Presentation is loading. Please wait.

Presentation is loading. Please wait.

DATA PROTECTION and Research University Research Ethics Committee – 08.05.2006 David Cauchi Office of the Data Protection Commissioner.

Published byAshlynn Webster Modified over 9 years ago

Similar presentations

Presentation on theme: "DATA PROTECTION and Research University Research Ethics Committee – 08.05.2006 David Cauchi Office of the Data Protection Commissioner."— Presentation transcript:

1 DATA PROTECTION and Research University Research Ethics Committee – 08.05.2006 David Cauchi Office of the Data Protection Commissioner

2 DATA PROTECTION Data Protection Act  General Provisions  Processing for Research Purposes  Procedure agreed with UREC  Practical Problems

3 DATA PROTECTION ORIGIN Council of Europe – ETS 108 Convention on the protection of individuals with regard to automatic processing of personal data Data Protection Act CAP. 440 Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data

4 DATA PROTECTION WHAT IS DATA PROTECTION ACT? An Act that makes provision for the protection of individuals against the violation of their privacy rights by the processing of personal data.

5 DATA PROTECTION Key Terms in Data Protection Data Protection

6 DATA PROTECTION “…any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity;” DPA Art. 2 PERSONAL DATA

7 DATA PROTECTION “…personal data that reveals race or ethnic origin, political opinions, religious or philosophical beliefs, membership of a trade union, health, or sex life;” DPA Art. 2 SENSITIVE PERSONAL DATA

8 DATA PROTECTION “…includes the collection, recording, organisation, storage, adaptation, alteration, retrieval, gathering, use, disclosure by transmission, dissemination or otherwise making information available, alignment or combination, blocking, erasure or destruction of such data” DPA Art. 2 PROCESSING

9 DATA PROTECTION “…any freely given, specific and informed indication of the wishes of the data subject by which he signifies his agreement to personal data relating to him being processed” DPA Art. 2 CONSENT

10 DATA PROTECTION Criteria for Processing

11 DATA PROTECTION PERSONAL DATA DPA Article 9 1. Unambiguous consent or 2. Contract performance or 3. Legal obligation or 4. Vital interests of data subject or 5. Public Interest / Official Authority or 6. Legitimate interest SENSITIVE PERSONAL DATA DPA Articles 12 & 13 1.Explicit Consent 2.Subject made data public 3.Conditions of employment 4.Vital Interests & data subject incapable of giving consent 5. Legal claims

12 DATA PROTECTION Data Protection Principles Principles

13 DATA PROTECTION Personal Data to be: 1. processed fairly and lawfully 2. processed in accordance with good practice 3. collected for specific, explicitly stated & legitimate purposes 4. processed for reasons compatible with the purpose it was collected 5. adequate and relevant to the processing purpose 6. not more than required for the processing purpose 7. correct and, if necessary, up to date 8. rectified 9. not kept for longer than necessary for the processing purpose DPA Art. 7 THE NINE PRINCIPLES for ‘good information handling’

14 DATA PROTECTION Rights of Rights of Data Subjects Data Subjects

15 DATA PROTECTION INFORMATION The controller must provide the data subject with at least the following: a)identity and habitual residence or principal place of business of controller; b)purposes of processing; c)any further information such as: i) recipients or categories of recipients of data ii) whether reply to any questions is obligatory or voluntary, and possible consequence of failure to reply iii) existence of right of access, right to rectify and where applicable right to erase data. DPA Art. 19 RIGHTS OF DATA SUBJECTS (1)

16 DATA PROTECTION Request of Data Subject must be: at reasonable intervals in writing signed by data subject Data Controller to provide: without excessive delay without expense written information in an intelligible form DPA Art. 21 RIGHTS OF DATA SUBJECTS (2) ACCESS

17 DATA PROTECTION The Data Subject shall have the right to request and The Data Controller shall have the obligation:  to rectify, block or erase personal data Where the law so requires. Data Controller also to notify third parties about such rectification, blocking or erasure; DPA Art. 22 RIGHTS OF DATA SUBJECTS (3) RECTIFICATION

18 DATA PROTECTION Processing For Research Purposes Research Purposes

19 DATA PROTECTION THE DATA PROTECTION ACT APPLIES WHEN:  Research is about individuals  Research involves personal data  Individuals are identifiable DATA PROTECTION IN RESEARCH

20 DATA PROTECTION Sensitive Personal Data may be processed for Research Purposes:  On Public Interest grounds  With the approval of the Commissioner, on the advice of a Research Ethics Committee DPA Art 16 PROCESSING CONCERNING RESEARCH

21 DATA PROTECTION Procedure agreed with UREC with UREC

22 DATA PROTECTION  Proposal Form for ethical approval is filled by the researcher  Research Proposals are examined by the Faculty Research Ethics Committee and by the UREC  Approval is given if proposals are satisfactory  Approval from the UREC is deemed to be an adequate advice for the approval by the Commissioner  Researcher may proceed with the project once it is approved by the UREC RESEARCH INVOLVING SENSITIVE PERSONAL DATA PROCEDURE (1)

