Generalny Inspektor
Ochrony Danych Osobowych
ul. Stawki 2, 00-193 Warszawa
www.giodo.gov.pl
“PRIVACY AND OPEN DATA.
SIAMESE TWINS OR MORTAL ENEMIES?”
2013 ePSI “Gotcha! – getting everyone on board” Warsaw, February 22, 2013
Warsaw, February 22nd, 2012
WOJCIECH WIEWIÓROWSKI PhD
University of Gdańsk, Faculty of Law and Administration
Inspector General for Personal Data Protection, Poland
www.giodo.gov.pl
© M. Narojek for GIODO 2011
www.giodo.gov.pl
“Profile” refers to a set of data characterising a category
of individuals that is intended to be applied to an
individual.
“Profiling” means an automatic data processing
technique that consists of applying a “profile” to an
individual, namely in order to take decisions concerning
him or her; or for analysing or predicting personal preferences, behaviours and attitudes.
PROFILING
Warsaw, February 22nd, 2012
www.giodo.gov.pl
www.giodo.gov.pl
www.giodo.gov.pl
PROFILING
Warsaw, February 22nd, 2012
“Profile” refers to a set of data characterising
a category of individuals that is intended
to be applied to an individual.
“Profiling” means an automatic data
processing technique that consists of
applying a “profile” to an individual,
namely in order to take decisions
concerning him or her; or for analysing
or predicting personal preferences, behaviours and attitudes.
www.giodo.gov.pl
Building profiles according to Group of Art. 29
There are two main approaches to building user profiles:
i) Predictive profiles are
established by inference from observing individual and collective user behaviour over
time, particularly by monitoring visited pages and ads viewed or clicked on.
ii) Explicit profiles
are created from personal data that data subjects themselves provide to a web
service, such as by registering. Both approaches can be combined. Additionally,
predictive profiles may be made explicit at a later time, when a data subject creates
login credentials for a website.
Opinion of Art. 29 WP, 2/2010 on behavioural advertising adopted on June 22 , 2010,
page 8
PROFILING
Warsaw, February 22nd, 2012
www.giodo.gov.pl
PROFILING
Warsaw, February 22nd, 2012
Profiling is generaly used in order to
1. get a sociologic and psycologic assessment of the client
2. discover material and social status of the client
3. create sugestions and strategies to be used in marketing activities
I would accept such explanation of profiling for marketing purposes
…. but …..
….. This is a thesis of FBI experts on criminal profiling.
I have just exchanged notions ”ofender” v. ”client” and ”investigation” v. ”marketing activites”
R. M. Holmes, S.T. Holmes: Profiling Violent Crimes: An Investigative Tool , 4th Ed.,Thousand
Oaks: Sage Publications, Inc. 2008
www.giodo.gov.pl © M. Narojek for GIODO 2011
www.giodo.gov.pl
Information is gathered by public sector entities for the purposes which are
inline with the constitutional principle of Article 7: ”The organs of public
authority shall function on the basis of, and within the limits of, the law”.
This information is transfered to the entities who can use the same
information to the purposes they were not collected for.
Do we need to agree that our personal data will become public sector
information and they will be „re-usable” according to EU law ?
Can they be used in order to create our peronal profile.
PUBLIC RESOURCES
Warsaw, February 22nd, 2012
www.giodo.gov.pl
www.giodo.gov.pl
www.giodo.gov.pl
Taking in to consideration that data from public registers can be treated as
the public sector information, we should be used to the fact, that data from
formally public land and mortgage register can be re-used and combined
with:
- INSPIRE registers and databases,
- physical and urban planning documents,
- registers of legal persons, associations etc.,
- statistical registers (REGON, TERYT in Poland),
- public offers for debt trading purposes,
- property statements of state officers (not only politicians but also public
kindergarten and library managers)
- client data possessed by profiling entity
PUBLIC RESOURCES
Warsaw, February 22nd, 2012
www.giodo.gov.pl
INFORMATION INFRASTRUCTURE OF THE STATE
Warsaw, February 22nd, 2012
Classic definition of state by Georg Jellinek (1851-1911),
The state shell have:
• teritory,
• citizens
• powers (today – law ).
