This presentation by Jonas Holm was part of the "Research Data Support Meets Disciplines: Opportunities & Challenges" workshop at LIBER's 2017 Annual Conference in Patras, Greece. For more information, see www.libereurope.eu
The European General Data Protection Law (also known as EU-DSGVO) becomes effective as of May 25 and is of VITAL importance.
In the easiest sense it’s important as it involves fines of up to 2 million Euros or 4% of worldwide turnover (whatever scares you more). Fines not only come into play upon actual data loss, but already if data *could* get lost and for a variety of other reasons. This session covers the most important GDPR topics, both for companies in the European Union and for companies doing business with European companies or citizens. We will also be looking at whether it makes a difference if you are a one person shop or multinational business.
The Case of Trade Secrets and Database Sui Generis Right in Marketing Operations, and the Ownership of Raw Data in Big Data Analysis
Paper presented at the Max Planck Institute's conference "Personal data in competition, consumer protection and IP law Towards a holistic approach?", held on 21 October 2016
20200504_Research Data & the GDPR: How Open is Open?OpenAIRE
Presentation by Prodromos Tsiavos (Senior Legal Advisor - ARC/ Director - Onassis Group) as delivered during the OpenAIRE Legal Policy Webinar series on May 4th 2020.
More information and recordings: https://www.openaire.eu/item/openaire-legal-policy-webinars
Interact 2018 - GDPR for digital publishers, digital agencies and advertisersIAB Europe
Held in Milan on 23-24 May, IAB Europe’s annual 2-day conference Interact 2018 featured a training by Matthias Matthiesen, Director Public Policy & Privacy and Chris Hartsuiker, Public Policy Officer, IAB Europe. Which provisions in the General Data Protection Regulation are the most relevant to digital publishers and advertisers? What is the guidance of the European Data Protection Board (former Article 29 Working party) on these topics? This training session, provided by IAB Europe will provide insight into applying the GDPR to the digital advertising supply chain.
The European General Data Protection Law (also known as EU-DSGVO) becomes effective as of May 25 and is of VITAL importance.
In the easiest sense it’s important as it involves fines of up to 2 million Euros or 4% of worldwide turnover (whatever scares you more). Fines not only come into play upon actual data loss, but already if data *could* get lost and for a variety of other reasons. This session covers the most important GDPR topics, both for companies in the European Union and for companies doing business with European companies or citizens. We will also be looking at whether it makes a difference if you are a one person shop or multinational business.
The Case of Trade Secrets and Database Sui Generis Right in Marketing Operations, and the Ownership of Raw Data in Big Data Analysis
Paper presented at the Max Planck Institute's conference "Personal data in competition, consumer protection and IP law Towards a holistic approach?", held on 21 October 2016
20200504_Research Data & the GDPR: How Open is Open?OpenAIRE
Presentation by Prodromos Tsiavos (Senior Legal Advisor - ARC/ Director - Onassis Group) as delivered during the OpenAIRE Legal Policy Webinar series on May 4th 2020.
More information and recordings: https://www.openaire.eu/item/openaire-legal-policy-webinars
Interact 2018 - GDPR for digital publishers, digital agencies and advertisersIAB Europe
Held in Milan on 23-24 May, IAB Europe’s annual 2-day conference Interact 2018 featured a training by Matthias Matthiesen, Director Public Policy & Privacy and Chris Hartsuiker, Public Policy Officer, IAB Europe. Which provisions in the General Data Protection Regulation are the most relevant to digital publishers and advertisers? What is the guidance of the European Data Protection Board (former Article 29 Working party) on these topics? This training session, provided by IAB Europe will provide insight into applying the GDPR to the digital advertising supply chain.
GDPR – what does it mean for charities and what you need to consider - Iain P...m-hance
The General Data Protection Regulation (GDPR) is a regulation by which the European Parliament, The European Council and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). EU members have until May 2018 to ensure that they are fully compliant with the new regulation. Regardless of Brexit, organisations in the UK that collect and use personal data will need to comply. In this slide deck Iain gives an overview of GDPR, what the requirements mean for charities and what charities need to consider to be compliant
Social business software is all about sharing content and data in a “collaborative” way to identify internal or external experts. Most of these data must be considered as personal data which is related to an individual person.
