SlideShare a Scribd company logo

Christopher Millard Legally Compliant Use Of Personal Data In E Social Science

C
Christopher Millard
TechnologyEducation
1 of 10
Download to read offline
Legally Compliant Use of Personal Data in e-Social Science NCeSS 5th International Conference, Cologne Workshop on Law and Ethics in e-Social Science, 24 June 2009 Professor Christopher Millard Senior Research Fellow, Oxford Internet Institute christopher.millard@oii.ox.ac.uk
Why are we looking at ‘personal data’?   Much work remains to be done on the ethical and legal implications of the use of the Internet and related technologies in e-Social Science   Specifically, there are unresolved concerns about the status of various rapidly evolving techniques and processes for collecting, analysing, manipulating, storing, sharing, anonymising (or not), disclosing (voluntarily or not), outsourcing and otherwise handling personal data and sensitive personal data   Personal data has become a hot topic with (often sensational) headlines about the ‘surveillance state’, DNA retention policy, large scale data losses, the impact of social networking, etc   There appears to be significant disquiet, and some confusion, regarding the risks associated with large databases and identity issues in the public sector - this makes it all the more important that appropriate safeguards can be articulated and demonstrated in relation to e-science research
Back to basics: what rules govern ‘personal data’?   The main source in the EU is the Data Protection Directive 1995   Does this mean that the rules are now basically harmonised, i.e. standardised, across Europe, and clear?   Sadly … NO! … for two reasons 1.  The Directive is addressed to the EU Member States for them to implement in their national laws. All 27 have now done so but they have done so inconsistently, even at the definitional level. 2.  Local regulators and courts have, in various cases, applied divergent interpretations to the Member State laws.
What is ‘personal data’ supposed to cover?   “‘Personal data’ shall mean any information relating to an identified or identifiable natural person (‘data subject’); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity”. Data Protection Directive, Article 2 (a)   Complex rules apply to the processing of so-called “special categories of data” [also known as “sensitive personal data”] defined as: “personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of data concerning health or sex life” as well as “the processing of data relating to offences, criminal convictions or security measures” and “processing of data relating to administrative sanctions or judgements in civil cases” Data Protection Directive, Article 8 (1), (5).
‘Personal data’: the concept in practice according to the EU privacy regulators Article 29 Data Protection Working Party: Opinion on the concept of personal data Step 1: Is it information?   Objectively or subjectively, eg. creditworthiness / competence   Broad range of formats, including audio, video, biometrics, etc Step 2: Does it relate to a person?   Content (eg. medical records) or   Purpose (eg. evaluating / influencing a person) or   Result (eg. decision that may affect someone’s bonus)
‘Personal data’: the concept in practice according to the EU privacy regulators (cont.) Article 29 Data Protection Working Party: Opinion on the concept of personal data Step 3: Is that person identified or identifiable?   Directly (eg. name) or indirectly (eg. phone no. or combination of distinguishing criteria)   Cookies   Potentially identifiable individuals (eg. graffiti tags)   Pseudonymised, key-coded and anonymous data (reversibility) Step 4: Is the person a living natural person?   Unborn children and frozen embryos   Dead people may still be relevant!   Legal persons (see DP laws of Italy, Austria & Luxembourg)
National courts may take a different view…   Eg. the UK Court of Appeal’s ruling in Durant vs. Financial Services Authority [2003]   For information to be ‘personal data’ depends on relevance or proximity to the data subject. Need to consider whether:   the information is biographical in a significant sense   it has the data subject as its focus, and   it affects the privacy of the putative data subject, whether in his personal, business or professional capacity.   Highly controversial decision: probably the main driver for the European Commission’s infraction proceedings vs. UK   UK Information Commissioner has attempted to rationalise Durant with collective EU approach with limited success
Moving forward: towards effective and compliant use of personal data in e-science Key compliance issues relating to personal data   Treatment of anonymous and pseudonymous information   Fairness and lawfulness issues (including confidentiality)   Consent issues, especially in relation to sensitive personal data   Scope of specific exemptions for research activities Collaboration and Cross-Border Projects   Relationships between ‘data controllers’ and ‘data processors’   Specific data security obligations   Compliance obligations arising under international research and other arrangements involving transfers of data outside the EEA
Possible directions for a practical governance framework for use of personal data in e-Science   Privacy Impact Assessments and / or Data Protection Audits for e-Science projects   Development of online best practice, which might include layered privacy notices and use of Privacy Enhancing Technologies (PETs) such as “privacy-friendly default settings” (see Article 29 Working Party’s June 2009 opinion on social networks)   Guidance on managing risks associated with processing personal data in the Cloud   Use of privacy and data protection eLearning tools in e-Science
Legally Compliant Use of Personal Data in e-Social Science NCeSS 5th International Conference, Cologne Workshop on Law and Ethics in e-Social Science, 24 June 2009 Professor Christopher Millard Senior Research Fellow, Oxford Internet Institute christopher.millard@oii.ox.ac.uk