Information infrastructure of the state:
1) The resources explaining how the state looks like (geospatial information),
who resides in the state and which organisations (eg. legal persons) exist,
as well as the information what are the authorities and which law is in force.
GIS + registers + legal information-retriaval systems
2) The system consisting of institutions, entities, resources and ICT systems and technologies
which are the basis for the existing social (including legal), political and economic relations.
J. Oleński, Infrastruktura informacyjna państwa w globalnej gospodarce,
Warsaw 2006 p. 270-272.
www.giodo.gov.pl
INFORMATION INFRASTRUCTURE OF THE STATE
Warsaw, February 22nd, 2012
• norms on information,
• information resources
• ICT systems,
• information institutions
• organisations
• technical equipement supporting gathering, processing and transfer of information
www.giodo.gov.pl
2. This Directive shall not apply to:
[…]
(c) documents which are excluded from access by virtue of the access regimes in the
Member States, including on the grounds of:
– the protection of national security (i.e. State security), defence, or public security,
– statistical or commercial confidentiality;
(d) documents held by public service broadcasters and their subsidiaries, and by
other bodies or their subsidiaries for the fulfilment of a public service broadcasting
remit;
(e) documents held by educational and research establishments, such as [schools,
universities, archives, libraries and] research facilities including, where relevant,
organisations established for the transfer of research results, schools and
universities (except university libraries in respect of documents other than research
documents protected by third party intellectual property rights) and
(f) documents held by cultural establishments other than libraries, museums and
archives.
Re-use in the new style
Warsaw, February 22nd, 2012
www.giodo.gov.pl
Article 3 General principle
1. Subject to paragraph (2) Member States shall ensure that documents
referred to in Article 1 shall be re-usable for commercial or non-commercial
purposes in accordance with the conditions set out in Chapters III and IV.
2. For documents for which libraries (including university libraries),
museums and archives have intellectual property rights, Member States
shall ensure that, where the re-use of documents is allowed, these
documents shall be re-usable for commercial or non-commercial purposes
in accordance with the conditions set out in Chapters III and IV.
Re-use in the new style
Warsaw, February 22nd, 2012
www.giodo.gov.pl
• This Directive lays down a generic definition of the term
"document", in line with developments in the information society.
• It covers any representation of acts, facts or information – and any
compilation of such acts, facts or information – whatever its
medium (written on paper, or stored in electronic form or as a
sound, visual or audiovisual recording), held by public sector
bodies. A document held by a public sector body is a document
where the public sector body has the right to authorise re-use.
Document
Warsaw, February 22nd, 2012
www.giodo.gov.pl
• No one may be obliged, except on the basis of statute, to disclose
information concerning his person.
• Public authorities shall not acquire, collect or make accessible
information on citizens other than that which is necessary in a
democratic state ruled by law.
• Everyone shall have a right of access to official documents and
data collections concerning him. Limitations upon such rights may
be established by statute.
• Everyone shall have the right to demand the correction or deletion
of untrue or incomplete information, or information acquired by
means contrary to statute.
• Principles and procedures for collection of and access to
information shall be specified by statute
CONSTUTUTION OF THE REPUBLIC OF POLAND
(ARTICLE 51)
Warsaw, February 22nd, 2012
www.giodo.gov.pl
Article 20 Measures based on profiling
1. Every natural person shall have the right not to be subject to a measure which
produces legal effects concerning this natural person or significantly affects this
natural person, and which is based solely on automated processing intended to
evaluate certain personal aspects relating to this natural person or to analyse or
predict in particular the natural person's performance at work, economic situation,
location, health, personal preferences, reliability or behaviour.
