1 / 25

Technology– the Data Protection Challenge

Technology– the Data Protection Challenge. Billy Hawkes Data Protection Commissioner. HEAnet Conference Kilkenny, 13 November 2009. Ubiquitous Technology. Part of daily life Increased reliance – especially on Information Technology The Internet - Major Benefits

shafira-ramos
Download Presentation

Technology– the Data Protection Challenge

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Technology– the Data Protection Challenge Billy Hawkes Data Protection Commissioner HEAnet Conference Kilkenny, 13 November 2009

  2. Ubiquitous Technology • Part of daily life • Increased reliance – especially on Information Technology • The Internet - Major Benefits • What would we do without search engines? • What would teenagers do without social networking/Instant Messaging? • The Future “Technology of Things”?

  3. New Technologies • Geo-location • RFID (Radio Frequency IDentification) • Biometrics • DNA

  4. Lots of Personal Data …. • Increased commercial and State gathering of personal information and “data mining” • Temptation to present Privacy as an obstacle rather than an entitlement But • Increasing appreciation that privacy protection is good customer service and a “bottom line” issue

  5. Technology and Data Protection • Data Protection Law developed in response to proliferation of Information Technology • Recognition that capacity to process and link personal information could be a threat to privacy • Data Protection Law originally applied only to electronic processing of personal information

  6. EU & Irish Legislation Data Protection Directive 95/46/EC Electronic Privacy Directive 2002/58/EC EUROPOL etc Police & Justice Decision 2008/977/JHA Data Protection Acts 1988 & 2003 EC Electronic Privacy Regulations 2003 (SI 535/2003) and 2008 (SI 526/2008) Corresponding Acts (to be transposed)

  7. Fair obtaining & processing Consent Specified purpose No disclosure unless “compatible” Safe and secure Accurate, up-to-date Relevant, not excessive Retention period Right of access The Data Protection Rules

  8. Data Protection & e-government • Drive for more customer-friendly public services, with maximum e-delivery • Data sharing within government: how far? • Convenience & efficiency V Privacy • Govt working on framework for Identity Management and Privacy

  9. Privacy & State Security • Shifting balance in “post 9-11” world • Data Retention, CCTV, Data Sharing, Border Controls – “Surveillance Society”? • Proposed Compulsory biometric ID Card for non-nationals; towards National Identity Card? • Intensified police/immigration cooperation

  10. Things go Wrong ….. • Jobs.ie • Blood Transfusion Service • Garda/Social & Family Affairs/Revenue • TK Maxx • UK: HMRC (Revenue), HSBC Bank

  11. Eurobarometer 2008

  12. Eurobarometer 2008

  13. Eurobarometer 2008

  14. Eurbarometer 2008

  15. Eurobarometer 2008

  16. Change Happening: Data Security • Consensus on need for Action • More Data Breach Reports • Public Pressure for action • Department of Finance Guidelines for Public Service • Working Group on possible need for change in Irish Legislation • Data Breach reporting obligation in new EU ePrivacy Directive • Commitment to broader EU measure?

  17. Change Happening: Ireland • More emphasis on enforcement of data protection law • Successful prosecutions for “Spam” • Greater use of audit powers (including “dawn raids” where necessary) • Focus on “big picture” as well as individual complaints

  18. Lisbon Treaty Article 16 Treaty on the Functioning of the Union • 1. Everyone has the right to the protection of personal data concerning them. • 2. The European Parliament and the Council, acting in accordance with the ordinary legislative procedure, shall lay down the rules relating to the protection of individuals with regard to the processing of personal data by Union institutions, bodies, offices and agencies, and by the Member States when carrying out activities which fall within the scope of Union law, and the rules relating to the free movement of such data. • Compliance with these rules shall be subject to the control of independent authorities. …..

  19. “Stockholm Programme” • EU Commission Communication “An area of Freedom, Security and Justice serving the Citizen” (June 09) • The Union must establish a comprehensive personal data protection scheme covering all areas of EU competence • The Union must be a driving force behind the development and promotion of international standards for personal data protection and in the conclusion of appropriate bilateral or multilateral instruments. (Work with USA quoted approvingly)

  20. Future Change: EU Legal Framework • Study commissioned by UK Information Commissioner (“Rand Report”) discussed By European DPAs in April 09 • Study acknowledged strengths of EU system but declared it “not fit for purpose” • EU Commission Data Protection Conference, May 2009 • Public Consultation on the legal framework for the protection of the fundamental right for the protection of personal data – launched July, finishes December 09 • Revised horizontal Directive 2012?

  21. Future Change: Towards International DP Standards? • EU: Making Binding Corporate Rules work; more “adequacy” decisions? • APEC (Asia-Pacific): Privacy Principles, Pathfinder • ISO: New draft Privacy Standard • International DP Conference: Draft Standards approved at November (Madrid) Conference • Private Sector: IAPP (certification/training); “Accountability” Project

  22. Protecting Privacy – How? • Empowering Individuals (e.g. Electoral Register ‘opt-out’; Phone etc ‘opt-out’; Access Right) • Law and the Courts • Role of the Market & self-regulation • International data flows - Towards international principles?

  23. Privacy and Technology • Tension – manageable? • Privacy by Design – Privacy Enhancing Technologies • Work with Industry • Security Breach Legislation? • How to control State (mis-) use?

  24. Thank You • www.dataprotection.ie

More Related