Hannes astok data protection agency


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Hannes astok data protection agency

  1. 1. e-Government Centre MoldovaDigital security for better governance and public services Digital information security trainings 2013 Chisinau 12.03.2013
  2. 2. e-Government Centre MoldovaRole of Data Protection Inspectorate - protecting civic rights Hannes Astok Senior Expert eGovernmance Academy 12.03.2013
  3. 3. Based on the lecture ofDr. Viljar PeepDirector GeneralEstonian DataProtection Inspectorate
  4. 4. What DPI protects?1. Right to privacy (incl. right to limitation of usage of your personal information)2. Right to access your personal information held by public and private entities3. Right to ask for information about activities of public entities4. Right to see important information of public sector on the web 4
  5. 5. Right to privacyRight to privacy: limitations to usage of personal informationRight to access your personal information - Convention, Directive, Constitution, national legislation (Personal Data Protection Act) - Direct marketing, e-commerce: special directives, national legislation 5
  6. 6. Privacy limitations to usage of personaldata Right to give consent for processing of personal data, unless provided otherwise: - media, credit data, science and statistical researches etc. Right to appoint purposes of processing and transfer of data to third persons Right to prohibit direct marketing or in some cases only with prior consent Right to be informed about the data processing, if the data source is other than data subject Right to access personal data Right to demand for correction, deleting, termination of disclosing personal data etc. 6
  7. 7. Freedom of information1st generation law: right to ask for information2nd generation law: right to see on the web - Convention, PSI directive, constitution, national legislation (Public Information Act) 7
  8. 8. Organization of DPI A supervisory authority for privacy and for Freedom of Information (FOI) Staff: 18 civil servants, mostly lawyers. Director General – appointed by Govt, 5-year term, judge-like position. Legislative drafting and financial audit in competence of Ministry of Justice. Independency in supervision activities. Active power: precepts, penalties etc. Right to direct reporting to Ombudsman (Legal Chancellor) and Constitutional Committee of Parliament. 8
  9. 9. How DPI works1.Legal assistance, formation of good practice: – explanations (individual and public), – guidelines, recommendations, – round tables and conferences: –incl. the permanent round table of high level experts. 9
  10. 10. How DPI works2. Supervision: – complaint-based or ex officio, – right to demand explanations, – right to inspect on the spot, – right to access to the equipment, documents and databases, – right to issue precepts. 10
  11. 11. How DPI works3. Enforcement and punishment: – compulsion payments (repeatedly), – urgency measures on expense of personal data processor, – misdemeanour procedure: fine as financial penalty (DPI is also quasi-judicative body). 11
  12. 12. How DPI works 4. Authorisation: – processing of sensitive personal data, – approval of public sector databases, – scientific data processing without the consent of the person, – transmission of personal data to foreign countries with insufficient level of privacy protection. 12
  13. 13. Some annual figures – Explanations: thousands (paper- and e-mails, duty officer phone, public guidelines…) – Regist. of sensitive data processing: 960/1460 – Approval of public sector databases 91/265 – Complaints 358/306 – Inspections on the spot 71/53 – Warnings, precepts 247/508 – Misdemeanour procedures 23/46 – Penalties, fines 14/12 13
  14. 14. Topics in privacy protection• Commerce – using personal data without consent. Unwanted sales calls and spam emails. Debtors disclosure.• Politics – using personal data without consent. Unwanted campaign calls and spam emails.• New media – using pictures without consent. Disclosure of private life. Web cams. Identity theft• Administration – police database, Schengen IS. use of databases for political purposes. Unclear retention terms. 14
  15. 15. Freedom of Information topics• Laziness of holders of public information: - requests are not answered within 1 week, - web-based document register (index of records) is not kept properly, - required information is not published on website.• Legal disputes: - should the FOI Act be applied or not? - are restrictions applied correctly?• A general problem – weak or missing unification of public sector information on the web. 15
  16. 16. How is provided the availability of publicsector information?  Main tools: • Documents’ register of the authority • Webpage of the authority • Estonian State Portal, www.eesti.ee  Ways to receive the information: • Request for information (to answer in 5 working days) • Direct access through documents’ register (in case of digital documents) • The information is made available on the webpage of the authority or www.eesti.ee • Emergency information through the mass media 16
  17. 17. Q&A Learn more http://www.aki.ee/eng/ Hannes Astok www.ega.ee | hannes@astok.ee| +372 5091366 | hannesastok E-Governance Academy | Tõnismägi 2, 10112 Tallinn, EstoniaPresentation Title 12.03.2013