SlideShare a Scribd company logo

Gary Davis

dri_ireland
dri_ireland

Presented as part of "Realising the Opportunities of Digital Humanities" (#RODH2012) Oct 23-25, 2012, Ireland. More info: www.dri.ie/programme

1 of 22
Data Protection Considerations Gary Davis Deputy Data Protection Commissioner Realising the Opportunities of Digital Humanities, 24 October, 2012
Data Protection – a Fundamental Human Right • Implicit Right to Personal Privacy under Irish Constitution – Article 40.3.1 • Explicit Right to Personal Privacy under Article 8 of 1950 European Convention for the Protection of Human Rights & Fundamental Freedoms [ECHR]  ECHR now indirectly part of Irish law due to ECHR Act 2003 • Explicit Right to Data Protection under EU Treaties – Lisbon Treaty and EU Charter
EU Charter of Fundamental Rights: Article 8 • Protection of personal data • 1. Everyone has the right to the protection of personal data concerning him or her. 2. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified. 3. Compliance with these rules shall be subject to control by an independent authority.
Lisbon Treaty Article 16 Treaty on the Functioning of the Union • 1. Everyone has the right to the protection of personal data concerning them. • 2. The European Parliament and the Council, acting in accordance with the ordinary legislative procedure, shall lay down the rules relating to the protection of individuals with regard to the processing of personal data by Union institutions, bodies, offices and agencies, and by the Member States when carrying out activities which fall within the scope of Union law, and the rules relating to the free movement of such data. • Compliance with these rules shall be subject to the control of independent authorities.
EU & Irish Legislation • Data Protection Directive • Data Protection Acts 95/46/EC  Being updated 1988 & 2003 • Electronic Privacy Directive 2002/58/EC • EC Electronic (as amended by Privacy Regulations 2006/24/EC + 2009/136/EC) 2011 (SI 336/2011)
Definitions: Personal Data  “Data relating to a living individual who is or can be identified either from the data or from the data in conjunction with other information that is in, or is likely to come into, the possession of the data controller “ (DP Act, Section 1)  Applies to any data that is processed (includes hosting) using any medium by a legal entity. Therefore paper, computer, network, web, phone, CCTV etc.
Definitions - Sensitive Personal Data • Sensitive Personal Data (more protection)  Racial/ethnic origin; political opinions; religious/philosophical beliefs; trade union membership; health; sexual life; criminal record
Definitions • Data Controller  a person who controls the contents and use of personal data • Data Processor  A person who processes personal data on behalf of a data controller
1. Accurate • Good business practice • Best achieved at point of collection • Ongoing requirement if intended to be used. • Ask the data subject if needed
2. Non-Disclosure • General rule – no • Main exceptions: disclosure for different  Investigation of crime purpose  Collection of taxes  Security of the State • Exceptions made, to  Protect life & limb balance other interests  Required by Law of society  Intl Relations • Stricter conditions  Consent for sensitive data
2. Non-Disclosure • The Data Controller should have a policy in place to determine how requests for data from third parties are handled. • This policy should be consulted by appropriate staff members
DP/FOI Access to Personal Information • DP and FOI Acts reinforce one another in relation to personal access in the public sector • Defending access to personal information as human (DP) and citizen (FOI) right • 3rd Party Access restricted under both Acts • FOI access to personal information should sometimes prevail in the public interest
DP and FOI • A right conferred by the Data Protection Act shall not prejudice the exercise of a right conferred by the Freedom of Information Act 1997. • The Commissioner and the Information Commissioner shall, in the performance of their functions, co-operate with and provide assistance to each other (DP Act 2003)
3. Keep secure • Accidental disclosure to third parties, PC in public area, non-secure fax • External-robust encryption, online forms, technical measures • Audit trails, reviews, logs, unusual events • Manual Files
4. Retention Policy • Legal obligations to hold data? • Customer files  Do you need to hold all that data? • Personnel files  Revenue requirement? • Must have policy thought through  Defend retention as necessary for purpose.
4. Retention Policy – Public Bodies • Data protection rights of identifiable persons and obligation to retain data under National Archives Act 1986  Authorisation to dispose of records (s. 7) • Balance between rights of the person and public interest
Historical Research (1) • Section 2 and sections 2A and 2B of this Act shall not apply to—  (a) data kept solely for the purpose of historical research, or  (b) other data consisting of archives or departmental records (within the meaning in each case of the National Archives Act 1986), • and the keeping of which complies with such requirements (if any) as may be prescribed for the purpose of safeguarding the fundamental rights and freedoms of data subjects
Historical Research (2) • Draft Archives Regulations 2010  Followed public consultation  Security, access as per Data Protection Acts • Departmental records as per National Archives Act  100-year rule
5. Follow Retention Policy • A method appropriate to each organisation to review files • Assign Responsibility • Reporting structure • Delete personal data that is outside terms of policy. • Keep a record of deletions
Right of Access • A fundamental rights granted to individuals as a means of granting them control over how their data are processed – transparency • Applies to all manual and electronic records in existence at the time of receipt of an access request – regardless of when the record was created.
Right of correction/erasure • Section 6 of the Act • Data Subject makes a written request • Personal data must be:  Corrected, if inaccurate; or  Deleted, if should not be held. • Data Controller has 40 days to respond • No fee
Thank You Office of the Data Protection Commissioner Canal House Station Road Portarlington Co Laois Phone: LoCall 1890 252231 057 8684800 Fax: 057 8684757 Email: info@dataprotection.ie Website: www.dataprotection.ie

