Privacy andLilian Edwards    care robotsProfessor of E-GovernanceUniversity of StrathclydeWurzburg, November 2011
Introduction: EC dataprotection (DPD 95/46/EC)  Eight Principles (mainly art 6)1. Personal Data shall be processed     la...
   5. Personal data shall not be kept for a longer    time than it is necessary for its purpose.    (“retention”)   6. P...
Key DPD terms   “Data” means information which is being    processed by means of equipment operating    automatically, or...
   “Personal data “ is any information relating to    an identified or identifiable natural person    (data subject); an ...
DP and care robots   Is “personal data” (PD) processed?       Do autonomous care robots process (collect, store        e...
Who is the data controller?   Determines the purposes and means of processing    (“why” and “how”). Can be joint DCs.   ...
Obligations on DCs - 1 1.  Notify with local DPA (art 19). Usually a fine  if not done. Exemption where processing “in  t...
Obligations on DC - 2   Process PD fairly and lawfully (DP Princ 1)-    needs grounds (art 7) – not neccessarily    conse...
Obligations on DC - 3   Sensitive personal data   Eg medical condition/history   Grounds for lawful processing (art 8)...
Other obligations   1. Keep data secure: could involve data stored    locally in robot (?) or remotely on servers or made...
Location surveillance   Special concern?   Do robots collect and store locations of DSs? - yes, said Andrea    (by ref? ...
Upcoming SlideShare
Loading in …5
×

Privacy and care robots

541 views

Published on

Increasing use of robots in domestic and care situations - eg in hospital, to help the aged at home, etc - combined with the likelihood that robots may surveille and record both the humans they aid and the general environment - leads to a need to think about the privacy implications of use of robots as carers or caring aids.

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

Privacy and care robots

  1. 1. Privacy andLilian Edwards care robotsProfessor of E-GovernanceUniversity of StrathclydeWurzburg, November 2011
  2. 2. Introduction: EC dataprotection (DPD 95/46/EC)  Eight Principles (mainly art 6)1. Personal Data shall be processed lawfully and fairly.2. Personal Data shall be obtained for specific, explicit and limited lawful purposes, and shall not be further processed in a manner incompatible with those purposes.3. Personal data shall be adequate, relevant and not excessive in relation to the purpose for which it was processed4. Personal data shall be accurate and kept to date if necessary.
  3. 3.  5. Personal data shall not be kept for a longer time than it is necessary for its purpose. (“retention”) 6. Personal data can only be processed in accordance with the rights of the data subjects (art 12) 7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing (“security”) 8. Restriction on transferring personal data to countries that do not provide adequate data protection (“data exports”).
  4. 4. Key DPD terms “Data” means information which is being processed by means of equipment operating automatically, or is recorded with the intent that it should be processed by this equipment, or is recorded as a part of a relevant manual filing system. “Data controller”: a person or company who determines the purpose and manner of the data processing. Obligations largely fall on DC , not.. “Data processor” is the person who processes the data on behalf of the data controller. SWIFT case. Cloud computing? SNSs? “Data subject” is the person who is the subject of the personal data.
  5. 5.  “Personal data “ is any information relating to an identified or identifiable natural person (data subject); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cul tural or social identity “Sensitive PD” includes racial, ethnic origin of DS (pictures?); data concerning health or sex life. “Processing”, means any operation performed on personal data whether or not by automatic means, inc obtaining, recording, storing, altering, retrievin g, using, disseminating, combining, erasing (etc) information or data on the data subject.
  6. 6. DP and care robots Is “personal data” (PD) processed?  Do autonomous care robots process (collect, store etc) PD relating to identifiable persons (DSs) they care for? eg images taken by sensors; location of DS; symptoms of illness which can be connected to DS?  Apparently - though may not be stored, or not stored locally (is PD anonymised? Unlikely as would not help with learning/memory?)  “Identifiable” – need not require to be tagged with full name of patient  Debate – UK transposition – “data which relate to a living person who can be identified (a) from these data or (b)from these data and other info which is in the possession of or likely to come into possession of, the DC”  Durant v FSA – narrowed def of PD to where DS was the “biographical focus” of the data
  7. 7. Who is the data controller? Determines the purposes and means of processing (“why” and “how”). Can be joint DCs. Data Processor merely processes on behalf of the DC. DC: Programmer of robot? Ie producing co? Tho’ user/owner- leaser (eg care home) might alter parameters. Do they become joint DC? If programming is outsourced by manufacturer, possible for programmer just to be data processor depending on scope of discretion & manfr = DC. Art 29 WP op 1/2010 – data processor is called on to implement the data controllers’ instructions at least with regard to the purposes and the essential means of the processing, tho can decide the “means”; can be clarified by contract, though this not always decisive, depends on actual facts
  8. 8. Obligations on DCs - 1 1. Notify with local DPA (art 19). Usually a fine if not done. Exemption where processing “in the course of a purely personal or household activity” (? Care at home? Cf in care home?) Only have to notify types of data collected – not actual data. Jurisdiction re foreign robot supplier? See Art 4 – “establishment” or “equipment” used to process PD in EU
  9. 9. Obligations on DC - 2 Process PD fairly and lawfully (DP Princ 1)- needs grounds (art 7) – not neccessarily consent  eg “processing is necc for performance of the contract to which DS is party” (who made the contract?? Incapax – DS? Guardian?)  “necessary for compliance with a legal obligation on DC” (what obligations do care homes/ hospitals have?)  “necessary in order to protect vital interests of DS” – generally applied only when DS and no one else able to give consent  “unambiguous consent of DS” – in contract for robot?
  10. 10. Obligations on DC - 3 Sensitive personal data Eg medical condition/history Grounds for lawful processing (art 8) Tighter – “explicit consent” – in practice, little different though should watch out for vague oKs to blanket monitoring “necc for vital interests” + explicit DS must be unable to give consent physically/legally But note: art 8(3) special rules apply for “preventive medicine, med diagnosis, provision of care or treatment” in each EU state
  11. 11. Other obligations 1. Keep data secure: could involve data stored locally in robot (?) or remotely on servers or made available to data processors (DC is resp for D Processor’s security + DP confidentiality req’t– art 16). Needs password control; encryption of data?; possibility of hacks/malware? 2. Not retain data longer than necessary for purposes. Could data be anonymised after used by robot to “learn”? 3. Allow subject access rights, including rectifying errors 4. Not export PD to non-adequate non-EU states. Data in the cloud? Remedies – consent by DS ; specify no non EU server storage/processing.
  12. 12. Location surveillance Special concern? Do robots collect and store locations of DSs? - yes, said Andrea (by ref? by image? Tagged to unique ID?) Special EU rules in E-Privacy Directive re location data collected by mobile phones. Art 2(h) “data processed in an electronic communications network or by an electronic communications service indicating the geographic position of the terminal equipment of a To collect or process this data needs consent of the user (art 9) after info given on purposes of collection. Clearly not applicable. Cf images collected by CCTV or G. Street View – regulated only as PD (if at all) not as “location data”. Is this acceptable? What if locations of DSs who have not given consent (or equiv) are collected? UK (Durant case) might see such data as not personal as person was not the “focus” of the data collection – cf CCTV.

×