SlideShare a Scribd company logo

Gdpr and smart cities

Download as PPTX, PDF
Bart Van Den Brande
Bart Van Den Brande

How does GDPR impact Smart City projects. Presentation for the Master Class Smart Cities at Brussels University VUB om 6 September 2018

Law
1 of 26
Sirius Legal GDPR en databescherming in een smart city context Master Class: Smart City Data & Privacy, Brussel 6 september 2018
1. We live in a digital world… Basis of anything that happens online is data Big data Collect all you can now – figure out what to do with it later Profiling Maximale tracking Location based Trigger based Internet of things Data has in many cases become a currency online… (cfr. Proposal Directive 2015/0287)
1. In a smart city context… Barcelona - London - Hamburg - Singapore - Dubai - Boston - ... Smart city projects multiply at great speed Traffic management Waste management CCTV security camera’s Access control Public lighting Smart information panels Smart infrastructure (swimming pool, fire security, central heating systems in public housing, …)
1. In a smart city context… Barcelona - London - Hamburg - Singapore - Dubai - Boston - ... Smart city projects multiply at great speed Often based on, or related to Internet of Things Big Data processing A certain degree of profiling Cloud storage / use of public internet for data transportation Public-Private Cooperation
2. Same rules for all and no grace period… General Data Protection Regulation 2016/679 (GDPR/AVGB) Regulation instead of Directive – 1 law for 28 states Agreement reached December 2015 Entered into force last May 2018 (without grace period!) New rules are MUCH stricter than current law and impact EVERYONE present here today Be prepared: high fines – liability – insurance issues – company image
(Online) marketing vandaag… Basis van alle marketing is data Heatmapping Alles is meetbaar De impact van de GDPR op uw marketing en prospectie Business meets IT, Blue Point Antwerpen, 1 juni 2017 GDPR applies to ALL databases (clients, marketing, sales, HR, purchasing, accounting, …) Personal data = EVERY piece of information that allows you to identify a person, directly or indirectly, now or in the future, alone or with the help of third parties Compliance is mandatory not only for “Data controller” (e.g. the advertiser) but in many cases also for “data processor” (e.g. cloud service provider, web developer, online agency, etc…) Specific caution is required for all data driven innovation – apps – AI – location based – blockchain – IoT - … Marketing – HR – sales – purchasing – reception – call center – IT - … 3. Everybody collects personal data…
3. In a smart city context… Distinction to be made between Aggregate data Traffic streams, number of visitors, crowd management, … Pseudonymised, anonymised, no longer personal data But risk related to big data = retroactive (even unintended) de-pseudonymisation Real time data NPR, CCTV, MAC and IP addresses, facial recognition systems All processing of personal data Great number of privacy related issues
4. Basic principles of GDPR to learn by heart… Accountability Transparency Data Protection by design Data protection by default Purpose limitation Data minimisation Accuracy Limited retention time Data security Limits on data export outside EU/EEA Access on need to know basis only
4. Challenges in a smart city context… Transparency Cfr. CCTV, facial recognition, profiling, ANPR, ... PPC - sharing data with private companies Democratic and legal risk of loss of transparency towards citizens
4. Challenges in a smart city context… Data Protection by default / by design Necessity to make full scale DPIA a standard reflex Ensure both technical and operational security Ensure correct application of principles of transparency, minimisation, limited retention times, purpose limitation, data security, access at need to know basis Data protection by design: problem of third party software / off the shelf software that is not always compliant
4. Challenges in a smart city context… Purpose limitation Quintessential issue related to big data is that purpose of data collection is often unknown at the time of collection Tempting to reuse data for new purposes that present themselves post factum Cfr. legal basis for processing + transparency
4. Challenges in a smart city context… Data minimisation + limited retention times Cfr. ANPR - CCTV - MAC and IP addresses - Facial recognition Only data that is absolutely necessary for successful service can be processed Only for the time required to provide successful service “Need to know” - “need to process”
4. Challenges in a smart city context… Data security Potential issues with data security are related to Poor security on devices / sensors (cfr. baby monitoring hacking) Poor security on networks (cfr. highjacking of Jeep Cherokee in 2015) Out of date technology Cloud storage Sharing with third parties Insufficient organisational security (access control to buildings, password security,...)
4. Challenges in a smart city context… Data export Data export outside EU/EEA requires safe country, standard clauses, BCR, US/EU privacy shield, ... Any “export” outside these conditions is illegal Potential risks Cloud storage (location of data centers) Use of non-EU software or IT service providers PPC with non EU partners or EU partners with non EU subcontractors ...
5. Contracts with all contractors… Obligation to work only with subcontractors that guarantee sufficient data security Obligation to have written contracts with all subcontractors List of mandatory clauses in such contracts Also concerns software tools… = Need to audit/map all existing subcontracting/service contracts/licenses (Mailchimp, Eventbrite, (Google) Analytics, internal messaging (e.g.Slack)…°
6. Everything starts with a data register Obligation to maintain a “record of processing activities” Holding ID of processor, processed data, categories, transfers, time limits, security measures In writing at the seat of your company Privacy Commission has a template (rather complicated), so do we (simplified) Bookings, mailings, transfers to third parties, opt-outs, …
7. What is “Appropriate” Security…? “Processor shall implement appropriate technical and organizational measures, to ensure an appropriate level of security” Pseudonymisation where possible, confidentiality, security, back ups in place, security testing protocols, … = Need to audit/map data within company
7. Appropriate security in a smart city context… Potential risks from a technical perspective Hacking and theft of personal data Cryptolocker / ransomware attacks on personal data files (or on smart city services!) Loss of personal data due to e.g. power outage, lack of back up, etc… Highjacking of IoT networks as part of botnet Potential risks from a privacy perspective Unlawful sharing of data with third parties (PPC partners?) Unlawful access (“need to know basis only”) Abuse of IoT by government itself or as part of third part hacking to illegally collect data De-pseudonymisation of data Unlawful repurposing of data
7. Appropriate security in a smart city context… What is appropriate security Necessity to conduct DPIA Ensure Data Protection by Design and Data Protection by Default Very strict Data Processing Agreements with all contractors Clear Data Security Policy (dataveiligheidsplan) within organisation Strong DPO (+ independant Informatieveiligheidsconsulent) White hacking as essential part of data security Strong internal policies towards employees - BYOD - Homework - visitors - password security - ... Access control, device management - swiping and blocking - Data Use monitoring - ... Data breach notification policy Awareness training ...
8. Find processing grounds for ALL records… 1. Legal interest – (2. vital interest) – (3. Public interest) 4. Prior opt-in remains the basic rule (+ proof required) 5. “Processing is required for the execution of a contract” 6. “Legitimate interest” (risky business…)
8. Processing grounds in a smart city context… Prior opt-in should be basis if and when possible Reality in smart city / IoT / Big Data context is that opt-in is an illusion Cfr CCTV - NPR - Facial recognition Cfr eg Singapore where proposal is to use geolocalisation device for every car or to start large scale monitoring of energy use in public housing on individual level “Legal obligation” will very often be legal ground for processing “Execution of a contract” may in some cases be sufficient ground (but not if there is no “contract..” and not if not “needed” to perform contract What is left is “legitimate interest” (not for “public authorities” in the “performance of their task”??) Sliding scale! - Should be limited to those cases where opt-in cannot be obtained and with very big auto-restriction
9. Careful with minors… Processing of data belonging to minor (-13 Y/O, -16 Y/O) Always requires explicit authorisation by parents! “Reasonable efforts” to check age and obtain authorisation eID?, Facebook login?, credit card data?, live chat, …?
10. Information, information, information… In all circumstances ID processor, rights of data subjects, type of processing, … Specifically in case of Data transfer Data export Minors New processing grounds Profiling & automated decision taking …
10. Information obligations in a smart city context… How to... Give information prior to processing when processing occurs automatically? Give information on profiling and allow opt-out for profiling? Give access to data and allow correction of data? Inform on sharing of data with third parties? …?
GDPR in a smart city context… In conclusion GDPR in a smart city context Raises more questions than answers Requires Thorough legal analyses and professional guidance Non respect of GDPR poses a real risk for democratic deficit Non respect of GDPR poses a real risk of serious damage to brand image Very high fines Series of other invasive sanctions (halt to processing, suspension of processing, etc...)
Sirius Legal Media & advertising law IP law Internet & e-commerce Privacy & Data Protection Gambling law Travel & consumer protection Commercial & contracts Corporate - tax - labour - real estate bart@siriuslegal.be www.siriuslegal.be @BartVdBrande Linkedin.com/in/bartvdb