Recommended

The Data Retention Directive: recent developments
The Data Retention Directive: recent developmentsThe Data Retention Directive: recent developments
The Data Retention Directive: recent developments
blogzilla
 
Introduction privacy and drones130902.pptx (alleen lezen)
Introduction privacy and drones130902.pptx (alleen lezen)Introduction privacy and drones130902.pptx (alleen lezen)
Introduction privacy and drones130902.pptx (alleen lezen)
schermerbw
 
Rtia'05 an introduction
Rtia'05 an introductionRtia'05 an introduction
Rtia'05 an introduction
Bhim Thatal
 
Clyrofor popia readiness webinar
Clyrofor popia readiness webinarClyrofor popia readiness webinar
Clyrofor popia readiness webinar
Lesedi Mnisi
 
The Promotion of Access to Information Act for South African Journalists
The Promotion of Access to Information Act for South African JournalistsThe Promotion of Access to Information Act for South African Journalists
The Promotion of Access to Information Act for South African Journalists
Gabriella Razzano
 
Worldwide Laws Privacy Presentation 2006
Worldwide Laws Privacy Presentation 2006Worldwide Laws Privacy Presentation 2006
Worldwide Laws Privacy Presentation 2006
Kimberly Verska
 
GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017
CloudWATCH Consortium
 
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...
AltheimPrivacy
 

Recommended

The Data Retention Directive: recent developments
The Data Retention Directive: recent developmentsThe Data Retention Directive: recent developments
The Data Retention Directive: recent developments
blogzilla
 
Introduction privacy and drones130902.pptx (alleen lezen)
Introduction privacy and drones130902.pptx (alleen lezen)Introduction privacy and drones130902.pptx (alleen lezen)
Introduction privacy and drones130902.pptx (alleen lezen)
schermerbw
 
Rtia'05 an introduction
Rtia'05 an introductionRtia'05 an introduction
Rtia'05 an introduction
Bhim Thatal
 
Clyrofor popia readiness webinar
Clyrofor popia readiness webinarClyrofor popia readiness webinar
Clyrofor popia readiness webinar
Lesedi Mnisi
 
The Promotion of Access to Information Act for South African Journalists
The Promotion of Access to Information Act for South African JournalistsThe Promotion of Access to Information Act for South African Journalists
The Promotion of Access to Information Act for South African Journalists
Gabriella Razzano
 
Worldwide Laws Privacy Presentation 2006
Worldwide Laws Privacy Presentation 2006Worldwide Laws Privacy Presentation 2006
Worldwide Laws Privacy Presentation 2006
Kimberly Verska
 
GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017
CloudWATCH Consortium
 
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...
AltheimPrivacy
 
Cross Border Privacy : Intellectual Property Issues
Cross Border Privacy : Intellectual Property IssuesCross Border Privacy : Intellectual Property Issues
Cross Border Privacy : Intellectual Property Issues
Karl Larson
 
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...
AltheimPrivacy
 
Protection of Personal Information
Protection of Personal InformationProtection of Personal Information
Protection of Personal Information
Francois Naude Jr.
 
