Presentation is loading. Please wait.

Presentation is loading. Please wait.

© CENTER FOR INFORMATION TECHNOLOGY SERVICES UNIVERSITY OF OSLO USIT Page 1 Re: Study on the privacy issues arising with the public pan-European White.

Published byAubrie Miles Modified over 7 years ago

Similar presentations

Presentation on theme: "© CENTER FOR INFORMATION TECHNOLOGY SERVICES UNIVERSITY OF OSLO USIT Page 1 Re: Study on the privacy issues arising with the public pan-European White."— Presentation transcript:

1 © CENTER FOR INFORMATION TECHNOLOGY SERVICES UNIVERSITY OF OSLO USIT Page 1 Re: Study on the privacy issues arising with the public pan-European White Pages service Walter M. Tveter GT/SAPP/USIT/UiO w.m.tveter@usit.uio.no

2 © CENTER FOR INFORMATION TECHNOLOGY SERVICES UNIVERSITY OF OSLO USIT Page 1 Contents of the study ➢ General information on privacy legislation ➢ Technical information concerning directory services ➢ The application of privacy legislation on the technical plattforms described

3 © CENTER FOR INFORMATION TECHNOLOGY SERVICES UNIVERSITY OF OSLO USIT Page 1 Goal of the study To describe a functional system for European educational directory services within the borders of the Directive 95/46/EC and the national implementations of it.

4 © CENTER FOR INFORMATION TECHNOLOGY SERVICES UNIVERSITY OF OSLO USIT Page 1 starting point: the law ➢ Many national implementations of the Directive (95/46/EC). ➢ Impractical to use different national laws since not all have chosen to follow the Directives structure ➢ The Directive lays out a framework that all national implementations have to follow ➢ If we can build something that works with the Directive, it should work with the different national implementations. ➢ The motivation for 95/46/EC

5 © CENTER FOR INFORMATION TECHNOLOGY SERVICES UNIVERSITY OF OSLO USIT Page 1 Status of the Directive Conference in Brussels 30/9 - 1/10 2002 ➢ questionaire on the Internet ➢ implementation of the Directive ➢ development in technology etc. Proposal for change from Sweden, UK and more. ➢ internet publishing / transfer to third countries ➢ information to the data subject ➢ notification Signals from comission is no change now, implementation first

6 © CENTER FOR INFORMATION TECHNOLOGY SERVICES UNIVERSITY OF OSLO USIT Page 1 Who controls the data ➢ The Controller ➢ The controller has legitimate grounds for processing ➢ If the data is controlled by another, then this entity will be the controller, and will need legitimate grounds for processing.

7 © CENTER FOR INFORMATION TECHNOLOGY SERVICES UNIVERSITY OF OSLO USIT Page 1 The Controllers responsibility ➢ integrity ➢ confidentiality ➢ availability ➢ revocability ➢ legitimate grounds for processing and other general provisions

8 © CENTER FOR INFORMATION TECHNOLOGY SERVICES UNIVERSITY OF OSLO USIT Page 1 The directive's chapter IV - transfering personal information to third countries ➢ Art. 25 ➢ Makes it unlawfull to transfer personal information to 'third countries' ➢ Art. 26 ➢ Provides derogations from art. 25. ➢ None of them fit that well for nrn-directories ➢ the best is probably : “(b) the transfer is necessary for the performance of a contract between the data subject and the controller or the implementation of precontractual measures taken in response to the data subject's request; or” ➢ Works well for employees, not that well with students.

9 © CENTER FOR INFORMATION TECHNOLOGY SERVICES UNIVERSITY OF OSLO USIT Page 1 Using a data processor #1 17...2. The Member States shall provide that the controller must, where processing is carried out on his behalf, choose a processor providing sufficient guarantees in respect of the technical security measures and organizational measures governing the processing to be carried out, and must ensure compliance with those measures.

10 © CENTER FOR INFORMATION TECHNOLOGY SERVICES UNIVERSITY OF OSLO USIT Page 1 17...3. The carrying out of processing by way of a processor must be governed by a contract or legal act binding the processor to the controller and stipulating in particular that: - the processor shall act only on instructions from the controller, - the obligations set out in paragraph 1, as defined by the law of the Member State in which the processor is established, shall also be incumbent on the processor. Using a data processor #2

11 © CENTER FOR INFORMATION TECHNOLOGY SERVICES UNIVERSITY OF OSLO USIT Page 1 17...4. For the purposes of keeping proof, the parts of the contract or the legal act relating to data protection and the requirements relating to the measures referred to in paragraph 1 shall be in writing or in another equivalent form. Using a data processor #3 ➢ There must be an agreement between the controller and the processor ➢ This should be written, but one can imagine digitally signed agreements. ➢ The controller must be able to revoke information

