Personal data? Collecting and processing data may give rise to personal data processing and related obligations. Personal data: any information relating to an identified or identifiable natural person ('data subject'); whether directly or indirectly identifiable. “data relates to an individual if it refers to the identity, characteristics or behaviour of an individual or if such information is used to determine or influence the way in which that person is treated or evaluated” (WP136)
Big Data & Data Protection - issues Informed consent vs. the principle of purpose limitation • Consent: “…any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed”. Special data? Explicit consent (see article 29 WP Opinion 15/2011). Is the new purpose compatible with original purpose? No? -> new consent required • The right to withdraw consent (data must be deleted if data subject no longer wants its data to be processed)
Big Data & Data Protection - issues Principle of data minimisation vs. collecting as much data as possible • Finding a correlation or pattern does not retrospectively justify obtaining the data in the first place! Anonymisation? • Absolute anonymisation is likely impossible -> focus on mitigating risks of re-identification • Pseudonymisation = security measure
Health data Health data is special category of data - processing prohibited UNLESS Explicit consent (likely to be sole legal ground in the future) OR Medical treatment exemption: Processing of the data is required for the purposes of preventive medicine, medical diagnosis, the provision of care or treatment or the management of health-care services, and those data are processed by a health professional subject under national law or rules established by national competent bodies to the obligation of professional secrecy or by another person also subject to an equivalent obligation of secrecy.
Scope of ‘health data’? European Court of Justice in Case C-101/01 (Lindqvist): ‘In the light of the purpose of the directive, the expression “data concerning health” used in Article 8(1) thereof must be given a wide interpretation so as to include information concerning all aspects, both physical and mental, of the health of an individual.’ Letter of WP29 of 5 February 2015 on data collected by mHealth apps. Health data includes: • Medical data: ‘data about the physical or mental health status of a data subject (…) generated in a professional, medical context • Health related data used in an administrative context (information to public entities) • Data about the purchase of medical products and services provided that the health status can be determined
Future scope of ‘health data’ The scope will be wider as it will include any information about ‘disease risk’. WP29: ‘disease risk’ refers to • Data concerning the potential future health status • Data, which may not necessarily be health data, with the purpose of identifying disease risks (medical research, using big data) Whether the device or software is a medical device or not is not relevant for the qualification ‘health data’! • Combination of data aimed to infer health status or health risk? -> health data • Conclusion about person’s health status or health risk? Conclusion = health data
Retention of health data Retention of personal data: no longer than strictly necessary Netherlands: 15 years under the Medical Treatment Agreements Act (‘WGBO’) (Article 7:446 – 7:468 Dutch Civil Code) The healthcare professional has to keep a file regarding the treatment of a patient. Retention period of this file is 15 years. Consent to medical treatment ≠ consent to processing data!! 28
Security Data controllers and processors should implement appropriate technical & organizational measures to protect data from loss or any form of unlawful processing. No specific security measures are mentioned, however security measures should take into account: • Nature of the data to be protected • State of the art • Aim to prevent unnecessary collection and further processing of personal data • Overriding principle: Plan-Do-Check-Act • Social engineering? https://www.youtube.com/watch?v=ecZL4Q2EVuY
The Guardian 30 december 2014
Data breaches? Latest developments NL Legislative proposal amending the Data Protection Act and Telecommunications Act by incorporating a notification obligation for data controllers in case of data breaches. The Data Protection Authority can impose administrative fines up to EUR 810.000 in case of violation of the notification obligation. Notification obligation applies if: • Security breach • Entity in public or private sector (companies, governmental organizations) • The infringement leads to a significant risk of adverse impact on the protection of personal data processed by the organization (theft, loss or abuse of personal data). Status: adopted by the House of Representatives, currently pending approval of the Senate.
Dutch DPA & security of health data Conclusion in Annual report 2013 of the Dutch Data Protection Authority: ‘Security of health data not up to standards’ 1. DPA Report related to Okki-app in September 2014 Lessons learned from this report? • In any case, use SSL for transmitting data over the internet. • In case of an app that is designed to be used by children under 16 years of age, consent for the processing of personal data has to be obtained from the parents (legal representative).
Dutch DPA & security of health data 2. Report related to network security & protection of health data in a hospital published in November 2014 Lessons learned from this report? • Ensure an overview of all the software and when the software is end of life. • Timely updates of the software and replacement of end of life software that is no longer supported by the supplier. • If replacement of end of life software is not possible, take additional measures such as separating the network, disconnecting from the network or implement strict access control to reduce security risks. • Use proactive monitoring of the network to detect abnormal behavior of users and systems. • Perform periodic penetration tests to detect vulnerabilities in systems and equipment and take measures to remedy the vulnerabilities. • Check the terms and conditions of software developers and suppliers on updates and security.
Data transfer outside EU & security • Surveillance practices (PRISM) Safe harbor for transfer to US? Safe Harbor Certification merely means that the transfer of personal data to the US is allowed in principle because it demonstrates the adequacy of the US as jurisdiction • No adequate level of protection? Data transfer agreement based on European Commission’s standard contractual clauses.
General Data Protection Regulation The current EU system is: • Fragmented • Outdated • Unclear Proposal for a new framework: The General Data Protection Regulation. • Regulation: direct effect in member states (no national legislation) In force? 2016?
GDPR • Informed consent and burden of proof it was obtained • Privacy by design – software & devices have to be designed and built as to enable GDPR and data subject’s rights by default • High fines (up to 5% annual WW turnover) • Privacy officers mandatory for large companies • Privacy impact assessment mandatory for each act of processing Extraterritorial jurisdiction: • Data controller or processor established in the EU, whether the processing takes place in the Union or not • Data controller or processor not established in the EU, if processing is related to: • Offering goods or services to data subjects in the Union • Monitoring of data subjects in the Union
GDPR – important definitions • Article 4 (10) 'genetic data’ “all data, of whatever type, concerning the characteristics of an individual which are inherited or acquired during early prenatal development” • Article 4 (12) ‘data concerning health’ “any information which relates to the physical or mental health of an individual, or to the provision of health services to the individual” Clarification is needed around ‘genetic data’ and ‘data concerning health’ to ensure that these definitions are only intended to apply to personal data that falls within these categories, rather than all related data. | 37
38 ? ? ? ?
GDPR – processing of personal data Processing of genetic data or data concerning health (article 9) • only with consent; OR • processing of data concerning health is necessary for health purposes and subject to conditions and safeguards (Article 81); OR • processing is necessary for historical, statistical or scientific research purposes subject to conditions and safeguards (Article 83) • controller has burden of proving that the data subject has given the consent to the processing operation • consent is not a valid legal ground for the processing of personal data, where there is a clear imbalance between the data subject and the controller (likely: HCP / patient relation)
GDPR – right to erasure • The right to withdraw consent and right to erasure (Article 17 GDPR) Difficult to implement if data is stored in archived backups • Real risk that statistical analyses will be “depowered” as a result of such changes as result of exercise of rights (particularly in the case of orphan diseases or conditions with difficult inclusion and exclusion criteria, such as paediatratic), thereby calling into question existing registrations (let alone future developments). Result, clinical trials and clinical investigations will be conducted outside Europe to avoid any such risk.
41 GDPR: threatening healthcare
Extra: software as medical device? Check decision trees in MEDDEV 2.1/6 to determine if software is in scope of ‘medical device’ (Directive 93/42/EC on medical devices). Regulatory continuum towards medical device regulationWellness Medical: • Diagnostic • Therapeutic • amplify • analysis • interpret • alarms • calculates • controls • converts • detects • diagnose • measures • monitors • trend • alter • highlight • search • transfer • move • store • display • count
43
Sofie van der Meulen Axon Lawyers Piet Heinkade 183 1019 HC Amsterdam www.axonlawyers.com +31 88 650 6500 +31 6 53 44 05 67 sofie.vandermeulen@axonlawyers.com THANK YOU FOR YOUR ATTENTION!