Recommended

20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security PrinciplesLisa Catanzaro
 
Privacy, Data Protection and SNS
Privacy, Data Protection and SNSPrivacy, Data Protection and SNS
Privacy, Data Protection and SNSdariphagen
 
Kees stuurman
Kees stuurmanKees stuurman
Kees stuurmanAtıf ÜNALDI
 
Social Governance: Social Media & Public Authorities
Social Governance: Social Media & Public AuthoritiesSocial Governance: Social Media & Public Authorities
Social Governance: Social Media & Public AuthoritiesMathias Klang
 
Unesco paris-2011
Unesco paris-2011Unesco paris-2011
Unesco paris-2011Oxford Martin Centre, OII, and Computer Science at the University of Oxford
 
Freedom unesco-2011
Freedom unesco-2011Freedom unesco-2011
Freedom unesco-2011Oxford Martin Centre, OII, and Computer Science at the University of Oxford
 
Privacy through Anonymisation in Large-scale Socio-technical Systems: Multi-l...
Privacy through Anonymisation in Large-scale Socio-technical Systems: Multi-l...Privacy through Anonymisation in Large-scale Socio-technical Systems: Multi-l...
Privacy through Anonymisation in Large-scale Socio-technical Systems: Multi-l...Enrico Denti
 
Data Protection / EU Counter-Terrorism policy
Data Protection / EU Counter-Terrorism policyData Protection / EU Counter-Terrorism policy
Data Protection / EU Counter-Terrorism policyEuropean Economic and Social Committee - SOC Section
 

Recommended

20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security PrinciplesLisa Catanzaro
 
Privacy, Data Protection and SNS
Privacy, Data Protection and SNSPrivacy, Data Protection and SNS
Privacy, Data Protection and SNSdariphagen
 
Kees stuurman
Kees stuurmanKees stuurman
Kees stuurmanAtıf ÜNALDI
 
Social Governance: Social Media & Public Authorities
Social Governance: Social Media & Public AuthoritiesSocial Governance: Social Media & Public Authorities
Social Governance: Social Media & Public AuthoritiesMathias Klang
 
Unesco paris-2011
Unesco paris-2011Unesco paris-2011
Unesco paris-2011Oxford Martin Centre, OII, and Computer Science at the University of Oxford
 
Freedom unesco-2011
Freedom unesco-2011Freedom unesco-2011
Freedom unesco-2011Oxford Martin Centre, OII, and Computer Science at the University of Oxford
 
Privacy through Anonymisation in Large-scale Socio-technical Systems: Multi-l...
Privacy through Anonymisation in Large-scale Socio-technical Systems: Multi-l...Privacy through Anonymisation in Large-scale Socio-technical Systems: Multi-l...
Privacy through Anonymisation in Large-scale Socio-technical Systems: Multi-l...Enrico Denti
 
Data Protection / EU Counter-Terrorism policy
Data Protection / EU Counter-Terrorism policyData Protection / EU Counter-Terrorism policy
Data Protection / EU Counter-Terrorism policyEuropean Economic and Social Committee - SOC Section
 
