View
215
Download
2
Category
Tags:
Preview:
Citation preview
Public Administration use of Social Networks - Data Protection Implications
European Public Administration Network, Dublin Castle, 5 April 2013 Billy HawkesIrish Data Protection Commissioner
Social Networking….
Phoenix 6 October 2011
Social Networks (SNS)• Designed for data sharing• Nature of Relationship with User
“free” service in exchange for personal data used to target advertising
• Issues Control over sharing and use Responsibility of User and Network
Types of Social Networks• Interactive
Facebook, Google+, YouTube, blogs etc
• Broadcast Twitter etc
European DPA Guidance (WP 163)
• Processing of personal data by individual users in most cases falls within the “household exemption”
• Where an organisation is involved, it is a “Data Controller”
• SNS (and Apps providers) are also “Data Controllers” in relation to their responsibilities: Transparency about data use Privacy-friendly default settings Data access, retention, deletion Complaints facility
Facebook Terms & Conditions• If you collect content and information directly
from users, you will make it clear that you (and not Facebook) are collecting it, and you will provide notice about and obtain user consent for your use of the content and information that you collect. Regardless of how you obtain content and information from users, you are responsible for securing all necessary permissions to reuse their content and information.
Data Protection Rules(Directive 95/46/EC)
• Transparency (A. 10,11) adequate information
• Process fairly & lawfully (A.6) Consent, contract, legal
obligation, vital interests, public interest task, legitimate interests (A.7)
• Specified , explicit and legitimate purpose (A.6)
• Adequate, Relevant & not excessive (A. 6)
• Accurate, up-to-date (A.6)• Retain for no longer than is
necessary (A.6)• Right of Access (A. 12)• Data Security (A. 17)
Intl. Transfers• Right to Object (A. 14)
Marketing, Other• Restrictions on Automated
Decisions (A. 15)
New Draft EU DP Law• Directly-applicable Regulation
Accountability of Data Controller More Transparency “Right to be Forgotten” Privacy by Design
Other Legal Issues• Defamation• Intellectual Property• HR
Issues for Public Administrations• Is the SN compliant with existing data protection law?
Check with DPA• Will the SN be compliant with future, more stringent
EU Data Protection Regulation?• Is the Organisation committed to ongoing compliance
as a Data Controller? Active management
Thank You!Office of the Data Protection CommissionerCanal HouseStation RoadPortarlingtonCo LaoisPhone: LoCall 1890 252231
057 8684800Fax: 057 8684757Email: info@dataprotection.ieWebsite: www.dataprotection.ie
Recommended