Philippine Data Privacy Act of 2012 (RA 10173)
Philippine Data Privacy Act of 2012 (RA 10173)Philippine Data Privacy Act of 2012 (RA 10173)
Philippine Data Privacy Act of 2012 (RA 10173)
Kirk Go
 
CEU DPA
CEU DPACEU DPA
CEU DPA
BERBERGRACEMARJORIE
 
The Right to be Forgotten - It's About Time, or is it? (CPDP2014)
The Right to be Forgotten - It's About Time, or is it? (CPDP2014)The Right to be Forgotten - It's About Time, or is it? (CPDP2014)
The Right to be Forgotten - It's About Time, or is it? (CPDP2014)
Jausloos
 
Internet user's rights and fundamental freedoms day
Internet user's rights and fundamental freedoms dayInternet user's rights and fundamental freedoms day
Internet user's rights and fundamental freedoms day
moldovaictsummit2016
 
Right to be forgotten presentation
Right to be forgotten presentationRight to be forgotten presentation
Right to be forgotten presentation
reporter1120
 
Data privacy act of 2012 presentation
Data privacy act of 2012 presentationData privacy act of 2012 presentation
Data privacy act of 2012 presentation
Kittelson & Carpo Consulting
 
Data Privacy Act of 2012 (R.A. 10173) Briefing 2017
Data Privacy Act of 2012 (R.A. 10173) Briefing 2017Data Privacy Act of 2012 (R.A. 10173) Briefing 2017
Data Privacy Act of 2012 (R.A. 10173) Briefing 2017
Jay Castillo
 
LOPD - Spanish ethical and legal issues in the context of an international IC...
LOPD - Spanish ethical and legal issues in the context of an international IC...LOPD - Spanish ethical and legal issues in the context of an international IC...
LOPD - Spanish ethical and legal issues in the context of an international IC...
Natalia Monllor
 
Things to know about GDPR in 2018
Things to know about GDPR in 2018Things to know about GDPR in 2018
Things to know about GDPR in 2018
Webkul Software Pvt. Ltd.
 
Data Privacy Act in the Philippines
Data Privacy Act in the PhilippinesData Privacy Act in the Philippines
Data Privacy Act in the Philippines
Shirley Ingles-Cruz
 
DPOs in the public sector, May 2018, Birmingham
DPOs in the public sector, May 2018, BirminghamDPOs in the public sector, May 2018, Birmingham
DPOs in the public sector, May 2018, Birmingham
Browne Jacobson LLP
 
The Right to Be Forgotten: Remarks on Its Impact on Free Speech and Right of ...
The Right to Be Forgotten: Remarks on Its Impact on Free Speech and Right of ...The Right to Be Forgotten: Remarks on Its Impact on Free Speech and Right of ...
The Right to Be Forgotten: Remarks on Its Impact on Free Speech and Right of ...
Kinfe Micheal Yilma
 
Leg4
Leg4 Leg4
Leg4
brock55
 
Introduction to Information Policy
Introduction to Information PolicyIntroduction to Information Policy
Introduction to Information Policy
Niamh Headon
 
Is Pandemia a Good Reason to Give Up on Privacy
Is Pandemia a Good Reason to Give Up on PrivacyIs Pandemia a Good Reason to Give Up on Privacy
Is Pandemia a Good Reason to Give Up on Privacy
Giovanni Maria Riccio
 
Dataprotectionpackage 2015pptx
Dataprotectionpackage 2015pptxDataprotectionpackage 2015pptx
Dataprotectionpackage 2015pptx
Marco Gioanola
 
FOI Executive Order (Freedom of Information)
FOI Executive Order (Freedom of Information) FOI Executive Order (Freedom of Information)
FOI Executive Order (Freedom of Information)
Philippine Press Institute
 
