Presentation is loading. Please wait.

Presentation is loading. Please wait.

Independent Centre for Privacy Protection Schleswig-Holstein

Published byRosamund Carter Modified over 6 years ago

Similar presentations

Presentation on theme: "Independent Centre for Privacy Protection Schleswig-Holstein"— Presentation transcript:

1 Independent Centre for Privacy Protection Schleswig-Holstein
Mobile Web Privacy Lukas Gundermann Independent Centre for Privacy Protection Schleswig-Holstein

2 Basic Notions Self determination with regard to personal data: The right to control who gets which personal information at which opportunity Personal data (data relating to a person): Any information concerning the personal or material circumstances of an identified or identifiable individual (the data subject). Data protection: Not protection of data but protection of people against unauthorised use of personal data (= privacy) Data security: means of data protection Independent Centre for Privacy Protection Schleswig-Holstein Mobile Web Privacy - 2 / 13

3 Location Data as “Classic” Traffic Data
in Telecommunication Traffic data: Information about the circumstances of a telecommunication process E.g.: Who called whom at which time? X While the phone is on stand-by(?) With the GSM standard also: In which cell is the mobile phone located X While a communication process is going on Independent Centre for Privacy Protection Schleswig-Holstein Mobile Web Privacy - 3 / 13

4 Location Data as “Classic” Traffic Data
in Telecommunication Consequences: There is already the danger of creating a profile of the movement of the user Due to the size of the cells it is only rough As far as it is known the telecommunication providers X X Store the location information about the active telecommunication processes (Legal competence?) Don’t store the mere stand-by signal Independent Centre for Privacy Protection Schleswig-Holstein Mobile Web Privacy - 4 / 13

5 Additional Personal Data on the Internet
With the internet (especially the www) new information emerge Traffic data contains additional information regarding the services customers use Without encryption that information can be easily tapped on the way through the net More important: It can be collected at the web server, a user profile can be created (especially with banner ad companies) Independent Centre for Privacy Protection Schleswig-Holstein Mobile Web Privacy - 5 / 13

6 Bringing it all together: The Mobile Web
For the intended services the location information must be much more precise Tracking user’s movements is part of the service, this can include creating a profile The services will be offered by third parties - There will be a greater number of recipients of data Conclusion: A greater volume of more precise location data will be spread to a larger number of persons and organisations Independent Centre for Privacy Protection Schleswig-Holstein Mobile Web Privacy - 6 / 13

7 Solutions: Consent of the Users 1
Absolutely crucial: Users have to give their clear and unambiguous consent It must be an informed consent, meaning that users have to be well informed about which data will be collected, for what purpose they will be used when they will be deleted etc Problem: Is there a gradation of consent? Independent Centre for Privacy Protection Schleswig-Holstein Mobile Web Privacy - 7 / 13

8 Solutions: Consent of the Users 2
Gradation of consent: Allowing some services to receive location data, others not Data processing is limited to the consented purposes; for different purposes a new consent would be necessary A special consent is necessary for transfer of data to third parties Users must have access to their own personal data and profile Independent Centre for Privacy Protection Schleswig-Holstein Mobile Web Privacy - 8 / 13

9 Solutions: Consent of the Users 3
Important: Having the possibility to withdraw the consent at any time for the whole service or only for parts of it An appropriate legal framework is necessary but not sufficient. There also have to exist technical means for this kind of consent-management Independent Centre for Privacy Protection Schleswig-Holstein Mobile Web Privacy - 9 / 13

10 Solutions: Anonymity / Pseudonymity
For delivering the service it is not always necessary to know the users identity What is necessary is to link a profile to always the same user There are also more or less pseudonymous or anonymous techniques of payment available Pseudonymous profiling would also be permitted according to the German law (Teleservices Data Protecion Act) Independent Centre for Privacy Protection Schleswig-Holstein Mobile Web Privacy - 10 / 13

11 Legal Framework 1 European law: The 1997 directive (97/66/EG) on protection of telecommunication data covers location data as subspecies of traffic data Processing of this kind of data is only permitted if necessary for the service itself or for billing purposes A proposal for a new directive makes it even clearer: It has special provision for location data According to that provision location data can only be processed if made anonymous or with the user’s consent. There is one exception that needs to be discussed Independent Centre for Privacy Protection Schleswig-Holstein Mobile Web Privacy - 11 / 13