Freedom of Connection - Freedom of Expression
Freedom of Connection - Freedom of ExpressionFreedom of Connection - Freedom of Expression
Freedom of Connection - Freedom of ExpressionOxford Martin Centre, OII, and Computer Science at the University of Oxford
 
Right to be forgotten final paper
Right to be forgotten final paperRight to be forgotten final paper
Right to be forgotten final paperreporter1120
 
Privacy, Social Network Sites and the law
Privacy, Social Network Sites and the lawPrivacy, Social Network Sites and the law
Privacy, Social Network Sites and the lawdariphagen
 
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...IDC4EU
 
Copyright and privacy by design - what lessons have we learned?
Copyright and privacy by design - what lessons have we learned?Copyright and privacy by design - what lessons have we learned?
Copyright and privacy by design - what lessons have we learned?blogzilla
 
Keeping our secrets? Shaping Internet technologies for the public good
Keeping our secrets? Shaping Internet technologies for the public goodKeeping our secrets? Shaping Internet technologies for the public good
Keeping our secrets? Shaping Internet technologies for the public goodblogzilla
 
CfP International Network Confernce Inc2010
CfP International Network Confernce Inc2010CfP International Network Confernce Inc2010
CfP International Network Confernce Inc2010schilkes
 
Interoperability frameworks
Interoperability frameworksInteroperability frameworks
Interoperability frameworksStevenSegaert
 
Internet ecosystem and the internet
Internet ecosystem and the internetInternet ecosystem and the internet
Internet ecosystem and the internetShreedeep Rayamajhi
 
Paperless Lab Academy 'legal aspects of big data analytics'
Paperless Lab Academy 'legal aspects of big data analytics' Paperless Lab Academy 'legal aspects of big data analytics'
Paperless Lab Academy 'legal aspects of big data analytics' Axon Lawyers
 
Privacy and Libraries
Privacy and LibrariesPrivacy and Libraries
Privacy and LibrariesBradley Shipps
 
Privacy and Surveillance
Privacy and SurveillancePrivacy and Surveillance
Privacy and SurveillanceIrem Gokce Aydin
 
15 april advocacy arsen stepanyan
15 april advocacy arsen stepanyan15 april advocacy arsen stepanyan
15 april advocacy arsen stepanyanOlga Kozhaeva
 
Cross Border Privacy : Intellectual Property Issues
Cross Border Privacy : Intellectual Property IssuesCross Border Privacy : Intellectual Property Issues
Cross Border Privacy : Intellectual Property IssuesKarl Larson
 
Environmental Protection Through E-Regulation: Critical and Empirical Perspec...
Environmental Protection Through E-Regulation: Critical and Empirical Perspec...Environmental Protection Through E-Regulation: Critical and Empirical Perspec...
Environmental Protection Through E-Regulation: Critical and Empirical Perspec...Rónán Kennedy
 
Privacy and Data Protection in Research
Privacy and Data Protection in ResearchPrivacy and Data Protection in Research
Privacy and Data Protection in ResearchMarlon Domingus
 
The Right To Be Forgotten in the Google Spain Case (case C-131/12): A Clear V...
The Right To Be Forgotten in the Google Spain Case (case C-131/12): A Clear V...The Right To Be Forgotten in the Google Spain Case (case C-131/12): A Clear V...
The Right To Be Forgotten in the Google Spain Case (case C-131/12): A Clear V...ioannis iglezakis
 
English resume identité numeriquefice word
English resume identité numeriquefice wordEnglish resume identité numeriquefice word
English resume identité numeriquefice wordrra
 
Imran research abstract 15042010
Imran research abstract 15042010Imran research abstract 15042010
Imran research abstract 15042010Muhammad Imran Suid
 
IT Governance: Privacy and Intellectual Property
IT Governance: Privacy and Intellectual PropertyIT Governance: Privacy and Intellectual Property
IT Governance: Privacy and Intellectual PropertyCharles Mok
 