12 © CENTER FOR INFORMATION TECHNOLOGY SERVICES UNIVERSITY OF OSLO USIT Page 1 Policy questions ➢ Policy towards unlegitimate attempts to access data ➢ individuals ➢ companies ➢ countries? ➢ Policy towards which grounds one chooses for processing and if they should be common ➢ Data protection officer

13 © CENTER FOR INFORMATION TECHNOLOGY SERVICES UNIVERSITY OF OSLO USIT Page 1

Download ppt "© CENTER FOR INFORMATION TECHNOLOGY SERVICES UNIVERSITY OF OSLO USIT Page 1 Re: Study on the privacy issues arising with the public pan-European White."

Similar presentations

Re-use of PSI Data Protection Issues Cécile de Terwangne Professor at the Law Faculty, Research Director at CRIDS University of Namur (Belgium) 2 nd LAPSI.

Re-use of PSI Data Protection Issues Cécile de Terwangne Professor at the Law Faculty, Research Director at CRIDS University of Namur (Belgium) 2 nd LAPSI.
PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR

PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR
EDUCATION Directive 2002/14/EC of 11 March 2002 establishing a general framework for informing and consulting employees in the European Community.

EDUCATION Directive 2002/14/EC of 11 March 2002 establishing a general framework for informing and consulting employees in the European Community.
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
The European Union legal framework for clinical data access: The European Union legal framework for clinical data access: potential challenges and opportunities.

The European Union legal framework for clinical data access: The European Union legal framework for clinical data access: potential challenges and opportunities.
1 Reform of the EU regulatory framework for electronic communications What it means for Access to Emergency Services Reform of the EU regulatory framework.

1 Reform of the EU regulatory framework for electronic communications What it means for Access to Emergency Services Reform of the EU regulatory framework.
EU: Bilateral Agreements of Member States

EU: Bilateral Agreements of Member States
EU: Bilateral Agreements of Member States. Formerly concluded international agreements of Member States with third countries Article 351 TFEU The rights.

EU: Bilateral Agreements of Member States. Formerly concluded international agreements of Member States with third countries Article 351 TFEU The rights.
Health and safety at work

Health and safety at work
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.

 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
Lawyer at the Brussels Bar Lecturer at the University of Strasbourg Assistant at the University of Brussels Data Protection & Electronic Communications.

Lawyer at the Brussels Bar Lecturer at the University of Strasbourg Assistant at the University of Brussels Data Protection & Electronic Communications.
1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public.

1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public.
RESPECT Guidelines regarding data protection aspects whithin socio-economic research Y. Poullet, K. Rosier, I. Vereecken CRID-FUNDP in cooperation with.

RESPECT Guidelines regarding data protection aspects whithin socio-economic research Y. Poullet, K. Rosier, I. Vereecken CRID-FUNDP in cooperation with.
Company Confidential How to implement privacy and security requirements in practice? Tobias Bräutigam, OTT Senior Legal Counsel, Nokia 8 October 2012 1.

Company Confidential How to implement privacy and security requirements in practice? Tobias Bräutigam, OTT Senior Legal Counsel, Nokia 8 October
1 Privacy issues on pan-European White Pages service 4rd TF-LSD Meeting Amsterdam, 29.10.2001 Peter Gietz

1 Privacy issues on pan-European White Pages service 4rd TF-LSD Meeting Amsterdam, Peter Gietz
Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.

Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.
LexisNexis Confidential EU Privacy Framework Michael Lamb LexisNexis Risk Solutions Vice President and Lead Counsel: Regulatory, Privacy & Policy May 19,

LexisNexis Confidential EU Privacy Framework Michael Lamb LexisNexis Risk Solutions Vice President and Lead Counsel: Regulatory, Privacy & Policy May 19,
Processing on behalf of the controller Joint control under Regulation 45/2001 Xanthi Kapsosideri.

Processing on behalf of the controller Joint control under Regulation 45/2001 Xanthi Kapsosideri.
Processing on behalf of the controller Joint control under Regulation 45/2001.

Processing on behalf of the controller Joint control under Regulation 45/2001.
INTERNATIONAL E-DISCOVERY: WHEN CULTURES COLLIDE Alvin F. Lindsay Hogan & Hartson LLP.

INTERNATIONAL E-DISCOVERY: WHEN CULTURES COLLIDE Alvin F. Lindsay Hogan & Hartson LLP.

Similar presentations

Ads by Google