Implementing social business technologies in enterprises often leads to discussion with data protection supervisors how to be compliant with EU data protection law. This discussion gets even more challenging if you consider using social business applications in “the cloud” which might the only choice in the near future due IBMs “Cloud First” or Microsoft’s “Cloud only” delivery model.
This session will give you an overview
- about EU data protection regulations
- its implications for using social business systems
- special considerations for using cloud based social business systems
GDPR and evolving international privacy regulationsUlf Mattsson
Convergence of data privacy principles, standards and regulations
General Data Protection Regulation (GDPR)
GDPR and California Consumer Privacy Act (CCPA)
What role does technologies play in compliance
Use Cases
What is the new data protection regulation GDPR and why should you care? Jesp...Exove
What is the new data protection regulation GDPR and why should you care? by Jesper Nevalainen, Bird & Bird
Exove and Bird & Bird seminar on Nov 23rd 2016: "GDPR - Practical Effects on Digital Business - juridical, technical, and customer point of view"
20200429_Data, Data Ownership and Open ScienceOpenAIRE
Presentation by Thomas Margoni (Senior Lecturer in Intellectual Property and Internet Law, Co-director, CREATe, University of Glasgow) as delivered during the OpenAIRE Legal Policy Webinar series on April 29th 2020.
More information and recordings: https://www.openaire.eu/item/openaire-legal-policy-webinars
Our administrative and public law seminar covered:
- a review of the last 12 months in FOIA and a case law update
- scope of prerogative powers - what are they and what is the scope of them; the topic is very much in the news at the moment due to Brexit
- non EU treaty obligations of relevance to administrative law
- procurement in 2016 and beyond - current trends, updates and the impact of Brexit
- case law update on various areas of public law, including judicial review.
20200429_OpenAIRE Legal Policy Webinar: GDPR and Sharing DataOpenAIRE
Presentation by Jacques Flores Dourojeanni (Research Data Management Consultant Utrecht University Library), as delivered during the OpenAIRE Legal Policy Webinar series on April 29th 2020.
More information and recordings: https://www.openaire.eu/item/openaire-legal-policy-webinars
Impact of GDPR on Data Collection and ProcessingPromptCloud
This presentation covers how GDPR will impact various aspects of user data collection and processing along with the way to achieve compliance with the regulations.
Introduction to EU General Data Protection Regulation: Planning, Implementati...Financial Poise
The GDPR changed the way the world collects, stores, and sends personal data.The GDPR is a broad EU regulation that requires businesses to protect the personal data of EU citizens, whether the business itself is in the EU or elsewhere. Since its implementation in 2018, companies that collect data on EU citizens must comply with strict rules for the protection of personal data or face heavy fines for non-compliance. This webinar will provide an overview of GDPR’s applicability and requirements, as well as how your organization may meet those standards.
To view the accompanying webinar, go to: https://www.financialpoise.com/financial-poise-webinars/introduction-to-eu-general-data-protection-regulation-planning-implementation-and-compliance-2021/
Ethics and data protection
14 November 2018
Disclaimer
This document has been drafted by a panel of experts at the request of the European Commission (DG
Research and Innovation) and aims at raising awareness in the scientific community, and in particular with
beneficiaries of EU research and innovation projects. It does not constitute official EU guidance. Neither the
European Commission nor any person acting on their behalf can be made responsible for the use made of it.
2
Contents
I. Introduction ............................................................................................................................. 3
II. Identifying and addressing ethics issues in your research proposal ....................................... 6
III. Pseudonymisation and anonymisation ................................................................................... 7
IV. Data protection by design and default .................................................................................... 9
V. Informed consent to data processing.................................................................................... 10
VI. Collecting data on children .................................................................................................... 12
VII. Use of previously collected data (‘secondary use’) ............................................................... 12
VIII. Data protection impact assessments .................................................................................... 14
IX. Profiling, tracking, surveillance, automated decision-making and big data ......................... 16
X. Data security .......................................................................................................................... 17
XI. Transfer of personal data to non-EU countries ..................................................................... 18
XII. Collection of personal data outside the European Union ..................................................... 19
XIII. Deletion and archiving of data .............................................................................................. 20
XIV. Data protection officers and other sources of help .............................................................. 21
3
I. Introduction
Data protection is both a central issue for research ethics in Europe and a fundamental human right.