Data science and privacy regulation
Data science and privacy regulationData science and privacy regulation
Data science and privacy regulationblogzilla
 
Lesson4-Privacy and Data Protection.pptx
Lesson4-Privacy and Data Protection.pptxLesson4-Privacy and Data Protection.pptx
Lesson4-Privacy and Data Protection.pptxadnis1
 

More Related Content

What's hot

Right to be forgotten final paper
Right to be forgotten final paperRight to be forgotten final paper
Right to be forgotten final paperreporter1120
 
Privacy, Social Network Sites and the law
Privacy, Social Network Sites and the lawPrivacy, Social Network Sites and the law
Privacy, Social Network Sites and the lawdariphagen
 
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...IDC4EU
 
Copyright and privacy by design - what lessons have we learned?
Copyright and privacy by design - what lessons have we learned?Copyright and privacy by design - what lessons have we learned?
Copyright and privacy by design - what lessons have we learned?blogzilla
 
Keeping our secrets? Shaping Internet technologies for the public good
Keeping our secrets? Shaping Internet technologies for the public goodKeeping our secrets? Shaping Internet technologies for the public good
Keeping our secrets? Shaping Internet technologies for the public goodblogzilla
 
CfP International Network Confernce Inc2010
CfP International Network Confernce Inc2010CfP International Network Confernce Inc2010
CfP International Network Confernce Inc2010schilkes
 
Interoperability frameworks
Interoperability frameworksInteroperability frameworks
Interoperability frameworksStevenSegaert
 
Internet ecosystem and the internet
Internet ecosystem and the internetInternet ecosystem and the internet
Internet ecosystem and the internetShreedeep Rayamajhi
 
Paperless Lab Academy 'legal aspects of big data analytics'
Paperless Lab Academy 'legal aspects of big data analytics' Paperless Lab Academy 'legal aspects of big data analytics'
Paperless Lab Academy 'legal aspects of big data analytics' Axon Lawyers
 
15 april advocacy arsen stepanyan
15 april advocacy arsen stepanyan15 april advocacy arsen stepanyan
15 april advocacy arsen stepanyanOlga Kozhaeva
 
Cross Border Privacy : Intellectual Property Issues
Cross Border Privacy : Intellectual Property IssuesCross Border Privacy : Intellectual Property Issues
Cross Border Privacy : Intellectual Property IssuesKarl Larson
 
Environmental Protection Through E-Regulation: Critical and Empirical Perspec...
Environmental Protection Through E-Regulation: Critical and Empirical Perspec...Environmental Protection Through E-Regulation: Critical and Empirical Perspec...
Environmental Protection Through E-Regulation: Critical and Empirical Perspec...Rónán Kennedy
 
Privacy and Data Protection in Research
Privacy and Data Protection in ResearchPrivacy and Data Protection in Research
Privacy and Data Protection in ResearchMarlon Domingus
 
The Right To Be Forgotten in the Google Spain Case (case C-131/12): A Clear V...
The Right To Be Forgotten in the Google Spain Case (case C-131/12): A Clear V...The Right To Be Forgotten in the Google Spain Case (case C-131/12): A Clear V...
The Right To Be Forgotten in the Google Spain Case (case C-131/12): A Clear V...ioannis iglezakis
 
English resume identité numeriquefice word
English resume identité numeriquefice wordEnglish resume identité numeriquefice word
English resume identité numeriquefice wordrra
 
Imran research abstract 15042010
Imran research abstract 15042010Imran research abstract 15042010
Imran research abstract 15042010Muhammad Imran Suid
 
IT Governance: Privacy and Intellectual Property
IT Governance: Privacy and Intellectual PropertyIT Governance: Privacy and Intellectual Property
IT Governance: Privacy and Intellectual PropertyCharles Mok
 

What's hot (20)

Freedom of Connection - Freedom of Expression
Freedom of Connection - Freedom of ExpressionFreedom of Connection - Freedom of Expression
Freedom of Connection - Freedom of Expression
 
Right to be forgotten final paper
Right to be forgotten final paperRight to be forgotten final paper
Right to be forgotten final paper
 
Privacy, Social Network Sites and the law
Privacy, Social Network Sites and the lawPrivacy, Social Network Sites and the law
Privacy, Social Network Sites and the law
 
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...
 