Andrea Martin
Andrea MartinAndrea Martin
Andrea Martin
dri_ireland
 
Mary Muldowney
Mary MuldowneyMary Muldowney
Mary Muldowney
dri_ireland
 

More Related Content

What's hot

The Right to be Forgotten - It's About Time, or is it? (CPDP2014)
The Right to be Forgotten - It's About Time, or is it? (CPDP2014)The Right to be Forgotten - It's About Time, or is it? (CPDP2014)
The Right to be Forgotten - It's About Time, or is it? (CPDP2014)
Jausloos
 
Right to be forgotten presentation
Right to be forgotten presentationRight to be forgotten presentation
Right to be forgotten presentation
reporter1120
 
The Right to Be Forgotten: Remarks on Its Impact on Free Speech and Right of ...
The Right to Be Forgotten: Remarks on Its Impact on Free Speech and Right of ...The Right to Be Forgotten: Remarks on Its Impact on Free Speech and Right of ...
The Right to Be Forgotten: Remarks on Its Impact on Free Speech and Right of ...
Kinfe Micheal Yilma
 

What's hot (20)

Cross Border Privacy : Intellectual Property Issues
Cross Border Privacy : Intellectual Property IssuesCross Border Privacy : Intellectual Property Issues
Cross Border Privacy : Intellectual Property Issues
 
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...
 
Protection of Personal Information
Protection of Personal InformationProtection of Personal Information
Protection of Personal Information
 
Philippine Data Privacy Act of 2012 (RA 10173)
Philippine Data Privacy Act of 2012 (RA 10173)Philippine Data Privacy Act of 2012 (RA 10173)
Philippine Data Privacy Act of 2012 (RA 10173)
 
CEU DPA
CEU DPACEU DPA
CEU DPA
 
The Right to be Forgotten - It's About Time, or is it? (CPDP2014)
The Right to be Forgotten - It's About Time, or is it? (CPDP2014)The Right to be Forgotten - It's About Time, or is it? (CPDP2014)
The Right to be Forgotten - It's About Time, or is it? (CPDP2014)
 
Internet user's rights and fundamental freedoms day
Internet user's rights and fundamental freedoms dayInternet user's rights and fundamental freedoms day
Internet user's rights and fundamental freedoms day
 
Right to be forgotten presentation
Right to be forgotten presentationRight to be forgotten presentation
Right to be forgotten presentation
 
Data privacy act of 2012 presentation
Data privacy act of 2012 presentationData privacy act of 2012 presentation
Data privacy act of 2012 presentation
 
Data Privacy Act of 2012 (R.A. 10173) Briefing 2017
Data Privacy Act of 2012 (R.A. 10173) Briefing 2017Data Privacy Act of 2012 (R.A. 10173) Briefing 2017
Data Privacy Act of 2012 (R.A. 10173) Briefing 2017
 
LOPD - Spanish ethical and legal issues in the context of an international IC...
LOPD - Spanish ethical and legal issues in the context of an international IC...LOPD - Spanish ethical and legal issues in the context of an international IC...
LOPD - Spanish ethical and legal issues in the context of an international IC...
 
Things to know about GDPR in 2018
Things to know about GDPR in 2018Things to know about GDPR in 2018
Things to know about GDPR in 2018
 
Data Privacy Act in the Philippines
Data Privacy Act in the PhilippinesData Privacy Act in the Philippines
Data Privacy Act in the Philippines
 
DPOs in the public sector, May 2018, Birmingham
DPOs in the public sector, May 2018, BirminghamDPOs in the public sector, May 2018, Birmingham
DPOs in the public sector, May 2018, Birmingham
 
The Right to Be Forgotten: Remarks on Its Impact on Free Speech and Right of ...
The Right to Be Forgotten: Remarks on Its Impact on Free Speech and Right of ...The Right to Be Forgotten: Remarks on Its Impact on Free Speech and Right of ...
The Right to Be Forgotten: Remarks on Its Impact on Free Speech and Right of ...
 