2. Subject to the other provisions of this Regulation, a person may be subjected to a
measure of the kind referred to in paragraph 1 only if the processing:
(a) is carried out in the course of the entering into, or performance of, a contract,
where the request for the entering into or the performance of the contract, lodged by
the data subject, has been satisfied or where suitable measures to safeguard the
data subject's legitimate interests have been adduced, such as the right to obtain
human intervention; or
(b) is expressly authorized by a Union or Member State law which also lays down
suitable measures to safeguard the data subject's legitimate interests; or
(c) is based on the data subject's consent, subject to the conditions laid down in
Article 7 and to suitable safeguards.
DRAFT OF THE NEW EU REGULATION
Warsaw, February 22nd, 2012
www.giodo.gov.pl
Article 20 Measures based on profiling
3. Automated processing of personal data intended to evaluate certain
personal aspects relating to a natural person shall not be based solely on
the special categories of personal data referred to in Article 9.
4. In the cases referred to in paragraph 2, the information to be provided by
the controller under Article 14 shall include information as to the existence
of processing for a measure of the kind referred to in paragraph 1 and the
envisaged effects of such processing on the data subject.
5. The Commission shall be empowered to adopt delegated acts in
accordance with Article 86 for the purpose of further specifying the criteria
and conditions for suitable measures to safeguard the data subject's
legitimate interests referred to in paragraph 2.
DRAFT OF THE NEW EU REGULATION
Warsaw, February 22nd, 2012
www.giodo.gov.pl
Recommendation CM/Rec(2010)13
of the Committee of Ministers to member states
on the protection of individuals with regard to automatic
processing of personal data in the context of profiling
Adopted by the Committee of Ministers
on 23 November 2010
at the 1099th meeting of the Ministers’ Deputies
COUNCIL OF EUROPE AND PROFILING
Warsaw, February 22nd, 2012
www.giodo.gov.pl
4. Information.
4.1. Where personal data are collected in the context of profiling, the controller
should provide the data subjects with the following information:
a. that their data will be used in the context of profiling;
b. the purposes for which the profiling is carried out;
c. the categories of personal data used;
d. the identity of the controller and, if necessary, her or his representative;
e. the existence of appropriate safeguards;
COUNCIL OF EUROPE AND PROFILING
Warsaw, February 22nd, 2012
www.giodo.gov.pl
4. Information.
(…) Where personal data are collected in the context of profiling, the controller
should provide the data subjects with the following information: (…) f. all information that is necessary for guaranteeing the fairness of recourse to profiling,
such as:
- the categories of persons or bodies to whom or to which the personal data may be
communicated, and the purposes for doing so;
- the possibility, where appropriate, for the data subjects to refuse or withdraw consent and
the consequences of withdrawal;
- the conditions of exercise of the right of access, objection or correction, as well as the
right to bring a complaint before the competent authorities;
- the persons from whom or bodies from which the personal data are or will be collected;
- the compulsory or optional nature of the reply to the questions used for personal data
collection and the consequences for the data subjects of not replying;
- the duration of storage;
- the envisaged effects of the attribution of the profile to the data subject.
COUNCIL OF EUROPE AND PROFILING
Warsaw, February 22nd, 2012
www.giodo.gov.pl
4. Information.
(…) 4.2. Where the personal data are collected from the data subject, the controller
should provide the data subject with the information listed in Principle 4.1 at the
latest at the time of collection.
4.3. Where personal data are not collected from data subjects, the controller
should provide the data subjects with the information listed in Principle 4.1 as
soon as the personal data are recorded or, if it is planned to communicate the
personal data to a third party, at the latest when the personal data are first
communicated.
4.4. Where the personal data are collected without the intent of applying profiling
methods and are processed further in the context of profiling, the controller
should have to provide the same information as that foreseen under Principle
4.1.
