Generalny Inspektor

Ochrony Danych Osobowych

ul. Stawki 2, 00-193 Warszawa

www.giodo.gov.pl

kancelaria@giodo.gov.pl

“PRIVACY AND OPEN DATA.

SIAMESE TWINS OR MORTAL ENEMIES?”

2013 ePSI “Gotcha! – getting everyone on board” Warsaw, February 22, 2013

Warsaw, February 22nd, 2012

WOJCIECH WIEWIÓROWSKI PhD

University of Gdańsk, Faculty of Law and Administration

Inspector General for Personal Data Protection, Poland

www.giodo.gov.pl

© M. Narojek for GIODO 2011

www.giodo.gov.pl

“Profile” refers to a set of data characterising a category

of individuals that is intended to be applied to an

individual.

“Profiling” means an automatic data processing

technique that consists of applying a “profile” to an

individual, namely in order to take decisions concerning

him or her; or for analysing or predicting personal preferences, behaviours and attitudes.

PROFILING

Warsaw, February 22nd, 2012

www.giodo.gov.pl

www.giodo.gov.pl

www.giodo.gov.pl

PROFILING

Warsaw, February 22nd, 2012

“Profile” refers to a set of data characterising

a category of individuals that is intended

to be applied to an individual.

“Profiling” means an automatic data

processing technique that consists of

applying a “profile” to an individual,

namely in order to take decisions

concerning him or her; or for analysing

or predicting personal preferences, behaviours and attitudes.

www.giodo.gov.pl

Building profiles according to Group of Art. 29

There are two main approaches to building user profiles:

i) Predictive profiles are

established by inference from observing individual and collective user behaviour over

time, particularly by monitoring visited pages and ads viewed or clicked on.

ii) Explicit profiles

are created from personal data that data subjects themselves provide to a web

service, such as by registering. Both approaches can be combined. Additionally,

predictive profiles may be made explicit at a later time, when a data subject creates

login credentials for a website.

Opinion of Art. 29 WP, 2/2010 on behavioural advertising adopted on June 22 , 2010,

page 8

PROFILING

Warsaw, February 22nd, 2012

www.giodo.gov.pl

PROFILING

Warsaw, February 22nd, 2012

Profiling is generaly used in order to

1. get a sociologic and psycologic assessment of the client

2. discover material and social status of the client

3. create sugestions and strategies to be used in marketing activities

I would accept such explanation of profiling for marketing purposes

…. but …..

….. This is a thesis of FBI experts on criminal profiling.

I have just exchanged notions ”ofender” v. ”client” and ”investigation” v. ”marketing activites”

R. M. Holmes, S.T. Holmes: Profiling Violent Crimes: An Investigative Tool , 4th Ed.,Thousand

Oaks: Sage Publications, Inc. 2008

www.giodo.gov.pl © M. Narojek for GIODO 2011

www.giodo.gov.pl

Information is gathered by public sector entities for the purposes which are

inline with the constitutional principle of Article 7: ”The organs of public

authority shall function on the basis of, and within the limits of, the law”.

This information is transfered to the entities who can use the same

information to the purposes they were not collected for.

Do we need to agree that our personal data will become public sector

information and they will be „re-usable” according to EU law ?

Can they be used in order to create our peronal profile.

PUBLIC RESOURCES

Warsaw, February 22nd, 2012

www.giodo.gov.pl

www.giodo.gov.pl

www.giodo.gov.pl

Taking in to consideration that data from public registers can be treated as

the public sector information, we should be used to the fact, that data from

formally public land and mortgage register can be re-used and combined

with:

- INSPIRE registers and databases,

- physical and urban planning documents,

- registers of legal persons, associations etc.,

- statistical registers (REGON, TERYT in Poland),

- public offers for debt trading purposes,

- property statements of state officers (not only politicians but also public

kindergarten and library managers)

- client data possessed by profiling entity

PUBLIC RESOURCES

Warsaw, February 22nd, 2012

www.giodo.gov.pl

INFORMATION INFRASTRUCTURE OF THE STATE

Warsaw, February 22nd, 2012

Classic definition of state by Georg Jellinek (1851-1911),

The state shell have:

• teritory,

• citizens

• powers (today – law ).