Leg4
Leg4 Leg4
Leg4
 
Introduction to Information Policy
Introduction to Information PolicyIntroduction to Information Policy
Introduction to Information Policy
 
Is Pandemia a Good Reason to Give Up on Privacy
Is Pandemia a Good Reason to Give Up on PrivacyIs Pandemia a Good Reason to Give Up on Privacy
Is Pandemia a Good Reason to Give Up on Privacy
 
Dataprotectionpackage 2015pptx
Dataprotectionpackage 2015pptxDataprotectionpackage 2015pptx
Dataprotectionpackage 2015pptx
 
FOI Executive Order (Freedom of Information)
FOI Executive Order (Freedom of Information) FOI Executive Order (Freedom of Information)
FOI Executive Order (Freedom of Information)
 

Viewers also liked

Viewers also liked (6)

Andrea Martin
Andrea MartinAndrea Martin
Andrea Martin
 
Mary Muldowney
Mary MuldowneyMary Muldowney
Mary Muldowney
 
EduCloud Summer School 2012: Dell presentation
EduCloud Summer School 2012: Dell presentationEduCloud Summer School 2012: Dell presentation
EduCloud Summer School 2012: Dell presentation
 
Gli Open data e il ruolo dell'informatico - Normativa vigente a confronto
Gli Open data e il ruolo dell'informatico - Normativa vigente a confrontoGli Open data e il ruolo dell'informatico - Normativa vigente a confronto
Gli Open data e il ruolo dell'informatico - Normativa vigente a confronto
 
Eoin O' Dell
Eoin O' DellEoin O' Dell
Eoin O' Dell
 
EMC World 2016 - cnaITL.04 Open Source has changed how you run Infrastructure
EMC World 2016 - cnaITL.04 Open Source has changed how you run InfrastructureEMC World 2016 - cnaITL.04 Open Source has changed how you run Infrastructure
EMC World 2016 - cnaITL.04 Open Source has changed how you run Infrastructure
 

Similar to Gary Davis

Data protection-training
Data protection-trainingData protection-training
Data protection-training
James Wright
 
Anne Cameron - An Introduction to the Data Protection Act for Researchers
Anne Cameron - An Introduction to the Data Protection Act for ResearchersAnne Cameron - An Introduction to the Data Protection Act for Researchers
Anne Cameron - An Introduction to the Data Protection Act for Researchers
kclcompbio
 

Similar to Gary Davis (20)

Browne Jacobson - Administrative and public law - October 2017
Browne Jacobson - Administrative and public law - October 2017Browne Jacobson - Administrative and public law - October 2017
Browne Jacobson - Administrative and public law - October 2017
 
Privacy and Data Protection in South Africa
Privacy and Data Protection in South AfricaPrivacy and Data Protection in South Africa
Privacy and Data Protection in South Africa
 
Personal data: Legal Issues in Research Data Collection and Sharing by EUDAT ...
Personal data: Legal Issues in Research Data Collection and Sharing by EUDAT ...Personal data: Legal Issues in Research Data Collection and Sharing by EUDAT ...
Personal data: Legal Issues in Research Data Collection and Sharing by EUDAT ...
 
Privacy in simple
Privacy in simplePrivacy in simple
Privacy in simple
 
Overview of the_data_protection-act
Overview of the_data_protection-actOverview of the_data_protection-act
Overview of the_data_protection-act
 
Data protection-training
Data protection-trainingData protection-training
Data protection-training
 
GDPR and Copyright Law
GDPR and Copyright LawGDPR and Copyright Law
GDPR and Copyright Law
 
Anne Cameron - An Introduction to the Data Protection Act for Researchers
Anne Cameron - An Introduction to the Data Protection Act for ResearchersAnne Cameron - An Introduction to the Data Protection Act for Researchers
Anne Cameron - An Introduction to the Data Protection Act for Researchers
 
4-Privacy1.pptx
4-Privacy1.pptx4-Privacy1.pptx
4-Privacy1.pptx
 
Hexagon presentation light.pptx
Hexagon presentation light.pptxHexagon presentation light.pptx
Hexagon presentation light.pptx
 
Data Protection & Risk Management
Data Protection & Risk Management Data Protection & Risk Management
Data Protection & Risk Management
 
Data Protection (Download for slideshow)
Data Protection (Download for slideshow)Data Protection (Download for slideshow)
Data Protection (Download for slideshow)
 
ethcpp04-Unit 3.ppt
ethcpp04-Unit 3.pptethcpp04-Unit 3.ppt
ethcpp04-Unit 3.ppt
 
Jamaica's Data Protection Act: Compliance required from the business community
Jamaica's Data Protection Act: Compliance required from the business communityJamaica's Data Protection Act: Compliance required from the business community
Jamaica's Data Protection Act: Compliance required from the business community
 
