Dp5

323 views
283 views

Published on

Data protection regulation is to a great extent purpose bound. Finality is the first pillar of the regulation.

Published in: Education, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
323
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • The controller(s) must ensure that personal data is: (a) processed fairly and lawfully; (b) collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes. Further processing of data for historical, statistical or scientific purposes shall not be considered as incompatible provided that Member States provide appropriate safeguards; (c) adequate, relevant and not excessive in relation to the purposes for which they are collected and/or further processed; (d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that data which are inaccurate or incomplete, having regard to the purposes for which they were collected or for which they are further processed, are erased or rectified; (e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data were collected or for which they are further processed. Member States shall lay down appropriate safeguards for personal data stored for longer periods for historical, statistical or scientific use. 05/12/10
  • Dp5

    1. 1. PERSONAL DATA PROTECTION Finality Processing personal data Finality Legitimacy Transparency Organisation Proportional End-to-end
    2. 2. <ul><li>Generally referred to as “data quality” (sensu latu) </li></ul>
    3. 3. <ul><li>Knowledge is power </li></ul><ul><ul><li>assembly of a lot of data on single data subject(s) </li></ul></ul><ul><ul><li>assembly of information that is considered private (“intimate”) by a lot of people </li></ul></ul><ul><li>Information that is not accurate depriving data subjects from chances </li></ul><ul><li>Data subjects haunted by their past for many years </li></ul>
    4. 4. <ul><li>Determined purpose </li></ul><ul><li>Explicited purpose </li></ul><ul><li>Legitimate purpose </li></ul><ul><li>Only collect data that is adequate , relevant and not excessive (necessary) for the determined purpose. </li></ul><ul><li>Different purpose determines different data set . </li></ul><ul><li>Consequence: meet the requirements per data set. </li></ul>
    5. 5. Source: Movie “The Game”
    6. 6. Source: Movie “Se7en”
    7. 7. Source: Movie “Minority Report”
    8. 8. Source: Movie “You’ve got mail”
    9. 9. <ul><li>Colored people </li></ul><ul><li>Jews </li></ul><ul><li>Muslims </li></ul><ul><li>Left or right wing party members </li></ul><ul><li>Union members </li></ul><ul><li>Women that are pregnant </li></ul><ul><li>Ill people, disabled </li></ul><ul><li>Homofobia </li></ul>
    10. 10. <ul><li>Data must be accurate . </li></ul><ul><li>Data must be up-to-date . </li></ul><ul><li>The data protection legislation as such is not a basis to go and chase updates of the data. </li></ul><ul><li>Other legislation may require the controller to actively chase updates, like the AML law, MiFID, … </li></ul>
    11. 11. Source: Information Commissioner’s Office, UK
    12. 12. Source: Movie “Da Vinci Code”
    13. 13. <ul><li>Mandela on the terrorist list </li></ul>
    14. 14. <ul><li>Data can only be retained for as long as necessary for the purpose. </li></ul><ul><li>Data must be deleted when no longer necessary, relevant or up-to-date. </li></ul><ul><li>Different purposes may lead to determination of different deletion policy (=> different data sets). </li></ul><ul><li>Deletion policy is in most cases only partially or unclearly determined by legal requirements. </li></ul>
    15. 15. Source: Hewlett Packard

    ×