Paolo Balboni Keynote London

394 views
339 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
394
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
23
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Paolo Balboni Keynote London

  1. 1. PRIVACY AS AN ASSETPROCESSING EMPLOYEE PERSONALDATA FOR ANALYTIC PURPOSES:A Legal Look at Issues & Opportunities HR Tech Europe 2013, 19th-20th March 2013, Kings Place, London, UK Dr. Paolo Balboni, Partner at ICT Legal Consulting & Scientific Director of the European Privacy Association paolo.balboni@ictlegalconsulting.com - www.ictlegalconsulting.com pbalboni@europeanprivacy.eu -www.europeanprivacyassociation.eu
  2. 2. Introduction “A shift is needed in companies’ approach to privacy and data protection!” 2
  3. 3. Structure of the presentation1. Predictive analytics in 3 steps2. Personal or anonymous DATA?3. General data protection principles4. “What do I need to ask as a collector/CPO?”1. Some conclusions + Q&A session 3
  4. 4. Predictive analytics in 3 steps1. Collecting data2. Processing/analysing them Data as company’s ASSET3. Creating profiles/patterns “Data” is the word to focus on 4
  5. 5. Personal or anonymous DATA?•‘Personal data’ means data which relate to a living individual who can be identified fromthose data or from those data and other information which is in the possession of, or islikely to come into the possession of, the data controller Information or a combination of information, that does not relate to and identify an individual, is not personal data and that the DP law does not apply to it•Anonymous data. The most explicit reference to anonymisation in European dataprotection law is in Recital 26 of the Data Protection Directive (95/46/EC). This makes itclear that the principles of data protection shall not apply to data rendered anonymous insuch a way that the data subject is no longer identifiable Data are considered anonymous when an unreasonable effort (amount of time and manpower) is required to (re)turn the data into personally-identifiable data. In other words, the likelihood of making a connection between data and a data subject is measured in relation to the time, cost and technical meansnecessary to do so 5
  6. 6. General data protection principles• Collection Limitation• Data Quality• Purpose Specification Transparent, LIDC• Use Limitation easily accessible & (consent intelligible opt-in / opt-out)• Security Safeguards privacy policy• Openness/Disclosure• Individual Participation/Access Lawful data processing• Accountability 6
  7. 7. What do I need to ask as a collector?*• What are we collecting?• Why are we collecting?• How will we use it?• Do I need it?• Is it providing me the information (not data) I need? * THIS SLIDE WAS PRESENTED BY KATHERINE FITHEN, CHIEF PRIVACY OFFICER AT THE COCA COLA COMPANY AT BIG DATA WORLD EUROPE, 20 SEPTEMBER 2012 7
  8. 8. What do I need to ask as a CPO?*• What/Why/How are we collecting/using it & do we need it? (…)• Are we in compliance with privacy laws/regulations?• Where is it stored? Appropriate data transfer agreements?• Who has access to it?• How long will we keep it?• How we provide clear and understandable information on what we are collecting, why we are collecting, and how we will use it?• Is our privacy policy easy to access and easy to understand? * THIS SLIDE WAS PRESENTED BY KATHERINE FITHEN, CHIEF PRIVACY OFFICER AT THE COCA COLA COMPANY AT BIG DATA WORLD EUROPE, 20 SEPTEMBER 2012 8
  9. 9. Some conclusions• It is important to have a strategic and accurate approach to data protection compliance in order to collect personal data already in a way to enable further lawful processing activities• The difference for a company between dying buried under personal data and harness their value is directly related to privacy compliance management• Strategic and accurate approach to data protection can really generate a return of investment (ROI) 9
  10. 10. Thanks for your attention! Q&A HR Tech Europe 2013, 19th-20th March 2013, Kings Place, London, UK Dr. Paolo Balboni, Partner at ICT Legal Consulting & Scientific Director of the European Privacy Association paolo.balboni@ictlegalconsulting.com - www.ictlegalconsulting.com pbalboni@europeanprivacy.eu -www.europeanprivacyassociation.eu 10
  11. 11. Paolo Balboni, Ph.D., is a top tier European ICT, Privacy & Data Protection lawyer and serves as Data Protection Officer (DPO) for multinational companies. As a frequently invited speaker, Balboni has spoken at more than 50 international conferences around the world in the last 2 years on ICT, Privacy & Data Protection legal matters. He is a regular invited expert on the revision of the EU General Data Protection Regulation to the European Parliament. Balboni is the author of the book Trustmarks in E-Commerce: The Value of Web Seals and the Liability of their Providers (Cambridge University Press) and of numerous papers on European ICT, Privacy & Data protection law. Balboni is the Scientific Director of European Privacy Association, Cloud Computing Sector Director and responsible for Foreign Affairs of Italian Institute for Privacy. He is admitted to the Bar in Milan and the Founding Partner at ICT Legal Consulting. Together with his team, he provides legal advice across Europe to multinational companies, especially concerning personal data protection, IT-contracts, cloud computing, e-commerce, e-marketing, advertising, Web 2.0 service providers’ liability, Law Enforcement Agency (LEA) access to information and databases, digital contract and document management, and intellectual property rights. He also advises celebrities on privacy and copyright matters. He has considerable experience in the following areas: IT - including Cloud Computing, Big Data & Analytics, Media & Entertainment, e-Health, Fashion, Banking, Anti-Money Laundering (AML) and Counter-Terrorist Financing (CFT). He co-chairs the Privacy Level Agreement (PLA) Working Group of Cloud Security Alliance and was the legal counsel chosen for the projects of European Network and Information Security Agency (ENISA) on ‘ Cloud Computing Risk Assessment’, Security and Resilience in Governmental Clouds’, ‘Procure Secure: A guide to monitoring of security service levels in cloud contracts’ and ‘Common Assurance Maturity Model – Beyond the Cloud (CAMM)’. Paolo Balboni is actively involved in European Commission studies on new technologies and data protection. Balboni is Lecturer at the Master Digital Media Management at the European Institute of Design and Research Associate at Tilburg University. He obtained his Law Degree with distinction from the University of Bologna in 2002, a Ph.D. from Tilburg University on Comparative ICT Law. He speaks fluent Italian, English and Dutch and has a good knowledge of French, German and Spanish. 11

×