Recommended

DPIA template
DPIA templateDPIA template
DPIA templateTommy Vandepitte
 
Privacy and Data Protection in Research
Privacy and Data Protection in ResearchPrivacy and Data Protection in Research
Privacy and Data Protection in ResearchMarlon Domingus
 
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...IDC4EU
 
Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17Michael Adamberry
 
Third Principle Of The Data Protection Act, 1998 (Uk)
Third Principle Of The Data Protection Act, 1998 (Uk)Third Principle Of The Data Protection Act, 1998 (Uk)
Third Principle Of The Data Protection Act, 1998 (Uk)Vishnu Kesarwani
 
Privacy by design for startups: legal and technology
Privacy by design for startups: legal and technologyPrivacy by design for startups: legal and technology
Privacy by design for startups: legal and technologyIshay Tentser
 
20180619 Controller-to-Processor agreements
20180619 Controller-to-Processor agreements20180619 Controller-to-Processor agreements
20180619 Controller-to-Processor agreementsBrussels Legal Hackers
 
Osio workshop: Data Protection Regulation and Health Care
Osio workshop: Data Protection Regulation and Health CareOsio workshop: Data Protection Regulation and Health Care
Osio workshop: Data Protection Regulation and Health CareVille Oksanen
 

Recommended

DPIA template
DPIA templateDPIA template
DPIA templateTommy Vandepitte
 
Privacy and Data Protection in Research
Privacy and Data Protection in ResearchPrivacy and Data Protection in Research
Privacy and Data Protection in ResearchMarlon Domingus
 
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...IDC4EU
 
Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17Michael Adamberry
 
Third Principle Of The Data Protection Act, 1998 (Uk)
Third Principle Of The Data Protection Act, 1998 (Uk)Third Principle Of The Data Protection Act, 1998 (Uk)
Third Principle Of The Data Protection Act, 1998 (Uk)Vishnu Kesarwani
 
Privacy by design for startups: legal and technology
Privacy by design for startups: legal and technologyPrivacy by design for startups: legal and technology
Privacy by design for startups: legal and technologyIshay Tentser
 
20180619 Controller-to-Processor agreements
20180619 Controller-to-Processor agreements20180619 Controller-to-Processor agreements
20180619 Controller-to-Processor agreementsBrussels Legal Hackers
 
Osio workshop: Data Protection Regulation and Health Care
Osio workshop: Data Protection Regulation and Health CareOsio workshop: Data Protection Regulation and Health Care
Osio workshop: Data Protection Regulation and Health CareVille Oksanen
 
Hacking Health Camp Strasbourg health data & data protection in the Netherlands
Hacking Health Camp Strasbourg health data & data protection in the Netherlands Hacking Health Camp Strasbourg health data & data protection in the Netherlands
Hacking Health Camp Strasbourg health data & data protection in the Netherlands Axon Lawyers
 
Personal data: Legal Issues in Research Data Collection and Sharing by EUDAT ...
Personal data: Legal Issues in Research Data Collection and Sharing by EUDAT ...Personal data: Legal Issues in Research Data Collection and Sharing by EUDAT ...
Personal data: Legal Issues in Research Data Collection and Sharing by EUDAT ...EUDAT
 
Data Protection Seminar 2_Marketing & GDPR_ISOLAS LLP_26-07-17
Data Protection Seminar 2_Marketing & GDPR_ISOLAS LLP_26-07-17Data Protection Seminar 2_Marketing & GDPR_ISOLAS LLP_26-07-17
Data Protection Seminar 2_Marketing & GDPR_ISOLAS LLP_26-07-17Michael Adamberry
 
Big Data & Privacy
Big Data & PrivacyBig Data & Privacy
Big Data & PrivacyAbzetdin Adamov
 
Right to be forgotten final paper
Right to be forgotten final paperRight to be forgotten final paper
Right to be forgotten final paperreporter1120
 
European Data Protection, the Right to be Forgotten and Search Engines
European Data Protection, the Right to be Forgotten and Search EnginesEuropean Data Protection, the Right to be Forgotten and Search Engines
European Data Protection, the Right to be Forgotten and Search EnginesDavid Erdos
 
GDPR practical info session for development
GDPR practical info session for developmentGDPR practical info session for development
GDPR practical info session for developmentTomppa Järvinen
 
Legal update
Legal updateLegal update
Legal updateRachel Aldighieri
 
The principles of the Data Protection Act in detail - uk
The principles of the Data Protection Act in detail - ukThe principles of the Data Protection Act in detail - uk
The principles of the Data Protection Act in detail - uk- Mark - Fullbright
 
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security PrinciplesLisa Catanzaro
 
Webinar: An EU regulation affecting companies worldwide - GDPR
Webinar: An EU regulation affecting companies worldwide - GDPRWebinar: An EU regulation affecting companies worldwide - GDPR
Webinar: An EU regulation affecting companies worldwide - GDPRpanagenda
 
Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!Praveenkumar Hosangadi
 
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014kevintsmith
 
Course 5: GDPR & Big Data by Sari Depreeuw
Course 5: GDPR & Big Data by Sari DepreeuwCourse 5: GDPR & Big Data by Sari Depreeuw
Course 5: GDPR & Big Data by Sari DepreeuwBetacowork
 
The Right To Be Forgotten in the Google Spain Case (case C-131/12): A Clear V...
The Right To Be Forgotten in the Google Spain Case (case C-131/12): A Clear V...The Right To Be Forgotten in the Google Spain Case (case C-131/12): A Clear V...
The Right To Be Forgotten in the Google Spain Case (case C-131/12): A Clear V...ioannis iglezakis
 
Using Social Business Software and being compliant with EU data protection la...
Using Social Business Software and being compliant with EU data protection la...Using Social Business Software and being compliant with EU data protection la...
Using Social Business Software and being compliant with EU data protection la...BCC - Solutions for IBM Collaboration Software
 
Big Data and High Performance Computing
Big Data and High Performance ComputingBig Data and High Performance Computing
Big Data and High Performance ComputingAbzetdin Adamov
 
Privacy & Data Ethics
Privacy & Data EthicsPrivacy & Data Ethics
Privacy & Data EthicsErik Kokkonen
 
Privacy experience in Plone and other open source CMS
Privacy experience in Plone and other open source CMSPrivacy experience in Plone and other open source CMS
Privacy experience in Plone and other open source CMSInteraktiv
 
Medical device data protection and security
Medical device data protection and security Medical device data protection and security
Medical device data protection and security Erik Vollebregt
 
The death of data protection sans obama
The death of data protection sans obamaThe death of data protection sans obama
The death of data protection sans obamaLilian Edwards
 
The death of data protection
The death of data protection The death of data protection
The death of data protection Lilian Edwards
 

More Related Content

What's hot

Hacking Health Camp Strasbourg health data & data protection in the Netherlands
Hacking Health Camp Strasbourg health data & data protection in the Netherlands Hacking Health Camp Strasbourg health data & data protection in the Netherlands
Hacking Health Camp Strasbourg health data & data protection in the Netherlands Axon Lawyers
 