Copyright and privacy by design - what lessons have we learned?
Copyright and privacy by design - what lessons have we learned?Copyright and privacy by design - what lessons have we learned?
Copyright and privacy by design - what lessons have we learned?
 
Keeping our secrets? Shaping Internet technologies for the public good
Keeping our secrets? Shaping Internet technologies for the public goodKeeping our secrets? Shaping Internet technologies for the public good
Keeping our secrets? Shaping Internet technologies for the public good
 
CfP International Network Confernce Inc2010
CfP International Network Confernce Inc2010CfP International Network Confernce Inc2010
CfP International Network Confernce Inc2010
 
Interoperability frameworks
Interoperability frameworksInteroperability frameworks
Interoperability frameworks
 
Internet ecosystem and the internet
Internet ecosystem and the internetInternet ecosystem and the internet
Internet ecosystem and the internet
 
Paperless Lab Academy 'legal aspects of big data analytics'
Paperless Lab Academy 'legal aspects of big data analytics' Paperless Lab Academy 'legal aspects of big data analytics'
Paperless Lab Academy 'legal aspects of big data analytics'
 
Privacy and Libraries
Privacy and LibrariesPrivacy and Libraries
Privacy and Libraries
 
Privacy and Surveillance
Privacy and SurveillancePrivacy and Surveillance
Privacy and Surveillance
 
15 april advocacy arsen stepanyan
15 april advocacy arsen stepanyan15 april advocacy arsen stepanyan
15 april advocacy arsen stepanyan
 
Cross Border Privacy : Intellectual Property Issues
Cross Border Privacy : Intellectual Property IssuesCross Border Privacy : Intellectual Property Issues
Cross Border Privacy : Intellectual Property Issues
 
Environmental Protection Through E-Regulation: Critical and Empirical Perspec...
Environmental Protection Through E-Regulation: Critical and Empirical Perspec...Environmental Protection Through E-Regulation: Critical and Empirical Perspec...
Environmental Protection Through E-Regulation: Critical and Empirical Perspec...
 
Privacy and Data Protection in Research
Privacy and Data Protection in ResearchPrivacy and Data Protection in Research
Privacy and Data Protection in Research
 
The Right To Be Forgotten in the Google Spain Case (case C-131/12): A Clear V...
The Right To Be Forgotten in the Google Spain Case (case C-131/12): A Clear V...The Right To Be Forgotten in the Google Spain Case (case C-131/12): A Clear V...
The Right To Be Forgotten in the Google Spain Case (case C-131/12): A Clear V...
 
English resume identité numeriquefice word
English resume identité numeriquefice wordEnglish resume identité numeriquefice word
English resume identité numeriquefice word
 
Imran research abstract 15042010
Imran research abstract 15042010Imran research abstract 15042010
Imran research abstract 15042010
 
IT Governance: Privacy and Intellectual Property
IT Governance: Privacy and Intellectual PropertyIT Governance: Privacy and Intellectual Property
IT Governance: Privacy and Intellectual Property
 

Similar to Christopher Millard Legally Compliant Use Of Personal Data In E Social Science

Data science and privacy regulation
Data science and privacy regulationData science and privacy regulation
Data science and privacy regulationblogzilla
 
Lesson4-Privacy and Data Protection.pptx
Lesson4-Privacy and Data Protection.pptxLesson4-Privacy and Data Protection.pptx
Lesson4-Privacy and Data Protection.pptxadnis1
 
An ethical approach to data privacy protection
An ethical approach to data privacy protectionAn ethical approach to data privacy protection
An ethical approach to data privacy protectionNicha Tatsaneeyapan
 
An itinerary for FAIR and privacy respecting data-driven innovation and research
An itinerary for FAIR and privacy respecting data-driven innovation and researchAn itinerary for FAIR and privacy respecting data-driven innovation and research
An itinerary for FAIR and privacy respecting data-driven innovation and researchMarlon Domingus
 