(…)
COUNCIL OF EUROPE AND PROFILING
Warsaw, February 22nd, 2012
www.giodo.gov.pl
5. Rights of data subjects 5.1. The data subject who is being, or has been, profiled should
be entitled to obtain from the controller, at her or his request, within a reasonable time and
in an understandable form, information concerning:
a. her or his personal data;
b. the logic underpinning the processing of her or his personal data and that was used to
attribute a profile to her or him, at least in the case of an automated decision;
c. the purposes for which the profiling was carried out and the categories of persons to
whom or bodies to which the personal data may be communicated.
5.2. Data subjects should be entitled to secure correction, deletion or blocking of their
personal data, as the case may be, where profiling in the course of personal data
processing is performed contrary to the provisions of domestic law which enforce the
principles set out in this recommendation.
5.3. Unless the law provides for profiling in the context of personal data processing, the data
subject should be entitled to object, on compelling legitimate grounds relating to her or his
situation, to the use of her or his personal data for profiling. Where there is justified
objection, the profiling should no longer involve the use of the personal data of the data
subject. Where the purpose of the processing is direct marketing, the data subject does not
have to present any justification.
COUNCIL OF EUROPE AND PROFILING
Warsaw, February 22nd, 2012
www.giodo.gov.pl
5. Rights of data subjects (…)
5.4. If there are any grounds for restricting the rights set out in this section in accordance with
Section 6, this decision should be communicated to the data subject by any means that
allows it to be put on record, with a mention of the legal and factual reasons for such a
restriction.
This mention may be omitted when a reason exists which endangers the aim of the
restriction. In such cases, information should be given to the data subject on how to
challenge this decision before the competent national supervisory authority, a judicial
authority or a court.
5.5. Where a person is subject to a decision having legal effects concerning her or him, or
significantly affecting her or him, taken on the sole basis of profiling, she or he should be
able to object to the decision unless:
a. this is provided for by law, which lays down measures to safeguard data subjects’
legitimate interests, particularly by allowing them to put forward their point of view;
b. the decision was taken in the course of the performance of a contract to which the data
subject is party or for the implementation of pre-contractual measures taken at the request
of the data subject and that measures for safeguarding the legitimate interests of the data
subject are in place.
COUNCIL OF EUROPE AND PROFILING
Warsaw, February 22nd, 2012
www.giodo.gov.pl
Privacy by Design Resolution
27-29 October 2010, Jerusalem, Israel
32nd International Conference of Data Protection
and Privacy Commissioners
Privacy by Design: The 7 Foundational Principles
1. Proactive not Reactive; Preventative not Remedial
2. Privacy as the Default Setting
3. Privacy Embedded into Design
4. Full Functionality: Positive-Sum, not Zero-Sum
5. End-to-End Security — Full Lifecycle Protection
6. Visibility and Transparency — Keep it Open
7. Respect for User Privacy — Keep it User-Centric
PRIVACY BY DESIGN
Warsaw, February 22nd, 2012
www.giodo.gov.pl
• A Privacy Impact Assessment (PIA) is a process whereby a conscious
and systematic effort is made to assess the privacy and data protection
impacts of a specific actions with the view of taking appropriate actions to
prevent or at least minimise those impacts.
• A PIA Report is the document resulting from the PIA Process that is made
available to competent authorities. Proprietary and security sensitive
information may be removed from PIA Reports before the Reports are
provided externally (e.g., to the competent authorities) as long as the
information is not specifically pertinent to privacy and data protection
implications. The manner in which the PIA should be made available (e.g.,
upon request or not) will be determined by member states. In particular,
the use of special categories of data may be taken into account, as well as
other factors such as the presence of a data protection officer.
• PIA Templates may be developed based on the Framework to provide
industry-based, application-based, or other specific formats for PIAs and
resulting PIA Reports.
PRIVACY IMPACT ASSESSMENT
Warsaw, February 22nd, 2012
www.giodo.gov.pl
THANK YOU FOR YOUR
ATTENTION !
http://edugiodo.giodo.gov.pl