Personal data: Legal Issues in Research Data Collection and Sharing by EUDAT ...
Personal data: Legal Issues in Research Data Collection and Sharing by EUDAT ...Personal data: Legal Issues in Research Data Collection and Sharing by EUDAT ...
Personal data: Legal Issues in Research Data Collection and Sharing by EUDAT ...EUDAT
 
Data Protection Seminar 2_Marketing & GDPR_ISOLAS LLP_26-07-17
Data Protection Seminar 2_Marketing & GDPR_ISOLAS LLP_26-07-17Data Protection Seminar 2_Marketing & GDPR_ISOLAS LLP_26-07-17
Data Protection Seminar 2_Marketing & GDPR_ISOLAS LLP_26-07-17Michael Adamberry
 
Right to be forgotten final paper
Right to be forgotten final paperRight to be forgotten final paper
Right to be forgotten final paperreporter1120
 
European Data Protection, the Right to be Forgotten and Search Engines
European Data Protection, the Right to be Forgotten and Search EnginesEuropean Data Protection, the Right to be Forgotten and Search Engines
European Data Protection, the Right to be Forgotten and Search EnginesDavid Erdos
 
GDPR practical info session for development
GDPR practical info session for developmentGDPR practical info session for development
GDPR practical info session for developmentTomppa Järvinen
 
The principles of the Data Protection Act in detail - uk
The principles of the Data Protection Act in detail - ukThe principles of the Data Protection Act in detail - uk
The principles of the Data Protection Act in detail - uk- Mark - Fullbright
 
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security PrinciplesLisa Catanzaro
 
Webinar: An EU regulation affecting companies worldwide - GDPR
Webinar: An EU regulation affecting companies worldwide - GDPRWebinar: An EU regulation affecting companies worldwide - GDPR
Webinar: An EU regulation affecting companies worldwide - GDPRpanagenda
 
Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!Praveenkumar Hosangadi
 
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014kevintsmith
 
Course 5: GDPR & Big Data by Sari Depreeuw
Course 5: GDPR & Big Data by Sari DepreeuwCourse 5: GDPR & Big Data by Sari Depreeuw
Course 5: GDPR & Big Data by Sari DepreeuwBetacowork
 
The Right To Be Forgotten in the Google Spain Case (case C-131/12): A Clear V...
The Right To Be Forgotten in the Google Spain Case (case C-131/12): A Clear V...The Right To Be Forgotten in the Google Spain Case (case C-131/12): A Clear V...
The Right To Be Forgotten in the Google Spain Case (case C-131/12): A Clear V...ioannis iglezakis
 
Big Data and High Performance Computing
Big Data and High Performance ComputingBig Data and High Performance Computing
Big Data and High Performance ComputingAbzetdin Adamov
 
Privacy & Data Ethics
Privacy & Data EthicsPrivacy & Data Ethics
Privacy & Data EthicsErik Kokkonen
 
Privacy experience in Plone and other open source CMS
Privacy experience in Plone and other open source CMSPrivacy experience in Plone and other open source CMS
Privacy experience in Plone and other open source CMSInteraktiv
 

What's hot (19)

Hacking Health Camp Strasbourg health data & data protection in the Netherlands
Hacking Health Camp Strasbourg health data & data protection in the Netherlands Hacking Health Camp Strasbourg health data & data protection in the Netherlands
Hacking Health Camp Strasbourg health data & data protection in the Netherlands
 
Personal data: Legal Issues in Research Data Collection and Sharing by EUDAT ...
Personal data: Legal Issues in Research Data Collection and Sharing by EUDAT ...Personal data: Legal Issues in Research Data Collection and Sharing by EUDAT ...
Personal data: Legal Issues in Research Data Collection and Sharing by EUDAT ...
 
Data Protection Seminar 2_Marketing & GDPR_ISOLAS LLP_26-07-17
Data Protection Seminar 2_Marketing & GDPR_ISOLAS LLP_26-07-17Data Protection Seminar 2_Marketing & GDPR_ISOLAS LLP_26-07-17
Data Protection Seminar 2_Marketing & GDPR_ISOLAS LLP_26-07-17
 
Big Data & Privacy
Big Data & PrivacyBig Data & Privacy
Big Data & Privacy
 
Right to be forgotten final paper
Right to be forgotten final paperRight to be forgotten final paper
Right to be forgotten final paper
 
European Data Protection, the Right to be Forgotten and Search Engines
European Data Protection, the Right to be Forgotten and Search EnginesEuropean Data Protection, the Right to be Forgotten and Search Engines
European Data Protection, the Right to be Forgotten and Search Engines
 
GDPR practical info session for development
GDPR practical info session for developmentGDPR practical info session for development
GDPR practical info session for development
 
Legal update
Legal updateLegal update
Legal update
 
The principles of the Data Protection Act in detail - uk
The principles of the Data Protection Act in detail - ukThe principles of the Data Protection Act in detail - uk
The principles of the Data Protection Act in detail - uk
 
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
 
Webinar: An EU regulation affecting companies worldwide - GDPR
Webinar: An EU regulation affecting companies worldwide - GDPRWebinar: An EU regulation affecting companies worldwide - GDPR
Webinar: An EU regulation affecting companies worldwide - GDPR
 
Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!
 
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
 
Course 5: GDPR & Big Data by Sari Depreeuw
Course 5: GDPR & Big Data by Sari DepreeuwCourse 5: GDPR & Big Data by Sari Depreeuw
Course 5: GDPR & Big Data by Sari Depreeuw
 
The Right To Be Forgotten in the Google Spain Case (case C-131/12): A Clear V...
The Right To Be Forgotten in the Google Spain Case (case C-131/12): A Clear V...The Right To Be Forgotten in the Google Spain Case (case C-131/12): A Clear V...
The Right To Be Forgotten in the Google Spain Case (case C-131/12): A Clear V...
 
Using Social Business Software and being compliant with EU data protection la...
Using Social Business Software and being compliant with EU data protection la...Using Social Business Software and being compliant with EU data protection la...
Using Social Business Software and being compliant with EU data protection la...
 
Big Data and High Performance Computing
Big Data and High Performance ComputingBig Data and High Performance Computing
Big Data and High Performance Computing
 
Privacy & Data Ethics
Privacy & Data EthicsPrivacy & Data Ethics
Privacy & Data Ethics
 
Privacy experience in Plone and other open source CMS
Privacy experience in Plone and other open source CMSPrivacy experience in Plone and other open source CMS
Privacy experience in Plone and other open source CMS
 

Similar to Paperless Lab Academy 'legal aspects of big data analytics'

Medical device data protection and security
Medical device data protection and security Medical device data protection and security
Medical device data protection and security Erik Vollebregt
 
The death of data protection sans obama
The death of data protection sans obamaThe death of data protection sans obama
The death of data protection sans obamaLilian Edwards
 
The death of data protection
The death of data protection The death of data protection
The death of data protection Lilian Edwards
 
Data protection and data integrity
Data protection and data integrity Data protection and data integrity
Data protection and data integrityAxon Lawyers
 
Data Protection & Risk Management
Data Protection & Risk Management Data Protection & Risk Management
Data Protection & Risk Management Endcode_org
 