Information infrastructure of the state:

1) The resources explaining how the state looks like (geospatial information),

who resides in the state and which organisations (eg. legal persons) exist,

as well as the information what are the authorities and which law is in force.

GIS + registers + legal information-retriaval systems

2) The system consisting of institutions, entities, resources and ICT systems and technologies

which are the basis for the existing social (including legal), political and economic relations.

J. Oleński, Infrastruktura informacyjna państwa w globalnej gospodarce,

Warsaw 2006 p. 270-272.

www.giodo.gov.pl

INFORMATION INFRASTRUCTURE OF THE STATE

Warsaw, February 22nd, 2012

• norms on information,

• information resources

• ICT systems,

• information institutions

• organisations

• technical equipement supporting gathering, processing and transfer of information

www.giodo.gov.pl

2. This Directive shall not apply to:

[…]

(c) documents which are excluded from access by virtue of the access regimes in the

Member States, including on the grounds of:

– the protection of national security (i.e. State security), defence, or public security,

– statistical or commercial confidentiality;

(d) documents held by public service broadcasters and their subsidiaries, and by

other bodies or their subsidiaries for the fulfilment of a public service broadcasting

remit;

(e) documents held by educational and research establishments, such as [schools,

universities, archives, libraries and] research facilities including, where relevant,

organisations established for the transfer of research results, schools and

universities (except university libraries in respect of documents other than research

documents protected by third party intellectual property rights) and

(f) documents held by cultural establishments other than libraries, museums and

archives.

Re-use in the new style

Warsaw, February 22nd, 2012

www.giodo.gov.pl

Article 3 General principle

1. Subject to paragraph (2) Member States shall ensure that documents

referred to in Article 1 shall be re-usable for commercial or non-commercial

purposes in accordance with the conditions set out in Chapters III and IV.

2. For documents for which libraries (including university libraries),

museums and archives have intellectual property rights, Member States

shall ensure that, where the re-use of documents is allowed, these

documents shall be re-usable for commercial or non-commercial purposes

in accordance with the conditions set out in Chapters III and IV.

Re-use in the new style

Warsaw, February 22nd, 2012

www.giodo.gov.pl

• This Directive lays down a generic definition of the term

"document", in line with developments in the information society.

• It covers any representation of acts, facts or information – and any

compilation of such acts, facts or information – whatever its

medium (written on paper, or stored in electronic form or as a

sound, visual or audiovisual recording), held by public sector

bodies. A document held by a public sector body is a document

where the public sector body has the right to authorise re-use.

Document

Warsaw, February 22nd, 2012

www.giodo.gov.pl

• No one may be obliged, except on the basis of statute, to disclose

information concerning his person.

• Public authorities shall not acquire, collect or make accessible

information on citizens other than that which is necessary in a

democratic state ruled by law.

• Everyone shall have a right of access to official documents and

data collections concerning him. Limitations upon such rights may

be established by statute.

• Everyone shall have the right to demand the correction or deletion

of untrue or incomplete information, or information acquired by

means contrary to statute.

• Principles and procedures for collection of and access to

information shall be specified by statute

CONSTUTUTION OF THE REPUBLIC OF POLAND

(ARTICLE 51)

Warsaw, February 22nd, 2012

www.giodo.gov.pl

Article 20 Measures based on profiling

1. Every natural person shall have the right not to be subject to a measure which

produces legal effects concerning this natural person or significantly affects this

natural person, and which is based solely on automated processing intended to

evaluate certain personal aspects relating to this natural person or to analyse or

predict in particular the natural person's performance at work, economic situation,

location, health, personal preferences, reliability or behaviour.