It is intimately linked to autonomy and human dignity, and the principle that everyone should be
valued and respected. For this principle to guide the development of today’s information society,
data protection must be rigorously applied by the research community.
The right to data protection is enshrined in the EU Charter of Fundamental Rights and the Treaty on
the Functioning of the European Union, which give effect to individuals’ right to privacy by providing
them with control over the way information about the ...
Privacy, Social Network Sites and the lawdariphagen
Dr. Natali Helberger, assistent professor at the Amsterdam Institute of Information Law (IVIR), presents the legal aspect surrounding privacy in Social Network Sites. An overview of European laws regulating SNS with respect to privacy. www.ivir.nl. Presentation at the Conference on Privacy in Social Network Sites, www.privacyinsocialnetworksites.nl
Legal and ethical considerations for sharing research dataOpenAIRE
Irena Vipavc Brar ( Social Sciences Data Archives / CESSDA)
Aimed at researchers in social sciences, but of interest for other fields as well, Irena Vipavc Brar gives an overview of the most important legal and ethical considerations when sharing research data. She discusses the implications of GDPR for scientific research, informed consent and ethical aspects of dealing with personal data, and legal issues.
Links: https://www.cessda.eu/Research-Infrastructure/Training/Expert-Tour-Guide-on-Data-Management
GDPR – what does it mean for charities and what you need to consider - Iain P...m-hance
The General Data Protection Regulation (GDPR) is a regulation by which the European Parliament, The European Council and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). EU members have until May 2018 to ensure that they are fully compliant with the new regulation. Regardless of Brexit, organisations in the UK that collect and use personal data will need to comply. In this slide deck Iain gives an overview of GDPR, what the requirements mean for charities and what charities need to consider to be compliant
Social business software is all about sharing content and data in a “collaborative” way to identify internal or external experts. Most of these data must be considered as personal data which is related to an individual person.
Implementing social business technologies in enterprises often leads to discussion with data protection supervisors how to be compliant with EU data protection law. This discussion gets even more challenging if you consider using social business applications in “the cloud” which might the only choice in the near future due IBMs “Cloud First” or Microsoft’s “Cloud only” delivery model.
This session will give you an overview
- about EU data protection regulations
- its implications for using social business systems
- special considerations for using cloud based social business systems
GDPR and evolving international privacy regulationsUlf Mattsson
Convergence of data privacy principles, standards and regulations
General Data Protection Regulation (GDPR)
GDPR and California Consumer Privacy Act (CCPA)
What role does technologies play in compliance
Use Cases
What is the new data protection regulation GDPR and why should you care? Jesp...Exove
What is the new data protection regulation GDPR and why should you care? by Jesper Nevalainen, Bird & Bird
Exove and Bird & Bird seminar on Nov 23rd 2016: "GDPR - Practical Effects on Digital Business - juridical, technical, and customer point of view"
20200429_Data, Data Ownership and Open ScienceOpenAIRE
Presentation by Thomas Margoni (Senior Lecturer in Intellectual Property and Internet Law, Co-director, CREATe, University of Glasgow) as delivered during the OpenAIRE Legal Policy Webinar series on April 29th 2020.
More information and recordings: https://www.openaire.eu/item/openaire-legal-policy-webinars
Our administrative and public law seminar covered:
- a review of the last 12 months in FOIA and a case law update
- scope of prerogative powers - what are they and what is the scope of them; the topic is very much in the news at the moment due to Brexit
- non EU treaty obligations of relevance to administrative law
- procurement in 2016 and beyond - current trends, updates and the impact of Brexit
- case law update on various areas of public law, including judicial review.
20200429_OpenAIRE Legal Policy Webinar: GDPR and Sharing DataOpenAIRE
Presentation by Jacques Flores Dourojeanni (Research Data Management Consultant Utrecht University Library), as delivered during the OpenAIRE Legal Policy Webinar series on April 29th 2020.