DAY 1_ITEM 4_Privacy and personal data protection.ppt
DAY 1_ITEM 4_Privacy and personal data protection.pptDAY 1_ITEM 4_Privacy and personal data protection.ppt
DAY 1_ITEM 4_Privacy and personal data protection.pptGmvViju1
 
the Death of Privacy in Three Acts
the Death of Privacy in Three Actsthe Death of Privacy in Three Acts
the Death of Privacy in Three ActsLilian Edwards
 
The Death of Privacy in Three Acts
The Death of Privacy in Three ActsThe Death of Privacy in Three Acts
The Death of Privacy in Three ActsLilian Edwards
 
Legal and ethical considerations for sharing research data
Legal and ethical considerations for sharing research dataLegal and ethical considerations for sharing research data
Legal and ethical considerations for sharing research dataOpenAIRE
 
Draft data protection regn 2012
Draft data protection regn 2012Draft data protection regn 2012
Draft data protection regn 2012lilianedwards
 
Be careful what you wish for: the great Data Protection law reform - Lilian E...
Be careful what you wish for: the great Data Protection law reform - Lilian E...Be careful what you wish for: the great Data Protection law reform - Lilian E...
Be careful what you wish for: the great Data Protection law reform - Lilian E...IISPEastMids
 
Data Protection and Academic Research: The New GDPR Framework
Data Protection and Academic Research: The New GDPR FrameworkData Protection and Academic Research: The New GDPR Framework
Data Protection and Academic Research: The New GDPR FrameworkDavid Erdos
 
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...e-SIDES.eu
 
[SLIDES] Internet of Things presentation at AEI (Sept 2014)
[SLIDES] Internet of Things presentation at AEI (Sept 2014)[SLIDES] Internet of Things presentation at AEI (Sept 2014)
[SLIDES] Internet of Things presentation at AEI (Sept 2014)Adam Thierer
 
An itinerary for FAIR and privacy respecting data-driven innovation and research
An itinerary for FAIR and privacy respecting data-driven innovation and researchAn itinerary for FAIR and privacy respecting data-driven innovation and research
An itinerary for FAIR and privacy respecting data-driven innovation and researchMarlon Domingus
 
IT law : the middle kingdom between east and West
IT law : the middle kingdom between east and WestIT law : the middle kingdom between east and West
IT law : the middle kingdom between east and WestLilian Edwards
 
A Case for Expectation Informed Design - Full
A Case for Expectation Informed Design - FullA Case for Expectation Informed Design - Full
A Case for Expectation Informed Design - Fullgloriakt
 
Meeting the challenges of big data
Meeting the challenges of big dataMeeting the challenges of big data
Meeting the challenges of big dataAntoine Vigneron
 

Similar to Paperless Lab Academy 'legal aspects of big data analytics' (20)

Medical device data protection and security
Medical device data protection and security Medical device data protection and security
Medical device data protection and security
 
The death of data protection sans obama
The death of data protection sans obamaThe death of data protection sans obama
The death of data protection sans obama
 
The death of data protection
The death of data protection The death of data protection
The death of data protection
 
Data protection and data integrity
Data protection and data integrity Data protection and data integrity
Data protection and data integrity
 
Data Protection & Risk Management
Data Protection & Risk Management Data Protection & Risk Management
Data Protection & Risk Management
 
DAY 1_ITEM 4_Privacy and personal data protection.ppt
DAY 1_ITEM 4_Privacy and personal data protection.pptDAY 1_ITEM 4_Privacy and personal data protection.ppt
DAY 1_ITEM 4_Privacy and personal data protection.ppt
 
the Death of Privacy in Three Acts
the Death of Privacy in Three Actsthe Death of Privacy in Three Acts
the Death of Privacy in Three Acts
 
The Death of Privacy in Three Acts
The Death of Privacy in Three ActsThe Death of Privacy in Three Acts
The Death of Privacy in Three Acts
 
Multimedia Privacy
Multimedia PrivacyMultimedia Privacy
Multimedia Privacy
 
Legal and ethical considerations for sharing research data
Legal and ethical considerations for sharing research dataLegal and ethical considerations for sharing research data
Legal and ethical considerations for sharing research data
 
Draft data protection regn 2012
Draft data protection regn 2012Draft data protection regn 2012
Draft data protection regn 2012
 
The GDPR for Techies
The GDPR for TechiesThe GDPR for Techies
The GDPR for Techies
 
Be careful what you wish for: the great Data Protection law reform - Lilian E...
Be careful what you wish for: the great Data Protection law reform - Lilian E...Be careful what you wish for: the great Data Protection law reform - Lilian E...
Be careful what you wish for: the great Data Protection law reform - Lilian E...
 
Data Protection and Academic Research: The New GDPR Framework
Data Protection and Academic Research: The New GDPR FrameworkData Protection and Academic Research: The New GDPR Framework
Data Protection and Academic Research: The New GDPR Framework
 
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...
 
[SLIDES] Internet of Things presentation at AEI (Sept 2014)
[SLIDES] Internet of Things presentation at AEI (Sept 2014)[SLIDES] Internet of Things presentation at AEI (Sept 2014)
[SLIDES] Internet of Things presentation at AEI (Sept 2014)
 
An itinerary for FAIR and privacy respecting data-driven innovation and research
An itinerary for FAIR and privacy respecting data-driven innovation and researchAn itinerary for FAIR and privacy respecting data-driven innovation and research
An itinerary for FAIR and privacy respecting data-driven innovation and research
 
IT law : the middle kingdom between east and West
IT law : the middle kingdom between east and WestIT law : the middle kingdom between east and West
IT law : the middle kingdom between east and West
 
A Case for Expectation Informed Design - Full
A Case for Expectation Informed Design - FullA Case for Expectation Informed Design - Full
A Case for Expectation Informed Design - Full
 
Meeting the challenges of big data
Meeting the challenges of big dataMeeting the challenges of big data
Meeting the challenges of big data
 

More from Axon Lawyers

Mini symposium egpo maart 2017
Mini symposium egpo maart 2017Mini symposium egpo maart 2017
Mini symposium egpo maart 2017Axon Lawyers
 
Seminar General Data Protection Regulation
Seminar General Data Protection RegulationSeminar General Data Protection Regulation
Seminar General Data Protection RegulationAxon Lawyers
 
Vitafoods B2C communication in the funtional food
Vitafoods B2C communication in the funtional food Vitafoods B2C communication in the funtional food
Vitafoods B2C communication in the funtional food Axon Lawyers
 
Vitafoods marketing functional food to children
Vitafoods marketing functional food to childrenVitafoods marketing functional food to children
Vitafoods marketing functional food to childrenAxon Lawyers
 
Vitafoods - Alternative Sources of Protein
Vitafoods - Alternative Sources of Protein Vitafoods - Alternative Sources of Protein
Vitafoods - Alternative Sources of Protein Axon Lawyers
 
eHealth Best Practice Day
eHealth Best Practice DayeHealth Best Practice Day
eHealth Best Practice DayAxon Lawyers
 
Zorg2025 Big Data for Personal Health
Zorg2025 Big Data for Personal Health Zorg2025 Big Data for Personal Health
Zorg2025 Big Data for Personal Health Axon Lawyers
 
Vitafoods eu clinical trials regulation
Vitafoods eu clinical trials regulationVitafoods eu clinical trials regulation
Vitafoods eu clinical trials regulationAxon Lawyers
 