2. Subject to the other provisions of this Regulation, a person may be subjected to a

measure of the kind referred to in paragraph 1 only if the processing:

(a) is carried out in the course of the entering into, or performance of, a contract,

where the request for the entering into or the performance of the contract, lodged by

the data subject, has been satisfied or where suitable measures to safeguard the

data subject's legitimate interests have been adduced, such as the right to obtain

human intervention; or

(b) is expressly authorized by a Union or Member State law which also lays down

suitable measures to safeguard the data subject's legitimate interests; or

(c) is based on the data subject's consent, subject to the conditions laid down in

Article 7 and to suitable safeguards.

DRAFT OF THE NEW EU REGULATION

Warsaw, February 22nd, 2012

www.giodo.gov.pl

Article 20 Measures based on profiling

3. Automated processing of personal data intended to evaluate certain

personal aspects relating to a natural person shall not be based solely on

the special categories of personal data referred to in Article 9.

4. In the cases referred to in paragraph 2, the information to be provided by

the controller under Article 14 shall include information as to the existence

of processing for a measure of the kind referred to in paragraph 1 and the

envisaged effects of such processing on the data subject.

5. The Commission shall be empowered to adopt delegated acts in

accordance with Article 86 for the purpose of further specifying the criteria

and conditions for suitable measures to safeguard the data subject's

legitimate interests referred to in paragraph 2.

DRAFT OF THE NEW EU REGULATION

Warsaw, February 22nd, 2012

www.giodo.gov.pl

Recommendation CM/Rec(2010)13

of the Committee of Ministers to member states

on the protection of individuals with regard to automatic

processing of personal data in the context of profiling

Adopted by the Committee of Ministers

on 23 November 2010

at the 1099th meeting of the Ministers’ Deputies

COUNCIL OF EUROPE AND PROFILING

Warsaw, February 22nd, 2012

www.giodo.gov.pl

4. Information.

4.1. Where personal data are collected in the context of profiling, the controller

should provide the data subjects with the following information:

a. that their data will be used in the context of profiling;

b. the purposes for which the profiling is carried out;

c. the categories of personal data used;

d. the identity of the controller and, if necessary, her or his representative;

e. the existence of appropriate safeguards;

COUNCIL OF EUROPE AND PROFILING

Warsaw, February 22nd, 2012

www.giodo.gov.pl

4. Information.

(…) Where personal data are collected in the context of profiling, the controller

should provide the data subjects with the following information: (…) f. all information that is necessary for guaranteeing the fairness of recourse to profiling,

such as:

- the categories of persons or bodies to whom or to which the personal data may be

communicated, and the purposes for doing so;

- the possibility, where appropriate, for the data subjects to refuse or withdraw consent and

the consequences of withdrawal;

- the conditions of exercise of the right of access, objection or correction, as well as the

right to bring a complaint before the competent authorities;

- the persons from whom or bodies from which the personal data are or will be collected;

- the compulsory or optional nature of the reply to the questions used for personal data

collection and the consequences for the data subjects of not replying;

- the duration of storage;

- the envisaged effects of the attribution of the profile to the data subject.

COUNCIL OF EUROPE AND PROFILING

Warsaw, February 22nd, 2012

www.giodo.gov.pl

4. Information.

(…) 4.2. Where the personal data are collected from the data subject, the controller

should provide the data subject with the information listed in Principle 4.1 at the

latest at the time of collection.

4.3. Where personal data are not collected from data subjects, the controller

should provide the data subjects with the information listed in Principle 4.1 as

soon as the personal data are recorded or, if it is planned to communicate the

personal data to a third party, at the latest when the personal data are first

communicated.

4.4. Where the personal data are collected without the intent of applying profiling

methods and are processed further in the context of profiling, the controller

should have to provide the same information as that foreseen under Principle

4.1.

