SlideShare a Scribd company logo

data privacy

Prof. Jacques Folon (Ph.D)
Prof. Jacques Folon (Ph.D)

lecture given at ESC Rennes

Education
1 of 138
Download to read offline
DATA PRIVACY  Jacques  Folon   www.folon.com   Partner  Edge  Consulting   Maître  de  conférences     Université  de  Liège     Chargé  de  cours     ICHEC  Brussels     Professeur  invité     Université  de  Lorraine   ESC  Rennes   IACE  Tunis     IAM  OUagadougou   http://www.nyls.edu/institute_for_information_law_and_policy/conferences/visualizing_law_in_the_digital_age/
All presentation and resources are available on WWW.FOLON.COM (cours)
Follow me on scoop.it for the latest news on data privacy and security http://www.scoop.it/t/management-2-entreprise-2-0
http://www.jerichotechnology.com/wp-content/uploads/2012/05/SocialMediaisChangingtheWorld.jpg
some recent facts & figures 24 présentation sur http://fr.slideshare.net/mediaventilo/50-chiffres-social-media-pour-2013-16005329?ref=http://altaide.typepad.com/jacques_froissant_altade/networking_rseaux_sociaux/ SOURCE
privacy ????? 12 http://www.fieldhousemedia.net/wp-content/uploads/2013/03/fb-privacy.jpg
Average number of Facebook « friends » in France: 170 30
14 http://1.bp.blogspot.com/-NqwjuQRm3Co/UCauELKozrI/AAAAAAAACuQ/MoBpRZVrZj4/s1600/Party-Raccoon-Get-Friends-Drunk-Upload-Facebook.jpg
The person who took the photo is a real friend 15 http://cdn.motinetwork.net/motifake.com/image/demotivational-poster/1202/reality-drunk-reality-fail-drunkchicks-partyfail-demotivational-posters-1330113345.jpg
privacy and graph search ?
17
18
19
20
From Big Brother to Big Other
http://fr.slideshare.net/bodyspacesociety/casilli-privacyehess-2012def Antonio Casili • Importance of T&C • Everybody speaks • mutual surveillance • Lateral surveillance
geolocalisation http://upload.wikimedia.org/wikipedia/commons/thumb/9/99/Geolocalisation_GPS_SAT.png/267px-Geolocalisation_GPS_SAT.png
data collection 1
27
Interactions controlled by citizens in the Information Society http://ipts.jrc.ec.europa.eu/home/report/english/articles/vol79/ICT1E796.htm
Interactions NOT controlled by citizens in the Information Society http://ipts.jrc.ec.europa.eu/home/report/english/articles/vol79/ICT1E796.htm
some definitions
'personal data' shall mean any information relating to an identified or identifiable natural person ('data subject'); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity
'processing of personal data' ('processing') shall mean any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction
personal data filing system' ('filing system') shall mean any structured set of personal data which are accessible according to specific criteria, whether centralized, decentralized or dispersed on a functional or geographical basis
121 controller shall mean the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by national or Community laws or regulations, the controller or the specific criteria for his nomination may be designated by national or Community law;
36 'the data subject's consent' shall mean any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed
37 Member States shall provide that personal data must be: (a) processed fairly and lawfully; (b) collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes. Further processing of data for historical, statistical or scientific purposes shall not be considered as incompatible provided that Member States provide appropriate safeguards; (c) adequate, relevant and not excessive in relation to the purposes for which they are collected and/or further processed; (d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that data which are inaccurate or incomplete, having regard to the purposes for which they were collected or for which they are further processed, are erased or rectified; (e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data were collected or for which they are further processed. Member States shall lay down appropriate safeguards for personal data stored for longer periods for historical, statistical or scientific use.
38 Member States shall provide that personal data may be processed only if: (a) the data subject has unambiguously given his consent; or (b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; or (c) processing is necessary for compliance with a legal obligation to which the controller is subject; or (d) processing is necessary in order to protect the vital interests of the data subject; or (e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or in a third party to whom the data are disclosed
39 Member States shall prohibit the processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of data concerning health or sex life
125 Member States shall provide that the controller or his representative must provide a data subject from whom data relating to himself are collected with at least the following information, except where he already has it: (a) the identity of the controller and of his representative, if any; (b) the purposes of the processing for which the data are intended; (c) any further information such as - the recipients or categories of recipients of the data, - whether replies to the questions are obligatory or voluntary, as well as the possible consequences of failure to reply, - the existence of the right of access to and the right to rectify the data concerning him in so far as such further information is necessary, having regard to the specific circumstances in which the data are collected, to guarantee fair processing in respect of the data subject
41 Right of access Member States shall guarantee every data subject the right to obtain from the controller: (a) without constraint at reasonable intervals and without excessive delay or expense: - confirmation as to whether or not data relating to him are being processed and information at least as to the purposes of the processing, the categories of data concerned, and the recipients or categories of recipients to whom the data are disclosed, - communication to him in an intelligible form of the data undergoing processing and of any available information as to their source, - knowledge of the logic involved in any automatic processing of data concerning him at least in the case of the automated decisions referred to in Article 15 (1); (b) as appropriate the rectification, erasure or blocking of data the processing of which does not comply with the provisions of this Directive, in particular because of the incomplete or inaccurate nature of the data; (c) notification to third parties to whom the data have been disclosed of any rectification, erasure or blocking carried out in compliance with (b), unless this proves impossible or involves a disproportionate effort
OPT IN
43
Coockies
international transfer
Sub contractor
Sub-contractor 129 The Member States shall provide that the controller must, where processing is carried out on his behalf, choose a processor providing sufficient guarantees in respect of the technical security measures and organizational measures governing the processing to be carried out, and must ensure compliance with those measures
48 The carrying out of processing by way of a processor must be governed by a contract or legal act binding the processor to the controller and stipulating in particular that: - the processor shall act only on instructions from the controller, - the obligations as defined by the law of the Member State in which the processor is established, shall also be incumbent on the processor
INTERNAL TRAININGS
SECURITY SOURCE DE L’IMAGE: http://www.techzim.co.zw/2010/05/why-organisations-should-worry-about-security-2/
Source : https://www.britestream.com/difference.html.
Everything must be transparent
Article 16 Confidentiality of processing Any person acting under the authority of the controller or of the processor, including the processor himself, who has access to personal data must not process them except on instructions from the controller, unless he is required to do so by law
Member States shall provide that the controller must implement appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing. Having regard to the state of the art and the cost of their implementation, such measures shall ensure a level of security appropriate to the risks represented by the processing and the nature of the data to be protected.
86 SECURITY IS A LEGAL OBLIGATION
What your boss thinks...
Employees share (too) many information and also with third parties
Where do one steal data? •Banks •Hospitals •Ministries •Police •Newspapers •Telecoms •... Which devices are stolen? •USB •Laptops •Hard disks •Papers •Binders •Cars
63 RESTITUTIONS
QUE SAVENT-ILS ??
63
154 Source de l’image : http://ediscoverytimes.com/?p=46
LA LOI SUR LA PROTECTION DES DONNES PERSONNELLES IMPOSE UNE SECURITE INFORMATIQUE !
48
GOOD QUESTION ?
4 By giving people the power to share, we're making the world more transparent. The question isn't, 'What do we want to know about people?', It's, 'What do people want to tell about themselves?' Data privacy is outdated ! Mark Zuckerberg If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place. Eric Schmidt
PRIVACYVS SOCIAL NETWORKS https://encrypted-tbn2.gstatic.com/images?q=tbn:ANd9GcQgeY4ij8U4o1eCuVJ8Hh3NlI3RAgL9LjongyCJFshI5nLRZQZ5Bg
1
1 Privacy statement confusion • 53% of consumers consider that a privacy statement means that data will never be sell or give • 43% only have read a privacy statement • 45% only use different email addresses • 33% changed passwords regularly • 71% decide not to register or purchase due to a request of unneeded information • 41% provide fake info 112 Source: TRUSTe survey
http://www.psl.cs.columbia.edu/classes/cs6125-s11/presentations/2011/Presentation_Joyce_Chen.ppthy don’t we read privacy policies
http://www.psl.cs.columbia.edu/classes/cs6125-s11/presentations/2011/Presentation_Joyce_Chen.ppthy don’t we read privacy policies
80SOURCE: http://mattmckeon.com/facebook-privacy/