Mini-symposium dementie privacy veiligheid eGPO
Mini-symposium dementie privacy veiligheid eGPOMini-symposium dementie privacy veiligheid eGPO
Mini-symposium dementie privacy veiligheid eGPOAxon Lawyers
 
Axon seminar alternative proteins
Axon seminar alternative proteins Axon seminar alternative proteins
Axon seminar alternative proteins Axon Lawyers
 
Summer school Utrecht 3D printing and biofabrication
Summer school Utrecht 3D printing and biofabricationSummer school Utrecht 3D printing and biofabrication
Summer school Utrecht 3D printing and biofabricationAxon Lawyers
 
Mededinging en toezicht in de zuivel
Mededinging en toezicht in de zuivelMededinging en toezicht in de zuivel
Mededinging en toezicht in de zuivelAxon Lawyers
 
Presentatie food seminar 24 juni 2015 (claudia bruins)
Presentatie food seminar 24 juni 2015 (claudia bruins)Presentatie food seminar 24 juni 2015 (claudia bruins)
Presentatie food seminar 24 juni 2015 (claudia bruins)Axon Lawyers
 
Newtricious - B2C communicatie in de food sector
Newtricious - B2C communicatie in de food sectorNewtricious - B2C communicatie in de food sector
Newtricious - B2C communicatie in de food sectorAxon Lawyers
 
B2B en B2C communicatie in de food sector
B2B en B2C communicatie in de food sectorB2B en B2C communicatie in de food sector
B2B en B2C communicatie in de food sectorAxon Lawyers
 
Novel foods for Vitafoods
Novel foods for VitafoodsNovel foods for Vitafoods
Novel foods for VitafoodsAxon Lawyers
 
Vitafoods Europe 2015: Clearer labels for consumers
Vitafoods Europe 2015: Clearer labels for consumersVitafoods Europe 2015: Clearer labels for consumers
Vitafoods Europe 2015: Clearer labels for consumersAxon Lawyers
 
Beveiliging van medische software in een netwerk
Beveiliging van medische software in een netwerkBeveiliging van medische software in een netwerk
Beveiliging van medische software in een netwerkAxon Lawyers
 
141023 novel foods for food expo
141023 novel foods for food expo141023 novel foods for food expo
141023 novel foods for food expoAxon Lawyers
 
Conveying food innovations by health claims
Conveying food innovations by health claimsConveying food innovations by health claims
Conveying food innovations by health claimsAxon Lawyers
 

More from Axon Lawyers (20)

Mini symposium egpo maart 2017
Mini symposium egpo maart 2017Mini symposium egpo maart 2017
Mini symposium egpo maart 2017
 
Seminar General Data Protection Regulation
Seminar General Data Protection RegulationSeminar General Data Protection Regulation
Seminar General Data Protection Regulation
 
Vitafoods B2C communication in the funtional food
Vitafoods B2C communication in the funtional food Vitafoods B2C communication in the funtional food
Vitafoods B2C communication in the funtional food
 
Vitafoods marketing functional food to children
Vitafoods marketing functional food to childrenVitafoods marketing functional food to children
Vitafoods marketing functional food to children
 
Vitafoods - Alternative Sources of Protein
Vitafoods - Alternative Sources of Protein Vitafoods - Alternative Sources of Protein
Vitafoods - Alternative Sources of Protein
 
eHealth Best Practice Day
eHealth Best Practice DayeHealth Best Practice Day
eHealth Best Practice Day
 
Zorg2025 Big Data for Personal Health
Zorg2025 Big Data for Personal Health Zorg2025 Big Data for Personal Health
Zorg2025 Big Data for Personal Health
 
Vitafoods eu clinical trials regulation
Vitafoods eu clinical trials regulationVitafoods eu clinical trials regulation
Vitafoods eu clinical trials regulation
 
Mini-symposium dementie privacy veiligheid eGPO
Mini-symposium dementie privacy veiligheid eGPOMini-symposium dementie privacy veiligheid eGPO
Mini-symposium dementie privacy veiligheid eGPO
 
Axon seminar alternative proteins
Axon seminar alternative proteins Axon seminar alternative proteins
Axon seminar alternative proteins
 
Summer school Utrecht 3D printing and biofabrication
Summer school Utrecht 3D printing and biofabricationSummer school Utrecht 3D printing and biofabrication
Summer school Utrecht 3D printing and biofabrication
 
Mededinging en toezicht in de zuivel
Mededinging en toezicht in de zuivelMededinging en toezicht in de zuivel
Mededinging en toezicht in de zuivel
 
Presentatie food seminar 24 juni 2015 (claudia bruins)
Presentatie food seminar 24 juni 2015 (claudia bruins)Presentatie food seminar 24 juni 2015 (claudia bruins)
Presentatie food seminar 24 juni 2015 (claudia bruins)
 
Newtricious - B2C communicatie in de food sector
Newtricious - B2C communicatie in de food sectorNewtricious - B2C communicatie in de food sector
Newtricious - B2C communicatie in de food sector
 
B2B en B2C communicatie in de food sector
B2B en B2C communicatie in de food sectorB2B en B2C communicatie in de food sector
B2B en B2C communicatie in de food sector
 
Novel foods for Vitafoods
Novel foods for VitafoodsNovel foods for Vitafoods
Novel foods for Vitafoods
 
Vitafoods Europe 2015: Clearer labels for consumers
Vitafoods Europe 2015: Clearer labels for consumersVitafoods Europe 2015: Clearer labels for consumers
Vitafoods Europe 2015: Clearer labels for consumers
 
Beveiliging van medische software in een netwerk
Beveiliging van medische software in een netwerkBeveiliging van medische software in een netwerk
Beveiliging van medische software in een netwerk
 
141023 novel foods for food expo
141023 novel foods for food expo141023 novel foods for food expo
141023 novel foods for food expo
 
Conveying food innovations by health claims
Conveying food innovations by health claimsConveying food innovations by health claims
Conveying food innovations by health claims
 

Recently uploaded

COPYRIGHTS - PPT 01.12.2023 part- 2.pptx
COPYRIGHTS - PPT 01.12.2023 part- 2.pptxCOPYRIGHTS - PPT 01.12.2023 part- 2.pptx
COPYRIGHTS - PPT 01.12.2023 part- 2.pptxRRR Chambers
 
CAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction FailsCAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction FailsAurora Consulting
 
A SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURY
A SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURYA SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURY
A SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURYJulian Scutts
 
Presentation on Corporate SOCIAL RESPONSIBILITY- PPT.pptx
Presentation on Corporate SOCIAL RESPONSIBILITY- PPT.pptxPresentation on Corporate SOCIAL RESPONSIBILITY- PPT.pptx
Presentation on Corporate SOCIAL RESPONSIBILITY- PPT.pptxRRR Chambers
 
一比一原版赫尔大学毕业证如何办理
一比一原版赫尔大学毕业证如何办理一比一原版赫尔大学毕业证如何办理
一比一原版赫尔大学毕业证如何办理Airst S
 
BPA GROUP 7 - DARIO VS. MISON REPORTING.pdf
BPA GROUP 7 - DARIO VS. MISON REPORTING.pdfBPA GROUP 7 - DARIO VS. MISON REPORTING.pdf
BPA GROUP 7 - DARIO VS. MISON REPORTING.pdflaysamaeguardiano
 