Data Protection Guide – What are your rights as a citizen?
Data Protection Guide – What are your rights as a citizen?Data Protection Guide – What are your rights as a citizen?
Data Protection Guide – What are your rights as a citizen?
 
ethcpp04-Unit 3.ppt
ethcpp04-Unit 3.pptethcpp04-Unit 3.ppt
ethcpp04-Unit 3.ppt
 
Chapter 08 – Data Protection, Privacy and Freedom of Information - BIT IT5104
Chapter 08 – Data Protection, Privacy and Freedom of Information - BIT IT5104 Chapter 08 – Data Protection, Privacy and Freedom of Information - BIT IT5104
Chapter 08 – Data Protection, Privacy and Freedom of Information - BIT IT5104
 
1º Palestra sobre Proteção de Dados Pessoais
1º Palestra sobre Proteção de Dados Pessoais1º Palestra sobre Proteção de Dados Pessoais
1º Palestra sobre Proteção de Dados Pessoais
 
Introduction to GDPR
Introduction to GDPRIntroduction to GDPR
Introduction to GDPR
 
Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17
 

More from dri_ireland

NORFest 2023: Early Career Researcher Panel on Research Assessment
NORFest 2023: Early Career Researcher Panel on Research AssessmentNORFest 2023: Early Career Researcher Panel on Research Assessment
NORFest 2023: Early Career Researcher Panel on Research Assessment
dri_ireland
 
The Archiving Reproductive Health project as a FAIR data resource for humanit...
The Archiving Reproductive Health project as a FAIR data resource for humanit...The Archiving Reproductive Health project as a FAIR data resource for humanit...
The Archiving Reproductive Health project as a FAIR data resource for humanit...
dri_ireland
 
Mapping Memories: Participatory Media, Place-Based Stories, Refugee Youth
Mapping Memories: Participatory Media, Place-Based Stories, Refugee YouthMapping Memories: Participatory Media, Place-Based Stories, Refugee Youth
Mapping Memories: Participatory Media, Place-Based Stories, Refugee Youth
dri_ireland
 
Supporting Activists to Preserve Video Documentation
Supporting Activists to Preserve Video Documentation Supporting Activists to Preserve Video Documentation
Supporting Activists to Preserve Video Documentation
dri_ireland
 
Making the Future
Making the FutureMaking the Future
Making the Future
dri_ireland
 

More from dri_ireland (20)

NORFest 2023 Lightning Talks Session Two
NORFest 2023 Lightning Talks Session TwoNORFest 2023 Lightning Talks Session Two
NORFest 2023 Lightning Talks Session Two
 
NORFest 2023: Early Career Researcher Panel on Research Assessment
NORFest 2023: Early Career Researcher Panel on Research AssessmentNORFest 2023: Early Career Researcher Panel on Research Assessment
NORFest 2023: Early Career Researcher Panel on Research Assessment
 
NORFest 2023: National Open Research Fund 2023, Projects Launch
NORFest 2023: National Open Research Fund 2023, Projects LaunchNORFest 2023: National Open Research Fund 2023, Projects Launch
NORFest 2023: National Open Research Fund 2023, Projects Launch
 
NORFest 2023 Lightning Talks Session Three
NORFest 2023 Lightning Talks Session Three NORFest 2023 Lightning Talks Session Three
NORFest 2023 Lightning Talks Session Three
 
NORFest 2023 Lightning Talks Session One
NORFest 2023 Lightning Talks Session OneNORFest 2023 Lightning Talks Session One
NORFest 2023 Lightning Talks Session One
 
NORFest2023 Keynote address: Chelle Gentemann (NASA)
NORFest2023 Keynote address: Chelle Gentemann (NASA)NORFest2023 Keynote address: Chelle Gentemann (NASA)
NORFest2023 Keynote address: Chelle Gentemann (NASA)
 
The Archiving Reproductive Health project as a FAIR data resource for humanit...
The Archiving Reproductive Health project as a FAIR data resource for humanit...The Archiving Reproductive Health project as a FAIR data resource for humanit...
The Archiving Reproductive Health project as a FAIR data resource for humanit...
 