81
82
83
84
85
86
87 http://e1evation.com/2010/05/06/growth-of-facebook-privacy-events/
88 http://blogs.iq.harvard.edu/netgov/2010/05/facebook_privacy_policy.html
Evaluation and Comparison of Privacy Policies-Accessibility/User-Friendliness Facebook Foursquare Google Buzz LinkedIn Twitter Number of words 5860 words 2,436 words 1,094 words 5,650 words 1,287 words Comparison to average Privacy Policy (based on 2,462 words) Above average Below average (but very close to the average) Below Average Above average Below average Amount of time it takes one to read (based on an average person reading speed--244 words /minute) Approx. 24 minutes Approx. 10 minutes Approx. 5 minutes Approx. 23 minutes Approx. 5 minutes Direct link to its actual privacy policy from the index page No Yes Yes Yes Yes Availability in languages other than English Yes Yes Yes Yes Yes Detailed explanation of privacy control/protection Yes Yes Yes No No Trust E-Verified Yes No No Yes No Linking and/or mentioning to U.S. Dept. of Commerce “Safe Harbor Privacy Principles” Yes No Yes Yes No Availability of contact information in case of questions Yes Yes No Yes Yes Coverage of kids privacy Yes Yes No Yes Yes Containing the clause that it reserves the right to change the privacy policy at any time Yes, but users will be notified Yes, but users will be notified http:// www.psl.cs.columbia .edu/classes/cs6125- Yes, but users will be notified of material changes Yes, but users will be notified of material changes http://www.psl.cs.columbia.edu/classes/cs6125-s11/presentations/2011/Presentation_Joyce_Chen.ppthy don’t we read privacy policies
Evaluation and Comparison of Privacy Policies – “Content” Facebook Foursquare Google Buzz LinkedIn Twitter Allowance of an opt- out option Yes Yes Yes Yes Yes Allowance of third- party access to users’ information Yes/No, depending on a user’s sharing setting and the information shared Yes Yes Yes Yes Discussion of the usage of cookie or tracking tools Yes Yes Not specified; but Google states that it records users’ use of their products Yes Yes Explicit statement of what type of information they share with third- parties Yes Yes Yes Yes Yes Sharing of users’ location data Yes Yes Yes Unclear; not mentioned in the Privacy Policy Yes http://www.psl.cs.columbia.edu/classes/cs6125-s11/presentations/2011/Presentation_Joyce_Chen.ppthy don’t we read privacy policies
Evaluation and Comparison of Account Creation Process Facebook Foursquare Google Buzz LinkedIn Twitter Number of fields required during the initial account creation 9 10 Zero if you have a Gmail account 4 6 Details that are required for a user to create an account First name, last name, email, password, gender, birthday First name, last name, password, email, phone, location, gender, birthday, photo None if you have a Gmail account First name, last name, email, password First name, username, password, email, “let others find me by my email,” “I want the inside scoop” Availability of explanation on required information Yes Yes Information on how Google Buzz works is available No Yes, actually includes the entire Terms of Service in a Text area box http://www.psl.cs.columbia.edu/classes/cs6125-s11/presentations/2011/Presentation_Joyce_Chen.ppthy don’t we read privacy policies
DATA PRIVACY & THE EMPLOYER 45http://i.telegraph.co.uk/multimedia/archive/02183/computer-cctv_2183286b.jpg
SO CALLED HIDDEN COSTS 46 http://www.theatlantic.com/technology/archive/2011/09/estimating-the-damage-to-the-us-economy-caused-by-angry-birds/244972/
RECRUITMENT IN 1980 71http://img.over-blog.com/600x311/3/35/60/49/Le-Recrutement-2.0.png
2000 72http://img.over-blog.com/600x311/3/35/60/49/Le-Recrutement-2.0.png
Recruitement 2.0 73http://img.over-blog.com/600x311/3/35/60/49/Le-Recrutement-2.0.png
E-recruitment 74 http://altaide.typepad.com/.a/6a00d83451e4be69e2015393d67f60970b-500wi
IAM
RISKS SOURCE DE L’IMAGE : http://www.tunisie-news.com/artpublic/auteurs/auteur_4_jaouanebrahim.html
Source: The Risks of Social Networking IT Security Roundtable Harvard Townsend
 Chief Information Security Officer Kansas State University
The new head of MI6 has been left exposed by a major personal security breach after his wife published intimate photographs and family details on the Facebook website. Sir John Sawers is due to take over as chief of the Secret Intelligence Service in November, putting him in charge of all Britain's spying operations abroad. But his wife's entries on the social networking site have exposed potentially compromising details about where they live and work, who their friends are and where they spend their holidays. http://www.dailymail.co.uk
Social Media Spam Compromised Facebook account. Victim is now promoting a shady pharmaceutical Source: Social Media: Manage the Security to Manage Your Experience; Ross C. Hughes, U.S. Department of Education
Social Media Phishing To: T V V I T T E R.com Now they will have your username and password Source: Social Media: Manage the Security to Manage Your Experience; Ross C. Hughes, U.S. Department of Education
Social Media Malware Clicking on the links takes you to sites that will infect your computer with malware Source: Social Media: Manage the Security to Manage Your Experience; Ross C. Hughes, U.S. Department of Education
Phishing Sources/ Luc Pooters, Triforensic, 2011
DATA THEFT
Social engineering Sources/ Luc Pooters, Triforensic, 2011
Take my stuff, please! Source: The Risks of Social Networking IT Security Roundtable Harvard Townsend
 Chief Information Security Officer Kansas State University
Law of Unintended Consequences Source: The Risks of Social Networking IT Security Roundtable Harvard Townsend
 Chief Information Security Officer Kansas State University
3rd Party Applications •Games,  quizzes,  cutesie  stuff   •Untested  by  Facebook  –  anyone   can  write  one   •No  Terms  and  Condi=ons  –  you   either  allow  or  you  don’t   •Installa=on  gives  the  developers   rights  to  look  at  your  profile  and   overrides  your  privacy  seFngs! Source: The Risks of Social Networking IT Security Roundtable Harvard Townsend
 Chief Information Security Officer Kansas State University
Right to be forgotten • On 13.05.2014 the European Union Court of Justice backed a ruling called “the right to be forgotten,” which allows individuals to control their data and ask search engines, such as Google, to remove inadequate personal results from the Internet. • However, the decision cannot be interpreted as a “victory” for the protection of the personal data of Europeans, according to privacy experts.
• In 2010 a Spanish citizen lodged a complaint against a Spanish newspaper with the national Data Protection Agency and against Google Spain and Google Inc. • The citizen complained that an auction notice of his repossessed home on Google’s search results infringed his privacy rights because the proceedings concerning him had been fully resolved for a number of years and hence the reference to these was entirely irrelevant. • He requested, first, that the newspaper be required either to remove or alter the pages in question so that the personal data relating to him no longer appeared; • and second, that Google Spain or Google Inc. be required to remove the personal data
• In its ruling of 13 May 2014 the EU Court said : • a)On the territoriality of EU rules: Even if the physical server of a company processing data islocated outside Europe, EU rules apply to search engine operators if they have a branch or a sub sidiary in a Member State which promotes the selling of advertising space offered by the search engine; • b)On the applicability of EU data protection rules to a search engine : Search engines are controllers of personal data. Google can therefore not escape its responsibilities before European lawwhen handling personal data by saying it is a search engine. EU data protection law applies and so does the right to be forgotten. • c) On the “Right to be Forgotten” : Individuals have the right - under certain conditions - to ask search engines to remove links with personal information about them.This applies where the information is inaccurate, inadequate, irrelevant or excessive for the purposes of the data
• At the same time, the Court explicitly clarified that the right to be forgotten is not absolute but will always need to be balanced against other fundamental rights, such as the freedom of expression and of the media
• Right to erasure (future rules?) • 1.The data subject shall have the right to obtain from the controller the erasure of personal data relating to them and the abstention from further dissemination of such data, and to obtain from third parties the erasure of any links to, or copy or replication of that data, where one of the following grounds applies: • (a) the data are no longer necessary in relation to the purposes for which they were collected or otherwise processed • (b) the data subject withdraws consent on which the processing is based according • (c) when the storage period consented to has expired and where there is no other legal ground for the processing of the data
Control by the employer 161SOURCE DE L’IMAGE: http://blog.loadingdata.nl/2011/05/chinese-privacy-protection-to-top-american/
what your boss thinks
BUT…
May the employer control everything?
Who controls what?
Could my employer open my emails? 169
123 CODE OF CONDUCTS
TELEWORKING
Employer’s control 177 http://fr.slideshare.net/olivier/identitenumeriquereseauxsociaux
Big data 182
SOLOMO 184http://www.youngplanneur.fr/wp-content/uploads/2011/06/companies-innovating.jpg
Biometry 186
facial recognition 187
RFID & internet of things 188 http://www.ibmbigdatahub.com/sites/default/files/public_images/IoT.jpg
SECURITY ???
87 “It is not the strongest of the species that survives, nor the most intelligent that survives. It is the one that is the most adaptable to change.” C. Darwin
ANY QUESTIONS ?
data privacy