COSC372572 Topic1 Lect1-3 (ch04)_white.pdf
COSC372572 Topic1 Lect1-3 (ch04)_white.pdfCOSC372572 Topic1 Lect1-3 (ch04)_white.pdf
COSC372572 Topic1 Lect1-3 (ch04)_white.pdfManishKarki12
 
Ethics and data protection .docx
Ethics and data protection .docxEthics and data protection .docx
Ethics and data protection .docxelbanglis
 
hel29999999999999999999999999999999999999999999.ppt
hel29999999999999999999999999999999999999999999.ppthel29999999999999999999999999999999999999999999.ppt
hel29999999999999999999999999999999999999999999.pptgealehegn
 
e-SIDES workshop at ICE-IEEE Conference, Madeira 28/06/2017
e-SIDES workshop at ICE-IEEE Conference, Madeira 28/06/2017e-SIDES workshop at ICE-IEEE Conference, Madeira 28/06/2017
e-SIDES workshop at ICE-IEEE Conference, Madeira 28/06/2017e-SIDES.eu
 
"Legal implementation barriers of privacy-preserving technologies" eLAW prese...
"Legal implementation barriers of privacy-preserving technologies" eLAW prese..."Legal implementation barriers of privacy-preserving technologies" eLAW prese...
"Legal implementation barriers of privacy-preserving technologies" eLAW prese...e-SIDES.eu
 
Philosophical Aspects of Big Data
Philosophical Aspects of Big DataPhilosophical Aspects of Big Data
Philosophical Aspects of Big DataNicolae Sfetcu
 
The death of data protection sans obama
The death of data protection sans obamaThe death of data protection sans obama
The death of data protection sans obamaLilian Edwards
 
The death of data protection
The death of data protection The death of data protection
The death of data protection Lilian Edwards
 
ISO/IEC 27001, ISO/IEC 27701, and Data Privacy Laws: Key threats in 2022
ISO/IEC 27001, ISO/IEC 27701, and Data Privacy Laws: Key threats in 2022ISO/IEC 27001, ISO/IEC 27701, and Data Privacy Laws: Key threats in 2022
ISO/IEC 27001, ISO/IEC 27701, and Data Privacy Laws: Key threats in 2022PECB
 
PLA Legal aspects of Big Data analytics final
PLA Legal aspects of Big Data analytics finalPLA Legal aspects of Big Data analytics final
PLA Legal aspects of Big Data analytics finalSofie van der Meulen
 
TIK_4. pengelolaan informasi_20161__rev
TIK_4. pengelolaan informasi_20161__revTIK_4. pengelolaan informasi_20161__rev
TIK_4. pengelolaan informasi_20161__revjackpopo
 
Data set Legislation
Data set Legislation Data set Legislation
Data set Legislation Data-Set
 
Introduction to Information Policy
Introduction to Information PolicyIntroduction to Information Policy
Introduction to Information PolicyNiamh Walker-Headon
 
Privacy & Data Ethics
Privacy & Data EthicsPrivacy & Data Ethics
Privacy & Data EthicsErik Kokkonen
 

Similar to Christopher Millard Legally Compliant Use Of Personal Data In E Social Science (20)

Data science and privacy regulation
Data science and privacy regulationData science and privacy regulation
Data science and privacy regulation
 
Lesson4-Privacy and Data Protection.pptx
Lesson4-Privacy and Data Protection.pptxLesson4-Privacy and Data Protection.pptx
Lesson4-Privacy and Data Protection.pptx
 
An ethical approach to data privacy protection
An ethical approach to data privacy protectionAn ethical approach to data privacy protection
An ethical approach to data privacy protection
 
An itinerary for FAIR and privacy respecting data-driven innovation and research
An itinerary for FAIR and privacy respecting data-driven innovation and researchAn itinerary for FAIR and privacy respecting data-driven innovation and research
An itinerary for FAIR and privacy respecting data-driven innovation and research
 