Recommended

Gdpr and smart cities
Gdpr and smart citiesGdpr and smart cities
Gdpr and smart citiesBart Van Den Brande
 
Start2AIM Legal focus points for AI in Marketing
Start2AIM Legal focus points for AI in Marketing Start2AIM Legal focus points for AI in Marketing
Start2AIM Legal focus points for AI in Marketing Bart Van Den Brande
 
FESE Capital Markets Academy - New technologies
FESE Capital Markets Academy - New technologiesFESE Capital Markets Academy - New technologies
FESE Capital Markets Academy - New technologiesStephenGilmore10
 
IT Security through governance, compliance and risk
IT Security through governance, compliance and riskIT Security through governance, compliance and risk
IT Security through governance, compliance and riskE Radar
 
Information security and research data
Information security and research dataInformation security and research data
Information security and research dataTomppa Järvinen
 
GDPR practical info session for development
GDPR practical info session for developmentGDPR practical info session for development
GDPR practical info session for developmentTomppa Järvinen
 
What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019Ulf Mattsson
 
S719a
S719aS719a
S719aecommerce
 

Recommended

Gdpr and smart cities
Gdpr and smart citiesGdpr and smart cities
Gdpr and smart citiesBart Van Den Brande
 
Start2AIM Legal focus points for AI in Marketing
Start2AIM Legal focus points for AI in Marketing Start2AIM Legal focus points for AI in Marketing
Start2AIM Legal focus points for AI in Marketing Bart Van Den Brande
 
FESE Capital Markets Academy - New technologies
FESE Capital Markets Academy - New technologiesFESE Capital Markets Academy - New technologies
FESE Capital Markets Academy - New technologiesStephenGilmore10
 
IT Security through governance, compliance and risk
IT Security through governance, compliance and riskIT Security through governance, compliance and risk
IT Security through governance, compliance and riskE Radar
 
Information security and research data
Information security and research dataInformation security and research data
Information security and research dataTomppa Järvinen
 
GDPR practical info session for development
GDPR practical info session for developmentGDPR practical info session for development
GDPR practical info session for developmentTomppa Järvinen
 
What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019Ulf Mattsson
 
S719a
S719aS719a
S719aecommerce
 
A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaA practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaUlf Mattsson
 
Emerging application and data protection for multi cloud
Emerging application and data protection for multi cloudEmerging application and data protection for multi cloud
Emerging application and data protection for multi cloudUlf Mattsson
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudUlf Mattsson
 
Magento checklist AVG / GDPR - Algemene Verordering Gegevensbescherming
Magento checklist AVG / GDPR - Algemene Verordering GegevensbeschermingMagento checklist AVG / GDPR - Algemene Verordering Gegevensbescherming
Magento checklist AVG / GDPR - Algemene Verordering GegevensbeschermingErwin Otten
 
The interface between data protection and ip law
The interface between data protection and ip lawThe interface between data protection and ip law
The interface between data protection and ip lawFrancesco Banterle
 
ETIS Information Security Benchmark Successful Practices in telco security
ETIS Information Security Benchmark Successful Practices in telco securityETIS Information Security Benchmark Successful Practices in telco security
ETIS Information Security Benchmark Successful Practices in telco securityETIS - the Global IT Association for Telecommunications
 
Privacy by design for peerlyst meetup
Privacy by design for peerlyst meetupPrivacy by design for peerlyst meetup
Privacy by design for peerlyst meetupIshay Tentser
 
Evolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technologyEvolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technologyUlf Mattsson
 
Gdpr compliance. Presentation for Consulegis Lawyers network
Gdpr compliance. Presentation for Consulegis Lawyers networkGdpr compliance. Presentation for Consulegis Lawyers network
Gdpr compliance. Presentation for Consulegis Lawyers networkBart Van Den Brande
 
Governance, legal compliance and risk across the online economy
Governance, legal compliance and risk across the online economyGovernance, legal compliance and risk across the online economy
Governance, legal compliance and risk across the online economyERADAR
 
Come cambia la cybersecurity con il regolamento privacy europeo
Come cambia la cybersecurity con il regolamento privacy europeoCome cambia la cybersecurity con il regolamento privacy europeo
Come cambia la cybersecurity con il regolamento privacy europeoGiulio Coraggio
 
Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Ulf Mattsson
 
Privacy preserving computing and secure multi party computation
Privacy preserving computing and secure multi party computationPrivacy preserving computing and secure multi party computation
Privacy preserving computing and secure multi party computationUlf Mattsson
 
GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsGDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsUlf Mattsson
 
What is Information Security and why you should care ...
What is Information Security and why you should care ...What is Information Security and why you should care ...
What is Information Security and why you should care ...James Mulhern
 
9626 GCE AS Information Technology Chapter 1
9626 GCE AS Information Technology Chapter 19626 GCE AS Information Technology Chapter 1
9626 GCE AS Information Technology Chapter 1Anthi Aristotelous
 
Training privacy by design
Training privacy by designTraining privacy by design
Training privacy by designTommy Vandepitte
 
Data Privacy
Data PrivacyData Privacy
Data Privacycliff_rudolph
 
India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law Priyanka Aash
 
Gdpr compliance univ'air carslon wagon lit 5 oktober 2017
Gdpr compliance univ'air carslon wagon lit 5 oktober 2017Gdpr compliance univ'air carslon wagon lit 5 oktober 2017
Gdpr compliance univ'air carslon wagon lit 5 oktober 2017Bart Van Den Brande
 
GDPR (En) JM Tyszka
GDPR (En) JM TyszkaGDPR (En) JM Tyszka
GDPR (En) JM TyszkaJean-Michel Tyszka
 
Abto ledenvergadering: gdpr impact on the travel industry 2017
Abto ledenvergadering: gdpr impact on the travel industry 2017Abto ledenvergadering: gdpr impact on the travel industry 2017
Abto ledenvergadering: gdpr impact on the travel industry 2017Bart Van Den Brande
 

More Related Content

What's hot

A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaA practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaUlf Mattsson
 
Emerging application and data protection for multi cloud
Emerging application and data protection for multi cloudEmerging application and data protection for multi cloud
Emerging application and data protection for multi cloudUlf Mattsson
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudUlf Mattsson
 
Magento checklist AVG / GDPR - Algemene Verordering Gegevensbescherming
Magento checklist AVG / GDPR - Algemene Verordering GegevensbeschermingMagento checklist AVG / GDPR - Algemene Verordering Gegevensbescherming
Magento checklist AVG / GDPR - Algemene Verordering GegevensbeschermingErwin Otten
 
The interface between data protection and ip law
The interface between data protection and ip lawThe interface between data protection and ip law
The interface between data protection and ip lawFrancesco Banterle
 
Privacy by design for peerlyst meetup
Privacy by design for peerlyst meetupPrivacy by design for peerlyst meetup
Privacy by design for peerlyst meetupIshay Tentser
 
Evolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technologyEvolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technologyUlf Mattsson
 
Gdpr compliance. Presentation for Consulegis Lawyers network
Gdpr compliance. Presentation for Consulegis Lawyers networkGdpr compliance. Presentation for Consulegis Lawyers network
Gdpr compliance. Presentation for Consulegis Lawyers networkBart Van Den Brande
 
Governance, legal compliance and risk across the online economy
Governance, legal compliance and risk across the online economyGovernance, legal compliance and risk across the online economy
Governance, legal compliance and risk across the online economyERADAR
 
Come cambia la cybersecurity con il regolamento privacy europeo
Come cambia la cybersecurity con il regolamento privacy europeoCome cambia la cybersecurity con il regolamento privacy europeo
Come cambia la cybersecurity con il regolamento privacy europeoGiulio Coraggio
 
Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Ulf Mattsson
 
Privacy preserving computing and secure multi party computation
Privacy preserving computing and secure multi party computationPrivacy preserving computing and secure multi party computation
Privacy preserving computing and secure multi party computationUlf Mattsson
 
GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsGDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsUlf Mattsson
 
What is Information Security and why you should care ...
What is Information Security and why you should care ...What is Information Security and why you should care ...
What is Information Security and why you should care ...James Mulhern
 
9626 GCE AS Information Technology Chapter 1
9626 GCE AS Information Technology Chapter 19626 GCE AS Information Technology Chapter 1
9626 GCE AS Information Technology Chapter 1Anthi Aristotelous
 
Training privacy by design
Training privacy by designTraining privacy by design
Training privacy by designTommy Vandepitte
 
India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law Priyanka Aash
 

What's hot (19)

A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaA practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpa
 
Emerging application and data protection for multi cloud
Emerging application and data protection for multi cloudEmerging application and data protection for multi cloud
Emerging application and data protection for multi cloud
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloud
 
Magento checklist AVG / GDPR - Algemene Verordering Gegevensbescherming
Magento checklist AVG / GDPR - Algemene Verordering GegevensbeschermingMagento checklist AVG / GDPR - Algemene Verordering Gegevensbescherming
Magento checklist AVG / GDPR - Algemene Verordering Gegevensbescherming
 
The interface between data protection and ip law
The interface between data protection and ip lawThe interface between data protection and ip law
The interface between data protection and ip law
 
ETIS Information Security Benchmark Successful Practices in telco security
ETIS Information Security Benchmark Successful Practices in telco securityETIS Information Security Benchmark Successful Practices in telco security
ETIS Information Security Benchmark Successful Practices in telco security
 
Privacy by design for peerlyst meetup
Privacy by design for peerlyst meetupPrivacy by design for peerlyst meetup
Privacy by design for peerlyst meetup
 
Evolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technologyEvolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technology
 
Gdpr compliance. Presentation for Consulegis Lawyers network
Gdpr compliance. Presentation for Consulegis Lawyers networkGdpr compliance. Presentation for Consulegis Lawyers network
Gdpr compliance. Presentation for Consulegis Lawyers network
 
Governance, legal compliance and risk across the online economy
Governance, legal compliance and risk across the online economyGovernance, legal compliance and risk across the online economy
Governance, legal compliance and risk across the online economy
 
Come cambia la cybersecurity con il regolamento privacy europeo
Come cambia la cybersecurity con il regolamento privacy europeoCome cambia la cybersecurity con il regolamento privacy europeo
Come cambia la cybersecurity con il regolamento privacy europeo
 
Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...
 
Privacy preserving computing and secure multi party computation
Privacy preserving computing and secure multi party computationPrivacy preserving computing and secure multi party computation
Privacy preserving computing and secure multi party computation
 
GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsGDPR and evolving international privacy regulations
GDPR and evolving international privacy regulations
 
What is Information Security and why you should care ...
What is Information Security and why you should care ...What is Information Security and why you should care ...
What is Information Security and why you should care ...
 
