Data Protection Act:Implications for Monitoring Technologies                David Speakman                Liam Houston    ...
Overview  • Evolution of DPA  • Current Implications  • Future Trends
The Need for Data Protection Laws   Every person has the right to privacy...      – Technology development has given great...
The Need for Data Protection Laws                                          TECHNOLOGICAL INNOVATION                       ...
Development of the DPAThe development of technology required data protectionlegislation:– 1981 - The Organisation for Econ...
Influence of OECD Guidelines on current DPA OECD Guidelines              Data Protection Act 8 key principles             ...
Current Implications:CCTV and Electronic Communications
CCTV– Monitoring 24/7, 365 days a year– Records everything you do, where you do  it, when you do it.– Captures vast amount...
Is CCTV justifiable?• Proper Use of CCTV system   – Must consider what CCTV is being used for   – Acceptable: capturing in...
Is CCTV justifiable?• Transparency   – Information must be provided to data subject prior to recording e.g.     usually a ...
E-Communications• Now in e-communication age - part of our  everyday lives• Process “personal data” – companies subject  t...
E-CommunicationsSecurity Issues:  – Traffic Data  – Cookies  – Location Data
Traffic Data  – Details of calls, texts, emails, Internet use  – Should only be retained for set amount of time    for pay...
Traffic Data     Recall the abuse of “Traffic Data” by the News of the World that                  forced the closure of t...
Cookies• Personal data may not be removed unless  user:  – 1. Informed why cookies are being used  – 2. Has been given his...
Cookies
Location Data• Gives a user‟s geographical location• User must be given:  – Prior consent to location data being processed...
Future Trends:Privacy vs. New TechnologyStrengthening Data Protection LawsFuture Implications
Privacy vs. New Technology• Cutting Edge Technologies – protecting privacy  becoming more difficult• Era of „Big Data‟ – d...
Strengthening Data Protection Laws • European Commission – to reinforce EU data   legislation by 2014      “to put individ...
Future Technologies & Implications• Google Glass   – Will make personal privacy and data protection impossible   – Recordi...
Upcoming SlideShare
Loading in …5
×

Data Protection Act: implications for monitoring technologies

444 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
444
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
12
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Data Protection Act: implications for monitoring technologies

  1. 1. Data Protection Act:Implications for Monitoring Technologies David Speakman Liam Houston Niall Kerrigan March 2013 MSc. Information Systems Management, NUI Galway
  2. 2. Overview • Evolution of DPA • Current Implications • Future Trends
  3. 3. The Need for Data Protection Laws Every person has the right to privacy... – Technology development has given greater potential for gathering and processing of personal data – This data being processed without considering the risks, or worse having data taken from them without realising – Monitoring technology can track where you are, what you do and when you do it at anytime it wishes – “Big Brother” effect. Do you recall the film Enemy of the State? – The world envisioned by George Orwell‟s novel 1984 is now evident, without the correct and enforced legislation, it is easily a possibility.
  4. 4. The Need for Data Protection Laws TECHNOLOGICAL INNOVATION The “Dot Com” boom Increasing popularity First Web Browser in Mobile phones First CCTV system Development of the Google Glass Smart Phone 1965 1973 1992 1997 2001 2014 1949 1980 1988 1994 2003 2018 George Orwell’s novel OECD Guidelines to EU Amendment to Further EU Directive on the DPA Legislation??? Data protection Irish DPA DATA PROTECTION LEGISLATION
  5. 5. Development of the DPAThe development of technology required data protectionlegislation:– 1981 - The Organisation for Economic Co-Ordination and Development provide the EU with a set of guidelines– 1988 – The Irish Government created the Data Protection Act is the first legislation created to monitor data collection– 1995 – The EU Data Protection Directive encourages all member states to adapt a similar approach to Data Protection Laws to allow for legal transborder data flow– 2003 – The Irish Government amend the DPA to align with the EU Directive and increase the rights of the Data Subject
  6. 6. Influence of OECD Guidelines on current DPA OECD Guidelines Data Protection Act 8 key principles Laws to ensure  Lawful obtaining and  Collection Limitation processing of data  Purpose Specification  Data is relevant to its  Use Limitation purpose  Security Safeguards  Security  Data quality  Accuracy  Openness  Availability of data to the  Individual Participation data subject  Accountability  Data is not kept longer than necessary
  7. 7. Current Implications:CCTV and Electronic Communications
  8. 8. CCTV– Monitoring 24/7, 365 days a year– Records everything you do, where you do it, when you do it.– Captures vast amount of “personal data”– Subject to DPA– Act states CCTV must be “adequate, relevant and not excessive” for its purposes– How are CCTV systems justified?
  9. 9. Is CCTV justifiable?• Proper Use of CCTV system – Must consider what CCTV is being used for – Acceptable: capturing intruders damaging/removing goods from premises – Unacceptable: monitoring employees, covert surveillance• Suitable images being recorded – Acceptable: Areas where security issues have arisen prior to CCTV being installed – Unacceptable: Directly at toilet cubicles/urinals
  10. 10. Is CCTV justifiable?• Transparency – Information must be provided to data subject prior to recording e.g. usually a sign at premises entrance• Storage and retention – Retention period must be justifiable, usually one month – Recordings must be kept in restricted, monitored and secure environment – Recordings must be in either tape, still images or disk.• Access Requests – Requests must be made available to data subject – Must identify subject, display date/time/location
  11. 11. E-Communications• Now in e-communication age - part of our everyday lives• Process “personal data” – companies subject to DPA via special rules• Rules in the areas of data breaches, marketing, data retention and data disclosure.• Compliance issued via Privacy Policy• Failure to comply results in severe penalties
  12. 12. E-CommunicationsSecurity Issues: – Traffic Data – Cookies – Location Data
  13. 13. Traffic Data – Details of calls, texts, emails, Internet use – Should only be retained for set amount of time for payment and querying purposes – Restrictions in place for marketing this “traffic data”
  14. 14. Traffic Data Recall the abuse of “Traffic Data” by the News of the World that forced the closure of the newspaper
  15. 15. Cookies• Personal data may not be removed unless user: – 1. Informed why cookies are being used – 2. Has been given his/her consent• The above not applicable where info is required for communication transmission or for info specifically required by the user e.g. shopping cart• Information on cookies should be readily available to users
  16. 16. Cookies
  17. 17. Location Data• Gives a user‟s geographical location• User must be given: – Prior consent to location data being processed – Reasons and duration of processing – Whether data will be processed to a “third party” – Option to withdraw consent
  18. 18. Future Trends:Privacy vs. New TechnologyStrengthening Data Protection LawsFuture Implications
  19. 19. Privacy vs. New Technology• Cutting Edge Technologies – protecting privacy becoming more difficult• Era of „Big Data‟ – detailed info on our every movement• “Personal data” on mobile devices collected and analysed without consent – builds detailed user profiles• “Golden Solution” – Correct Protection of civilian privacy without halting new technological innovation
  20. 20. Strengthening Data Protection Laws • European Commission – to reinforce EU data legislation by 2014 “to put individuals in control of their own personal data”
  21. 21. Future Technologies & Implications• Google Glass – Will make personal privacy and data protection impossible – Recordings will be stored on Google servers• The future of monitoring technology?“It’s inevitable that surveillance drones will be deployedover New York City. Get used to it” -Michael Bloomberg, 2013

×