Aleksandra kuczerawy privacy issues in future internet - seserv se workshop june 2012

Privacy issues in Future Internet Aleksandra Kuczerawy ICRI – KU Leuven

SocIoS•  Exploiting the User Created Content and the Social Graph of users in Social Networks to create new services•  Provide cross-platform tools that enable to manage the dynamically generated content by building services that combine data and functionality from two or more different SNS

Privacy and data protection issues in FutureInternet:•  Basic concepts –  Personal data –  Processing of personal data –  Legal grounds of processing –  Controller vs. processors•  Legal requirements for data processing•  Location based services•  Children and personal data•  Future and Recommendations

Concept of ‘personal data’ (95/46) “any information relating to an identified or identifiable natural person (data subject)” -  Direct or indirect identification -  No exhaustive list -  Sensitive data: special regime applies (!)

Processing of personal data (art. 2.b)any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as:-  Collection of profile information, tweets, …-  Subsequent profiling to determine relevancy of search results-  Storage of log information regarding account usage-  …

Personal data on-line •  Made public on the Internet •  Does NOT mean consent for processing •  Technically available •  But legally NOT •  All rules apply for content already published online (need for a legal ground, purpose, etc…)

Legal grounds for processing: • Main grounds:- Consent-  Legitimate interestsIn certain instances:- Performance of a contract to which the data subject is party - Compliance with a legal obligation of the controller

Data controller or data processor?•  Controller –  determines the purposes and means of the processing of personal data –  Main responsible entity•  Processor –  Entity which processes personal data on behalf of the controller –  Not responsible for the processing => Distinction often blurry in practice, despite considerable practical implications & hurdles !

Varying degrees of ‘control’ T. Olsen, T. Mahler, Identity management land data protection law: Risk, responsibility and compliance in ‘Circles of Trust’ – Part II, Computer aw & Security report 23 ( 2 0 0 7 )

Data protection principles •  Fairness principle •  Finality principle •  Data minimisation principle •  Data quality principle •  Conservation principle •  Confidentiality and security •  Notification to the Supervisory Authority

Fairness principle Processing must be fair and lawful!!! •  data subject has to be provided with certain information (transparency) •  stay in line with all types of their legal obligations

Finality principle•  Data controllers collect data only as far as it is necessary to achieve the specified, explicit and legitimate purpose•  No further processing incompatible with the original purposes•  Further processing of data for historical, statistical or scientific purposes

Historical, statistical or scientific purposes •  Not a primary legal ground •  Expands on finality principle •  Refers only to further processing of data •  For processing of which there is a separate legal ground •  Cannot constitute a primary basis for processing

Data minimisation principle•  data should be adequate, relevant and not excessive•  store only a minimum of data necessary to run their services

Data quality principle •  personal data should be accurate and kept up to date •  every reasonable step to ensure that data which are inaccurate or incomplete are either erased or rectified •  appropriate mechanism to allow data subjects updating their personal data or notifying the data controller about the incorrect information

Location Based Services – ePrivacy Directive•  Location data - any data processed in an electronic communications network or by an electronic communications service, indicating the geographic position of the terminal equipment of a user of a publicly available electronic communications service•  Value added service - any service which requires the processing of traffic data or location data other than traffic data beyond what is necessary for the transmission of a communication or the billing thereof

Processing of location dataOnly if•  they are made anonymous, or•  with the consent of the users or subscribersInformation to the users•  the type of location data which will be processed•  the purposes and duration of the processing•  whether the data will be transmitted to a third party for the purpose of providing the value added service

Children’s personal data•  Same rights as adults, but!•  No full legal capability•  Need a representative to exercise these rights•  Legal guardian (usually a parent)•  Should consult children, depending on their understanding/ maturity•  Processing should not be performed against child’s will•  Dynamic relation

Future of privacy and data protection•  The draft general data protection regulation•  January 25, 2012•  One regulation for all EU Member States•  Binding and applicable without national implementation•  Current status: discussion phase•  Aims for full harmonization•  Aims to adjust legal regime to technological development

Draft General Data Protection Regulation•  Explicit consent when required for certain types of data processing•  Reinforcement of the right to information - full understanding how personal data is handled (particularly children)•  Easy access to ones own data - what kind of information a company stores about them;•  Data portability•  ‘Right to be forgotten’•  More provisions directed to processors

Recommendations: •  Who is the Data Controller •  Where will the data be processed, by whom •  Check national data protection legislation •  Contact local DPA •  Prepare Privacy Policy •  Caution – sensitive data! •  Caution – children’s personal data!

Thank you for your attention. Questions?

Aleksandra kuczerawy privacy issues in future internet - seserv se workshop june 2012

by ictseserv on Jun 26, 2012

Accessibility

Categories

Upload Details

Usage Rights

1 Embed 270

Statistics

Aleksandra kuczerawy privacy issues in future internet - seserv se workshop june 2012 Presentation Transcript