120 likes | 126 Views
Dataprotection , databases and related issues. Dr. Katrin Nyman-Metcalf. Data Protection. Data protection is a key issue in a modern information society Human right to privacy (Art.8 ECHR, etc.)
E N D
Dataprotection, databases and related issues Dr. Katrin Nyman-Metcalf
Data Protection • Data protection is a key issue in a modern information society • Human right to privacy (Art.8 ECHR, etc.) • The development of information society must not undermine people’s sense of security or the protection of their fundamental rights. • Albanian Law on Data Protection 2008 • Importance of implementing structures • Data protection commissioner
Data protection and access to information • Some data protection issues are the same regardless of whether the data is kept in traditional hard copy form or electronically. • There are different risks involved with electronic data, the protection legislation is extra important. • Access to information (Public information) legislation should determine the criteria for getting information. • Data protection legislation safeguards the information. • The laws fulfil different but complimentary tasks and both laws should focus on the content of information rather than its form.
Access to electronic information • There may be a need for law or regulations (other secondary legal acts) to make access to electronic information practically possible, as this will be different from traditional hard copy material. • Generally the law should not be special for access to electronic information. • Classified information law must be compatible with the public information law • Any exceptions from access clear and transparent. • The form of the information should not matter, only the content.
Data Protection Commissioner • Key role in drafting regulations or other secondary legislation • Essential for the implementation of laws (on e.g. e-documents or e-commerce) • Important for NAIS to work with the Commissioner, creating good data processing principles and practices. • To be in line with the Directive, the Commissioner shall be independent from government.
Examples of secondary legislation • Terminology • How to give consent, how to make sure that the person who gives consent understands what he/she is consenting to, what this will mean, etc. • Standards for e.g. freedom of speech exception through guidelines.
Importance of practice • Build up a body of case law. • Not only cases from courts but also decisions from the Commissioner (or any other relevant bodies). • Article 11 Data Protection Law and the reference to freedom of speech as a basis for exceptions from data protection provisions is an example of an area where case law is needed. • It is not possible to describe in detail the exceptions in law, but it is important that case law is accessible and can form a basis for setting the standards.
Law on Public Information • May contain provisions on databases • Example: Estonian Law (previously special law on databases, now a section in the Law on Public Information) • Definition of databases: an organised collection of information, regardless of if using ICT or traditional means (or both) • Practical issues, access issues and data protection issues differs depending on form but legal protection should be the same • Who is owner of the data? Rights of users of information. • Data services are the priority, not data collection
Databases • Special rules for State and local government databases/registers (integrated system) • Responsible body (Ministry or other) for databases and for the integrated system must be designated • Each database has a responsible administrator • Registration of databases including verification of technical systems • Public access to databases (in line with general principles for access to information) • Cross institutional interoperability
Setting up a database • Database set up through law or a legal act based on law. • Prohibited to set up separate databases for the same information. • Before the creation/amendment of the database the technical documentation should be coordinated with the responsible Ministry and the Data Protection Commissioner (and possibly other bodies) • Databases for internal work or exchange of documents between authorities that are not part of the state information system do not have to be coordinated • The details on coordination should be set out in regulations • Rules on termination of databases
Basic rules for databases • Basic act of the database, setting out fundamental rules (composition of information, providers of it, administrator) • Obligations and possibilities to provide information to the database • Basic data: what it is and who can change it • Basic data should be in one main database and emanate from this database • Changes made in one database and reflected where necessary • Special systems/methods for exchange of data between databases, for how databases communicate with one-another • System to ask for data only once
Databases • Components of the integrated system. Database of databases – responsibility of institutions to give metadata about their databases. • Finance principles • Regulate the supporting systems of the framework: • System of unified classifications • Address system • Geodetic system • System of data security measures of databases • Environment of sharing data (data exchange system between registers) • What services need authorization and authentication? • Auditing of databases