1 / 43

Concept for deliverable on privacy issues on pan-European White Pages service

Concept for deliverable on privacy issues on pan-European White Pages service. 3rd TF-LSD Meeting Antalya, 13.5.2001 Peter Gietz Peter.gietz@DAASI.de. Agenda. Preliminary remarks European privacy legislation Other texts on the matter Privacy issues of the CIP WPS

ahornsby
Download Presentation

Concept for deliverable on privacy issues on pan-European White Pages service

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Concept for deliverable onprivacy issues on pan-European White Pages service 3rd TF-LSD Meeting Antalya, 13.5.2001 Peter Gietz Peter.gietz@DAASI.de

  2. Agenda • Preliminary remarks • European privacy legislation • Other texts on the matter • Privacy issues of the CIP WPS • Organizational and technical solutions

  3. Personal Statement • Privacy legislation is • not a bug it´s a feature • Not a burden but a good thing • Not the technical possibilities count but the feasability of these possibilities

  4. Discussion features • Privacy discussion is more focused on e-Commerce than on directories • Legislation more complies to data servers, not indexing system

  5. International Issue • European solution is only half the way to go • Worldwide regulations exist (OECD, UN) • 40 countries around the world have enacted, or are preparing to enact privacy legislation • E.g.: Switzerland, Hungary, Kanada, AustraliaHong Kong, Taiwan, Japan, Malaysia, South Korea. • „The US has isolated itself from the rest of the world“ (EPIC) • Only has legislation for Federal authorities • Possible solution: „Safe Harbor“

  6. Safe Harbor • Organized by Department of Commerce • Catalogue of adequate processing rules for data from Europe • Companies can proclaim their committment • www.export.gov/safeharbor

  7. Codes of Conduct • Selfdefined rules to comply with EU-regulations • One for customer data and one for employee data • Privacy statements • Formalizeable see P3P initiative of W3 Consortium

  8. OECD Regulations • OECD Recommendation concerning and Guidelines governing the protection of privacy and transborder flows of personal data, O.E.C.D. Document C(80)58(Final), October 1, 1980 • http://www.rewi.hu-berlin.de/Datenschutz/International/1980_oecd_privacy_guidelines.txt • Promotes selfregulatory measures

  9. United Nations Regulation • Guidelines concerning computerized personal data files, adopted by the General Assembly on 14 December 1990 • http://www.datenschutz-berlin.de/recht/int/uno/gl_pbden.htm

  10. 1995 Directive • Directive on the protection of individuals with regard to the processing of personal data and on the free movement of such data (95/46, October 1995) • http://www.privacy.org/pi/intl_orgs/ec/eudp.html • Preamble: • Data-processing systems are designed to serve man • Data should be able to flow freely • But: They must respect the fundamental freedoms and rights

  11. Article 1: Object of the directive • Member states shall protect the right to privacy with respect to the processing of personal data • but shall not restrict or prohibit free flow of information between member states

  12. Article 2: Definitions • „personal data“: any information relating to an identifiable natural person (called „data subject“) White Pages data • „processing“: (whether or not automated) collection, storage, retrieval, dissemination, erasure etc. storage, update, replication and retrieval • „personal data filing system“: structured set of personal data which are accessible according to specific criteria, whether centralized or decentralised, ... Directory Service

  13. Definitions contd. • „controller“: natural or legal person, public authority, agency that determines the purpose and means of the processing Designer of Directory service • „processor“: natural or legal person, etc. which processes personal data on behalf of the controller Data manager • „third party“: natural or legal person, etc. other than the data subject, the controller or the processor, or the person who is authorized to process the data all others

  14. Definitions contd. • „recipient“: natural or legal person, etc. natural or legal person, etc. to whom data are disclosed, whether third party or not, but not inquiring authorities  Directory service user • „the data subject‘s consent“: any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed ?? See below

  15. Article 3: Scope • Processing of data wholly or partly by automatic means and nonautomatic if part of a filing system. • But not in cases of public security, defence, State security and activities of the State in areas of criminal law • And not if done by a natural person in the course of purely personal or household activity

  16. Article 6: principals • Fairly and lawfully • Collected for specified, explicit and legitimate purpose and not further processed incompatible to that. • Historical, statistical or scientifical purposes are never incompatible • Adequate, relevant and not exessive • Accurate and up to date • Identifyable not longer than neccessary

  17. Article 7: Criteria • Data subject consented or • If neccessary for the performance of a contract to which the data subject is party or • For compliance with legal obligation of controller or • To protect vital interest of the data subject or • To perform a task carried out in the public interest ... • For the purpose of the legitimate interest of the controller or recipient except if against interest or fundamental rights of the data subject

  18. Article 10/11 Information • Controller has to inform data subject about: • Identity of controller • Purpose of processing • Recipients of the data • Existence of the right of access and rectify the data • Whether controller asks the data from data subject or gets them otherwise

  19. Article 12: Right of Access • Data subject has the right to obtain from controller: • Without constraint at reasonable intervals without excesive delay • Confirmation whether or not data about him are processed, for what purpose, which data categories and recipients • Form and logic of the processing • Rectification, erasure or blocking of data • Notification of recipients about rectification etc., unless this prooves impossibleor involves dispropriate effort

  20. Article 14: Right to object • Data subject has the right • to object to the processing • on compelling legitimate grounds • Especially if data are to be used for direct marketing

  21. Article 17: Security • Controller must implement measures to protect personal data against: • Accidental or unlawful destruction or loss • Unauthorized alteration, disclosure or access • Especially when processing involves transmission over a network • Apropriate to the risks • Processor must be governed by a contract or legal act binding in writing or equivalent form