$ Love Spells^ 💎 (310) 882-6330 in Utah, UT | Psychic Reading Best Black Magi...
$ Love Spells^ 💎 (310) 882-6330 in Utah, UT | Psychic Reading Best Black Magi...$ Love Spells^ 💎 (310) 882-6330 in Utah, UT | Psychic Reading Best Black Magi...
$ Love Spells^ 💎 (310) 882-6330 in Utah, UT | Psychic Reading Best Black Magi...PsychicRuben LoveSpells
 
Human Rights_FilippoLuciani diritti umani.pptx
Human Rights_FilippoLuciani diritti umani.pptxHuman Rights_FilippoLuciani diritti umani.pptx
Human Rights_FilippoLuciani diritti umani.pptxfilippoluciani9
 
Andrea Hill Featured in Canadian Lawyer as SkyLaw Recognized as a Top Boutique
Andrea Hill Featured in Canadian Lawyer as SkyLaw Recognized as a Top BoutiqueAndrea Hill Featured in Canadian Lawyer as SkyLaw Recognized as a Top Boutique
Andrea Hill Featured in Canadian Lawyer as SkyLaw Recognized as a Top BoutiqueSkyLaw Professional Corporation
 
一比一原版(UC毕业证书)堪培拉大学毕业证如何办理
一比一原版(UC毕业证书)堪培拉大学毕业证如何办理一比一原版(UC毕业证书)堪培拉大学毕业证如何办理
一比一原版(UC毕业证书)堪培拉大学毕业证如何办理bd2c5966a56d
 
PowerPoint - Legal Citation Form 1 - Case Law.pptx
PowerPoint - Legal Citation Form 1 - Case Law.pptxPowerPoint - Legal Citation Form 1 - Case Law.pptx
PowerPoint - Legal Citation Form 1 - Case Law.pptxca2or2tx
 
Shubh_Burden of proof_Indian Evidence Act.pptx
Shubh_Burden of proof_Indian Evidence Act.pptxShubh_Burden of proof_Indian Evidence Act.pptx
Shubh_Burden of proof_Indian Evidence Act.pptxShubham Wadhonkar
 
Appeal and Revision in Income Tax Act.pdf
Appeal and Revision in Income Tax Act.pdfAppeal and Revision in Income Tax Act.pdf
Appeal and Revision in Income Tax Act.pdfPoojaGadiya1
 
The doctrine of harmonious construction under Interpretation of statute
The doctrine of harmonious construction under Interpretation of statuteThe doctrine of harmonious construction under Interpretation of statute
The doctrine of harmonious construction under Interpretation of statuteDeepikaK245113
 
8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptx
8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptx8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptx
8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptxPamelaAbegailMonsant2
 
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理Airst S
 
Jim Eiberger Redacted Copy Of Tenant Lease.pdf
Jim Eiberger Redacted Copy Of Tenant Lease.pdfJim Eiberger Redacted Copy Of Tenant Lease.pdf
Jim Eiberger Redacted Copy Of Tenant Lease.pdfjimeibergerreview
 
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理Airst S
 
一比一原版曼彻斯特城市大学毕业证如何办理
一比一原版曼彻斯特城市大学毕业证如何办理一比一原版曼彻斯特城市大学毕业证如何办理
一比一原版曼彻斯特城市大学毕业证如何办理Airst S
 
589308994-interpretation-of-statutes-notes-law-college.pdf
589308994-interpretation-of-statutes-notes-law-college.pdf589308994-interpretation-of-statutes-notes-law-college.pdf
589308994-interpretation-of-statutes-notes-law-college.pdfSUSHMITAPOTHAL
 

Recently uploaded (20)

COPYRIGHTS - PPT 01.12.2023 part- 2.pptx
COPYRIGHTS - PPT 01.12.2023 part- 2.pptxCOPYRIGHTS - PPT 01.12.2023 part- 2.pptx
COPYRIGHTS - PPT 01.12.2023 part- 2.pptx
 
CAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction FailsCAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction Fails
 
A SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURY
A SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURYA SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURY
A SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURY
 
Presentation on Corporate SOCIAL RESPONSIBILITY- PPT.pptx
Presentation on Corporate SOCIAL RESPONSIBILITY- PPT.pptxPresentation on Corporate SOCIAL RESPONSIBILITY- PPT.pptx
Presentation on Corporate SOCIAL RESPONSIBILITY- PPT.pptx
 
一比一原版赫尔大学毕业证如何办理
一比一原版赫尔大学毕业证如何办理一比一原版赫尔大学毕业证如何办理
一比一原版赫尔大学毕业证如何办理
 
BPA GROUP 7 - DARIO VS. MISON REPORTING.pdf
BPA GROUP 7 - DARIO VS. MISON REPORTING.pdfBPA GROUP 7 - DARIO VS. MISON REPORTING.pdf
BPA GROUP 7 - DARIO VS. MISON REPORTING.pdf
 
$ Love Spells^ 💎 (310) 882-6330 in Utah, UT | Psychic Reading Best Black Magi...
$ Love Spells^ 💎 (310) 882-6330 in Utah, UT | Psychic Reading Best Black Magi...$ Love Spells^ 💎 (310) 882-6330 in Utah, UT | Psychic Reading Best Black Magi...
$ Love Spells^ 💎 (310) 882-6330 in Utah, UT | Psychic Reading Best Black Magi...
 
Human Rights_FilippoLuciani diritti umani.pptx
Human Rights_FilippoLuciani diritti umani.pptxHuman Rights_FilippoLuciani diritti umani.pptx
Human Rights_FilippoLuciani diritti umani.pptx
 
Andrea Hill Featured in Canadian Lawyer as SkyLaw Recognized as a Top Boutique
Andrea Hill Featured in Canadian Lawyer as SkyLaw Recognized as a Top BoutiqueAndrea Hill Featured in Canadian Lawyer as SkyLaw Recognized as a Top Boutique
Andrea Hill Featured in Canadian Lawyer as SkyLaw Recognized as a Top Boutique
 
一比一原版(UC毕业证书)堪培拉大学毕业证如何办理
一比一原版(UC毕业证书)堪培拉大学毕业证如何办理一比一原版(UC毕业证书)堪培拉大学毕业证如何办理
一比一原版(UC毕业证书)堪培拉大学毕业证如何办理
 
PowerPoint - Legal Citation Form 1 - Case Law.pptx
PowerPoint - Legal Citation Form 1 - Case Law.pptxPowerPoint - Legal Citation Form 1 - Case Law.pptx
PowerPoint - Legal Citation Form 1 - Case Law.pptx
 
Shubh_Burden of proof_Indian Evidence Act.pptx
Shubh_Burden of proof_Indian Evidence Act.pptxShubh_Burden of proof_Indian Evidence Act.pptx
Shubh_Burden of proof_Indian Evidence Act.pptx
 
Appeal and Revision in Income Tax Act.pdf
Appeal and Revision in Income Tax Act.pdfAppeal and Revision in Income Tax Act.pdf
Appeal and Revision in Income Tax Act.pdf
 
The doctrine of harmonious construction under Interpretation of statute
The doctrine of harmonious construction under Interpretation of statuteThe doctrine of harmonious construction under Interpretation of statute
The doctrine of harmonious construction under Interpretation of statute
 
8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptx
8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptx8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptx
8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptx
 
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
 
Jim Eiberger Redacted Copy Of Tenant Lease.pdf
Jim Eiberger Redacted Copy Of Tenant Lease.pdfJim Eiberger Redacted Copy Of Tenant Lease.pdf
Jim Eiberger Redacted Copy Of Tenant Lease.pdf
 