12 Legal Framework 2 German law: The 1996 Telecommunication Act (TKG) covers location data as traffic data in telecommunication Processing is only permitted if necessary for the service or for billing purposes and some purposes that are closely connected The 1997 Teleservices Data Protection Act covers the processing of personal data by ISPs It applies also on the web based services that work with location data. The provisions are alike the ones of the TKG, but in addition the Act allows pseudonymous profiling. Independent Centre for Privacy Protection Schleswig-Holstein Mobile Web Privacy - 12 / 13

13 Conclusions There are first steps towards a legal framework for mobile web applications in Europe , nevertheless there is still some work to be done Most important at the time being is to develop mobile devices that give users control over their location data It is necessary not to have only a general option but to be able to give a graduated consent and withdraw it at any time Besides, technical means should be developed, that serve the principle of minimisation of data and allow the anonymous provison of mobile web services. Independent Centre for Privacy Protection Schleswig-Holstein Mobile Web Privacy - 13 / 13

Download ppt "Independent Centre for Privacy Protection Schleswig-Holstein"

Similar presentations

Public Sector Information & Data Protection: A plea for personal privacy settings for the re-use of PSI Bart van der Sloot Institute for Information Law.

Public Sector Information & Data Protection: A plea for personal privacy settings for the re-use of PSI Bart van der Sloot Institute for Information Law.
PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR

PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
CcTLD Meetings Rome 2004 WHOIS & Data Privacy Jean-Christophe Vignes Registry Liaison Manager.

CcTLD Meetings Rome 2004 WHOIS & Data Privacy Jean-Christophe Vignes Registry Liaison Manager.
CHARTERED SECRETARIES AUSTRALIA New Privacy Laws 6 June 2013.

CHARTERED SECRETARIES AUSTRALIA New Privacy Laws 6 June 2013.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,

1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,
The European Union legal framework for clinical data access: The European Union legal framework for clinical data access: potential challenges and opportunities.

The European Union legal framework for clinical data access: The European Union legal framework for clinical data access: potential challenges and opportunities.
1 Pertemuan 7 Points of Exposure Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.

1 Pertemuan 7 Points of Exposure Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.
Lecture to Carleton University, Center for European Studies, December 1, 2010.

Lecture to Carleton University, Center for European Studies, December 1, 2010.
Property of Common Sense Privacy - all rights reserved 01875340890 THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.
Lawyer at the Brussels Bar Lecturer at the University of Strasbourg Assistant at the University of Brussels Data Protection & Electronic Communications.

Lawyer at the Brussels Bar Lecturer at the University of Strasbourg Assistant at the University of Brussels Data Protection & Electronic Communications.
- 1 UNCITRAL Colloquium on Electronic Commerce Legal issues of m-commerce with regard to the principles of technological neutrality and functional equivalence.

- 1 UNCITRAL Colloquium on Electronic Commerce Legal issues of m-commerce with regard to the principles of technological neutrality and functional equivalence.
Privacy Issues with Vehicle Event Recorders Prof. Dr. Hansjürgen Garstka European Academy for Freedom of Information and Data Protection Berlin, Germany.

Privacy Issues with Vehicle Event Recorders Prof. Dr. Hansjürgen Garstka European Academy for Freedom of Information and Data Protection Berlin, Germany.
City Hall of Iasi Ethics in e-guidance, privacy and security devices Date: 05.06.2009 Author: Cristina Nucuta.

City Hall of Iasi Ethics in e-guidance, privacy and security devices Date: Author: Cristina Nucuta.
Who am I? Mats Ohlin Swedish Defence Materiel Administration (FMV) IT Security area –International Standardisation: ISO/IEC JTC 1/SC 27/WG 3 (Security.

Who am I? Mats Ohlin Swedish Defence Materiel Administration (FMV) IT Security area –International Standardisation: ISO/IEC JTC 1/SC 27/WG 3 (Security.
Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.

Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.
Ioannis Iglezakis Directive on privacy and electronic communications.

Ioannis Iglezakis Directive on privacy and electronic communications.
The Data Protection Act 1998 The Eight Principles.

The Data Protection Act 1998 The Eight Principles.
Web-site Design Strategy.  For P4, learners are required to design a website for LocalBiz - Manningham, this is for a specified purpose and a defined.

Web-site Design Strategy.  For P4, learners are required to design a website for LocalBiz - Manningham, this is for a specified purpose and a defined.

Similar presentations

Ads by Google