ISACA Privacy Forum 17 October 2013 on big data and facebook privacy

Click to edit Master title styleOpen Forum PRIVACY

Thursday, 17th of October 2013

Brussels, 17 October 2013 2

Agenda

1. 18:30 Welcome 2. 18:45 Big Data & Privacy3. 19:30 Break 4. 19:50

1. Big Data & Privacy (continued)2. Facebook, Employment & Privacy

5. 20:30 Close


Close

Brussels, 17 October 2013

BIG DATAJOHAN VANDENDRIESSCHE & MARC VAEL

4


What is Big Data?

• Exponential growth of data

• Availability

• Processing tools (‘automated use’)

• Evolution

• (Manual) Small scale profiling

• Data mining

• Big Data

• Numerous applications

• Detect general correlations and trends

• Create specific, individual profiles5


What is profiling?

• Approach to profiling

• Tool?

• Purpose?

• Current vs. future framework forprofiling

• Mixed approaches in legal documents

• Directive 95/46/EC vs. Draft Regulations

• Council of Europe

• Art. 29 WP

• Privacy Commission

6


Big Data general and privacy Issues?

• Scale of data collection, tracking and profiling

• Security of data

• Transparency

• Inaccuracy, discrimination, exclusion and economic imbalance

• Increased possibilities of government surveillance.

7


Data Protection?

• Limitations in relation to the processing of personal data

• Very large legal interpretation to the concept of personal data

• Not necessarily sensitive information (although stricter rules apply to special categories of personal data)

• Processing: “any operation or set of

operations which is performed upon

personal data […]”

8


Data protection principles

• The data processing must comply with specific principles

• Proportionality

• Purpose limitation

• Limited in time

• (Individual and collective) Transparency

• Data quality

• Data security

9


Data protection issues?

• Purpose Limitation

• Data collected for a specified, specific andlegitimate purpose

• Re-use for a different purpose?

• Compatible or not?

• Criteria

• Nature of the purposes and their connections

• Circumstances surrouding data collection

• Privacy expectations of the data subjects

• Personal data involved and impact on the data subject

• Safeguards for fair processing

• Specific framework for statistical processing10


Proportionality

• Processing must be limited to the personal data that is strictly necessaryfor the purpose

• Do I need this personal data?

• Big database containing a lot of information?

• Combination of databases?

11


Other issues

• Notice obligation

• Specific information to be provided to data subjects

• What is required in case of big data?

• Data quality

• Impact of profiling may be substantial: impact on data quality requirements?

• Data Security

• Big data = big impact of data breaches?

12


FACEBOOK, EMPLOYMENT

& PRIVACYJOHAN VANDENDRIESSCHE & MARC VAEL

13


Privacy on Facebook?

• Negative statements on Facebook = immediate dismissal?

• Court decision of the Labour Court of Leuven of 17 November 2011 (yes)

• Confirmed by Court decision of 3 September 2013 of the Labour Court of Appeal of Brussels

• What about privacy on Facebook?

14


What is privacy?

• Various sources

• European Convention on Human Rights

• Treaty on the Functioning of the European Union (TFEU)

• Charter of Fundamental Rights of the EU

• National (constitutional) legislation

• Various forms

15


Privacy on the workfloor?

• Privacy at work in the EU?

• Telephone calls

• E-mail / Use of Internet and online technology

• Principle of privacy at work has been confirmed by ECHR and Article 29 Working Party

• National laws implement privacy at work differently

16


What is data protection?

• Limitations in relation to the processing of personal data

• Very large legal interpretation to the concept of personal data

• Not necessarily sensitive information (although stricter rules apply to special categories of personal data)

• Processing: “any operation or set of

operations which is performed upon

personal data […]”

17


Some applications

• Pre-employment screening (CBA 38)

• Surveillance on the workfloor

• Internet & e-mail (CBA 81)

• Cameras (CBA 68)

• Theft (CBA 89)

• What about acts outside the workcontext?

• Criticism on Facebook?

• Freedom of speech?

• Privacy (and secrecy of communications)?

18


Analysis of the decisions

• Immediate dismissal based on negativestatements on a public site of Facebook

• Two main legal issues

• Reason for immediate dismissal?

• Evidence?

• Admissibility of evidence

• Probative value of evidence

19


Analysis of the decision

• Reason for immediate dismissal?

• No uniform case law

• Particularities

• False statements

• Role/function of the person

• Nature and circumstances of the negativestatements

20


Analysis of the decisions

• First instance

• Employer can consult public messages on Facebook

• No violation of privacy

• Appeal

• No violation of privacy

• Violation of privacy of communications

• “Antigoon theory” applied: admissibleevidence

21


Contact details

Johan Vandendriessche

Partner

crosslaw CVBA

Mobile Phone +32 486 36 62 34

E-mail [email protected]

Website www.crosslaw.be

Marc Vael

International Vice President

ISACA

Mobile Phone +32 473 99 30 31

E-mail [email protected]

Website www.isaca.org


ISACA BELGIUM

Art & Photos

ISACA Privacy Forum 17 October 2013 on big data and facebook privacy