COSC372572 Topic1 Lect1-3 (ch04)_white.pdf
COSC372572 Topic1 Lect1-3 (ch04)_white.pdfCOSC372572 Topic1 Lect1-3 (ch04)_white.pdf
COSC372572 Topic1 Lect1-3 (ch04)_white.pdf
 
Ethics and data protection .docx
Ethics and data protection .docxEthics and data protection .docx
Ethics and data protection .docx
 
hel29999999999999999999999999999999999999999999.ppt
hel29999999999999999999999999999999999999999999.ppthel29999999999999999999999999999999999999999999.ppt
hel29999999999999999999999999999999999999999999.ppt
 
e-SIDES workshop at ICE-IEEE Conference, Madeira 28/06/2017
e-SIDES workshop at ICE-IEEE Conference, Madeira 28/06/2017e-SIDES workshop at ICE-IEEE Conference, Madeira 28/06/2017
e-SIDES workshop at ICE-IEEE Conference, Madeira 28/06/2017
 
"Legal implementation barriers of privacy-preserving technologies" eLAW prese...
"Legal implementation barriers of privacy-preserving technologies" eLAW prese..."Legal implementation barriers of privacy-preserving technologies" eLAW prese...
"Legal implementation barriers of privacy-preserving technologies" eLAW prese...
 
Philosophical Aspects of Big Data
Philosophical Aspects of Big DataPhilosophical Aspects of Big Data
Philosophical Aspects of Big Data
 
The death of data protection sans obama
The death of data protection sans obamaThe death of data protection sans obama
The death of data protection sans obama
 
The death of data protection
The death of data protection The death of data protection
The death of data protection
 
ISO/IEC 27001, ISO/IEC 27701, and Data Privacy Laws: Key threats in 2022
ISO/IEC 27001, ISO/IEC 27701, and Data Privacy Laws: Key threats in 2022ISO/IEC 27001, ISO/IEC 27701, and Data Privacy Laws: Key threats in 2022
ISO/IEC 27001, ISO/IEC 27701, and Data Privacy Laws: Key threats in 2022
 
PLA Legal aspects of Big Data analytics final
PLA Legal aspects of Big Data analytics finalPLA Legal aspects of Big Data analytics final
PLA Legal aspects of Big Data analytics final
 
TIK_4. pengelolaan informasi_20161__rev
TIK_4. pengelolaan informasi_20161__revTIK_4. pengelolaan informasi_20161__rev
TIK_4. pengelolaan informasi_20161__rev
 
Sible 09
Sible 09Sible 09
Sible 09
 
Review questions
Review questionsReview questions
Review questions
 
Data set Legislation
Data set Legislation Data set Legislation
Data set Legislation
 
Introduction to Information Policy
Introduction to Information PolicyIntroduction to Information Policy
Introduction to Information Policy
 
Privacy & Data Ethics
Privacy & Data EthicsPrivacy & Data Ethics
Privacy & Data Ethics
 

Recently uploaded

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 

Recently uploaded (20)