Recommended

DATA PRIVACY
DATA PRIVACYDATA PRIVACY
DATA PRIVACYProf. Jacques Folon (Ph.D)
 
Regulation (EU) 2016_679_GDPR_Overview_June 2016
Regulation (EU) 2016_679_GDPR_Overview_June 2016Regulation (EU) 2016_679_GDPR_Overview_June 2016
Regulation (EU) 2016_679_GDPR_Overview_June 2016John Greenwood
 
Werksmans presentations on popi
Werksmans presentations on popiWerksmans presentations on popi
Werksmans presentations on popiWerksmans Attorneys
 
Protection of Personal Information
Protection of Personal InformationProtection of Personal Information
Protection of Personal InformationFrancois Naude Jr.
 
Clyrofor popia readiness webinar
Clyrofor popia readiness webinarClyrofor popia readiness webinar
Clyrofor popia readiness webinarLesedi Mnisi
 
Data Privacy Act of 2012 (R.A. 10173) Briefing 2017
Data Privacy Act of 2012 (R.A. 10173) Briefing 2017Data Privacy Act of 2012 (R.A. 10173) Briefing 2017
Data Privacy Act of 2012 (R.A. 10173) Briefing 2017Jay Castillo
 
Popi act presentation
Popi act presentationPopi act presentation
Popi act presentationKholisile Mazaza
 
FOI Executive Order (Freedom of Information)
FOI Executive Order (Freedom of Information) FOI Executive Order (Freedom of Information)
FOI Executive Order (Freedom of Information) Philippine Press Institute
 

Recommended

DATA PRIVACY
DATA PRIVACYDATA PRIVACY
DATA PRIVACYProf. Jacques Folon (Ph.D)
 
Regulation (EU) 2016_679_GDPR_Overview_June 2016
Regulation (EU) 2016_679_GDPR_Overview_June 2016Regulation (EU) 2016_679_GDPR_Overview_June 2016
Regulation (EU) 2016_679_GDPR_Overview_June 2016John Greenwood
 
Werksmans presentations on popi
Werksmans presentations on popiWerksmans presentations on popi
Werksmans presentations on popiWerksmans Attorneys
 
Protection of Personal Information
Protection of Personal InformationProtection of Personal Information
Protection of Personal InformationFrancois Naude Jr.
 
Clyrofor popia readiness webinar
Clyrofor popia readiness webinarClyrofor popia readiness webinar
Clyrofor popia readiness webinarLesedi Mnisi
 
Data Privacy Act of 2012 (R.A. 10173) Briefing 2017
Data Privacy Act of 2012 (R.A. 10173) Briefing 2017Data Privacy Act of 2012 (R.A. 10173) Briefing 2017
Data Privacy Act of 2012 (R.A. 10173) Briefing 2017Jay Castillo
 
Popi act presentation
Popi act presentationPopi act presentation
Popi act presentationKholisile Mazaza
 
FOI Executive Order (Freedom of Information)
FOI Executive Order (Freedom of Information) FOI Executive Order (Freedom of Information)
FOI Executive Order (Freedom of Information) Philippine Press Institute
 
Data Privacy Act in the Philippines
Data Privacy Act in the PhilippinesData Privacy Act in the Philippines
Data Privacy Act in the PhilippinesShirley Ingles-Cruz
 
CEU DPA
CEU DPACEU DPA
CEU DPABERBERGRACEMARJORIE
 
Privacy and Data Protection in South Africa
Privacy and Data Protection in South AfricaPrivacy and Data Protection in South Africa
Privacy and Data Protection in South Africablogzilla
 
Crash Course on Data Privacy (December 2012)
Crash Course on Data Privacy (December 2012)Crash Course on Data Privacy (December 2012)
Crash Course on Data Privacy (December 2012)Jason Haislmaier
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection ActYizi
 
The Privacy Advantage 2016 - Wojciech Wiewiorowski
The Privacy Advantage 2016 - Wojciech WiewiorowskiThe Privacy Advantage 2016 - Wojciech Wiewiorowski
The Privacy Advantage 2016 - Wojciech WiewiorowskiKrowdthink
 
The Privacy Advantage 2016 - Ruth Boardman
The Privacy Advantage 2016 - Ruth BoardmanThe Privacy Advantage 2016 - Ruth Boardman
The Privacy Advantage 2016 - Ruth BoardmanKrowdthink
 
IAB Digital Advertising Guidance : special category data under the gdpr - 2020
IAB Digital Advertising Guidance : special category data under the gdpr - 2020IAB Digital Advertising Guidance : special category data under the gdpr - 2020
IAB Digital Advertising Guidance : special category data under the gdpr - 2020Fullstaak
 