Developing a self-care protocol for working with potentially traumatic data: ...
Developing a self-care protocol for working with potentially traumatic data: ...Developing a self-care protocol for working with potentially traumatic data: ...
Developing a self-care protocol for working with potentially traumatic data: ...
 
An Introduction to the Digital Repository of Ireland
An Introduction to the Digital Repository of Ireland An Introduction to the Digital Repository of Ireland
An Introduction to the Digital Repository of Ireland
 
DRI Copyright and Licencing_UCC_Mar23.pptx
DRI Copyright and Licencing_UCC_Mar23.pptxDRI Copyright and Licencing_UCC_Mar23.pptx
DRI Copyright and Licencing_UCC_Mar23.pptx
 
The Digital Repository of Ireland Digital Preservation and Research Sustainab...
The Digital Repository of Ireland Digital Preservation and Research Sustainab...The Digital Repository of Ireland Digital Preservation and Research Sustainab...
The Digital Repository of Ireland Digital Preservation and Research Sustainab...
 
DRI's role in WorldFAIR: Cultural Heritage / Image Sharing
DRI's role in WorldFAIR: Cultural Heritage / Image SharingDRI's role in WorldFAIR: Cultural Heritage / Image Sharing
DRI's role in WorldFAIR: Cultural Heritage / Image Sharing
 
Introduction to research data management
Introduction to research data managementIntroduction to research data management
Introduction to research data management
 
Archiving Ports, Ports as Archives
Archiving Ports, Ports as ArchivesArchiving Ports, Ports as Archives
Archiving Ports, Ports as Archives
 
Preservation, Access, Discovery
Preservation, Access, DiscoveryPreservation, Access, Discovery
Preservation, Access, Discovery
 
Dublin in the Fingal Archives
Dublin in the Fingal ArchivesDublin in the Fingal Archives
Dublin in the Fingal Archives
 
Dublin Ghost Signs
Dublin Ghost SignsDublin Ghost Signs
Dublin Ghost Signs
 
Mapping Memories: Participatory Media, Place-Based Stories, Refugee Youth
Mapping Memories: Participatory Media, Place-Based Stories, Refugee YouthMapping Memories: Participatory Media, Place-Based Stories, Refugee Youth
Mapping Memories: Participatory Media, Place-Based Stories, Refugee Youth
 
Supporting Activists to Preserve Video Documentation
Supporting Activists to Preserve Video Documentation Supporting Activists to Preserve Video Documentation
Supporting Activists to Preserve Video Documentation
 