  22. Article 25: Transfer to third countries - Principals • Third country must ensure an adequate level of protection • Member state shall take measures necessary to prevent transfer to such a country • Commission shall enter into negotiations with a view to remedying the situation • Member states shall take the necessary measures to comply with the Commision‘s decision

  23. Article 26: Transfer to third countries - Derogations • Transmission to Countries with unadequate privacy legislation may take place if: • Data subject has given his consent or • Neccessary for performance of a contract between data subject and controller or • Contract between controller and third party in the interest of data subject or • On important public interest grounds or

  24. Derogations contd. • To protect vital interest of data subject or • Transfer is made from a register which according to laws or regulations is intended to provide information to the public and which is open to consultation either by the public in general or by any person who can demonstrate legitimate interest, to the extent that the conditions laid down in law for consultation are fulfilled in the particular case

  25. Article 29: Working Party • Working party on the protection of individuals with regard to the processing of personal data is hereby set up. • WG with Chair, secretary and rules of procedure • Independent advisory status • Gives opinion on the level of protection in the comunity and in third countries

  26. Working Party • Composed a number of documents on Transfer of personal data to third countries: • Defining what constitutes adequate protection • Possible ways forward in assessing adequacy • On processing of personal data on the Internet • Recommendation 1/99 on Invisible and automatic processing of personal data on the Internet performed by software and hardware • ...

  27. 1997 Directive • Directive concerning the processing of Personal data and the protection of privacy in the telecommunications sector (97/66/EC, 15. December 1997) • http://europa.eu.int/ISPO/infosoc/telecompolicy/en/9766en.pdf • Enhancement of the 1995 directive for the telecommunications sector, especially ISDN and mobile networks

  28. Article 2: Definitions • „subscriber“: any natural or legal person that is party to a contract with the provider of publicly available telecommunications service • „user“: any natural person using such a service for private or business purpose, without neccessarily having subscribed to it

  29. Definitions contd. • „public telecommunications network“: transmission system and switching equipment and other resources which are used in whole or in part for the provision of publicly available telecommunications service • „ telecommunications service“: service that consists wholly or partly in the transmission and routing of signals on telecommunications network, with the exception of radio- and TV-broadcasting

  30. Article 11: Directories • Personal data contained in printed or electronica directories of subscribers available to the public should be limited to what is neccessary to identify a particular subscriber unless the subscriber has given his consent to the publication of additional personal data.

  31. Other European texts • COM(99) 337 final: Proposal for a regulation of the European Parliament for the protection of natural persons at the processing of personal data by organs and institutions of the Community and for the free flow of data, 1999 • Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data, Council of Europe, European Treaty Series No. 108. Signed January 28, 1981

  32. Other valuable texts • SURFnet: Privacy aspects of directory Services – Directory Services and the changes in privacy legislation – new boundaries for a new paradise [no date, but seems quite new] • Arbeitskreis „Technische und organisatorische Datenschutzfragen“: Datenschutzrechtliche Aspekte beim Einsatz von Verzeichnisdiensten [Privacy legislation aspects of using directory services], 26.10.2000

  33. Other valuable texts • Catherine Treca (CNRS/UREC), Erik Huizer (SURFnet): An overview of international privacy issues concerning the provision of Directory Services (Draft sent to IETF ids WG 21.7.1994 [sic]) • Work of the The RARE WG on Networked Application Services and the IETF ids WG • Who knows what came out of this?

  34. Other texts • RFC 1355: J.Curran (NNSC), A. Marine (SRI): Privacy and accuracy issues in Network Information Center databases, August 1992

  35. Privacy Issues • Controller and processor are the maintainers of the actual data server • Do the maintainer of the index service have the same legal bindings to the data subject? • If not all data subjects have consented to transmission to unadequate legislation countries, transmission to those countries has to be prevented

  36. Solutions Thanks to SURFnet

  37. Organizational Solutions • Define and stick to purpose of service • Call for a data protection officer • Define who is the controller and who is processor • Define and restrict population of data subjects • Define procedures how the data are gathered and processed • Inform data subjects about e.g. via email: • Who collected data • What data • For what purpose • About the rights of the data subject

  38. Organizational Solut. contd. • Define procedure of informing the data subjects about rights and data updates • Define how data subjects can make use of their rights (e.g. via signed e-mail, Web-Formular) • Better have user consent when he applies for a user account • Only collect minimum set of data attributes • Publish and disseminate all organizational definitions in a policy text

  39. Technical Solutions • Establish adequate security agains loss, damage and unlawful access or manipulation of the data • Restrict maximum number of retrievable entries • Disallow wildcards • Restrict number of searchable attributes • Do robots detection and refuse services to them • Restrict access to user from countries with adequate privacy legislation • Disallow access from proxies

  40. Technical Solut. contd. • Encrypt Indexobjects while on the net • Define Crawler policies • Only let registered crawlers access the data • Enforce digital signatures for e-Mail-consent of the data subjects

  41. Proposed structure of deliverable • Discussion of EU-Regulation • Generic description of CIP index system • Privacy issues of the system • Organizational and technical solutions

  42. How to proceed? • Should be restrict ourselfes to EC-Direcive or interprete othe mentioned regulatory texts? • How detailed should we be? • How much of the directive should we quote? • Should a template privacy policy text be included? • Does it make sence to contact Working Party?

  43. How to proceed? Contd. • Who will actively join this work? • I intend to get the first draft version out soon • But the matter is very difficult and it is easy to make mistakes

More Related