(…)

COUNCIL OF EUROPE AND PROFILING

Warsaw, February 22nd, 2012

www.giodo.gov.pl

5. Rights of data subjects 5.1. The data subject who is being, or has been, profiled should

be entitled to obtain from the controller, at her or his request, within a reasonable time and

in an understandable form, information concerning:

a. her or his personal data;

b. the logic underpinning the processing of her or his personal data and that was used to

attribute a profile to her or him, at least in the case of an automated decision;

c. the purposes for which the profiling was carried out and the categories of persons to

whom or bodies to which the personal data may be communicated.

5.2. Data subjects should be entitled to secure correction, deletion or blocking of their

personal data, as the case may be, where profiling in the course of personal data

processing is performed contrary to the provisions of domestic law which enforce the

principles set out in this recommendation.

5.3. Unless the law provides for profiling in the context of personal data processing, the data

subject should be entitled to object, on compelling legitimate grounds relating to her or his

situation, to the use of her or his personal data for profiling. Where there is justified

objection, the profiling should no longer involve the use of the personal data of the data

subject. Where the purpose of the processing is direct marketing, the data subject does not

have to present any justification.

COUNCIL OF EUROPE AND PROFILING

Warsaw, February 22nd, 2012

www.giodo.gov.pl

5. Rights of data subjects (…)

5.4. If there are any grounds for restricting the rights set out in this section in accordance with

Section 6, this decision should be communicated to the data subject by any means that

allows it to be put on record, with a mention of the legal and factual reasons for such a

restriction.

This mention may be omitted when a reason exists which endangers the aim of the

restriction. In such cases, information should be given to the data subject on how to

challenge this decision before the competent national supervisory authority, a judicial

authority or a court.

5.5. Where a person is subject to a decision having legal effects concerning her or him, or

significantly affecting her or him, taken on the sole basis of profiling, she or he should be

able to object to the decision unless:

a. this is provided for by law, which lays down measures to safeguard data subjects’

legitimate interests, particularly by allowing them to put forward their point of view;

b. the decision was taken in the course of the performance of a contract to which the data

subject is party or for the implementation of pre-contractual measures taken at the request

of the data subject and that measures for safeguarding the legitimate interests of the data

subject are in place.

COUNCIL OF EUROPE AND PROFILING

Warsaw, February 22nd, 2012

www.giodo.gov.pl

Privacy by Design Resolution

27-29 October 2010, Jerusalem, Israel

32nd International Conference of Data Protection

and Privacy Commissioners

Privacy by Design: The 7 Foundational Principles

1. Proactive not Reactive; Preventative not Remedial

2. Privacy as the Default Setting

3. Privacy Embedded into Design

4. Full Functionality: Positive-Sum, not Zero-Sum

5. End-to-End Security — Full Lifecycle Protection

6. Visibility and Transparency — Keep it Open

7. Respect for User Privacy — Keep it User-Centric

PRIVACY BY DESIGN

Warsaw, February 22nd, 2012

www.giodo.gov.pl

• A Privacy Impact Assessment (PIA) is a process whereby a conscious

and systematic effort is made to assess the privacy and data protection

impacts of a specific actions with the view of taking appropriate actions to

prevent or at least minimise those impacts.

• A PIA Report is the document resulting from the PIA Process that is made

available to competent authorities. Proprietary and security sensitive

information may be removed from PIA Reports before the Reports are

provided externally (e.g., to the competent authorities) as long as the

information is not specifically pertinent to privacy and data protection

implications. The manner in which the PIA should be made available (e.g.,

upon request or not) will be determined by member states. In particular,

the use of special categories of data may be taken into account, as well as

other factors such as the presence of a data protection officer.

• PIA Templates may be developed based on the Framework to provide

industry-based, application-based, or other specific formats for PIAs and

resulting PIA Reports.

PRIVACY IMPACT ASSESSMENT

Warsaw, February 22nd, 2012

www.giodo.gov.pl

THANK YOU FOR YOUR

ATTENTION !

desiwm@giodo.gov.pl

http://edugiodo.giodo.gov.pl