Upload
ictseserv
View
224
Download
0
Embed Size (px)
Citation preview
7/31/2019 Aleksandra Kuczerawy - Privacy Issues in Future Internet - SESERV SE Workshop June 2012
1/22
Privacy issues in Future
Internet
Aleksandra KuczerawyICRI KU Leuven
7/31/2019 Aleksandra Kuczerawy - Privacy Issues in Future Internet - SESERV SE Workshop June 2012
2/22
SocIoS
Exploiting the User Created Content and the SocialGraph of users in Social Networks to create newservices
Provide cross-platform tools that enable to managethe dynamically generated content by buildingservices that combine data and functionality from
two or more different SNS
7/31/2019 Aleksandra Kuczerawy - Privacy Issues in Future Internet - SESERV SE Workshop June 2012
3/22
Privacy and data protection issues in FutureInternet:
Basic concepts Personal data Processing of personal data Legal grounds of processing Controller vs. processors
Legal requirements for data processing Location based services Children and personal data Future and Recommendations
7/31/2019 Aleksandra Kuczerawy - Privacy Issues in Future Internet - SESERV SE Workshop June 2012
4/22
Concept of personal data (95/46)
any information relating to an identified oridentifiable natural person ('data subject')
- Direct or indirect identification- No exhaustive list- Sensitive data: special regime applies (!)
7/31/2019 Aleksandra Kuczerawy - Privacy Issues in Future Internet - SESERV SE Workshop June 2012
5/22
Processing of personal data (art. 2.b)
any operation or set of operations which isperformed upon personal data, whether or not by
automatic means, such as:
- Collection of profile information, tweets, - Subsequent profiling to determine relevancy of
search results
- Storage of log information regarding accountusage
-
7/31/2019 Aleksandra Kuczerawy - Privacy Issues in Future Internet - SESERV SE Workshop June 2012
6/22
Personal data on-line
Made public on the Internet Does NOT mean consent for processing Technically available But legally NOT All rules apply for content already published
online (need for a legal ground, purpose, etc)
7/31/2019 Aleksandra Kuczerawy - Privacy Issues in Future Internet - SESERV SE Workshop June 2012
7/22
Legal grounds for processing:
Main grounds:- Consent
- Legitimate interestsIn certain instances:
- Performance of a contract to which the data subject
is party
- Compliance with a legal obligation of the controller
7/31/2019 Aleksandra Kuczerawy - Privacy Issues in Future Internet - SESERV SE Workshop June 2012
8/22
Data controller or data processor?
Controller determines the purposes and means of the processing ofpersonal data
Main responsible entity Processor
Entity which processes personal data on behalf of the controller Not responsible for the processing=> Distinction often blurry in practice, despite considerable
practical implications & hurdles !
7/31/2019 Aleksandra Kuczerawy - Privacy Issues in Future Internet - SESERV SE Workshop June 2012
9/22
Varying degrees of control
T. Olsen, T. Mahler, Identity management land data protection law: Risk, responsibility andcompliance in Circles of Trust Part II, Computer aw & Security report 23 ( 2 0 0 7 )
7/31/2019 Aleksandra Kuczerawy - Privacy Issues in Future Internet - SESERV SE Workshop June 2012
10/22
Data protection principles
Fairness principle Finality principle Data minimisation principle Data quality principle Conservation principle Confidentiality and security Notification to the Supervisory Authority
7/31/2019 Aleksandra Kuczerawy - Privacy Issues in Future Internet - SESERV SE Workshop June 2012
11/22
Fairness principle
Processing must be fair and lawful!!!
data subject has to be provided with certaininformation (transparency)
stay in line with all types of their legalobligations
7/31/2019 Aleksandra Kuczerawy - Privacy Issues in Future Internet - SESERV SE Workshop June 2012
12/22
Finality principle
Data controllers collect data only as far as it isnecessary to achieve the specified, explicit andlegitimate purpose
No further processing incompatible with theoriginal purposes
Further processing of data for historical, statisticalor scientific purposes
7/31/2019 Aleksandra Kuczerawy - Privacy Issues in Future Internet - SESERV SE Workshop June 2012
13/22
Historical, statistical or scientific purposes
Not a primary legal ground Expands on finality principle Refers only to further processing of data For processing of which there is a separate
legal ground
Cannot constitute a primary basis for processing
7/31/2019 Aleksandra Kuczerawy - Privacy Issues in Future Internet - SESERV SE Workshop June 2012
14/22
Data minimisation principle
data should be adequate, relevant and notexcessive
store only a minimum of data necessary to runtheir services
7/31/2019 Aleksandra Kuczerawy - Privacy Issues in Future Internet - SESERV SE Workshop June 2012
15/22
Data quality principle
personal data should be accurate and kept up todate every reasonable step to ensure that data which
are inaccurate or incomplete are either erased
or rectified
appropriate mechanism to allow data subjectsupdating their personal data or notifying thedata controller about the incorrect information
7/31/2019 Aleksandra Kuczerawy - Privacy Issues in Future Internet - SESERV SE Workshop June 2012
16/22
Location Based Services ePrivacy Directive
Location data - any data processed in an electroniccommunications network or by an electronic
communications service, indicating the geographic
position of the terminal equipment of a user of a
publicly available electronic communications service
Value added service - any service which requires theprocessing of traffic data or location data other than
traffic data beyond what is necessary for thetransmission of a communication or the billing thereof
7/31/2019 Aleksandra Kuczerawy - Privacy Issues in Future Internet - SESERV SE Workshop June 2012
17/22
Processing of location data
Only if they are made anonymous, or with the consent of the users or subscribersInformation to the users
the type of location data which will be processed the purposes and duration of the processing whether the data will be transmitted to a third party for the
purpose of providing the value added service
7/31/2019 Aleksandra Kuczerawy - Privacy Issues in Future Internet - SESERV SE Workshop June 2012
18/22
Childrens personal data
Same rights as adults, but! No full legal capability Need a representative to exercise these rights
Legal guardian (usually a parent) Should consult children, depending on their
understanding/ maturity
Processing should not be performed against childswill
Dynamic relation
7/31/2019 Aleksandra Kuczerawy - Privacy Issues in Future Internet - SESERV SE Workshop June 2012
19/22
Future of privacy and data protection
The draft general data protection regulation January 25, 2012 One regulation for all EU Member States
Binding and applicable without nationalimplementation
Current status: discussion phase Aims for full harmonization Aims to adjust legal regime to technological
development
7/31/2019 Aleksandra Kuczerawy - Privacy Issues in Future Internet - SESERV SE Workshop June 2012
20/22
Draft General Data Protection Regulation
Explicit consent when required for certain types ofdata processing Reinforcement of the right to information - full
understanding how personal data is handled
(particularly children)
Easy access to one's own data - what kind ofinformation a company stores about them;
Data portability Right to be forgotten More provisions directed to processors
7/31/2019 Aleksandra Kuczerawy - Privacy Issues in Future Internet - SESERV SE Workshop June 2012
21/22
Recommendations:
Who is the Data Controller Where will the data be processed, by whom Check national data protection legislation Contact local DPA Prepare Privacy Policy Caution sensitive data! Caution childrens personal data!
7/31/2019 Aleksandra Kuczerawy - Privacy Issues in Future Internet - SESERV SE Workshop June 2012
22/22
Thank you for your attention.
Questions?