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 

Christopher Millard Legally Compliant Use Of Personal Data In E Social Science

  • 1. Legally Compliant Use of Personal Data in e-Social Science NCeSS 5th International Conference, Cologne Workshop on Law and Ethics in e-Social Science, 24 June 2009 Professor Christopher Millard Senior Research Fellow, Oxford Internet Institute christopher.millard@oii.ox.ac.uk
  • 2. Why are we looking at ‘personal data’?   Much work remains to be done on the ethical and legal implications of the use of the Internet and related technologies in e-Social Science   Specifically, there are unresolved concerns about the status of various rapidly evolving techniques and processes for collecting, analysing, manipulating, storing, sharing, anonymising (or not), disclosing (voluntarily or not), outsourcing and otherwise handling personal data and sensitive personal data   Personal data has become a hot topic with (often sensational) headlines about the ‘surveillance state’, DNA retention policy, large scale data losses, the impact of social networking, etc   There appears to be significant disquiet, and some confusion, regarding the risks associated with large databases and identity issues in the public sector - this makes it all the more important that appropriate safeguards can be articulated and demonstrated in relation to e-science research
  • 3. Back to basics: what rules govern ‘personal data’?   The main source in the EU is the Data Protection Directive 1995   Does this mean that the rules are now basically harmonised, i.e. standardised, across Europe, and clear?   Sadly … NO! … for two reasons 1.  The Directive is addressed to the EU Member States for them to implement in their national laws. All 27 have now done so but they have done so inconsistently, even at the definitional level. 2.  Local regulators and courts have, in various cases, applied divergent interpretations to the Member State laws.
  • 4. What is ‘personal data’ supposed to cover?   “‘Personal data’ shall mean any information relating to an identified or identifiable natural person (‘data subject’); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity”. Data Protection Directive, Article 2 (a)   Complex rules apply to the processing of so-called “special categories of data” [also known as “sensitive personal data”] defined as: “personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of data concerning health or sex life” as well as “the processing of data relating to offences, criminal convictions or security measures” and “processing of data relating to administrative sanctions or judgements in civil cases” Data Protection Directive, Article 8 (1), (5).
  • 5. ‘Personal data’: the concept in practice according to the EU privacy regulators Article 29 Data Protection Working Party: Opinion on the concept of personal data Step 1: Is it information?   Objectively or subjectively, eg. creditworthiness / competence   Broad range of formats, including audio, video, biometrics, etc Step 2: Does it relate to a person?   Content (eg. medical records) or   Purpose (eg. evaluating / influencing a person) or   Result (eg. decision that may affect someone’s bonus)
  • 6. ‘Personal data’: the concept in practice according to the EU privacy regulators (cont.) Article 29 Data Protection Working Party: Opinion on the concept of personal data Step 3: Is that person identified or identifiable?   Directly (eg. name) or indirectly (eg. phone no. or combination of distinguishing criteria)   Cookies   Potentially identifiable individuals (eg. graffiti tags)   Pseudonymised, key-coded and anonymous data (reversibility) Step 4: Is the person a living natural person?   Unborn children and frozen embryos   Dead people may still be relevant!   Legal persons (see DP laws of Italy, Austria & Luxembourg)
  • 7. National courts may take a different view…   Eg. the UK Court of Appeal’s ruling in Durant vs. Financial Services Authority [2003]   For information to be ‘personal data’ depends on relevance or proximity to the data subject. Need to consider whether:   the information is biographical in a significant sense   it has the data subject as its focus, and   it affects the privacy of the putative data subject, whether in his personal, business or professional capacity.   Highly controversial decision: probably the main driver for the European Commission’s infraction proceedings vs. UK   UK Information Commissioner has attempted to rationalise Durant with collective EU approach with limited success
  • 8. Moving forward: towards effective and compliant use of personal data in e-science Key compliance issues relating to personal data   Treatment of anonymous and pseudonymous information   Fairness and lawfulness issues (including confidentiality)   Consent issues, especially in relation to sensitive personal data   Scope of specific exemptions for research activities Collaboration and Cross-Border Projects   Relationships between ‘data controllers’ and ‘data processors’   Specific data security obligations   Compliance obligations arising under international research and other arrangements involving transfers of data outside the EEA
  • 9. Possible directions for a practical governance framework for use of personal data in e-Science   Privacy Impact Assessments and / or Data Protection Audits for e-Science projects   Development of online best practice, which might include layered privacy notices and use of Privacy Enhancing Technologies (PETs) such as “privacy-friendly default settings” (see Article 29 Working Party’s June 2009 opinion on social networks)   Guidance on managing risks associated with processing personal data in the Cloud   Use of privacy and data protection eLearning tools in e-Science
  • 10. Legally Compliant Use of Personal Data in e-Social Science NCeSS 5th International Conference, Cologne Workshop on Law and Ethics in e-Social Science, 24 June 2009 Professor Christopher Millard Senior Research Fellow, Oxford Internet Institute christopher.millard@oii.ox.ac.uk