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
 
一比一原版曼彻斯特城市大学毕业证如何办理
一比一原版曼彻斯特城市大学毕业证如何办理一比一原版曼彻斯特城市大学毕业证如何办理
一比一原版曼彻斯特城市大学毕业证如何办理
 
589308994-interpretation-of-statutes-notes-law-college.pdf
589308994-interpretation-of-statutes-notes-law-college.pdf589308994-interpretation-of-statutes-notes-law-college.pdf
589308994-interpretation-of-statutes-notes-law-college.pdf
 

Paperless Lab Academy 'legal aspects of big data analytics'

  • 1. LEGAL ASPECTS OF BIG DATA ANALYTICS 15 April 2015, Paperless Lab Academy Sofie van der Meulen www.axonlawyers.com #PaperlessLabAcademy@sofievdmeulen
  • 2. 2
  • 3. Overview • Definition of Big Data • Legal perspective of data • Big Data, Data Protection & Privacy • Looking forward: the General Data Protection Regulation Example big data analytics: https://www.youtube.com/watch?v=CeEDAchrc1U
  • 4. Where do we find Big Data? © Daan Roosegaarde ‘Big Data is everywhere’ – Financial Times 27 June 2014
  • 5. Legal definition of Big Data =
  • 6. What is Big Data? European Commission 2 July 2014 (COM(2014) 442 final): “The term “Big Data” refers to large amounts of different types of data produced with high velocity from a high number of various types of sources. Handling today’s highly variable and real-time datasets requires new tools and methods, such as powerful processors, software and algorithms, going beyond traditional “data-mining” tools designed to handle mainly low- variety, small scale and static datasets, often manually.”
  • 7. Big Data - EU European Commission 25 March 2015: “Big data is a goldmine, but it also raises important challenges, from ownership to data protection to standards. These need to be addressed to unlock its potential.” To be able to seize opportunities the Commission aims to make “sure that the relevant legal framework and policies, such as on interoperability, data protection, security and IPR are data-friendly, leading to more regulatory certainty for business and creating consumer trust in data technologies” http://europa.eu/rapid/press-release_IP-15-4653_en.htm https://ec.europa.eu/digital-agenda/en/
  • 9. Definition of Data in IT ISO/IEC 2382-1:1993 (Information technology — Vocabulary — Part 1: Fundamental terms) Data ‘A reinterpretable representation of information in a formalized manner suitable for communication, interpretation, or processing. Data can be processed by humans or by automatic means.’ Information (in information processing) ‘Knowledge concerning objects, such as facts, events, things, processes, or ideas, including concepts, that within a certain context has a particular meaning.’ https://www.iso.org/obp/ui/#iso:std:iso-iec:2382:-1:ed-3:v1:en
  • 11. Legal perspective on data? • No legal definition of ‘data’ • No rights in data (no property or ownership concept) • Rights and obligations in relation to data Data law: • Data regulation (focus on data protection) • Contracting • IP rights (copyright, database right)
  • 12. IP: Copyright Protects the original form or expression of information but not the underlying information itself. • “original” only if “selection or arrangement of contents is author’s own intellectual creation”. • Infringement by translation or making an altered version. Successful claim needs to show at least: • That copyright exists (pragmatic approach ‘what is worth copying is worth protection’) • Claimant owns the copyright • Work is within copyright (life plus 70 years for software and databases) • Infringement (substantial part is reproduced without authorisation)
  • 13. IP: Databases EU Database rights (Directive 96/9) • Excludes programs used in making/operating database Database: “a collection of independent works*, data or other materials which (a) are arranged in a systematic or methodological way and (b) are individually accessible by electronic or other means” • Maker’s right where substantial investment (qualitatively/ quantitatively) in making the database. • Lasts 15 years from initial creation. ‘Refreshed’ if any substantial change is made. • Infringed by ‘extraction and re-utilisation’ of substantial parts or repeated and systematic re-utilisation of insubstantial parts.
  • 14. Contracting IP in contracts. Attention should be paid to: • Scope of rights being licensed • Use of the data and derived data (and what is permitted in the terms of the provider?) • Warranties of compliance with regulations • Liabilities • Duration and termination of supply and post-term use Coming up: Big Data - data protection & privacy
  • 16. “I was Patient Zero,” said Lewinsky, now 41, to an auditorium full of 1,000- plus high-achieving millennials at Forbes’ inaugural 30 Under 30 summit in Philadelphia. “The first person to have their reputation completely destroyed worldwide via the Internet.” https://www.ted.com/talks/monica_lewinsky_the_price_of_shame?languag e=en ‘(…)…Don't matter if I step on the scene Or sneak away to the Philippines They still gon' put pictures of my derriere in the magazine You want a piece of me? You want a piece of me’ (Britney Spears – Lyrics ‘Piece of me’) Ask Monica Lewinsky… Ask Britney Spears… Ask Jennifer Lawrence…
  • 17. You want a piece of me? • Privacy policy Tell people WHY you want their data, tell them HOW you handle the data and WHAT you are going to do with it. • Privacy by design Make privacy and security part of the development of your products.
  • 18. Data protection in the EU European Commission Greenpaper on mHealth: one of the issues “at stake”: data protection, including security Current legal framework: Data Protection Directive (95/46/EC) in flux: General Data Protection Regulation proposal EU approach: fundamental right (Article 8 European Convention on Human Rights) -> emphasis on data subject interests
  • 19. Big Data – Data processing? Definition of ‘processing’: ‘Any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.’ (Data Protection Directive).
  • 20. Parties involved in processing • Controller: ‘The natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data’ • Processor: ‘A natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller’ • Third party • Data subject - Right to access - Right to correction - Right to erasure - Right to objection
  • 21. 21
  • 22. Personal data? Collecting and processing data may give rise to personal data processing and related obligations. Personal data: any information relating to an identified or identifiable natural person ('data subject'); whether directly or indirectly identifiable. “data relates to an individual if it refers to the identity, characteristics or behaviour of an individual or if such information is used to determine or influence the way in which that person is treated or evaluated” (WP136)
  • 23. Big Data & Data Protection - issues Informed consent vs. the principle of purpose limitation • Consent: “…any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed”. Special data? Explicit consent (see article 29 WP Opinion 15/2011). Is the new purpose compatible with original purpose? No? -> new consent required • The right to withdraw consent (data must be deleted if data subject no longer wants its data to be processed)
  • 24. Big Data & Data Protection - issues Principle of data minimisation vs. collecting as much data as possible • Finding a correlation or pattern does not retrospectively justify obtaining the data in the first place! Anonymisation? • Absolute anonymisation is likely impossible -> focus on mitigating risks of re-identification • Pseudonymisation = security measure
  • 25. Health data Health data is special category of data - processing prohibited UNLESS Explicit consent (likely to be sole legal ground in the future) OR Medical treatment exemption: Processing of the data is required for the purposes of preventive medicine, medical diagnosis, the provision of care or treatment or the management of health-care services, and those data are processed by a health professional subject under national law or rules established by national competent bodies to the obligation of professional secrecy or by another person also subject to an equivalent obligation of secrecy.
  • 26. Scope of ‘health data’? European Court of Justice in Case C-101/01 (Lindqvist): ‘In the light of the purpose of the directive, the expression “data concerning health” used in Article 8(1) thereof must be given a wide interpretation so as to include information concerning all aspects, both physical and mental, of the health of an individual.’ Letter of WP29 of 5 February 2015 on data collected by mHealth apps. Health data includes: • Medical data: ‘data about the physical or mental health status of a data subject (…) generated in a professional, medical context • Health related data used in an administrative context (information to public entities) • Data about the purchase of medical products and services provided that the health status can be determined
