Presentation is loading. Please wait.

Presentation is loading. Please wait.

22 April 2014, Cavalieri Hotel, St. Julians, Malta Data protection and Privacy Laws Dr Oleksandr (Alex) Pastukhov Senior Lecturer Dept. of Information.

Published byOwen Efurd Modified over 9 years ago

Similar presentations

Presentation on theme: "22 April 2014, Cavalieri Hotel, St. Julians, Malta Data protection and Privacy Laws Dr Oleksandr (Alex) Pastukhov Senior Lecturer Dept. of Information."— Presentation transcript:

1 22 April 2014, Cavalieri Hotel, St. Julians, Malta Data protection and Privacy Laws Dr Oleksandr (Alex) Pastukhov Senior Lecturer Dept. of Information Policy & Governance

2 Privacy and Data Protection Privacy - Often defined as “The right to be let alone.” Samuel D. Warren & Louis D. Brandeis, The Right to Privacy, 4 Harv. L. Rev. 193 (1890). The claim of individuals to determine for themselves when, how and to what extent information about them is communicated to others. Data protection laws provides rules on who, how and when personal information can be used.

3 Why do we value privacy? Privacy is not universally valued. It is considered important in Western democratic societies as crucial for democracy and freedom. C. Fried: Privacy is required to achieve other ends. (e.g., friendship, love, carreer) J. Rachels: Privacy is important to maintain a diversity of relationships. The more I reveal, the more intimate the relationship is.

4 What is at stake? What do we stand to lose along with our privacy? Our freedom from intrusion (into our personal “space”) Our freedom from surveillance Our freedom to act as we choose Our freedom of movement Our time, money, and other resources Ultimately… our lives

5 Overview of Areas of Privacy Four areas of privacy from the legal standpoint: 1. Publication of private facts 2. Intrusion (or invasion) into one’s privacy 3. Portrayal of someone in a “false light” 4. Appropriation, or unauthorized commercial exploitation of one’s identity.

6 What’s the big deal? People have been collecting personal information about others for centuries if not millennia. Why is privacy such a concern all of a sudden? Computers The scale of information gathering The types of information that is gathered The scale of information distribution and exchange The effect or magnitude of impact of erroneous data The length of time that the info endures

7 Informational privacy Catered for in the EU through the data protection (DP) legislation Personal data is any information related to one’s personal identity Have been kept on paper before the advent of the computer, e.g. the East German Stasi (secret police, had files on 6 million people (about 1 in 3 adults) before the fall of the Berlin Wall)

8 Where is the information stored? Government Databases: Birth Marriage and Death data Educational records (Schools, including psychological testing results) Police (arrests, convictions, warrants, etc.) Tax Departments (earnings, taxes) Motor vehicles (ownership, accidents) Books checked out of libraries Medical records

9 Where is the information stored? (con’t) More Government Databases: National Security - Informants, potential agents, Military records etc. Welfare (social security, unemployment, benefits, etc.) Voter registration Relocation and address change (post office)

10 LIT1001 – Lectures 2 & 3 Where is the information stored? (con’t) Private/Corporate databases: Financial (banks, credit cards, loans, purchases) Medical records (insurance companies) Subscription and membership lists Video rental records, books purchased, telephone records Employment files, airline travel record AND MANY MORE! See the “The Database State” Report (UK, 2009)

11 What is Personal Data? “Any Information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity”

12 DPA - Actors Data Subject “A person who alone or jointly with others determines the purposes and means of the processing of personal data” “A natural person to whom the personal data relates” Data Controller Data Processor “A person who processes personal data on behalf of a controller”

13 Processing Any operation or set of operations which is taken in regard to personal data, whether or not it occurs by automatic meanscollectionrecording organization storage adaptation alteration retrieval gathering erasureusedisclosure dissemination alignment combination blocking destruction

14 Sensitive Personal Data Personal data that reveals race or ethnic origin, political opinions, religious or philosophical beliefs, membership of a trade union, health, or sex life

15 The Data Protection Principles - Fair And Lawful Processing - In accordance with good practice - collected for specific, explicitly stated and legitimate purposes - Not be processed for any purpose that is incompatible with that for which the information is collected - Processing adequate and relevant in relation to the purposes of processing - No more Personal Data is processed than is necessary and is not kept for a period longer than necessary - Correct and up to date - All reasonable measures are taken to complete, correct, block or erase incomplete or incorrect data

16 Criteria for Processing - when data subject has unambiguously given his consent - necessary for the performance of a contract - necessary for compliance with a legal obligation of the controller - to protect the vital interests of the data subject - necessary for the performance of an activity that is carried out in the public interest or in the exercise of official authority vested in the controller or in a third party to whom the data is disclosed -necessary for a purpose that concerns a legitimate interest of the controller or of such third party to whom personal data is provided, except where such interest is overridden by the interest to protect the fundamental rights and freedoms of the data subject and in particular the right to privacy

17 Right of Access Right of data subject to obtain access to data held concerning them Rectification of any errors discovered therein Controller to provide at the request of the data subject, without excessive delay and without expense, written information as to whether personal data concerning the data subject is processed Requests to be made at reasonable intervals Requests to be made in writing and to be signed by data subject

18 Information to Data Subject Controller to provide data subject with at least the following information: - Identity, habitual residence or principal place of business of the controller and of any other person authorized by him in that behalf - The purposes of the processing for which the data are intended - Any further information to matters such as: the recipients or categories of the recipients of data, reply procedures, the existence of the right to access, the right to rectify, and, where applicable, the right to erase the data concerning him/her - Such further information as necessary, having regard to the specific circumstances in which the data are collected, to guarantee fair processing