9626 GCE AS Information Technology Chapter 1
9626 GCE AS Information Technology Chapter 19626 GCE AS Information Technology Chapter 1
9626 GCE AS Information Technology Chapter 1
 
Training privacy by design
Training privacy by designTraining privacy by design
Training privacy by design
 
Data Privacy
Data PrivacyData Privacy
Data Privacy
 
India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law
 

Similar to Gdpr and smart cities

Gdpr compliance univ'air carslon wagon lit 5 oktober 2017
Gdpr compliance univ'air carslon wagon lit 5 oktober 2017Gdpr compliance univ'air carslon wagon lit 5 oktober 2017
Gdpr compliance univ'air carslon wagon lit 5 oktober 2017Bart Van Den Brande
 
Abto ledenvergadering: gdpr impact on the travel industry 2017
Abto ledenvergadering: gdpr impact on the travel industry 2017Abto ledenvergadering: gdpr impact on the travel industry 2017
Abto ledenvergadering: gdpr impact on the travel industry 2017Bart Van Den Brande
 
GDPR How ready are you? The What, Why and How.
GDPR How ready are you? The What, Why and How.GDPR How ready are you? The What, Why and How.
GDPR How ready are you? The What, Why and How.James Seville
 
20481112 travelmedia congres gdpr in de travelindustrie in 2019
20481112 travelmedia congres gdpr in de travelindustrie in 201920481112 travelmedia congres gdpr in de travelindustrie in 2019
20481112 travelmedia congres gdpr in de travelindustrie in 2019Bart Van Den Brande
 
Privacy in Computer Vision
Privacy in Computer Vision Privacy in Computer Vision
Privacy in Computer Vision Omid Mogharian
 
Splunk GDPR Security Roundtable: Zurich - 22 Nov 2017 PT2
Splunk GDPR Security Roundtable: Zurich - 22 Nov 2017 PT2Splunk GDPR Security Roundtable: Zurich - 22 Nov 2017 PT2
Splunk GDPR Security Roundtable: Zurich - 22 Nov 2017 PT2Splunk
 
De impact van de GDPR op de reissector
De impact van de GDPR op de reissectorDe impact van de GDPR op de reissector
De impact van de GDPR op de reissectorBart Van Den Brande
 
Mobile Devices and Internet of Things
Mobile Devices and Internet of ThingsMobile Devices and Internet of Things
Mobile Devices and Internet of ThingsPaul Hastings
 
Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...
Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...
Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...Andris Soroka
 
Big Data Monetisation
Big Data MonetisationBig Data Monetisation
Big Data MonetisationPSD Group Ltd
 
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)Andris Soroka
 
ISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniquesISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniquesUlf Mattsson
 
Spotlight on Technology 2017
Spotlight on Technology 2017Spotlight on Technology 2017
Spotlight on Technology 2017Craig Devlin
 
Introduction to new technologies
Introduction to new technologiesIntroduction to new technologies
Introduction to new technologiesTracey Roberts
 
Impact on e-commerce of the GDPR- Etrade Summit 2016
Impact on e-commerce of the GDPR- Etrade Summit 2016Impact on e-commerce of the GDPR- Etrade Summit 2016
Impact on e-commerce of the GDPR- Etrade Summit 2016Bart Van Den Brande
 
The somewhat awkward marriage between digital marketing and data protection (...
The somewhat awkward marriage between digital marketing and data protection (...The somewhat awkward marriage between digital marketing and data protection (...
The somewhat awkward marriage between digital marketing and data protection (...Bart Van Den Brande
 
Smart Data Module 5 d drive_legislation
Smart Data Module 5 d drive_legislationSmart Data Module 5 d drive_legislation
Smart Data Module 5 d drive_legislationcaniceconsulting
 
Scot Cloud 2016
Scot Cloud 2016Scot Cloud 2016
Scot Cloud 2016Ray Bugg
 

Similar to Gdpr and smart cities (20)

Gdpr compliance univ'air carslon wagon lit 5 oktober 2017
Gdpr compliance univ'air carslon wagon lit 5 oktober 2017Gdpr compliance univ'air carslon wagon lit 5 oktober 2017
Gdpr compliance univ'air carslon wagon lit 5 oktober 2017
 
GDPR (En) JM Tyszka
GDPR (En) JM TyszkaGDPR (En) JM Tyszka
GDPR (En) JM Tyszka
 
Abto ledenvergadering: gdpr impact on the travel industry 2017
Abto ledenvergadering: gdpr impact on the travel industry 2017Abto ledenvergadering: gdpr impact on the travel industry 2017
Abto ledenvergadering: gdpr impact on the travel industry 2017
 
GDPR - CISO Perspective
GDPR - CISO PerspectiveGDPR - CISO Perspective
GDPR - CISO Perspective
 
GDPR How ready are you? The What, Why and How.
GDPR How ready are you? The What, Why and How.GDPR How ready are you? The What, Why and How.
GDPR How ready are you? The What, Why and How.
 
20481112 travelmedia congres gdpr in de travelindustrie in 2019
20481112 travelmedia congres gdpr in de travelindustrie in 201920481112 travelmedia congres gdpr in de travelindustrie in 2019
20481112 travelmedia congres gdpr in de travelindustrie in 2019
 
Privacy in Computer Vision
Privacy in Computer Vision Privacy in Computer Vision
Privacy in Computer Vision
 
Splunk GDPR Security Roundtable: Zurich - 22 Nov 2017 PT2
Splunk GDPR Security Roundtable: Zurich - 22 Nov 2017 PT2Splunk GDPR Security Roundtable: Zurich - 22 Nov 2017 PT2
Splunk GDPR Security Roundtable: Zurich - 22 Nov 2017 PT2
 
De impact van de GDPR op de reissector
De impact van de GDPR op de reissectorDe impact van de GDPR op de reissector
De impact van de GDPR op de reissector
 
Mobile Devices and Internet of Things
Mobile Devices and Internet of ThingsMobile Devices and Internet of Things
Mobile Devices and Internet of Things
 
Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...
Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...
Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...
 
Big Data Monetisation
Big Data MonetisationBig Data Monetisation
Big Data Monetisation
 
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
 
ISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniquesISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniques
 
Spotlight on Technology 2017
Spotlight on Technology 2017Spotlight on Technology 2017
Spotlight on Technology 2017
 
Introduction to new technologies
Introduction to new technologiesIntroduction to new technologies
Introduction to new technologies
 
Impact on e-commerce of the GDPR- Etrade Summit 2016
Impact on e-commerce of the GDPR- Etrade Summit 2016Impact on e-commerce of the GDPR- Etrade Summit 2016
Impact on e-commerce of the GDPR- Etrade Summit 2016
 
The somewhat awkward marriage between digital marketing and data protection (...
The somewhat awkward marriage between digital marketing and data protection (...The somewhat awkward marriage between digital marketing and data protection (...
The somewhat awkward marriage between digital marketing and data protection (...
 