More information and recordings: https://www.openaire.eu/item/openaire-legal-policy-webinars
Impact of GDPR on Data Collection and ProcessingPromptCloud
This presentation covers how GDPR will impact various aspects of user data collection and processing along with the way to achieve compliance with the regulations.
Introduction to EU General Data Protection Regulation: Planning, Implementati...Financial Poise
The GDPR changed the way the world collects, stores, and sends personal data.The GDPR is a broad EU regulation that requires businesses to protect the personal data of EU citizens, whether the business itself is in the EU or elsewhere. Since its implementation in 2018, companies that collect data on EU citizens must comply with strict rules for the protection of personal data or face heavy fines for non-compliance. This webinar will provide an overview of GDPR’s applicability and requirements, as well as how your organization may meet those standards.
To view the accompanying webinar, go to: https://www.financialpoise.com/financial-poise-webinars/introduction-to-eu-general-data-protection-regulation-planning-implementation-and-compliance-2021/
Ethics and data protection
14 November 2018
Disclaimer
This document has been drafted by a panel of experts at the request of the European Commission (DG
Research and Innovation) and aims at raising awareness in the scientific community, and in particular with
beneficiaries of EU research and innovation projects. It does not constitute official EU guidance. Neither the
European Commission nor any person acting on their behalf can be made responsible for the use made of it.
2
Contents
I. Introduction ............................................................................................................................. 3
II. Identifying and addressing ethics issues in your research proposal ....................................... 6
III. Pseudonymisation and anonymisation ................................................................................... 7
IV. Data protection by design and default .................................................................................... 9
V. Informed consent to data processing.................................................................................... 10
VI. Collecting data on children .................................................................................................... 12
VII. Use of previously collected data (‘secondary use’) ............................................................... 12
VIII. Data protection impact assessments .................................................................................... 14
IX. Profiling, tracking, surveillance, automated decision-making and big data ......................... 16
X. Data security .......................................................................................................................... 17
XI. Transfer of personal data to non-EU countries ..................................................................... 18
XII. Collection of personal data outside the European Union ..................................................... 19
XIII. Deletion and archiving of data .............................................................................................. 20
XIV. Data protection officers and other sources of help .............................................................. 21
3
I. Introduction
Data protection is both a central issue for research ethics in Europe and a fundamental human right.
It is intimately linked to autonomy and human dignity, and the principle that everyone should be
valued and respected. For this principle to guide the development of today’s information society,
data protection must be rigorously applied by the research community.
The right to data protection is enshrined in the EU Charter of Fundamental Rights and the Treaty on
the Functioning of the European Union, which give effect to individuals’ right to privacy by providing
them with control over the way information about the ...
Privacy, Social Network Sites and the lawdariphagen
Dr. Natali Helberger, assistent professor at the Amsterdam Institute of Information Law (IVIR), presents the legal aspect surrounding privacy in Social Network Sites. An overview of European laws regulating SNS with respect to privacy. www.ivir.nl. Presentation at the Conference on Privacy in Social Network Sites, www.privacyinsocialnetworksites.nl
Legal and ethical considerations for sharing research dataOpenAIRE
Irena Vipavc Brar ( Social Sciences Data Archives / CESSDA)
Aimed at researchers in social sciences, but of interest for other fields as well, Irena Vipavc Brar gives an overview of the most important legal and ethical considerations when sharing research data. She discusses the implications of GDPR for scientific research, informed consent and ethical aspects of dealing with personal data, and legal issues.
Links: https://www.cessda.eu/Research-Infrastructure/Training/Expert-Tour-Guide-on-Data-Management
Understanding the EU's new General Data Protection Regulation (GDPR)Acquia
In 2016, the European Union (EU) approved its General Data Protection Regulation (GDPR) to protect European citizens’ data. As a regulation, the GDPR does not require the implementation of legislation, and will immediately become an applicable law as of the 25th of May, 2018.
What is GDPR exactly trying to accomplish? According to the official documents, the goal is the “protection of natural persons with regard to the processing of personal data and on the free movement of such data.”
In short, organizations that conduct business in the EU will need to be compliant with GDPR, and must come to terms with the huge fines that non-compliance can carry. Fines can be up to €20M or 4% of the annual turnover. For companies that experience breaches that result in the loss of personal data (such as Talk Talk, which lost 170,000 people’s data), the fines will be tremendous.
