Data Protection Act: implications for monitoring technologies
Data Protection Act:Implications for Monitoring Technologies David Speakman Liam Houston Niall Kerrigan March 2013 MSc. Information Systems Management, NUI Galway
Overview • Evolution of DPA • Current Implications • Future Trends
The Need for Data Protection Laws Every person has the right to privacy... – Technology development has given greater potential for gathering and processing of personal data – This data being processed without considering the risks, or worse having data taken from them without realising – Monitoring technology can track where you are, what you do and when you do it at anytime it wishes – “Big Brother” effect. Do you recall the film Enemy of the State? – The world envisioned by George Orwell‟s novel 1984 is now evident, without the correct and enforced legislation, it is easily a possibility.
The Need for Data Protection Laws TECHNOLOGICAL INNOVATION The “Dot Com” boom Increasing popularity First Web Browser in Mobile phones First CCTV system Development of the Google Glass Smart Phone 1965 1973 1992 1997 2001 2014 1949 1980 1988 1994 2003 2018 George Orwell’s novel OECD Guidelines to EU Amendment to Further EU Directive on the DPA Legislation??? Data protection Irish DPA DATA PROTECTION LEGISLATION
Development of the DPAThe development of technology required data protectionlegislation:– 1981 - The Organisation for Economic Co-Ordination and Development provide the EU with a set of guidelines– 1988 – The Irish Government created the Data Protection Act is the first legislation created to monitor data collection– 1995 – The EU Data Protection Directive encourages all member states to adapt a similar approach to Data Protection Laws to allow for legal transborder data flow– 2003 – The Irish Government amend the DPA to align with the EU Directive and increase the rights of the Data Subject
Influence of OECD Guidelines on current DPA OECD Guidelines Data Protection Act 8 key principles Laws to ensure Lawful obtaining and Collection Limitation processing of data Purpose Specification Data is relevant to its Use Limitation purpose Security Safeguards Security Data quality Accuracy Openness Availability of data to the Individual Participation data subject Accountability Data is not kept longer than necessary
Current Implications:CCTV and Electronic Communications
CCTV– Monitoring 24/7, 365 days a year– Records everything you do, where you do it, when you do it.– Captures vast amount of “personal data”– Subject to DPA– Act states CCTV must be “adequate, relevant and not excessive” for its purposes– How are CCTV systems justified?
Is CCTV justifiable?• Proper Use of CCTV system – Must consider what CCTV is being used for – Acceptable: capturing intruders damaging/removing goods from premises – Unacceptable: monitoring employees, covert surveillance• Suitable images being recorded – Acceptable: Areas where security issues have arisen prior to CCTV being installed – Unacceptable: Directly at toilet cubicles/urinals
Is CCTV justifiable?• Transparency – Information must be provided to data subject prior to recording e.g. usually a sign at premises entrance• Storage and retention – Retention period must be justifiable, usually one month – Recordings must be kept in restricted, monitored and secure environment – Recordings must be in either tape, still images or disk.• Access Requests – Requests must be made available to data subject – Must identify subject, display date/time/location
E-CommunicationsSecurity Issues: – Traffic Data – Cookies – Location Data
Traffic Data – Details of calls, texts, emails, Internet use – Should only be retained for set amount of time for payment and querying purposes – Restrictions in place for marketing this “traffic data”
Traffic Data Recall the abuse of “Traffic Data” by the News of the World that forced the closure of the newspaper
Cookies• Personal data may not be removed unless user: – 1. Informed why cookies are being used – 2. Has been given his/her consent• The above not applicable where info is required for communication transmission or for info specifically required by the user e.g. shopping cart• Information on cookies should be readily available to users
Location Data• Gives a user‟s geographical location• User must be given: – Prior consent to location data being processed – Reasons and duration of processing – Whether data will be processed to a “third party” – Option to withdraw consent
Future Trends:Privacy vs. New TechnologyStrengthening Data Protection LawsFuture Implications
Privacy vs. New Technology• Cutting Edge Technologies – protecting privacy becoming more difficult• Era of „Big Data‟ – detailed info on our every movement• “Personal data” on mobile devices collected and analysed without consent – builds detailed user profiles• “Golden Solution” – Correct Protection of civilian privacy without halting new technological innovation
Strengthening Data Protection Laws • European Commission – to reinforce EU data legislation by 2014 “to put individuals in control of their own personal data”
Future Technologies & Implications• Google Glass – Will make personal privacy and data protection impossible – Recordings will be stored on Google servers• The future of monitoring technology?“It’s inevitable that surveillance drones will be deployedover New York City. Get used to it” -Michael Bloomberg, 2013
A particular slide catching your eye?
Clipping is a handy way to collect important slides you want to go back to later.