POPI
POPI POPI
POPI POPI ACT Protection of Personal Info
 
The Popi Act 4 of 2013 - Implications for iSCM
The Popi Act 4 of 2013 - Implications for iSCMThe Popi Act 4 of 2013 - Implications for iSCM
The Popi Act 4 of 2013 - Implications for iSCMMyron Duncan Burton Betshanger
 
FOI reply from MoJ regarding meetings between Grayling and BFG representatives
FOI reply from MoJ regarding meetings between Grayling and BFG representativesFOI reply from MoJ regarding meetings between Grayling and BFG representatives
FOI reply from MoJ regarding meetings between Grayling and BFG representativesbjknight
 
Put your left leg in, put your left leg out: the exclusions and exemptions of...
Put your left leg in, put your left leg out: the exclusions and exemptions of...Put your left leg in, put your left leg out: the exclusions and exemptions of...
Put your left leg in, put your left leg out: the exclusions and exemptions of...Werksmans Attorneys
 
Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Werksmans Attorneys
 
GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017CloudWATCH Consortium
 
The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013Myron Duncan Burton Betshanger
 
Data Protection Guide – What are your rights as a citizen?
Data Protection Guide – What are your rights as a citizen?Data Protection Guide – What are your rights as a citizen?
Data Protection Guide – What are your rights as a citizen?Edouard Nguyen
 
Factsheet data protection and Right to be Forgotten
Factsheet data protection and Right to be ForgottenFactsheet data protection and Right to be Forgotten
Factsheet data protection and Right to be ForgottenEdouard Nguyen
 
M.Marusic Dzlp E Society En
M.Marusic Dzlp E Society EnM.Marusic Dzlp E Society En
M.Marusic Dzlp E Society EnMetamorphosis
 
Réseaux sociaux d'entreprises
Réseaux sociaux d'entreprisesRéseaux sociaux d'entreprises
Réseaux sociaux d'entreprisesProf. Jacques Folon (Ph.D)
 
Aggregating to Inform
Aggregating to InformAggregating to Inform
Aggregating to InformMontana State University
 
Eu code of online rights
Eu code of online rightsEu code of online rights
Eu code of online rightsProf. Jacques Folon (Ph.D)
 
SDFire07
SDFire07SDFire07
SDFire07Montana State University
 

More Related Content

What's hot

Data Privacy Act in the Philippines
Data Privacy Act in the PhilippinesData Privacy Act in the Philippines
Data Privacy Act in the PhilippinesShirley Ingles-Cruz
 
Privacy and Data Protection in South Africa
Privacy and Data Protection in South AfricaPrivacy and Data Protection in South Africa
Privacy and Data Protection in South Africablogzilla
 
Crash Course on Data Privacy (December 2012)
Crash Course on Data Privacy (December 2012)Crash Course on Data Privacy (December 2012)
Crash Course on Data Privacy (December 2012)Jason Haislmaier
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection ActYizi
 
The Privacy Advantage 2016 - Wojciech Wiewiorowski
The Privacy Advantage 2016 - Wojciech WiewiorowskiThe Privacy Advantage 2016 - Wojciech Wiewiorowski
The Privacy Advantage 2016 - Wojciech WiewiorowskiKrowdthink
 
The Privacy Advantage 2016 - Ruth Boardman
The Privacy Advantage 2016 - Ruth BoardmanThe Privacy Advantage 2016 - Ruth Boardman
The Privacy Advantage 2016 - Ruth BoardmanKrowdthink
 
IAB Digital Advertising Guidance : special category data under the gdpr - 2020
IAB Digital Advertising Guidance : special category data under the gdpr - 2020IAB Digital Advertising Guidance : special category data under the gdpr - 2020
IAB Digital Advertising Guidance : special category data under the gdpr - 2020Fullstaak
 
FOI reply from MoJ regarding meetings between Grayling and BFG representatives
FOI reply from MoJ regarding meetings between Grayling and BFG representativesFOI reply from MoJ regarding meetings between Grayling and BFG representatives
FOI reply from MoJ regarding meetings between Grayling and BFG representativesbjknight
 
Put your left leg in, put your left leg out: the exclusions and exemptions of...
Put your left leg in, put your left leg out: the exclusions and exemptions of...Put your left leg in, put your left leg out: the exclusions and exemptions of...
Put your left leg in, put your left leg out: the exclusions and exemptions of...Werksmans Attorneys
 
Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Werksmans Attorneys
 
GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017CloudWATCH Consortium
 
Data Protection Guide – What are your rights as a citizen?
Data Protection Guide – What are your rights as a citizen?Data Protection Guide – What are your rights as a citizen?
Data Protection Guide – What are your rights as a citizen?Edouard Nguyen
 
Factsheet data protection and Right to be Forgotten
Factsheet data protection and Right to be ForgottenFactsheet data protection and Right to be Forgotten
Factsheet data protection and Right to be ForgottenEdouard Nguyen
 
M.Marusic Dzlp E Society En
M.Marusic Dzlp E Society EnM.Marusic Dzlp E Society En
M.Marusic Dzlp E Society EnMetamorphosis
 

What's hot (18)

Data Privacy Act in the Philippines
Data Privacy Act in the PhilippinesData Privacy Act in the Philippines
Data Privacy Act in the Philippines
 
CEU DPA
CEU DPACEU DPA
CEU DPA
 
Privacy and Data Protection in South Africa
Privacy and Data Protection in South AfricaPrivacy and Data Protection in South Africa
Privacy and Data Protection in South Africa
 
Crash Course on Data Privacy (December 2012)
Crash Course on Data Privacy (December 2012)Crash Course on Data Privacy (December 2012)
Crash Course on Data Privacy (December 2012)
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection Act
 
The Privacy Advantage 2016 - Wojciech Wiewiorowski
The Privacy Advantage 2016 - Wojciech WiewiorowskiThe Privacy Advantage 2016 - Wojciech Wiewiorowski
The Privacy Advantage 2016 - Wojciech Wiewiorowski
 
The Privacy Advantage 2016 - Ruth Boardman
The Privacy Advantage 2016 - Ruth BoardmanThe Privacy Advantage 2016 - Ruth Boardman
The Privacy Advantage 2016 - Ruth Boardman
 
IAB Digital Advertising Guidance : special category data under the gdpr - 2020
IAB Digital Advertising Guidance : special category data under the gdpr - 2020IAB Digital Advertising Guidance : special category data under the gdpr - 2020
IAB Digital Advertising Guidance : special category data under the gdpr - 2020
 
POPI
POPI POPI
POPI
 
The Popi Act 4 of 2013 - Implications for iSCM
The Popi Act 4 of 2013 - Implications for iSCMThe Popi Act 4 of 2013 - Implications for iSCM
The Popi Act 4 of 2013 - Implications for iSCM
 
FOI reply from MoJ regarding meetings between Grayling and BFG representatives
FOI reply from MoJ regarding meetings between Grayling and BFG representativesFOI reply from MoJ regarding meetings between Grayling and BFG representatives
FOI reply from MoJ regarding meetings between Grayling and BFG representatives
 
Put your left leg in, put your left leg out: the exclusions and exemptions of...
Put your left leg in, put your left leg out: the exclusions and exemptions of...Put your left leg in, put your left leg out: the exclusions and exemptions of...
Put your left leg in, put your left leg out: the exclusions and exemptions of...
 
Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...
 
GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017
 
The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013
 
Data Protection Guide – What are your rights as a citizen?
Data Protection Guide – What are your rights as a citizen?Data Protection Guide – What are your rights as a citizen?
Data Protection Guide – What are your rights as a citizen?
 
