1 / 13

PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR

PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR. Bart van der Sloot Institute for Information Law University of Amsterdam. Tension. Tension between private and public Interests Rights Distinction between access and re-use Access: 10 ECHR & transparency government

connor-blake
Download Presentation

PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR Bart van der Sloot Institute for Information Law University of Amsterdam

  2. Tension • Tension between private and public • Interests • Rights • Distinction between access and re-use • Access: 10 ECHR & transparency government • Re-use: mostly commercial interest • Distinction between collection and distribution • Collection by government to fulfill their tasks • Distribution from government to third party

  3. PSI & DP full compliance with the principles relating to the protection of personal data in accordance with Directive 95/46/EC no way affects the level of protection of individuals with regard to the processing of personal data PSI-Directive Recital (21): “This Directive should be implemented and applied in full compliance with the principles relating to the protection of personal data in accordance with Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and of the free movement of such data.” Article 1, §4: “This Directive leaves intact and in no way affects the level of protection of individuals with regard to the processing of personal data under the provisions of Community and national law, and in particular does not alter the obligations and rights set out in Directive 95/46/EC.” And Article 2, §5: “‘personal data’ means data as defined in Article 2(a) of Directive 95/46/EC.”

  4. Topics • Personal data • Fairly and lawfully • Legitimate purpose • Information • Rights • Duties

  5. Personal data • Data relating to an identified or identifiable natural person ('data subject'); an identifiable person is one who can be identified, directly or indirectly • Anonymization • Direct personal • Indirect data > Groups (geographical information, group profiling) • Privacy by design

  6. Fairly and Lawfully (2 times) • personal data must be collected for specified, explicit and legitimate purposes • not further processed if incompatible with original purposes • adequate, relevant and not excessive • kept no longer than is necessary Who is responsible?

  7. Ground (2 times) • data subject unambiguous consent; • Opt in - Opt out (freely given, specific and informed) • Processing necessary for the public interest • Commercial (prohibitions) - Non commercial • Non sensitive – Sensitive (race, sex, political, religion) • legitimate interests pursued except where privacy interest overridden: WP: Case by case • Commercial (prohibitions)- Non Commercial • Non sensitive - Sensitive Who is responsible?

  8. Information (2 times) • no later than when the data are first disclosed • the identity of the controller • the purposes of the processing; • the categories of data concerned; • the recipients or categories of recipients; • the existence of the rights. • Who is responsible?

  9. Rights (2 times) • Right of access & information • Right of rectification, erasure or blocking • Right of notification to third parties to whom the data have been disclosed of any rectification, erasure or blocking unless disproportionate. • Right to object, especially in case of grounds of public interest and third party interest. • Who is responsible?

  10. Duties (2 times) • Confidentiality of processing • Security of processing • Transfer to a third country of personal data only if the third country in question ensures an adequate level of protection. • Who is responsible?

  11. Who is responsible? • 'processor' anybody that processes personal data on behalf of the controller; - No Duties • 'controller' anybody who alone or jointly with others determines the purposes and means of the processing of personal data • Third party requesting re-use = controller (Fairly &Lawfully, Grounds, Information, Rights, Duties) • Government is responsible: • Original controller • Provider • Legislator & enforcer

  12. Problem? • full compliance with the principles relating to the protection of personal data in accordance with Directive 95/46/EC • no way affects the level of protection of individuals with regard to the processing of personal data

  13. Proposal • Access: right of privacy - right of access • Re-use: No right - Economical asset. • Two times minimum harmonization • Clarification might be necessary • In Data Protection Directive • In Public Sector Information Directive • In Code of Conduct • In Best current practices • Academic debate

More Related