Join us for discussion about GDPR to learn more about:
The principles that organizations that use personal data need to adhere to
The consequences organizations can face if that do not adhere to this new regulation
How your organization can prepare for the future
This week, Europe's data protection rules will undergo their largest reform in several decades. The General Data Protection Regulation (GDPR) is set to replace the Data Protection Directive, effective as of May 25, 2018.
Data Privacy and consent management .. .ClinosolIndia
Data privacy and consent management are critical aspects of ensuring that individuals' personal information is handled responsibly and ethically, particularly in healthcare settings where sensitive medical data is involved. Data privacy refers to the protection of personal information from unauthorized access, use, or disclosure, while consent management involves obtaining and managing individuals' permissions for the collection, storage, and processing of their data.
In healthcare, patients entrust providers with their sensitive medical information, expecting that it will be kept confidential and used only for legitimate purposes related to their care. Robust data privacy measures include encryption, access controls, and anonymization techniques to safeguard patient data from unauthorized access or breaches. Additionally, healthcare organizations must adhere to regulatory standards such as HIPAA in the United States or GDPR in the European Union, which outline specific requirements for the protection of patient information and impose penalties for non-compliance.
Consent management plays a crucial role in ensuring that individuals have control over how their data is used. Patients should be informed about the purposes for which their data will be collected and processed, as well as any potential risks or benefits associated with its use. Obtaining informed consent involves providing individuals with clear and transparent information about their privacy rights and giving them the opportunity to consent to or decline the use of their data for specific purposes. Consent management systems help healthcare organizations track and manage patients' consent preferences, ensuring that data is used in accordance with their wishes and legal requirements.
Effective data privacy and consent management practices not only protect individuals' privacy rights but also foster trust and transparency in healthcare relationships. By implementing robust security measures, respecting patients' autonomy, and promoting informed decision-making, healthcare organizations can uphold the principles of data privacy and consent while leveraging data responsibly to improve patient care and outcomes.
Be careful what you wish for! How the GDPR even now it has been finalised may not solve the key problems of rthe tech community of what is personal data and what is anonymised/pseudonymous.
Be careful what you wish for: the great Data Protection law reform - Lilian E...IISPEastMids
At our Spring East Midlands Cyber Security event on the Impact of the General Data Protection Regulation, Lilian Edwards looked at the basics on what you need to know about the new regulation.
http://qonex.com/east-midlands-cyber-security-forum/
Data Protection Guide – What are your rights as a citizen?Edouard Nguyen
Guide UK Data Protection Law EUROPA - Internal Market - Data Protection - Data Protection Guide – What are your rights as a citizen?http://ec.europa.eu/justice/policies/privacy/docs/guide/guide-ukingdom_en.pdf
6 Lesson GDPR Booklet from Varonis to help stay get compliant and stay compliant.
-Locate your sensitive data
-Prevent data breaches
-Rapidly alert to suspicious behavior
-Build long-term data Security
Similar to GDPR - Thoughts on the EU Data Protection Regulation, Research and Libraries (20)
LIBER Webinar: Turning FAIR Data Into RealityLIBER Europe
These slides relate to a LIBER Webinar given on 23 April 2018. Turning FAIR Data Into Reality — Progress and Plans from the European Commission FAIR Data Expert Group.
In this webinar, Simon Hodson, Executive Director of CODATA and Chair of the FAIR Data Expert Group, and Sarah Jones, Associate Director at the Digital Curation Centre and Rapporteur, reported on the Group’s progress.
Copyright Reform: EU Legislative Process & LIBER AdvocacyLIBER Europe
LIBER's Copyright & Legal Matters Working Group met in Helsinki on 7 December 2017. This presentation, outlining the EU legislative process on copyright reform and LIBER advocacy, was given at the meeting by Helena Lovegrove, LIBER's Advocacy Adviser.