Factsheet data protection and Right to be Forgotten
Factsheet data protection and Right to be ForgottenFactsheet data protection and Right to be Forgotten
Factsheet data protection and Right to be Forgotten
 
M.Marusic Dzlp E Society En
M.Marusic Dzlp E Society EnM.Marusic Dzlp E Society En
M.Marusic Dzlp E Society En
 

Viewers also liked

Challenges for the Library in a Digital Age
Challenges for the Library in a Digital AgeChallenges for the Library in a Digital Age
Challenges for the Library in a Digital AgeMontana State University
 
Campuses as Living Laboratories for a Greener Future
Campuses as Living Laboratories for a Greener FutureCampuses as Living Laboratories for a Greener Future
Campuses as Living Laboratories for a Greener FutureMontana State University
 
Green IT: Creating the Future on Our Campuses
Green IT: Creating the Future on Our CampusesGreen IT: Creating the Future on Our Campuses
Green IT: Creating the Future on Our CampusesMontana State University
 
Wireless Networks and Public Safety: Wildfires in San Diego
Wireless Networks and Public Safety: Wildfires in San DiegoWireless Networks and Public Safety: Wildfires in San Diego
Wireless Networks and Public Safety: Wildfires in San DiegoMontana State University
 
Disruptive Technologies the US House of Rep: A Calit2 Perspective
Disruptive Technologies the US House of Rep: A Calit2 PerspectiveDisruptive Technologies the US House of Rep: A Calit2 Perspective
Disruptive Technologies the US House of Rep: A Calit2 PerspectiveMontana State University
 

Viewers also liked (16)

Réseaux sociaux d'entreprises
Réseaux sociaux d'entreprisesRéseaux sociaux d'entreprises
Réseaux sociaux d'entreprises
 
Aggregating to Inform
Aggregating to InformAggregating to Inform
Aggregating to Inform
 
Eu code of online rights
Eu code of online rightsEu code of online rights
Eu code of online rights
 
SDFire07
SDFire07SDFire07
SDFire07
 
Calit2 Research Intelligence
Calit2 Research IntelligenceCalit2 Research Intelligence
Calit2 Research Intelligence
 
Challenges for the Library in a Digital Age
Challenges for the Library in a Digital AgeChallenges for the Library in a Digital Age
Challenges for the Library in a Digital Age
 
Campuses as Living Laboratories for a Greener Future
Campuses as Living Laboratories for a Greener FutureCampuses as Living Laboratories for a Greener Future
Campuses as Living Laboratories for a Greener Future
 
Green IT: Creating the Future on Our Campuses
Green IT: Creating the Future on Our CampusesGreen IT: Creating the Future on Our Campuses
Green IT: Creating the Future on Our Campuses
 
Wireless Networks and Public Safety: Wildfires in San Diego
Wireless Networks and Public Safety: Wildfires in San DiegoWireless Networks and Public Safety: Wildfires in San Diego
Wireless Networks and Public Safety: Wildfires in San Diego
 
Introduction au Cloud computing
Introduction au Cloud computingIntroduction au Cloud computing
Introduction au Cloud computing
 
Disruptive Technologies the US House of Rep: A Calit2 Perspective
Disruptive Technologies the US House of Rep: A Calit2 PerspectiveDisruptive Technologies the US House of Rep: A Calit2 Perspective
Disruptive Technologies the US House of Rep: A Calit2 Perspective
 
basic eu lobbying - Corvinus University
basic eu lobbying - Corvinus Universitybasic eu lobbying - Corvinus University
basic eu lobbying - Corvinus University
 
Calit2 Parnter News and Knowledge
Calit2 Parnter News and KnowledgeCalit2 Parnter News and Knowledge
Calit2 Parnter News and Knowledge
 
Challenges to Federal R&D for Science
Challenges to Federal R&D for ScienceChallenges to Federal R&D for Science
Challenges to Federal R&D for Science
 
SemTech2010
SemTech2010SemTech2010
SemTech2010
 
University 2.0
University 2.0University 2.0
University 2.0
 

Similar to data privacy

General Data Protection Regulations (GDPR) Summary
General Data Protection Regulations (GDPR) Summary General Data Protection Regulations (GDPR) Summary
General Data Protection Regulations (GDPR) Summary Compliance3
 
General Data Protection Regulation (GDPR) | Privacy Law in India |
General Data Protection Regulation (GDPR) | Privacy Law in India |General Data Protection Regulation (GDPR) | Privacy Law in India |
General Data Protection Regulation (GDPR) | Privacy Law in India |Bivas Chatterjee
 
GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!Fintan Swanton
 
Overview of the Egyptian Personal Data Protection Law
Overview of the Egyptian Personal Data Protection LawOverview of the Egyptian Personal Data Protection Law
Overview of the Egyptian Personal Data Protection LawFatmaAkram2
 
Intro ataya inauguration event 12 dec 17
Intro ataya inauguration event 12 dec 17Intro ataya inauguration event 12 dec 17
Intro ataya inauguration event 12 dec 17Georges Ataya
 
Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...Werksmans Attorneys
 
Data Privacy - Rights of the Data Subject
Data Privacy - Rights of the Data SubjectData Privacy - Rights of the Data Subject
Data Privacy - Rights of the Data SubjectJDP Consulting
 
Browne Jacobson - Administrative and public law - October 2017
Browne Jacobson - Administrative and public law - October 2017Browne Jacobson - Administrative and public law - October 2017
Browne Jacobson - Administrative and public law - October 2017Browne Jacobson LLP
 
Group 5 Banking Laws Semi Finals.pptx
Group 5 Banking Laws Semi Finals.pptxGroup 5 Banking Laws Semi Finals.pptx
Group 5 Banking Laws Semi Finals.pptxStephenQuijano3
 
"Legal tips and compliance requirements" - Anastasia Botsi, ICT Legal
"Legal tips and compliance requirements" - Anastasia Botsi, ICT Legal"Legal tips and compliance requirements" - Anastasia Botsi, ICT Legal
"Legal tips and compliance requirements" - Anastasia Botsi, ICT LegalCyber Watching
 

Similar to data privacy (20)

Data privacy and digital strategy
Data privacy and digital strategyData privacy and digital strategy
Data privacy and digital strategy
 
Digital law and GDPR
Digital law and GDPRDigital law and GDPR
Digital law and GDPR
 
DATA PRIVACY, CLOUD & PURCHASING DEPARTMENT
DATA PRIVACY, CLOUD & PURCHASING DEPARTMENTDATA PRIVACY, CLOUD & PURCHASING DEPARTMENT
DATA PRIVACY, CLOUD & PURCHASING DEPARTMENT
 
Esc gdpr oct 2018
Esc gdpr oct 2018Esc gdpr oct 2018
Esc gdpr oct 2018
 
GDPR, Data Privacy.
GDPR, Data Privacy.GDPR, Data Privacy.
GDPR, Data Privacy.
 
Ichec dig strat gdpr
Ichec dig strat gdpr Ichec dig strat gdpr
Ichec dig strat gdpr
 
Esc Rennes gdpr oct 2018
Esc Rennes gdpr oct 2018Esc Rennes gdpr oct 2018
Esc Rennes gdpr oct 2018
 
General Data Protection Regulations (GDPR) Summary
General Data Protection Regulations (GDPR) Summary General Data Protection Regulations (GDPR) Summary
General Data Protection Regulations (GDPR) Summary
 
General Data Protection Regulation (GDPR) | Privacy Law in India |
General Data Protection Regulation (GDPR) | Privacy Law in India |General Data Protection Regulation (GDPR) | Privacy Law in India |
General Data Protection Regulation (GDPR) | Privacy Law in India |
 
GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!
 