  • 27. Future scope of ‘health data’ The scope will be wider as it will include any information about ‘disease risk’. WP29: ‘disease risk’ refers to • Data concerning the potential future health status • Data, which may not necessarily be health data, with the purpose of identifying disease risks (medical research, using big data) Whether the device or software is a medical device or not is not relevant for the qualification ‘health data’! • Combination of data aimed to infer health status or health risk? -> health data • Conclusion about person’s health status or health risk? Conclusion = health data
  • 28. Retention of health data Retention of personal data: no longer than strictly necessary Netherlands: 15 years under the Medical Treatment Agreements Act (‘WGBO’) (Article 7:446 – 7:468 Dutch Civil Code) The healthcare professional has to keep a file regarding the treatment of a patient. Retention period of this file is 15 years. Consent to medical treatment ≠ consent to processing data!! 28
  • 29. Security Data controllers and processors should implement appropriate technical & organizational measures to protect data from loss or any form of unlawful processing. No specific security measures are mentioned, however security measures should take into account: • Nature of the data to be protected • State of the art • Aim to prevent unnecessary collection and further processing of personal data • Overriding principle: Plan-Do-Check-Act • Social engineering? https://www.youtube.com/watch?v=ecZL4Q2EVuY
  • 30. The Guardian 30 december 2014
  • 31. Data breaches? Latest developments NL Legislative proposal amending the Data Protection Act and Telecommunications Act by incorporating a notification obligation for data controllers in case of data breaches. The Data Protection Authority can impose administrative fines up to EUR 810.000 in case of violation of the notification obligation. Notification obligation applies if: • Security breach • Entity in public or private sector (companies, governmental organizations) • The infringement leads to a significant risk of adverse impact on the protection of personal data processed by the organization (theft, loss or abuse of personal data). Status: adopted by the House of Representatives, currently pending approval of the Senate.
  • 32. Dutch DPA & security of health data Conclusion in Annual report 2013 of the Dutch Data Protection Authority: ‘Security of health data not up to standards’ 1. DPA Report related to Okki-app in September 2014 Lessons learned from this report? • In any case, use SSL for transmitting data over the internet. • In case of an app that is designed to be used by children under 16 years of age, consent for the processing of personal data has to be obtained from the parents (legal representative).
  • 33. Dutch DPA & security of health data 2. Report related to network security & protection of health data in a hospital published in November 2014 Lessons learned from this report? • Ensure an overview of all the software and when the software is end of life. • Timely updates of the software and replacement of end of life software that is no longer supported by the supplier. • If replacement of end of life software is not possible, take additional measures such as separating the network, disconnecting from the network or implement strict access control to reduce security risks. • Use proactive monitoring of the network to detect abnormal behavior of users and systems. • Perform periodic penetration tests to detect vulnerabilities in systems and equipment and take measures to remedy the vulnerabilities. • Check the terms and conditions of software developers and suppliers on updates and security.
  • 34. Data transfer outside EU & security • Surveillance practices (PRISM) Safe harbor for transfer to US? Safe Harbor Certification merely means that the transfer of personal data to the US is allowed in principle because it demonstrates the adequacy of the US as jurisdiction • No adequate level of protection? Data transfer agreement based on European Commission’s standard contractual clauses.
  • 35. General Data Protection Regulation The current EU system is: • Fragmented • Outdated • Unclear Proposal for a new framework: The General Data Protection Regulation. • Regulation: direct effect in member states (no national legislation) In force? 2016?
  • 36. GDPR • Informed consent and burden of proof it was obtained • Privacy by design – software & devices have to be designed and built as to enable GDPR and data subject’s rights by default • High fines (up to 5% annual WW turnover) • Privacy officers mandatory for large companies • Privacy impact assessment mandatory for each act of processing Extraterritorial jurisdiction: • Data controller or processor established in the EU, whether the processing takes place in the Union or not • Data controller or processor not established in the EU, if processing is related to: • Offering goods or services to data subjects in the Union • Monitoring of data subjects in the Union
  • 37. GDPR – important definitions • Article 4 (10) 'genetic data’ “all data, of whatever type, concerning the characteristics of an individual which are inherited or acquired during early prenatal development” • Article 4 (12) ‘data concerning health’ “any information which relates to the physical or mental health of an individual, or to the provision of health services to the individual” Clarification is needed around ‘genetic data’ and ‘data concerning health’ to ensure that these definitions are only intended to apply to personal data that falls within these categories, rather than all related data. | 37
  • 39. GDPR – processing of personal data Processing of genetic data or data concerning health (article 9) • only with consent; OR • processing of data concerning health is necessary for health purposes and subject to conditions and safeguards (Article 81); OR • processing is necessary for historical, statistical or scientific research purposes subject to conditions and safeguards (Article 83) • controller has burden of proving that the data subject has given the consent to the processing operation • consent is not a valid legal ground for the processing of personal data, where there is a clear imbalance between the data subject and the controller (likely: HCP / patient relation)
  • 40. GDPR – right to erasure • The right to withdraw consent and right to erasure (Article 17 GDPR) Difficult to implement if data is stored in archived backups • Real risk that statistical analyses will be “depowered” as a result of such changes as result of exercise of rights (particularly in the case of orphan diseases or conditions with difficult inclusion and exclusion criteria, such as paediatratic), thereby calling into question existing registrations (let alone future developments). Result, clinical trials and clinical investigations will be conducted outside Europe to avoid any such risk.
  • 42. Extra: software as medical device? Check decision trees in MEDDEV 2.1/6 to determine if software is in scope of ‘medical device’ (Directive 93/42/EC on medical devices). Regulatory continuum towards medical device regulationWellness Medical: • Diagnostic • Therapeutic • amplify • analysis • interpret • alarms • calculates • controls • converts • detects • diagnose • measures • monitors • trend • alter • highlight • search • transfer • move • store • display • count
  • 43. 43
  • 44. Sofie van der Meulen Axon Lawyers Piet Heinkade 183 1019 HC Amsterdam www.axonlawyers.com +31 88 650 6500 +31 6 53 44 05 67 sofie.vandermeulen@axonlawyers.com THANK YOU FOR YOUR ATTENTION!

Editor's Notes

  1. Internet: spaghetti Structured dataset: lasagna
  2. Ownership of medical samples is not a useful concept. 1997 European Convention on Human Rights and Biomedicine (and 2002 protocol): “the human body and its parts shall not, as such, give rise to financial gain or comparable advantage”. IP rights: only to analytic work performed on the data.
  3. Transparency about how the data will be used will be important in determining compliance (ICO paper Big Data and Data Protection)
  4. Processing big data
  5. Complexity of big data analytics is no excuse for failing to seek consent where it is required.
  6. Potential future health status: any information where there is a scientifically proven or commonly perceived risk of disease in the future, such as obesity, blood pressure, personal habits involving tobacco, alcohol or drugs Health data in GDPR: Recital 26
  7. Article 4, 31 and 32 GDPR
  8. Privacy by design and default: Article 23
  9. Parties propose the concept of one-time consent instead of re-consent to every use of their data