23 DATA PROTECTION  A list of approved projects are periodically forwarded to the Commissioner for final approval The UREC may always consult the Commissioner in case of problems with particular projects PROCEDURE (2) OBJECTIVE  Allow the researcher ample time to proceed with the study The Researcher is not required to obtain an approval directly from the Commissioner

24 DATA PROTECTION  Data Protection Principles  Rights of Data Subjects INCLUDES: PROPOSAL FORM OBJECTIVES:  Inform researchers and ensure that these principles and rights are respected It is important that all faculties include the same conditions so that all students are properly informed

25 DATA PROTECTION Practical Problems Problems

26 DATA PROTECTION  In cases where research is not only for academic purposes but also considers other factors (e.g. administrative matters in Hospital) Is the UREC still responsible for the approval?? PRACTICAL PROBLEMS  What data is the researcher entitled to use once the project is approved? Is the researcher allowed to use personal details accessed to contact individuals? Does an approval oblige the Data Controller (e.g. Hospital, school) to give access to the researcher?

27 DATA PROTECTION Further Information Office of the Data Protection Commissioner E-Mail: E-Mail: commissioner.dataprotection@gov.mt Website: www.dataprotection.gov.mt

28 DATA PROTECTION THANK YOU! Floor is open for discussion

Download ppt "DATA PROTECTION and Research University Research Ethics Committee – 08.05.2006 David Cauchi Office of the Data Protection Commissioner."

Similar presentations

Re-use of PSI Data Protection Issues Cécile de Terwangne Professor at the Law Faculty, Research Director at CRIDS University of Namur (Belgium) 2 nd LAPSI.

Re-use of PSI Data Protection Issues Cécile de Terwangne Professor at the Law Faculty, Research Director at CRIDS University of Namur (Belgium) 2 nd LAPSI.
Public Sector Information & Data Protection: A plea for personal privacy settings for the re-use of PSI Bart van der Sloot Institute for Information Law.

Public Sector Information & Data Protection: A plea for personal privacy settings for the re-use of PSI Bart van der Sloot Institute for Information Law.
PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR

PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR
Data Protection & Privacy in the Information Age COMNET – Legal Frameworks for ICTs Malta 2013 Dr Antonio Ghio Dr Jeanine Rizzo.

Data Protection & Privacy in the Information Age COMNET – Legal Frameworks for ICTs Malta 2013 Dr Antonio Ghio Dr Jeanine Rizzo.
DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
Convention for the protection of individual with regard to automatic processing of personal data “The purpose of this convention is to secure in the territory.

Convention for the protection of individual with regard to automatic processing of personal data “The purpose of this convention is to secure in the territory.
University Research Ethics Committee Workshop on procedure and data protection issues 30th May 2008.

University Research Ethics Committee Workshop on procedure and data protection issues 30th May 2008.
Protection of Personal Data, 11.02.2011. Historical context In 1982, Iceland signed the Council of Europe Convention nr. 108 from 1981 for the Protection.

Protection of Personal Data, Historical context In 1982, Iceland signed the Council of Europe Convention nr. 108 from 1981 for the Protection.
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Data Protection.

Data Protection.
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.

What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
Attorney at the Bars of Paris and Brussels Database exploitation & Data protection Thibault Verbiest Amsterdam 1 April 2005

Attorney at the Bars of Paris and Brussels Database exploitation & Data protection Thibault Verbiest Amsterdam 1 April 2005
Data Protection Overview

Data Protection Overview
The Data Protection Act

The Data Protection Act
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.

 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
Lawyer at the Brussels Bar Lecturer at the University of Strasbourg Assistant at the University of Brussels Data Protection & Electronic Communications.

Lawyer at the Brussels Bar Lecturer at the University of Strasbourg Assistant at the University of Brussels Data Protection & Electronic Communications.
European data protection and privacy regulations Johny GASSER Orange Business Services – Consulting & Solutions Integration International Cyber Center.

European data protection and privacy regulations Johny GASSER Orange Business Services – Consulting & Solutions Integration International Cyber Center.
Monitoring of the internet: between the need of security, the interests of the economy and protection of the private life Hugo Lança Beja - Portugal.

Monitoring of the internet: between the need of security, the interests of the economy and protection of the private life Hugo Lança Beja - Portugal.
LexisNexis Confidential EU Privacy Framework Michael Lamb LexisNexis Risk Solutions Vice President and Lead Counsel: Regulatory, Privacy & Policy May 19,

LexisNexis Confidential EU Privacy Framework Michael Lamb LexisNexis Risk Solutions Vice President and Lead Counsel: Regulatory, Privacy & Policy May 19,

Similar presentations

Ads by Google