M.Marusic Dzlp E Society EnPresentation Transcript
Online personal data protection Marijana Marusic , Director of the Directorate for Personal Data Protection Skopje, November 29, 2007
СОДРЖИНА BASIC PRINCIPLES AUTHORIZED ORGANS RIGHTS OF THE PERSONAL DATA SUBJECT PERSONAL DATA 1 RIGHT TO PERSONAL DATA PROTECTION IN THE REPUBLIC OF MACEDONIA 2 3 4 5
СОДРЖИНА TECHNICAL AND ORGANIZATIONAL MEASURES FOR PROVIDING PERSONAL DATA PROTECTION 6 IMPLEMENTATION OF THE LAW 7 PRIVACY ON THE INTERNET WEBSITES OF THE STATE ORGANS IN THE REPUBLIC OF MACEDONIA 8 PUBLISHING PERSONAL DATA ON THE INTERNET 9 COMMUNICATION TRAFFIC DATA 10
Personal data – any information in relation to an identified person or a person that can be identified .
Name and surname ;
Personal Identification Number ;
Telephone number ;
e-mail ( regardless of whether it is private or business );
IP address ( regardless of whether it is a static or dynamic IP address );
account -и на различни web сервиси и итн.
Not all personal data have the same level of protection .
There exist “sensitive” personal data that are specially protected :
Personal data revealing racial and ethnic origin, political orientation , religion , trade union membership , health condition or sexual life are a special category of personal data .
The personal identification number is highly protected as well, since it is a universal identifier of the citizen and can be processed only with the previously obtained consent of the personal data subject or under the terms established by the law.
THE RIGHT TO PERSONAL DATA PROTECTION IN THE REPUBLIC OF MACEDONIA
The right to personal data protection, as a fundamental human right and citizen right is guaranteed with the Constitution of the Republic of Macedonia (Article 18) which guarantees the safety and privacy of personal data .
Law on personal data protection ( Official Gazette of RM 7/05), defines the legal and institutional framework for personal data protection in the Republic of Macedonia .
Convention No. 108/81 for protection of the natural persons with reference to the automatic personal data processing , Council of Europe.
Personal data to be processed in accordance with the law ;
Personal data to be collected for concrete, clear and legally defined goals ;
Personal data that are collected , to be appropriate , relevant and not too extensive in regard to the goals for which they are collected and processed ;
Personal data should be accurate and updated ;
Personal data should not be kept longer than the time necessary for accomplishing the goals for which the data have been collected for further processing .
RIGHTS OF THE PERSONAL DATA SUBJECT
Right to be informed
Right to access
Right to correction and removal
Directorate ( upon the requests for establishing violation of the right to personal data protection )
- I degree – Commission , II degree – director ;
Administrative Court of the Republic of Macedonia ( upon an administrative suit against a final decision of the Directorate );
Principal Courts ( for damages )
TECHNICAL AND ORGANIZATIONAL MEASURES FOR PROVIDING PERSONAL DATA PROTECTION
The controller must apply appropriate technical and organizational measures for personal data protection, such as :
preventing accidental or illegal destruction of the data ;
preventing unauthorized :
access to personal data
IMPLEMENTING THE LAW
CONDUCTING ADMINISTRATIVE SUPERVISION OVER THE LAWFULNESS OF THE ACTIVITIES UNDERTAKEN DURING THE PERSONAL DATA PROCESSING AND THEIR PROTECTION ;
ACTING UPON CITIZENS’ REQUESTS ;
PROVIDING OPINIONS, ASSESSMENTS AND RECOMMENDATIONS
RAISING THE PUBLIC AWARENESS
PRIVACY ON THE INTERNET WEBSITES OF THE STATE ORGANS IN THE REPUBLIC OF MACEDONIA
Internet websites are means through which personal data of the users can be collected and their habits can be monitored, thus performing profiling.
A review of the websites of all the ministries and part of the local self-government units was performed for the purposes of this presentation
Some of the websites have an option for subscribing to an e-newsletter , but there is no option for unsubscribing ;
There is no information about what happens with the e-mail of the persons that register/subscribe ;
There is a contact form , but there is no information on whether the questions that are being asked are confidential; although name, surname, e-mail address and telephone are required.
These are the conclusions from the review of the websites:
Personal data of citizens of the Republic of Macedonia are published on some of the internet websites ; It is necessary to establish a balance between the need for transparent work of the state organs and the protection of the right to privacy of the citizens ; The right to privacy on the internet websites must be guaranteed to the citizens, in order that they would use the e-Government services .
Personal data publishing on the internet (1)
The publishing of personal data on the internet must be in accordance with the Law on personal data protection
In most of the cases, prior consent is needed from the personal data subject ;
Special consent is needed for the special personal data categories ;
Personal data publishing on the internet (2)
- It is necessary to guarantee the right to access, correction and removal of personal data.
- Information on the controller
- Purpose of processing
Personal data publishing on the internet (3)
The publishing of personal data on the internet represents personal data processing in accordance with the Law on personal data protection ;
The publishing of personal data on the internet means transfer of data in third countries ;
The freedom of expression cannot always be a justification for publishing personal data on the internet .
Communication traffic data
The IP address is personal data ;
Internet traffic data :
Date and time of internet user login ;
List of websites visited by the internet user ;
If it is no longer needed, the traffic data should be immediately erased or rendered anonymous ,