19 Rectification of Data Obligation of controller, at request of data subject, to immediately rectify, block or erase such personal data that has not been processed according to the DPA Controller to notify the third party to whom that data has been disclosed about the measures taken in order to effect the rectification Such notification need not be provided if it is shown that it is impossible or it will involve disproportionate effort

20 Notification Obligations Controller to notify the Data Protection Commissioner before carrying out any wholly or partially automated processing operation or set of such operations intended to serve a single purpose or several related purposes

21 Notification by the Controller to the Commissioner the name and address of the data controller and of any other person authorized by him in that behalf, if any the purpose or purposes of the processing a description of the category or categories of data subject and of the data or categories of data relating to them the recipients or categories of recipient to whom the data might be disclosed proposed transfers of data to third countries a general description allowing a preliminary assessment to be made to ensure security of processing

22 Derogation from Notification When the Controller appoints a Personal Data Representative the notification obligations as found in the DPA shall cease Controller to notify Commissioner on the appointment or removal of a Personal Data Representative Commissioner may prescribe on simplification or exemption from notification in cases in which it is unlikely that the rights of the data subject are prejudiced

23 Security Measures Appropriate technical and organizational measures to protect the personal data against accidental destruction or loss and unlawful processing. To be considered: - - Technical possibilities available - - Cost of implementing security measures - - Special risks that can exist in the processing of personal data - - Sensitivity of the personal data being processed

24 Privacy in the 21 st century The age of BIG data

25

26 Google Streetview

27

28 iPhone location data

29

30

31

32 Biometrics

33 And then… connect them all up at one place, e.g. a place like this

34 Cloud computing Sharing resources and avoiding double effort Staying online 24/7 and working from anywhere Who has jurisdiction? Whose laws apply? How to obtain evidence? Will it be recognised? How to enforce the ruling?

35 So… is privacy dead? Applying accepted principles, e.g. informational self-determination to new technological frameworks Applying accepted data protection principles within new technological frameworks Technological Neutrality Legal Certainty

36 Thank you for your attention! E-mail: oleksandr.pastukhov@um.edu.mt Web: www.um.edu.mt/maks/ipg/

Download ppt "22 April 2014, Cavalieri Hotel, St. Julians, Malta Data protection and Privacy Laws Dr Oleksandr (Alex) Pastukhov Senior Lecturer Dept. of Information."

Similar presentations

Re-use of PSI Data Protection Issues Cécile de Terwangne Professor at the Law Faculty, Research Director at CRIDS University of Namur (Belgium) 2 nd LAPSI.

Re-use of PSI Data Protection Issues Cécile de Terwangne Professor at the Law Faculty, Research Director at CRIDS University of Namur (Belgium) 2 nd LAPSI.
PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR

PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR
Data Protection & Privacy in the Information Age COMNET – Legal Frameworks for ICTs Malta 2013 Dr Antonio Ghio Dr Jeanine Rizzo.

Data Protection & Privacy in the Information Age COMNET – Legal Frameworks for ICTs Malta 2013 Dr Antonio Ghio Dr Jeanine Rizzo.
DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
Convention for the protection of individual with regard to automatic processing of personal data “The purpose of this convention is to secure in the territory.

Convention for the protection of individual with regard to automatic processing of personal data “The purpose of this convention is to secure in the territory.
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Data Protection.

Data Protection.
DATA PROTECTION and Research University Research Ethics Committee – 08.05.2006 David Cauchi Office of the Data Protection Commissioner.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.

What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
ILONA GAVRONSKA GROUP IL-41 INTERNATIONAL LAW DEPARTMENT KYIV - 2011 NATIONAL ACADEMY OF SCIENCES OF UKRAINE KYIV UNIVERSITY OF LAW.

ILONA GAVRONSKA GROUP IL-41 INTERNATIONAL LAW DEPARTMENT KYIV NATIONAL ACADEMY OF SCIENCES OF UKRAINE KYIV UNIVERSITY OF LAW.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview

Data Protection Overview
The Data Protection Act

The Data Protection Act
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.

 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
Data Protection and You Your Rights & The Law Registration Basics Other Activities Disclaimer: This presentation only provides an introductory info. Please.

Data Protection and You Your Rights & The Law Registration Basics Other Activities Disclaimer: This presentation only provides an introductory info. Please.
LexisNexis Confidential EU Privacy Framework Michael Lamb LexisNexis Risk Solutions Vice President and Lead Counsel: Regulatory, Privacy & Policy May 19,

LexisNexis Confidential EU Privacy Framework Michael Lamb LexisNexis Risk Solutions Vice President and Lead Counsel: Regulatory, Privacy & Policy May 19,
The Data Protection Act 1998 The Eight Principles.

The Data Protection Act 1998 The Eight Principles.
OCR Nationals Level 3 Unit 3.  To understand how the Data Protection Act 1998 relates to the data you will be collecting, storing and processing  To.

OCR Nationals Level 3 Unit 3.  To understand how the Data Protection Act 1998 relates to the data you will be collecting, storing and processing  To.
Data Protection Act AS Module 1 10.8 Heathcote Ch. 12.

Data Protection Act AS Module Heathcote Ch. 12.

Similar presentations

Ads by Google