ISACA Privacy Forum 17 October 2013 on big data and facebook privacy

681 views

Published on

Discussion on big data and employee's privacy on Facebook

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
681
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
11
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

ISACA Privacy Forum 17 October 2013 on big data and facebook privacy

  1. 1. 1. 18:30 Welcome 2. 18:45 Big Data & Privacy 3. 19:30 Break 4. 19:50 1. Big Data & Privacy (continued) 2. Facebook, Employment & Privacy 5. 20:30 Close Brussels, 17 October 2013 2
  2. 2. Brussels, 17 October 2013 3
  3. 3. Brussels, 17 October 2013 4
  4. 4. • Exponential growth of data • Availability • Processing tools (‘automated use’) • Evolution • (Manual) Small scale profiling • Data mining • Big Data • Numerous applications • Detect general correlations and trends • Create specific, individual profiles Brussels, 17 October 2013 5
  5. 5. • Approach to profiling • Tool? • Purpose? • Current vs. future framework for profiling • Mixed approaches in legal documents • • • • Directive 95/46/EC vs. Draft Regulations Council of Europe Art. 29 WP Privacy Commission Brussels, 17 October 2013 6
  6. 6. • Scale of data collection, tracking and profiling • Security of data • Transparency • Inaccuracy, discrimination, exclusion and economic imbalance • Increased possibilities of government surveillance. Brussels, 17 October 2013 7
  7. 7. • Limitations in relation to the processing of personal data • Very large legal interpretation to the concept of personal data • Not necessarily sensitive information (although stricter rules apply to special categories of personal data) • Processing: “any operation or set of operations which is performed upon personal data […]” Brussels, 17 October 2013 8
  8. 8. • The data processing must comply with specific principles • • • • • • Proportionality Purpose limitation Limited in time (Individual and collective) Transparency Data quality Data security Brussels, 17 October 2013 9
  9. 9. • Purpose Limitation • Data collected for a specified, specific and legitimate purpose • Re-use for a different purpose? • Compatible or not? • Criteria Nature of the purposes and their connections Circumstances surrouding data collection Privacy expectations of the data subjects Personal data involved and impact on the data subject • Safeguards for fair processing • • • • • Specific framework for statistical processing Brussels, 17 October 2013 10
  10. 10. • Processing must be limited to the personal data that is strictly necessary for the purpose • Do I need this personal data? • Big database containing a lot of information? • Combination of databases? Brussels, 17 October 2013 11
  11. 11. • Notice obligation • Specific information to be provided to data subjects • What is required in case of big data? • Data quality • Impact of profiling may be substantial: impact on data quality requirements? • Data Security • Big data = big impact of data breaches? Brussels, 17 October 2013 12
  12. 12. Brussels, 17 October 2013 13
  13. 13. • Negative statements on Facebook = immediate dismissal? • Court decision of the Labour Court of Leuven of 17 November 2011 (yes) • Confirmed by Court decision of 3 September 2013 of the Labour Court of Appeal of Brussels • What about privacy on Facebook? Brussels, 17 October 2013 14
  14. 14. • Various sources • European Convention on Human Rights • Treaty on the Functioning of the European Union (TFEU) • Charter of Fundamental Rights of the EU • National (constitutional) legislation • Various forms Brussels, 17 October 2013 15
  15. 15. • Privacy at work in the EU? • Telephone calls • E-mail / Use of Internet and online technology • Principle of privacy at work has been confirmed by ECHR and Article 29 Working Party • National laws implement privacy at work differently Brussels, 17 October 2013 16
  16. 16. • Limitations in relation to the processing of personal data • Very large legal interpretation to the concept of personal data • Not necessarily sensitive information (although stricter rules apply to special categories of personal data) • Processing: “any operation or set of operations which is performed upon personal data […]” Brussels, 17 October 2013 17
  17. 17. • Pre-employment screening (CBA 38) • Surveillance on the workfloor • Internet & e-mail (CBA 81) • Cameras (CBA 68) • Theft (CBA 89) • What about acts outside the work context? • Criticism on Facebook? • Freedom of speech? • Privacy (and secrecy of communications)? Brussels, 17 October 2013 18
  18. 18. • Immediate dismissal based on negative statements on a public site of Facebook • Two main legal issues • Reason for immediate dismissal? • Evidence? • Admissibility of evidence • Probative value of evidence Brussels, 17 October 2013 19
  19. 19. • Reason for immediate dismissal? • No uniform case law • Particularities • False statements • Role/function of the person • Nature and circumstances of the negative statements Brussels, 17 October 2013 20
  20. 20. • First instance • Employer can consult public messages on Facebook • No violation of privacy • Appeal • No violation of privacy • Violation of privacy of communications • “Antigoon theory” applied: admissible evidence Brussels, 17 October 2013 21
  21. 21. Johan Vandendriessche Partner crosslaw CVBA Mobile Phone +32 486 36 62 34 E-mail j.vandendriessche@crosslaw.be Website www.crosslaw.be Marc Vael International Vice President ISACA Mobile Phone +32 473 99 30 31 E-mail marc@vael.net Website www.isaca.org Brussels, 17 October 2013 22
  22. 22. Brussels, 17 October 2013 23

×