Smart Data Module 5 d drive_legislation
Smart Data Module 5 d drive_legislationSmart Data Module 5 d drive_legislation
Smart Data Module 5 d drive_legislation
 
Scot Cloud 2016
Scot Cloud 2016Scot Cloud 2016
Scot Cloud 2016
 

More from Bart Van Den Brande

Data export after the Google Analytics decision
Data export after the Google Analytics decisionData export after the Google Analytics decision
Data export after the Google Analytics decisionBart Van Den Brande
 
UBA legal changes in marketing automation
UBA legal changes in marketing automation UBA legal changes in marketing automation
UBA legal changes in marketing automation Bart Van Den Brande
 
20220211 Data export after the Google Analytics decision
20220211 Data export after the Google Analytics decision 20220211 Data export after the Google Analytics decision
20220211 Data export after the Google Analytics decision Bart Van Den Brande
 
20211116 gastles UCLL Hogeschool: Legal compliant websites
20211116 gastles UCLL Hogeschool: Legal compliant websites20211116 gastles UCLL Hogeschool: Legal compliant websites
20211116 gastles UCLL Hogeschool: Legal compliant websitesBart Van Den Brande
 
20211118 BAM webinar: Hoe kies ik veilige (marketing automation) tools in tij...
20211118 BAM webinar: Hoe kies ik veilige (marketing automation) tools in tij...20211118 BAM webinar: Hoe kies ik veilige (marketing automation) tools in tij...
20211118 BAM webinar: Hoe kies ik veilige (marketing automation) tools in tij...Bart Van Den Brande
 
SafeShops wijzigingen in intracommunautaire btw vanaf 1 juli 2021
SafeShops wijzigingen in intracommunautaire btw vanaf 1 juli 2021SafeShops wijzigingen in intracommunautaire btw vanaf 1 juli 2021
SafeShops wijzigingen in intracommunautaire btw vanaf 1 juli 2021Bart Van Den Brande
 
20210526 cybersafety first! Sirius Legal webinar for Comeos
20210526 cybersafety first! Sirius Legal webinar for Comeos20210526 cybersafety first! Sirius Legal webinar for Comeos
20210526 cybersafety first! Sirius Legal webinar for ComeosBart Van Den Brande
 
Sirius Legal presentatie voor Voka: 10 praktische tips om correct om te gaan ...
Sirius Legal presentatie voor Voka: 10 praktische tips om correct om te gaan ...Sirius Legal presentatie voor Voka: 10 praktische tips om correct om te gaan ...
Sirius Legal presentatie voor Voka: 10 praktische tips om correct om te gaan ...Bart Van Den Brande
 
20201214 schrems II webinar politeia
20201214 schrems II webinar politeia20201214 schrems II webinar politeia
20201214 schrems II webinar politeiaBart Van Den Brande
 
Wedstrijden en social media. Gastles Odisee Hogeschool 17/11/2020
Wedstrijden en social media. Gastles Odisee Hogeschool 17/11/2020Wedstrijden en social media. Gastles Odisee Hogeschool 17/11/2020
Wedstrijden en social media. Gastles Odisee Hogeschool 17/11/2020Bart Van Den Brande
 
Direct marketing and data protection in fundraising
Direct marketing and data protection in fundraisingDirect marketing and data protection in fundraising
Direct marketing and data protection in fundraisingBart Van Den Brande
 
Sirius Legal Gastles aan Thomas More Hogeschool: e commerce en gdpr (1)
Sirius Legal Gastles aan Thomas More Hogeschool: e commerce en gdpr (1)Sirius Legal Gastles aan Thomas More Hogeschool: e commerce en gdpr (1)
Sirius Legal Gastles aan Thomas More Hogeschool: e commerce en gdpr (1)Bart Van Den Brande
 
fvb 10 praktische tips om correct om te gaan met klantendata (1)
fvb 10 praktische tips om correct om te gaan met klantendata (1)fvb 10 praktische tips om correct om te gaan met klantendata (1)
fvb 10 praktische tips om correct om te gaan met klantendata (1)Bart Van Den Brande
 
Omgaan met data in e-commerce na de komst van GDPR en ePrivacy
Omgaan met data in e-commerce na de komst van GDPR en ePrivacyOmgaan met data in e-commerce na de komst van GDPR en ePrivacy
Omgaan met data in e-commerce na de komst van GDPR en ePrivacyBart Van Den Brande
 
Omgaan met data in tijden van GDPR en Privacy
Omgaan met data in tijden van GDPR en PrivacyOmgaan met data in tijden van GDPR en Privacy
Omgaan met data in tijden van GDPR en PrivacyBart Van Den Brande
 
Sirius Friday seminarie "1 jaar gdpr"
Sirius Friday seminarie "1 jaar gdpr"Sirius Friday seminarie "1 jaar gdpr"
Sirius Friday seminarie "1 jaar gdpr"Bart Van Den Brande
 
20190326 Safeshops eLegal Day 2019
20190326 Safeshops eLegal Day 201920190326 Safeshops eLegal Day 2019
20190326 Safeshops eLegal Day 2019Bart Van Den Brande
 

More from Bart Van Den Brande (20)

Data export after the Google Analytics decision
Data export after the Google Analytics decisionData export after the Google Analytics decision
Data export after the Google Analytics decision
 
UBA legal changes in marketing automation
UBA legal changes in marketing automation UBA legal changes in marketing automation
UBA legal changes in marketing automation
 
20220211 Data export after the Google Analytics decision
20220211 Data export after the Google Analytics decision 20220211 Data export after the Google Analytics decision
20220211 Data export after the Google Analytics decision
 
20211116 gastles UCLL Hogeschool: Legal compliant websites
20211116 gastles UCLL Hogeschool: Legal compliant websites20211116 gastles UCLL Hogeschool: Legal compliant websites
20211116 gastles UCLL Hogeschool: Legal compliant websites
 
20211118 BAM webinar: Hoe kies ik veilige (marketing automation) tools in tij...
20211118 BAM webinar: Hoe kies ik veilige (marketing automation) tools in tij...20211118 BAM webinar: Hoe kies ik veilige (marketing automation) tools in tij...
20211118 BAM webinar: Hoe kies ik veilige (marketing automation) tools in tij...
 