Enabling the Exchange and use of Data in AgricultureLIBER Europe
This presentation by Imma Subirats was part of the "Research Data Support Meets Disciplines: Opportunities & Challenges" workshop at LIBER's 2017 Annual Conference in Patras, Greece. For more information, see www.libereurope.eu
Research Data Services and Data Collections: Library Synergies for Economic R...LIBER Europe
This presentation by Thomas Bourke was part of the "Research Data Support Meets Disciplines: Opportunities & Challenges" workshop at LIBER's 2017 Annual Conference in Patras, Greece. For more information, see www.libereurope.eu
The Tribal Approach Academia Takes to Research Data ManagementLIBER Europe
This presentation by Dr Danny Kingsleywas part of the "Research Data Support Meets Disciplines: Opportunities & Challenges" workshop at LIBER's 2017 Annual Conference in Patras, Greece. For more information, see www.libereurope.eu
Donate to charity during this holiday seasonSERUDS INDIA
For people who have money and are philanthropic, there are infinite opportunities to gift a needy person or child a Merry Christmas. Even if you are living on a shoestring budget, you will be surprised at how much you can do.
Donate Us
https://serudsindia.org/how-to-donate-to-charity-during-this-holiday-season/
#charityforchildren, #donateforchildren, #donateclothesforchildren, #donatebooksforchildren, #donatetoysforchildren, #sponsorforchildren, #sponsorclothesforchildren, #sponsorbooksforchildren, #sponsortoysforchildren, #seruds, #kurnool
This session provides a comprehensive overview of the latest updates to the Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (commonly known as the Uniform Guidance) outlined in the 2 CFR 200.
With a focus on the 2024 revisions issued by the Office of Management and Budget (OMB), participants will gain insight into the key changes affecting federal grant recipients. The session will delve into critical regulatory updates, providing attendees with the knowledge and tools necessary to navigate and comply with the evolving landscape of federal grant management.
Learning Objectives:
- Understand the rationale behind the 2024 updates to the Uniform Guidance outlined in 2 CFR 200, and their implications for federal grant recipients.
- Identify the key changes and revisions introduced by the Office of Management and Budget (OMB) in the 2024 edition of 2 CFR 200.
- Gain proficiency in applying the updated regulations to ensure compliance with federal grant requirements and avoid potential audit findings.
- Develop strategies for effectively implementing the new guidelines within the grant management processes of their respective organizations, fostering efficiency and accountability in federal grant administration.
Monitoring Health for the SDGs - Global Health Statistics 2024 - WHOChristina Parmionova
The 2024 World Health Statistics edition reviews more than 50 health-related indicators from the Sustainable Development Goals and WHO’s Thirteenth General Programme of Work. It also highlights the findings from the Global health estimates 2021, notably the impact of the COVID-19 pandemic on life expectancy and healthy life expectancy.
Jennifer Schaus and Associates hosts a complimentary webinar series on The FAR in 2024. Join the webinars on Wednesdays and Fridays at noon, eastern.
Recordings are on YouTube and the company website.
https://www.youtube.com/@jenniferschaus/videos
Jennifer Schaus and Associates hosts a complimentary webinar series on The FAR in 2024. Join the webinars on Wednesdays and Fridays at noon, eastern.
Recordings are on YouTube and the company website.
https://www.youtube.com/@jenniferschaus/videos
ZGB - The Role of Generative AI in Government transformation.pdfSaeed Al Dhaheri
This keynote was presented during the the 7th edition of the UAE Hackathon 2024. It highlights the role of AI and Generative AI in addressing government transformation to achieve zero government bureaucracy
Presentation by Jared Jageler, David Adler, Noelia Duchovny, and Evan Herrnstadt, analysts in CBO’s Microeconomic Studies and Health Analysis Divisions, at the Association of Environmental and Resource Economists Summer Conference.
Preliminary findings _OECD field visits to ten regions in the TSI EU mining r...OECDregions
Preliminary findings from OECD field visits for the project: Enhancing EU Mining Regional Ecosystems to Support the Green Transition and Secure Mineral Raw Materials Supply.