Overview of the Egyptian Personal Data Protection Law
Overview of the Egyptian Personal Data Protection LawOverview of the Egyptian Personal Data Protection Law
Overview of the Egyptian Personal Data Protection Law
 
EU GDPR (training)
EU GDPR (training) EU GDPR (training)
EU GDPR (training)
 
Intro ataya inauguration event 12 dec 17
Intro ataya inauguration event 12 dec 17Intro ataya inauguration event 12 dec 17
Intro ataya inauguration event 12 dec 17
 
Data Privacy Act of 2012.pptx
Data Privacy Act of 2012.pptxData Privacy Act of 2012.pptx
Data Privacy Act of 2012.pptx
 
Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...
 
Data Privacy - Rights of the Data Subject
Data Privacy - Rights of the Data SubjectData Privacy - Rights of the Data Subject
Data Privacy - Rights of the Data Subject
 
GDPR Summary
GDPR SummaryGDPR Summary
GDPR Summary
 
Browne Jacobson - Administrative and public law - October 2017
Browne Jacobson - Administrative and public law - October 2017Browne Jacobson - Administrative and public law - October 2017
Browne Jacobson - Administrative and public law - October 2017
 
Group 5 Banking Laws Semi Finals.pptx
Group 5 Banking Laws Semi Finals.pptxGroup 5 Banking Laws Semi Finals.pptx
Group 5 Banking Laws Semi Finals.pptx
 
"Legal tips and compliance requirements" - Anastasia Botsi, ICT Legal
"Legal tips and compliance requirements" - Anastasia Botsi, ICT Legal"Legal tips and compliance requirements" - Anastasia Botsi, ICT Legal
"Legal tips and compliance requirements" - Anastasia Botsi, ICT Legal
 

More from Prof. Jacques Folon (Ph.D)

Rh et data DANS LE MONDE APRÈS LE CONFINEMENT
Rh et data DANS LE MONDE APRÈS LE CONFINEMENTRh et data DANS LE MONDE APRÈS LE CONFINEMENT
Rh et data DANS LE MONDE APRÈS LE CONFINEMENTProf. Jacques Folon (Ph.D)
 

More from Prof. Jacques Folon (Ph.D) (20)

Introduction to digital strategy
Introduction to digital strategy Introduction to digital strategy
Introduction to digital strategy
 
Ifc jour 1 dpo
Ifc jour 1 dpoIfc jour 1 dpo
Ifc jour 1 dpo
 
Cpas divers sujets
Cpas divers sujets Cpas divers sujets
Cpas divers sujets
 
Ferrer premier cours octobre 2021
Ferrer premier cours octobre 2021Ferrer premier cours octobre 2021
Ferrer premier cours octobre 2021
 
premier cours saint louis sept 2021
premier cours saint louis sept 2021premier cours saint louis sept 2021
premier cours saint louis sept 2021
 
Cmd premier cours sept 2021
Cmd premier cours sept 2021Cmd premier cours sept 2021
Cmd premier cours sept 2021
 
CPAS ET RGPD : direction et DPO
CPAS ET RGPD : direction et DPO CPAS ET RGPD : direction et DPO
CPAS ET RGPD : direction et DPO
 
le RGPD fossoyeur du marketing digital ?
le RGPD fossoyeur du marketing digital ?le RGPD fossoyeur du marketing digital ?
le RGPD fossoyeur du marketing digital ?
 
Ifc gdpr strat digit mai 2021
Ifc gdpr strat digit mai 2021Ifc gdpr strat digit mai 2021
Ifc gdpr strat digit mai 2021
 
Pandemie et vie privee
Pandemie et vie priveePandemie et vie privee
Pandemie et vie privee
 
GDPR & digital strategy
GDPR & digital strategyGDPR & digital strategy
GDPR & digital strategy
 
Cmd de la stratégie au marketing digital
Cmd de la stratégie au marketing digitalCmd de la stratégie au marketing digital
Cmd de la stratégie au marketing digital
 
Ichec ipr feb 2021
Ichec ipr feb 2021Ichec ipr feb 2021
Ichec ipr feb 2021
 
Strategy for digital business class #1
Strategy for digital business class #1Strategy for digital business class #1
Strategy for digital business class #1
 
E comm et rgpd
E comm et rgpdE comm et rgpd
E comm et rgpd
 
Cmd premier cours
Cmd premier coursCmd premier cours
Cmd premier cours
 
Cmd cours 1
Cmd cours 1Cmd cours 1
Cmd cours 1
 
Le dossier RGPD
Le dossier RGPDLe dossier RGPD
Le dossier RGPD
 
Rh et data DANS LE MONDE APRÈS LE CONFINEMENT
Rh et data DANS LE MONDE APRÈS LE CONFINEMENTRh et data DANS LE MONDE APRÈS LE CONFINEMENT
Rh et data DANS LE MONDE APRÈS LE CONFINEMENT
 
RGPD et stratégie digitale
RGPD et stratégie digitaleRGPD et stratégie digitale
RGPD et stratégie digitale
 

Recently uploaded

internship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerinternship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerunnathinaik
 
Blooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxBlooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxUnboundStockton
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsKarinaGenton
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting DataJhengPantaleon
 
ENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptx
ENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptxENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptx
ENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptxAnaBeatriceAblay2
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,Virag Sontakke
 
Science lesson Moon for 4th quarter lesson
Science lesson Moon for 4th quarter lessonScience lesson Moon for 4th quarter lesson
Science lesson Moon for 4th quarter lessonJericReyAuditor
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Celine George
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Biting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfBiting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfadityarao40181
 

Recently uploaded (20)

internship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerinternship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developer
 
Blooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxBlooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docx
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its Characteristics
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
ENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptx
ENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptxENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptx
ENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptx
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
 
Science lesson Moon for 4th quarter lesson
Science lesson Moon for 4th quarter lessonScience lesson Moon for 4th quarter lesson
Science lesson Moon for 4th quarter lesson
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Biting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfBiting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdf
 

