Re-use of PSI Data Protection Issues Cécile de Terwangne Professor at the Law Faculty, Research Director at CRIDS University of Namur (Belgium) 2 nd LAPSI.

Slides:



Advertisements
Similar presentations
Public Sector Information & Data Protection: A plea for personal privacy settings for the re-use of PSI Bart van der Sloot Institute for Information Law.
Advertisements

Prof. Cécile de Terwangne - LAPSI Workshop 7-8 October Re-use and Privacy/Data Protection Cécile de TERWANGNE Professor at the Law Faculty CRID.
PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR
EU-MIDIS European Union Minorities & Discrimination Survey Collecting reliable and comparable data on the Roma across the EU Eva Sobotka.
1 IS THERE A FUNDAMENTAL RIGHT TO FORGET? Bruxelles – 20 May 2009.
European CommissionDirectorate-General Justice, Freedom and Security Data Protection 1 Conference on Cross Border Data Flows & Privacy October 15-16, 2007.
Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Data Protection Billy Hawkes Data Protection Commissioner Irish Human Rights Commission 20 November 2010.
Data Protection & Privacy in the Information Age COMNET – Legal Frameworks for ICTs Malta 2013 Dr Antonio Ghio Dr Jeanine Rizzo.
DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.
The data retention directive: data protection aspects Frank Robben General manager Crossroads Bank for Social Security Sint-Pieterssteenweg 375 B-1040.
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
Convention for the protection of individual with regard to automatic processing of personal data “The purpose of this convention is to secure in the territory.
The Data Protection (Jersey) Law 2005.
Data Protection.
DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.
Data Protection and Records Management
Data Protection: The Law. EU & Irish Legislation Data Protection Directive 95/46/EC Electronic Privacy Directive 2002/58/EC EUROPOL etc Data Protection.
Class 13 Internet Privacy Law European Privacy.
Attorney at the Bars of Paris and Brussels Database exploitation & Data protection Thibault Verbiest Amsterdam 1 April 2005
Data Protection Overview
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
Lawyer at the Brussels Bar Lecturer at the University of Strasbourg Assistant at the University of Brussels Data Protection & Electronic Communications.
1 When hate speech tangles privacy... When hate speech tangles privacy...
European data protection and privacy regulations Johny GASSER Orange Business Services – Consulting & Solutions Integration International Cyber Center.
LexisNexis Confidential EU Privacy Framework Michael Lamb LexisNexis Risk Solutions Vice President and Lead Counsel: Regulatory, Privacy & Policy May 19,
The Eighth Asian Bioethics Conference Biotechnology, Culture, and Human Values in Asia and Beyond Confidentiality and Genetic data: Ethical and Legal Rights.
Data Protection Act & Freedom of Information Simon Mansell Corporate Governance and Information Team.
Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
WHOIS data The EU legal principles ICANN - GNSO meeting 2 March 2004 George Papapavlou, European Commission ICANN - GNSO meeting 2 March 2004 George Papapavlou,
Introduction Data protection is relevant to every individual, business or organisation today, not just Local Government. As well as protecting privacy,
Data Protection Principles as Basic Foundation for Data Protection in EU/EEA Introduction to Data Protection Theory Seminar - AFIN Stephen.
Data Protection Act The Data Protection Act (DPA) is a balance between rights of the DATA SUBJECT and obligations of the DATA CONTROLLER DATA CONTROLLER.
The promise and peril of ICT implants: setting the legal framework 47 th FITCE Congress London, September 2008 Eleni Kosta, Peggy Valcke Interdisciplinary.
DATA PROTECTION ACT INTRODUCTION The Data Protection Act 1998 came into force on the 1 st March It is more far reaching than its predecessor,
Data Protection Principles as Basic Foundation for Data Protection in EU/EEA Introduction to Data Protection Theory Seminar - AFIN Stephen.
Sharing Information Legally Lindsay Ould London Borough of Lewisham.
Presented by Ms. Teki Akuetteh LLM (IT and Telecom Law) 16/07/2013Data Protection Act, 2012: A call for Action1.
Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.
František Nonnemann Skopje, 10th October 2012 JHA Data protection and re-use of PSI as a tool for public control–CZ approach.
European Data Protection Supervisor TAIEX Seminar - Belgrade 9 February 2009 Principles of data protection and international legal framework Alfonso Scirocco.
Data Protection Laws in the European Union John Armstrong CMS Cameron McKenna.
Processing for archiving purposes in the GDPR
Data Protection: The Law
Data Protection and Confidentiality
Trevor Ellis Trainee Programmer (1981 – 28 years ago)
Issues of personal data protection in scientific research
General Data Protection Regulation (GDPR)
Data Protection The Current Regime
GDPR Overview Gydeline – October 2017
Data for Child Health: Promoting & Protecting Public Health through Custodianship EAP Brussels, 28 January 2016 Health Databases & Biobanks Promoting &
General Data Protection Regulation: Turning the black into white
GDPR Overview GDPR - General Data Protection Regulations
GDPR Overview Gydeline – October 2017
EU Directive 95/46/EC (Paragraph 2) “Whereas data-processing systems are designed to serve man; whereas they must Respect their fundamental rights.
Data Protection & Freedom of Information- An Introduction
GENERAL DATA PROTECTION REGULATION (GDPR)
New Data Protection Legislation
ESF Monitoring & Evaluation and Data Protection in Spain
Relocation CARNIVAL come one…come all
Report on data protection legislation Case of Romania
GDPR Workshop MEU Symposium Prague 2018
Is Data Protection a Fundamental Right Protecting the Individual?
Public Sector Information & Data Protection: A plea for personal privacy settings for the re-use of PSI Bart van der Sloot Institute for Information Law.
Public Privacy: juridical & ethical perspective
The EDPS: competences and processing of personal data in EU funds
Data Protection in Law Enforcement Area Chapter 9a of the draft law
Legal Basis: CRITERIA FOR MAKING DATA PROCESSING LEGITIMATE
Dr Elizabeth Lomas The General Data Protection Regulation (GDPR): Changing the data protection landscape Dr Elizabeth Lomas
The supervision of personal data processing by EU institutions and bodies => data protection and privacy, why it matters, for you as citizens and as EU.
Presentation transcript:

Re-use of PSI Data Protection Issues Cécile de Terwangne Professor at the Law Faculty, Research Director at CRIDS University of Namur (Belgium) 2 nd LAPSI Public Conference 23 January 2012, Brussels

Relations re-use & data protection Art. 1, § 4, PSI directive 2003/98 « This Directive leaves intact and in no way affects the level of protection of individuals with regard to the processing of personal data under the provisions of Community and national law, and in particular does not alter the obligations and rights set out in Directive 95/46/EC. » respect data prot. rules when re-use of PSI

Right to data protection is derived from but not assimilated to right to privacy: - art. 7 and 8 EU Charter Fund. Rights - art. 8 ECHR not to be restricted to confidentiality

4 When does data protection apply? Which data? Personal data = any information related to an identified or identifiable natural person not necessarily confidential data even professional data commercial data published data When data is processed by automatic means or is part of a filing system Personal data sets; isolated personal data

5 Examples possibly concerned by re-use: Commercial registers Vehicles registration Case law data bases Institutional web sites presenting members, agenda, etc. Socio-economic data Land register European Patent Office

Data Protection principles Fair processing of personal data Transparency Purpose principle: for which purposes? only data relevant in relation to the purposes Proportionality principle for the data (non excessive) for the processing (6 hypotheses) Data quality: data accurate and, where necessary, kept up to date Limited time of storage

Data Protection principles Respect of the data subjects rights: access rectification, erasure right to object Information to data subjects Security measures Notification to authority

Data protection legislation is not a prohibition legislation Except for sensitive data: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of data concerning health or sex life And for judicial data: data relating to offences, criminal convictions or security measures

9 Data Protection Principles Data protection principles having particuliar impact on PSI re-use: Purpose principle Proportionality principle Transparency principle

10 Purpose Principle Data processed for specified, explicit and legitimate purposes… and data not processed in a way incompatible with the purposes of collection (compatible = within data subjects reasonable expectations / foreseen by law)

Re-use for a specified purpose From the point of view of the public sector entity From the point of view of the re-user Purpose Principle

Re-use for incompatible purposes: Dir. 95/46: strict reading: not allowed (except historical, statistical, scientific research purposes) soft reading: OK with data subjects consent or NSauthority prior authorisation Regulation proposal: OK if consent necessary for a contract legal obligation data subjects vital interest task in the public interest Purpose Principle

consent Freely given, informed, specific (art. 2, h, Dir. 95/46) But binary (whereas nuances desirable linked to purposes/contexts) [Retractable? (review dir. 95/46: « The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal » )]

To sum up: Re-use allowed if compatible purposes historical, statistical or scientific research purposes data subjects consent NSA prior autorisation [processing is necessary for the performance of a task carried out in the public interest] Or else anonymise. ! Sensitive and judicial data Purpose Principle

15 Only relevant data in relation to the purposes of processing (re-use) Purpose Principle

16 Re-use for legitimate purposes (balancing test) Grounds to legitimate re-use: Data subjects consent (ex.: planning permissions) Re-use provided for by law (balance done in advance) Interest of re-use overriding data subjects rights and interests (ex.: re-use of data from official websites in the newspaper or in the journal of a non- profit-making association) Proportionality Principle

Only non excessive data Proportionality Principle

Transparency Principle Duty to inform data subjects on: The controller The purposes of re-use The data The recipients The existence of rights of access, to rectify, to object Possible exemptions

Thank you for your attention Cécile de Terwangne 19

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.