SafeShops wijzigingen in intracommunautaire btw vanaf 1 juli 2021
SafeShops wijzigingen in intracommunautaire btw vanaf 1 juli 2021SafeShops wijzigingen in intracommunautaire btw vanaf 1 juli 2021
SafeShops wijzigingen in intracommunautaire btw vanaf 1 juli 2021
 
20210526 cybersafety first! Sirius Legal webinar for Comeos
20210526 cybersafety first! Sirius Legal webinar for Comeos20210526 cybersafety first! Sirius Legal webinar for Comeos
20210526 cybersafety first! Sirius Legal webinar for Comeos
 
Sirius Legal presentatie voor Voka: 10 praktische tips om correct om te gaan ...
Sirius Legal presentatie voor Voka: 10 praktische tips om correct om te gaan ...Sirius Legal presentatie voor Voka: 10 praktische tips om correct om te gaan ...
Sirius Legal presentatie voor Voka: 10 praktische tips om correct om te gaan ...
 
20201211 DPIA webinar
20201211 DPIA webinar20201211 DPIA webinar
20201211 DPIA webinar
 
20201214 schrems II webinar politeia
20201214 schrems II webinar politeia20201214 schrems II webinar politeia
20201214 schrems II webinar politeia
 
Wedstrijden en social media. Gastles Odisee Hogeschool 17/11/2020
Wedstrijden en social media. Gastles Odisee Hogeschool 17/11/2020Wedstrijden en social media. Gastles Odisee Hogeschool 17/11/2020
Wedstrijden en social media. Gastles Odisee Hogeschool 17/11/2020
 
Schrems II, wat nu?
Schrems II, wat nu?Schrems II, wat nu?
Schrems II, wat nu?
 
Direct marketing and data protection in fundraising
Direct marketing and data protection in fundraisingDirect marketing and data protection in fundraising
Direct marketing and data protection in fundraising
 
Sirius Legal Gastles aan Thomas More Hogeschool: e commerce en gdpr (1)
Sirius Legal Gastles aan Thomas More Hogeschool: e commerce en gdpr (1)Sirius Legal Gastles aan Thomas More Hogeschool: e commerce en gdpr (1)
Sirius Legal Gastles aan Thomas More Hogeschool: e commerce en gdpr (1)
 
fvb 10 praktische tips om correct om te gaan met klantendata (1)
fvb 10 praktische tips om correct om te gaan met klantendata (1)fvb 10 praktische tips om correct om te gaan met klantendata (1)
fvb 10 praktische tips om correct om te gaan met klantendata (1)
 
Sirius Friday Corona Webinar
Sirius Friday Corona WebinarSirius Friday Corona Webinar
Sirius Friday Corona Webinar
 
Omgaan met data in e-commerce na de komst van GDPR en ePrivacy
Omgaan met data in e-commerce na de komst van GDPR en ePrivacyOmgaan met data in e-commerce na de komst van GDPR en ePrivacy
Omgaan met data in e-commerce na de komst van GDPR en ePrivacy
 
Omgaan met data in tijden van GDPR en Privacy
Omgaan met data in tijden van GDPR en PrivacyOmgaan met data in tijden van GDPR en Privacy
Omgaan met data in tijden van GDPR en Privacy
 
Sirius Friday seminarie "1 jaar gdpr"
Sirius Friday seminarie "1 jaar gdpr"Sirius Friday seminarie "1 jaar gdpr"
Sirius Friday seminarie "1 jaar gdpr"
 
20190326 Safeshops eLegal Day 2019
20190326 Safeshops eLegal Day 201920190326 Safeshops eLegal Day 2019
20190326 Safeshops eLegal Day 2019
 

Recently uploaded

CAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction FailsCAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction FailsAurora Consulting
 
ARTICLE 370 PDF about the indian constitution.
ARTICLE 370 PDF about the indian constitution.ARTICLE 370 PDF about the indian constitution.
ARTICLE 370 PDF about the indian constitution.tanughoshal0
 
Navigating Employment Law - Term Project.pptx
Navigating Employment Law - Term Project.pptxNavigating Employment Law - Term Project.pptx
Navigating Employment Law - Term Project.pptxelysemiller87
 
一比一原版(USYD毕业证书)澳洲悉尼大学毕业证如何办理
一比一原版(USYD毕业证书)澳洲悉尼大学毕业证如何办理一比一原版(USYD毕业证书)澳洲悉尼大学毕业证如何办理
一比一原版(USYD毕业证书)澳洲悉尼大学毕业证如何办理A AA
 
Relationship Between International Law and Municipal Law MIR.pdf
Relationship Between International Law and Municipal Law MIR.pdfRelationship Between International Law and Municipal Law MIR.pdf
Relationship Between International Law and Municipal Law MIR.pdfKelechi48
 
Corporate Sustainability Due Diligence Directive (CSDDD or the EU Supply Chai...
Corporate Sustainability Due Diligence Directive (CSDDD or the EU Supply Chai...Corporate Sustainability Due Diligence Directive (CSDDD or the EU Supply Chai...
Corporate Sustainability Due Diligence Directive (CSDDD or the EU Supply Chai...Dr. Oliver Massmann
 
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理Airst S
 
3 Formation of Company.www.seribangash.com.ppt
3 Formation of Company.www.seribangash.com.ppt3 Formation of Company.www.seribangash.com.ppt
3 Formation of Company.www.seribangash.com.pptseri bangash
 
Shubh_Burden of proof_Indian Evidence Act.pptx
Shubh_Burden of proof_Indian Evidence Act.pptxShubh_Burden of proof_Indian Evidence Act.pptx
Shubh_Burden of proof_Indian Evidence Act.pptxShubham Wadhonkar
 
一比一原版(USC毕业证书)南加州大学毕业证学位证书
一比一原版(USC毕业证书)南加州大学毕业证学位证书一比一原版(USC毕业证书)南加州大学毕业证学位证书
一比一原版(USC毕业证书)南加州大学毕业证学位证书irst
 
Analysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptx
Analysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptxAnalysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptx
Analysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptxadvabhayjha2627
 
一比一原版(Cranfield毕业证书)克兰菲尔德大学毕业证如何办理
一比一原版(Cranfield毕业证书)克兰菲尔德大学毕业证如何办理一比一原版(Cranfield毕业证书)克兰菲尔德大学毕业证如何办理
一比一原版(Cranfield毕业证书)克兰菲尔德大学毕业证如何办理F La
 
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理e9733fc35af6
 
Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...
Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...
Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...SUHANI PANDEY
 
A SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURY
A SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURYA SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURY
A SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURYJulian Scutts
 
一比一原版埃克塞特大学毕业证如何办理
一比一原版埃克塞特大学毕业证如何办理一比一原版埃克塞特大学毕业证如何办理
一比一原版埃克塞特大学毕业证如何办理Airst S
 
一比一原版赫尔大学毕业证如何办理
一比一原版赫尔大学毕业证如何办理一比一原版赫尔大学毕业证如何办理
一比一原版赫尔大学毕业证如何办理Airst S
 
Understanding the Role of Labor Unions and Collective Bargaining
Understanding the Role of Labor Unions and Collective BargainingUnderstanding the Role of Labor Unions and Collective Bargaining
Understanding the Role of Labor Unions and Collective Bargainingbartzlawgroup1
 
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理Airst S
 
一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理
一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理
一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理A AA
 

Recently uploaded (20)

CAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction FailsCAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction Fails
 
ARTICLE 370 PDF about the indian constitution.
ARTICLE 370 PDF about the indian constitution.ARTICLE 370 PDF about the indian constitution.
ARTICLE 370 PDF about the indian constitution.
 
Navigating Employment Law - Term Project.pptx
Navigating Employment Law - Term Project.pptxNavigating Employment Law - Term Project.pptx
Navigating Employment Law - Term Project.pptx
 
一比一原版(USYD毕业证书)澳洲悉尼大学毕业证如何办理
一比一原版(USYD毕业证书)澳洲悉尼大学毕业证如何办理一比一原版(USYD毕业证书)澳洲悉尼大学毕业证如何办理
一比一原版(USYD毕业证书)澳洲悉尼大学毕业证如何办理
 
Relationship Between International Law and Municipal Law MIR.pdf
Relationship Between International Law and Municipal Law MIR.pdfRelationship Between International Law and Municipal Law MIR.pdf
Relationship Between International Law and Municipal Law MIR.pdf
 
Corporate Sustainability Due Diligence Directive (CSDDD or the EU Supply Chai...
Corporate Sustainability Due Diligence Directive (CSDDD or the EU Supply Chai...Corporate Sustainability Due Diligence Directive (CSDDD or the EU Supply Chai...
Corporate Sustainability Due Diligence Directive (CSDDD or the EU Supply Chai...
 
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
 
3 Formation of Company.www.seribangash.com.ppt
3 Formation of Company.www.seribangash.com.ppt3 Formation of Company.www.seribangash.com.ppt
3 Formation of Company.www.seribangash.com.ppt
 
Shubh_Burden of proof_Indian Evidence Act.pptx
Shubh_Burden of proof_Indian Evidence Act.pptxShubh_Burden of proof_Indian Evidence Act.pptx
Shubh_Burden of proof_Indian Evidence Act.pptx
 
一比一原版(USC毕业证书)南加州大学毕业证学位证书
一比一原版(USC毕业证书)南加州大学毕业证学位证书一比一原版(USC毕业证书)南加州大学毕业证学位证书
一比一原版(USC毕业证书)南加州大学毕业证学位证书
 
Analysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptx
Analysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptxAnalysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptx
Analysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptx
 
一比一原版(Cranfield毕业证书)克兰菲尔德大学毕业证如何办理
一比一原版(Cranfield毕业证书)克兰菲尔德大学毕业证如何办理一比一原版(Cranfield毕业证书)克兰菲尔德大学毕业证如何办理
一比一原版(Cranfield毕业证书)克兰菲尔德大学毕业证如何办理
 
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
 
Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...
Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...
Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...
 
A SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURY
A SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURYA SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURY
A SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURY
 
一比一原版埃克塞特大学毕业证如何办理
一比一原版埃克塞特大学毕业证如何办理一比一原版埃克塞特大学毕业证如何办理
一比一原版埃克塞特大学毕业证如何办理
 
一比一原版赫尔大学毕业证如何办理
一比一原版赫尔大学毕业证如何办理一比一原版赫尔大学毕业证如何办理
一比一原版赫尔大学毕业证如何办理
 
Understanding the Role of Labor Unions and Collective Bargaining
Understanding the Role of Labor Unions and Collective BargainingUnderstanding the Role of Labor Unions and Collective Bargaining
Understanding the Role of Labor Unions and Collective Bargaining
 
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
 
一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理
一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理
一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理
 