data privacy

  • 1. DATA PRIVACY  Jacques  Folon   www.folon.com   Partner  Edge  Consulting   Maître  de  conférences     Université  de  Liège     Chargé  de  cours     ICHEC  Brussels     Professeur  invité     Université  de  Lorraine   ESC  Rennes   IACE  Tunis     IAM  OUagadougou   http://www.nyls.edu/institute_for_information_law_and_policy/conferences/visualizing_law_in_the_digital_age/
  • 2. All presentation and resources are available on WWW.FOLON.COM (cours)
  • 3. Follow me on scoop.it for the latest news on data privacy and security http://www.scoop.it/t/management-2-entreprise-2-0
  • 5.
  • 6.
  • 7. some recent facts & figures 24 présentation sur http://fr.slideshare.net/mediaventilo/50-chiffres-social-media-pour-2013-16005329?ref=http://altaide.typepad.com/jacques_froissant_altade/networking_rseaux_sociaux/ SOURCE
  • 8.
  • 9.
  • 10.
  • 11.
  • 13. Average number of Facebook « friends » in France: 170 30
  • 15. The person who took the photo is a real friend 15 http://cdn.motinetwork.net/motifake.com/image/demotivational-poster/1202/reality-drunk-reality-fail-drunkchicks-partyfail-demotivational-posters-1330113345.jpg
  • 16. privacy and graph search ?
  • 17. 17
  • 18. 18
  • 19. 19
  • 20. 20
  • 21.
  • 22.
  • 23. From Big Brother to Big Other
  • 24. http://fr.slideshare.net/bodyspacesociety/casilli-privacyehess-2012def Antonio Casili • Importance of T&C • Everybody speaks • mutual surveillance • Lateral surveillance
  • 27. 27
  • 28.
  • 29. Interactions controlled by citizens in the Information Society http://ipts.jrc.ec.europa.eu/home/report/english/articles/vol79/ICT1E796.htm
  • 30. Interactions NOT controlled by citizens in the Information Society http://ipts.jrc.ec.europa.eu/home/report/english/articles/vol79/ICT1E796.htm
  • 32. 'personal data' shall mean any information relating to an identified or identifiable natural person ('data subject'); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity
  • 33. 'processing of personal data' ('processing') shall mean any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction
  • 34. personal data filing system' ('filing system') shall mean any structured set of personal data which are accessible according to specific criteria, whether centralized, decentralized or dispersed on a functional or geographical basis
  • 35. 121 controller shall mean the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by national or Community laws or regulations, the controller or the specific criteria for his nomination may be designated by national or Community law;
  • 36. 36 'the data subject's consent' shall mean any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed
  • 37. 37 Member States shall provide that personal data must be: (a) processed fairly and lawfully; (b) collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes. Further processing of data for historical, statistical or scientific purposes shall not be considered as incompatible provided that Member States provide appropriate safeguards; (c) adequate, relevant and not excessive in relation to the purposes for which they are collected and/or further processed; (d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that data which are inaccurate or incomplete, having regard to the purposes for which they were collected or for which they are further processed, are erased or rectified; (e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data were collected or for which they are further processed. Member States shall lay down appropriate safeguards for personal data stored for longer periods for historical, statistical or scientific use.
  • 38. 38 Member States shall provide that personal data may be processed only if: (a) the data subject has unambiguously given his consent; or (b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; or (c) processing is necessary for compliance with a legal obligation to which the controller is subject; or (d) processing is necessary in order to protect the vital interests of the data subject; or (e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or in a third party to whom the data are disclosed
  • 39. 39 Member States shall prohibit the processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of data concerning health or sex life
  • 40. 125 Member States shall provide that the controller or his representative must provide a data subject from whom data relating to himself are collected with at least the following information, except where he already has it: (a) the identity of the controller and of his representative, if any; (b) the purposes of the processing for which the data are intended; (c) any further information such as - the recipients or categories of recipients of the data, - whether replies to the questions are obligatory or voluntary, as well as the possible consequences of failure to reply, - the existence of the right of access to and the right to rectify the data concerning him in so far as such further information is necessary, having regard to the specific circumstances in which the data are collected, to guarantee fair processing in respect of the data subject
  • 41. 41 Right of access Member States shall guarantee every data subject the right to obtain from the controller: (a) without constraint at reasonable intervals and without excessive delay or expense: - confirmation as to whether or not data relating to him are being processed and information at least as to the purposes of the processing, the categories of data concerned, and the recipients or categories of recipients to whom the data are disclosed, - communication to him in an intelligible form of the data undergoing processing and of any available information as to their source, - knowledge of the logic involved in any automatic processing of data concerning him at least in the case of the automated decisions referred to in Article 15 (1); (b) as appropriate the rectification, erasure or blocking of data the processing of which does not comply with the provisions of this Directive, in particular because of the incomplete or inaccurate nature of the data; (c) notification to third parties to whom the data have been disclosed of any rectification, erasure or blocking carried out in compliance with (b), unless this proves impossible or involves a disproportionate effort
  • 43. 43
  • 47. Sub-contractor 129 The Member States shall provide that the controller must, where processing is carried out on his behalf, choose a processor providing sufficient guarantees in respect of the technical security measures and organizational measures governing the processing to be carried out, and must ensure compliance with those measures
  • 48. 48 The carrying out of processing by way of a processor must be governed by a contract or legal act binding the processor to the controller and stipulating in particular that: - the processor shall act only on instructions from the controller, - the obligations as defined by the law of the Member State in which the processor is established, shall also be incumbent on the processor
  • 50. SECURITY SOURCE DE L’IMAGE: http://www.techzim.co.zw/2010/05/why-organisations-should-worry-about-security-2/
  • 52. Everything must be transparent
  • 53.
  • 54. Article 16 Confidentiality of processing Any person acting under the authority of the controller or of the processor, including the processor himself, who has access to personal data must not process them except on instructions from the controller, unless he is required to do so by law
  • 55. Member States shall provide that the controller must implement appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing. Having regard to the state of the art and the cost of their implementation, such measures shall ensure a level of security appropriate to the risks represented by the processing and the nature of the data to be protected.
  • 56. 86 SECURITY IS A LEGAL OBLIGATION
  • 57. What your boss thinks...
  • 58. Employees share (too) many information and also with third parties
  • 59.
  • 60. Where do one steal data? •Banks •Hospitals •Ministries •Police •Newspapers •Telecoms •... Which devices are stolen? •USB •Laptops •Hard disks •Papers •Binders •Cars
  • 63. 63
  • 64.
  • 65. 154 Source de l’image : http://ediscoverytimes.com/?p=46
  • 66. LA LOI SUR LA PROTECTION DES DONNES PERSONNELLES IMPOSE UNE SECURITE INFORMATIQUE !
  • 67.
  • 68. 48
  • 70. 4 By giving people the power to share, we're making the world more transparent. The question isn't, 'What do we want to know about people?', It's, 'What do people want to tell about themselves?' Data privacy is outdated ! Mark Zuckerberg If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place. Eric Schmidt
  • 72. 1
  • 73.
  • 74.
  • 75.
  • 76. 1 Privacy statement confusion • 53% of consumers consider that a privacy statement means that data will never be sell or give • 43% only have read a privacy statement • 45% only use different email addresses • 33% changed passwords regularly • 71% decide not to register or purchase due to a request of unneeded information • 41% provide fake info 112 Source: TRUSTe survey
  • 79.
  • 81. 81
  • 82. 82
  • 83. 83
  • 84. 84
  • 85. 85
  • 86. 86