Making the Future
Making the FutureMaking the Future
Making the Future
 

Gary Davis

  • 1. Data Protection Considerations Gary Davis Deputy Data Protection Commissioner Realising the Opportunities of Digital Humanities, 24 October, 2012
  • 2. Data Protection – a Fundamental Human Right • Implicit Right to Personal Privacy under Irish Constitution – Article 40.3.1 • Explicit Right to Personal Privacy under Article 8 of 1950 European Convention for the Protection of Human Rights & Fundamental Freedoms [ECHR]  ECHR now indirectly part of Irish law due to ECHR Act 2003 • Explicit Right to Data Protection under EU Treaties – Lisbon Treaty and EU Charter
  • 3. EU Charter of Fundamental Rights: Article 8 • Protection of personal data • 1. Everyone has the right to the protection of personal data concerning him or her. 2. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified. 3. Compliance with these rules shall be subject to control by an independent authority.
  • 4. Lisbon Treaty Article 16 Treaty on the Functioning of the Union • 1. Everyone has the right to the protection of personal data concerning them. • 2. The European Parliament and the Council, acting in accordance with the ordinary legislative procedure, shall lay down the rules relating to the protection of individuals with regard to the processing of personal data by Union institutions, bodies, offices and agencies, and by the Member States when carrying out activities which fall within the scope of Union law, and the rules relating to the free movement of such data. • Compliance with these rules shall be subject to the control of independent authorities.
  • 5. EU & Irish Legislation • Data Protection Directive • Data Protection Acts 95/46/EC  Being updated 1988 & 2003 • Electronic Privacy Directive 2002/58/EC • EC Electronic (as amended by Privacy Regulations 2006/24/EC + 2009/136/EC) 2011 (SI 336/2011)
  • 6. Definitions: Personal Data  “Data relating to a living individual who is or can be identified either from the data or from the data in conjunction with other information that is in, or is likely to come into, the possession of the data controller “ (DP Act, Section 1)  Applies to any data that is processed (includes hosting) using any medium by a legal entity. Therefore paper, computer, network, web, phone, CCTV etc.
  • 7. Definitions - Sensitive Personal Data • Sensitive Personal Data (more protection)  Racial/ethnic origin; political opinions; religious/philosophical beliefs; trade union membership; health; sexual life; criminal record
  • 8. Definitions • Data Controller  a person who controls the contents and use of personal data • Data Processor  A person who processes personal data on behalf of a data controller
  • 9. 1. Accurate • Good business practice • Best achieved at point of collection • Ongoing requirement if intended to be used. • Ask the data subject if needed
  • 10. 2. Non-Disclosure • General rule – no • Main exceptions: disclosure for different  Investigation of crime purpose  Collection of taxes  Security of the State • Exceptions made, to  Protect life & limb balance other interests  Required by Law of society  Intl Relations • Stricter conditions  Consent for sensitive data
  • 11. 2. Non-Disclosure • The Data Controller should have a policy in place to determine how requests for data from third parties are handled. • This policy should be consulted by appropriate staff members
  • 12. DP/FOI Access to Personal Information • DP and FOI Acts reinforce one another in relation to personal access in the public sector • Defending access to personal information as human (DP) and citizen (FOI) right • 3rd Party Access restricted under both Acts • FOI access to personal information should sometimes prevail in the public interest
  • 13. DP and FOI • A right conferred by the Data Protection Act shall not prejudice the exercise of a right conferred by the Freedom of Information Act 1997. • The Commissioner and the Information Commissioner shall, in the performance of their functions, co-operate with and provide assistance to each other (DP Act 2003)
  • 14. 3. Keep secure • Accidental disclosure to third parties, PC in public area, non-secure fax • External-robust encryption, online forms, technical measures • Audit trails, reviews, logs, unusual events • Manual Files
  • 15. 4. Retention Policy • Legal obligations to hold data? • Customer files  Do you need to hold all that data? • Personnel files  Revenue requirement? • Must have policy thought through  Defend retention as necessary for purpose.
  • 16. 4. Retention Policy – Public Bodies • Data protection rights of identifiable persons and obligation to retain data under National Archives Act 1986  Authorisation to dispose of records (s. 7) • Balance between rights of the person and public interest
  • 17. Historical Research (1) • Section 2 and sections 2A and 2B of this Act shall not apply to—  (a) data kept solely for the purpose of historical research, or  (b) other data consisting of archives or departmental records (within the meaning in each case of the National Archives Act 1986), • and the keeping of which complies with such requirements (if any) as may be prescribed for the purpose of safeguarding the fundamental rights and freedoms of data subjects
  • 18. Historical Research (2) • Draft Archives Regulations 2010  Followed public consultation  Security, access as per Data Protection Acts • Departmental records as per National Archives Act  100-year rule
  • 19. 5. Follow Retention Policy • A method appropriate to each organisation to review files • Assign Responsibility • Reporting structure • Delete personal data that is outside terms of policy. • Keep a record of deletions
  • 20. Right of Access • A fundamental rights granted to individuals as a means of granting them control over how their data are processed – transparency • Applies to all manual and electronic records in existence at the time of receipt of an access request – regardless of when the record was created.
  • 21. Right of correction/erasure • Section 6 of the Act • Data Subject makes a written request • Personal data must be:  Corrected, if inaccurate; or  Deleted, if should not be held. • Data Controller has 40 days to respond • No fee
  • 22. Thank You Office of the Data Protection Commissioner Canal House Station Road Portarlington Co Laois Phone: LoCall 1890 252231 057 8684800 Fax: 057 8684757 Email: info@dataprotection.ie Website: www.dataprotection.ie