Gdpr and smart cities

  • 1. Sirius Legal GDPR en databescherming in een smart city context Master Class: Smart City Data & Privacy, Brussel 6 september 2018
  • 2. 1. We live in a digital world… Basis of anything that happens online is data Big data Collect all you can now – figure out what to do with it later Profiling Maximale tracking Location based Trigger based Internet of things Data has in many cases become a currency online… (cfr. Proposal Directive 2015/0287)
  • 3. 1. In a smart city context… Barcelona - London - Hamburg - Singapore - Dubai - Boston - ... Smart city projects multiply at great speed Traffic management Waste management CCTV security camera’s Access control Public lighting Smart information panels Smart infrastructure (swimming pool, fire security, central heating systems in public housing, …)
  • 4. 1. In a smart city context… Barcelona - London - Hamburg - Singapore - Dubai - Boston - ... Smart city projects multiply at great speed Often based on, or related to Internet of Things Big Data processing A certain degree of profiling Cloud storage / use of public internet for data transportation Public-Private Cooperation
  • 5. 2. Same rules for all and no grace period… General Data Protection Regulation 2016/679 (GDPR/AVGB) Regulation instead of Directive – 1 law for 28 states Agreement reached December 2015 Entered into force last May 2018 (without grace period!) New rules are MUCH stricter than current law and impact EVERYONE present here today Be prepared: high fines – liability – insurance issues – company image
  • 6. (Online) marketing vandaag… Basis van alle marketing is data Heatmapping Alles is meetbaar De impact van de GDPR op uw marketing en prospectie Business meets IT, Blue Point Antwerpen, 1 juni 2017 GDPR applies to ALL databases (clients, marketing, sales, HR, purchasing, accounting, …) Personal data = EVERY piece of information that allows you to identify a person, directly or indirectly, now or in the future, alone or with the help of third parties Compliance is mandatory not only for “Data controller” (e.g. the advertiser) but in many cases also for “data processor” (e.g. cloud service provider, web developer, online agency, etc…) Specific caution is required for all data driven innovation – apps – AI – location based – blockchain – IoT - … Marketing – HR – sales – purchasing – reception – call center – IT - … 3. Everybody collects personal data…
  • 7. 3. In a smart city context… Distinction to be made between Aggregate data Traffic streams, number of visitors, crowd management, … Pseudonymised, anonymised, no longer personal data But risk related to big data = retroactive (even unintended) de-pseudonymisation Real time data NPR, CCTV, MAC and IP addresses, facial recognition systems All processing of personal data Great number of privacy related issues
  • 8. 4. Basic principles of GDPR to learn by heart… Accountability Transparency Data Protection by design Data protection by default Purpose limitation Data minimisation Accuracy Limited retention time Data security Limits on data export outside EU/EEA Access on need to know basis only
  • 9. 4. Challenges in a smart city context… Transparency Cfr. CCTV, facial recognition, profiling, ANPR, ... PPC - sharing data with private companies Democratic and legal risk of loss of transparency towards citizens
  • 10. 4. Challenges in a smart city context… Data Protection by default / by design Necessity to make full scale DPIA a standard reflex Ensure both technical and operational security Ensure correct application of principles of transparency, minimisation, limited retention times, purpose limitation, data security, access at need to know basis Data protection by design: problem of third party software / off the shelf software that is not always compliant
  • 11. 4. Challenges in a smart city context… Purpose limitation Quintessential issue related to big data is that purpose of data collection is often unknown at the time of collection Tempting to reuse data for new purposes that present themselves post factum Cfr. legal basis for processing + transparency
  • 12. 4. Challenges in a smart city context… Data minimisation + limited retention times Cfr. ANPR - CCTV - MAC and IP addresses - Facial recognition Only data that is absolutely necessary for successful service can be processed Only for the time required to provide successful service “Need to know” - “need to process”
  • 13. 4. Challenges in a smart city context… Data security Potential issues with data security are related to Poor security on devices / sensors (cfr. baby monitoring hacking) Poor security on networks (cfr. highjacking of Jeep Cherokee in 2015) Out of date technology Cloud storage Sharing with third parties Insufficient organisational security (access control to buildings, password security,...)
  • 14. 4. Challenges in a smart city context… Data export Data export outside EU/EEA requires safe country, standard clauses, BCR, US/EU privacy shield, ... Any “export” outside these conditions is illegal Potential risks Cloud storage (location of data centers) Use of non-EU software or IT service providers PPC with non EU partners or EU partners with non EU subcontractors ...
  • 15. 5. Contracts with all contractors… Obligation to work only with subcontractors that guarantee sufficient data security Obligation to have written contracts with all subcontractors List of mandatory clauses in such contracts Also concerns software tools… = Need to audit/map all existing subcontracting/service contracts/licenses (Mailchimp, Eventbrite, (Google) Analytics, internal messaging (e.g.Slack)…°
  • 16. 6. Everything starts with a data register Obligation to maintain a “record of processing activities” Holding ID of processor, processed data, categories, transfers, time limits, security measures In writing at the seat of your company Privacy Commission has a template (rather complicated), so do we (simplified) Bookings, mailings, transfers to third parties, opt-outs, …
  • 17. 7. What is “Appropriate” Security…? “Processor shall implement appropriate technical and organizational measures, to ensure an appropriate level of security” Pseudonymisation where possible, confidentiality, security, back ups in place, security testing protocols, … = Need to audit/map data within company
  • 18. 7. Appropriate security in a smart city context… Potential risks from a technical perspective Hacking and theft of personal data Cryptolocker / ransomware attacks on personal data files (or on smart city services!) Loss of personal data due to e.g. power outage, lack of back up, etc… Highjacking of IoT networks as part of botnet Potential risks from a privacy perspective Unlawful sharing of data with third parties (PPC partners?) Unlawful access (“need to know basis only”) Abuse of IoT by government itself or as part of third part hacking to illegally collect data De-pseudonymisation of data Unlawful repurposing of data
  • 19. 7. Appropriate security in a smart city context… What is appropriate security Necessity to conduct DPIA Ensure Data Protection by Design and Data Protection by Default Very strict Data Processing Agreements with all contractors Clear Data Security Policy (dataveiligheidsplan) within organisation Strong DPO (+ independant Informatieveiligheidsconsulent) White hacking as essential part of data security Strong internal policies towards employees - BYOD - Homework - visitors - password security - ... Access control, device management - swiping and blocking - Data Use monitoring - ... Data breach notification policy Awareness training ...
  • 20. 8. Find processing grounds for ALL records… 1. Legal interest – (2. vital interest) – (3. Public interest) 4. Prior opt-in remains the basic rule (+ proof required) 5. “Processing is required for the execution of a contract” 6. “Legitimate interest” (risky business…)
  • 21. 8. Processing grounds in a smart city context… Prior opt-in should be basis if and when possible Reality in smart city / IoT / Big Data context is that opt-in is an illusion Cfr CCTV - NPR - Facial recognition Cfr eg Singapore where proposal is to use geolocalisation device for every car or to start large scale monitoring of energy use in public housing on individual level “Legal obligation” will very often be legal ground for processing “Execution of a contract” may in some cases be sufficient ground (but not if there is no “contract..” and not if not “needed” to perform contract What is left is “legitimate interest” (not for “public authorities” in the “performance of their task”??) Sliding scale! - Should be limited to those cases where opt-in cannot be obtained and with very big auto-restriction
  • 22. 9. Careful with minors… Processing of data belonging to minor (-13 Y/O, -16 Y/O) Always requires explicit authorisation by parents! “Reasonable efforts” to check age and obtain authorisation eID?, Facebook login?, credit card data?, live chat, …?
  • 23. 10. Information, information, information… In all circumstances ID processor, rights of data subjects, type of processing, … Specifically in case of Data transfer Data export Minors New processing grounds Profiling & automated decision taking …
  • 24. 10. Information obligations in a smart city context… How to... Give information prior to processing when processing occurs automatically? Give information on profiling and allow opt-out for profiling? Give access to data and allow correction of data? Inform on sharing of data with third parties? …?
  • 25. GDPR in a smart city context… In conclusion GDPR in a smart city context Raises more questions than answers Requires Thorough legal analyses and professional guidance Non respect of GDPR poses a real risk for democratic deficit Non respect of GDPR poses a real risk of serious damage to brand image Very high fines Series of other invasive sanctions (halt to processing, suspension of processing, etc...)
  • 26. Sirius Legal Media & advertising law IP law Internet & e-commerce Privacy & Data Protection Gambling law Travel & consumer protection Commercial & contracts Corporate - tax - labour - real estate bart@siriuslegal.be www.siriuslegal.be @BartVdBrande Linkedin.com/in/bartvdb