  • 89. Evaluation and Comparison of Privacy Policies-Accessibility/User-Friendliness Facebook Foursquare Google Buzz LinkedIn Twitter Number of words 5860 words 2,436 words 1,094 words 5,650 words 1,287 words Comparison to average Privacy Policy (based on 2,462 words) Above average Below average (but very close to the average) Below Average Above average Below average Amount of time it takes one to read (based on an average person reading speed--244 words /minute) Approx. 24 minutes Approx. 10 minutes Approx. 5 minutes Approx. 23 minutes Approx. 5 minutes Direct link to its actual privacy policy from the index page No Yes Yes Yes Yes Availability in languages other than English Yes Yes Yes Yes Yes Detailed explanation of privacy control/protection Yes Yes Yes No No Trust E-Verified Yes No No Yes No Linking and/or mentioning to U.S. Dept. of Commerce “Safe Harbor Privacy Principles” Yes No Yes Yes No Availability of contact information in case of questions Yes Yes No Yes Yes Coverage of kids privacy Yes Yes No Yes Yes Containing the clause that it reserves the right to change the privacy policy at any time Yes, but users will be notified Yes, but users will be notified http:// www.psl.cs.columbia .edu/classes/cs6125- Yes, but users will be notified of material changes Yes, but users will be notified of material changes http://www.psl.cs.columbia.edu/classes/cs6125-s11/presentations/2011/Presentation_Joyce_Chen.ppthy don’t we read privacy policies
  • 90. Evaluation and Comparison of Privacy Policies – “Content” Facebook Foursquare Google Buzz LinkedIn Twitter Allowance of an opt- out option Yes Yes Yes Yes Yes Allowance of third- party access to users’ information Yes/No, depending on a user’s sharing setting and the information shared Yes Yes Yes Yes Discussion of the usage of cookie or tracking tools Yes Yes Not specified; but Google states that it records users’ use of their products Yes Yes Explicit statement of what type of information they share with third- parties Yes Yes Yes Yes Yes Sharing of users’ location data Yes Yes Yes Unclear; not mentioned in the Privacy Policy Yes http://www.psl.cs.columbia.edu/classes/cs6125-s11/presentations/2011/Presentation_Joyce_Chen.ppthy don’t we read privacy policies
  • 91. Evaluation and Comparison of Account Creation Process Facebook Foursquare Google Buzz LinkedIn Twitter Number of fields required during the initial account creation 9 10 Zero if you have a Gmail account 4 6 Details that are required for a user to create an account First name, last name, email, password, gender, birthday First name, last name, password, email, phone, location, gender, birthday, photo None if you have a Gmail account First name, last name, email, password First name, username, password, email, “let others find me by my email,” “I want the inside scoop” Availability of explanation on required information Yes Yes Information on how Google Buzz works is available No Yes, actually includes the entire Terms of Service in a Text area box http://www.psl.cs.columbia.edu/classes/cs6125-s11/presentations/2011/Presentation_Joyce_Chen.ppthy don’t we read privacy policies
  • 92.
  • 93. DATA PRIVACY & THE EMPLOYER 45http://i.telegraph.co.uk/multimedia/archive/02183/computer-cctv_2183286b.jpg
  • 94. SO CALLED HIDDEN COSTS 46 http://www.theatlantic.com/technology/archive/2011/09/estimating-the-damage-to-the-us-economy-caused-by-angry-birds/244972/
  • 99. IAM
  • 100. RISKS SOURCE DE L’IMAGE : http://www.tunisie-news.com/artpublic/auteurs/auteur_4_jaouanebrahim.html
  • 101. Source: The Risks of Social Networking IT Security Roundtable Harvard Townsend
 Chief Information Security Officer Kansas State University
  • 102. The new head of MI6 has been left exposed by a major personal security breach after his wife published intimate photographs and family details on the Facebook website. Sir John Sawers is due to take over as chief of the Secret Intelligence Service in November, putting him in charge of all Britain's spying operations abroad. But his wife's entries on the social networking site have exposed potentially compromising details about where they live and work, who their friends are and where they spend their holidays. http://www.dailymail.co.uk
  • 103. Social Media Spam Compromised Facebook account. Victim is now promoting a shady pharmaceutical Source: Social Media: Manage the Security to Manage Your Experience; Ross C. Hughes, U.S. Department of Education
  • 104. Social Media Phishing To: T V V I T T E R.com Now they will have your username and password Source: Social Media: Manage the Security to Manage Your Experience; Ross C. Hughes, U.S. Department of Education
  • 105. Social Media Malware Clicking on the links takes you to sites that will infect your computer with malware Source: Social Media: Manage the Security to Manage Your Experience; Ross C. Hughes, U.S. Department of Education
  • 106. Phishing Sources/ Luc Pooters, Triforensic, 2011
  • 108. Social engineering Sources/ Luc Pooters, Triforensic, 2011
  • 109. Take my stuff, please! Source: The Risks of Social Networking IT Security Roundtable Harvard Townsend
 Chief Information Security Officer Kansas State University
  • 110. Law of Unintended Consequences Source: The Risks of Social Networking IT Security Roundtable Harvard Townsend
 Chief Information Security Officer Kansas State University
  • 111. 3rd Party Applications •Games,  quizzes,  cutesie  stuff   •Untested  by  Facebook  –  anyone   can  write  one   •No  Terms  and  Condi=ons  –  you   either  allow  or  you  don’t   •Installa=on  gives  the  developers   rights  to  look  at  your  profile  and   overrides  your  privacy  seFngs! Source: The Risks of Social Networking IT Security Roundtable Harvard Townsend
 Chief Information Security Officer Kansas State University
  • 112. Right to be forgotten • On 13.05.2014 the European Union Court of Justice backed a ruling called “the right to be forgotten,” which allows individuals to control their data and ask search engines, such as Google, to remove inadequate personal results from the Internet. • However, the decision cannot be interpreted as a “victory” for the protection of the personal data of Europeans, according to privacy experts.
  • 113. • In 2010 a Spanish citizen lodged a complaint against a Spanish newspaper with the national Data Protection Agency and against Google Spain and Google Inc. • The citizen complained that an auction notice of his repossessed home on Google’s search results infringed his privacy rights because the proceedings concerning him had been fully resolved for a number of years and hence the reference to these was entirely irrelevant. • He requested, first, that the newspaper be required either to remove or alter the pages in question so that the personal data relating to him no longer appeared; • and second, that Google Spain or Google Inc. be required to remove the personal data
  • 114. • In its ruling of 13 May 2014 the EU Court said : • a)On the territoriality of EU rules: Even if the physical server of a company processing data islocated outside Europe, EU rules apply to search engine operators if they have a branch or a sub sidiary in a Member State which promotes the selling of advertising space offered by the search engine; • b)On the applicability of EU data protection rules to a search engine : Search engines are controllers of personal data. Google can therefore not escape its responsibilities before European lawwhen handling personal data by saying it is a search engine. EU data protection law applies and so does the right to be forgotten. • c) On the “Right to be Forgotten” : Individuals have the right - under certain conditions - to ask search engines to remove links with personal information about them.This applies where the information is inaccurate, inadequate, irrelevant or excessive for the purposes of the data
  • 115. • At the same time, the Court explicitly clarified that the right to be forgotten is not absolute but will always need to be balanced against other fundamental rights, such as the freedom of expression and of the media
  • 116. • Right to erasure (future rules?) • 1.The data subject shall have the right to obtain from the controller the erasure of personal data relating to them and the abstention from further dissemination of such data, and to obtain from third parties the erasure of any links to, or copy or replication of that data, where one of the following grounds applies: • (a) the data are no longer necessary in relation to the purposes for which they were collected or otherwise processed • (b) the data subject withdraws consent on which the processing is based according • (c) when the storage period consented to has expired and where there is no other legal ground for the processing of the data
  • 117. Control by the employer 161SOURCE DE L’IMAGE: http://blog.loadingdata.nl/2011/05/chinese-privacy-protection-to-top-american/
  • 118. what your boss thinks
  • 119. BUT…
  • 120. May the employer control everything?
  • 122. Could my employer open my emails? 169
  • 124.
  • 125.
  • 126.
  • 133. RFID & internet of things 188 http://www.ibmbigdatahub.com/sites/default/files/public_images/IoT.jpg
  • 135. 87 “It is not the strongest of the species that survives, nor the most intelligent that survives. It is the one that is the most adaptable to change.” C. Darwin
  • 136.