GDPR - Thoughts on the EU Data Protection Regulation, Research and Libraries
1. GDPR
- Thoughts on the
EU Data Protection
regulation, research and
libraries
Jonas Holm
Legal counsel
Stockholm University
Chair, LIBER Legal Working Group
jonas..holm@su.se
2. Disposition
Legal issues for research libraries
A legal backdrop to integrity law
Data protection and personal data -key principles
EU Data protection reform
GDPR Key Findings
Implications for libraries
Questions
3. Legal issues
for research
libraries
Contracts / Licensing
Exceptions and limitations to copyright
E-books
Open Access
Preservation of copyright protected works
Data protection
Open Science / Open research data
Making available copyright protected works
Publishing
Big data – Data mining
Legal deposit
Public access to information and secrecy
Availability for people with disabilities
Digitization
4. A legal backdrop to integrity law
European Convention on Human Rights
EU charter on fundamental rights
National legislation
The right to be forgotten
5. Data protection – what is personal data?
”Each data concerning an identified or identifiable person
that is alive”
An identifiable person is a person that directly or
indirectly can be identified through use of the data.
Data privacy does not include deseased indivduals.
6. What constitutes sensitive personal data?
Race or ethnical heritage
Political views
Religious or philosophical views
Labour union membership
Health
Sexual orientation
Biometric information concerning a person
7. Current (past) legal framework
on Data protection in the EU
Data Protection Directive 95/46/EC
National data protection legislation
Unharmonized application throughout the union
8. EU Data Protection Regulation (GDPR)
Direct application in all
members states from May
25th
2018.
National inquires into the
application underway.
National legislation will
follow
9. Key Changes through the GDPR
Overall goal is to protect all EU citizens from data privacy
breaches in an increasingly data driven world.
Increased territorial scope (extra-territorial
applicability)
Jurisdiction of the GDPR is extended to all entities
processing data of EU citizens, regardless of where the
entity is located
10. Consent and purpose based data processing
All data processing has to be based on informed,
intelligable and specific consent from subjects.
Processing of research data containing personal data has
to be purpose specific, not for general research databases!
Consent can be withdrawn!
11. Breach notification
Under the GDPR, breach notification will become
mandatory in all member states where a data breach is
likely to “result in a risk for the rights and freedoms of
individuals”.
This must be done within 72 hours of first having become
aware of the breach.
12. Right to Access and Right to be forgotten
Right for data subjects to obtain from the data controller
confirmation as to whether or not personal data
concerning them is being processed, where and for what
purpose. Further, the controller shall provide a copy of
the personal data, free of charge, in an electronic fromat
Entitles the data subject to have the data controller erase
his/her personal data, cease further dissemination of the
data, and potentially have third parties halt processing.
13. Privacy by Design
Inclusion of data protection from the onset of the
designing of systems, rather than an addition.
Article 23 GDPR
14. Data Protection Officers
Data controllers must appoint DPO's who:
- Must be appointed on the basis of professional qualities and, in
particular, expert knowledge on data protection law and practices
- May be a staff member or an external service provider
- Contact details must be provided to the relevant Data Protection
Agency
- Must be provided with appropriate resources to carry out their
tasks and maintain their expert knowledge
- Must report directly to the highest level of management
- Must not carry out any other tasks that could results in a conflict
of interest.
15. Penalties
Under GDPR organizations in breach of GDPR can be
fined up to 4% of annual global turnover or €20
Million.
This is the maximum fine that can be imposed for the
most serious infringements e.g.not having sufficient
customer consent to process data or violating the core of
Privacy by Design concepts. There is a tiered approach to
fines e.g. a company can be fined 2% for not having their
records in order (Article 28)
16. Implications for libraries
To what extent will the GDPR apply to processing of
personal data in the activities at research libraries and to what
extent does research libraries hold responsibilites for the data
processing?
Due diligence inventory!
- Does high risk projects from a data protection view exist
today?
17. Implications for libraries, cont.
Personal data in infrastructure for library loans and use of
electronic resources
Personal data when digitizing and making available library
collections.
Does research publications publicized at research libraries or
in house university publishers contain personal data?
Personal data in infrastructure for library loans and use of
electronic resources
Personal data when digitizing and making available library
collections.
Does research publications publicized at research libraries or
in house university publishers contain personal data?
18. Implications for libraries, cont.
Does research data published open access or in databases
according to open science policies contain personal data?
Is TDM (Text and Data Mining) activities or other big data
processing (such as the use of algorithms) carried out at the
research library?
Does that material contain personal data?