Title: AmI
1AmI The European Perspective on Data Protection
Legislation and Privacy Policies
- SWAMI-Workshop
- 21st and 22nd of March 2006 in Brussels
- Dr. Martin Meints,
- Henry Krasemann, both ICPP
2Agenda
- Legal Grounds
- European Charta
- Data Protection Directive (95/46/EC)
- Directive on Privacy and Electronic Communication
(2002/58/EC) - Data Retention Directive
- Suggestions for the Application of Privacy
Policies - Suggestions of the Article 29 Working Party
- Technical approaches within the PRIME Project
- Conclusions
3Legal Grounds
- European Charta
- Applies, but concerning data protection not very
specific - Data Protection Directive (95/46/EC)
- Applies except for (see Recital 13)
- Public security
- State defence
- State security
- Criminal law
- States fundamental principals that are highly
relevant for AmI such as - Data minimisation principle (Art. 6)
- Purpose binding principle (Art. 6)
- Transparency of processes (Art. 6)
- Consent of the data subject for data processing
(Art. 7) - Information of the data subject (Art. 10 and 11)
- The data subjects right to object (Art. 14)
4Legal Grounds (cont.)
- Directive on Privacy of Electronic Communication
(2002/58/EC) - Exceptions for applications are the same as for
the Data Protection Directive (95/46/EC) - States in addition concerning location and
traffic data - Information on traffic data (Art. 6)
- Information of the data subject with respect to
location data (Art. 9) - Consent prior to processing and transfer of
location data needed (Art. 9) - Consent can be withdrawn at any time (Art. 9)
- Where consent of user has been obtained (Art. 9)
- Possibility of temporarily refusing the
processing - For each connection to the network or
- For each transmission of a communication
- Using a simple means / free of charge
5Legal Grounds (cont.)
- Data Retention Directive (2006/../EC not finally
defined) - Data has to be saved by the telecommunication
provider for at least 6 months - Concerning telephone or mobile phone
- Originating and targeting phone number, name and
address of the user of the phone or mobile phone
(including IMSI, IMEI, Cell-ID) - Date and time
- Services used
- Concerning the internet and VoIP
- Originating and targeting user ID, phone number,
name and address and IP address of the user - Date, time, time zone, for login and logout
- Services used
- See http//register.consilium.eu.int/pdf/de/05/st0
3/st03677-re10.de05.pdf - Economic aspects in the context of AmI unclear
6Suggestions Article 29 Data Protection Working
Party
- Aims
- Easier compliance
- Improved awareness on data protection rights and
responsibilities - Enhanced quality of information on data
protection - Support for the concept of a multi-layered format
for data subject notices - Improve the quality of information on data
protection received - Focusing each layer on the information that the
individual needs to understand their position and
make decisions - Where communication space/time is limited,
multi-layered formats can improve the readability
of notices
7Information to be given
- Essential information that should be provided in
all circumstances where data subject does not
have this information already which includes the
identity of the data controller and of his
representative, if any, as well as the purpose of
the data processing - Further information which should be provided if
it is necessary to guarantee fair processing
having regard to the specific circumstances in
which the data are collected - Information which is nationally required and goes
beyond the Directives requirements - Name or address of the data protection
commissioner - Details of the database
- Reference to local laws
8Layer 1Short Notice
- Core information required under Article 10 of the
Directive - Identity of the controller
- Purposes of processing
- Any additional information which in view of the
particular circumstances of the case must be
provided beforehand to ensure a fair processing - A clear indication must be given as to how the
individual can access additional information
9Layer 1Example
10Layer 2Condensed Notice
- All relevant information required under the
Directive - The name of the company
- The purpose of the data processing
- The recipients or categories of recipients of the
data - Whether replies to the questions are obligatory
or voluntary, as well as the possible
consequences of failure to reply - The possibility of transfer to third parties
- The right to access, to rectify and oppose
- Choices available to the individual
- Contact for questions and information on redress
mechanisms - Available on-line as well as in hard copy via
written or phone request - Present this notice in a table format that allows
for ease of comparison
11Layer 2Example 1
12Layer 2Example 2
13Layer 3Full Notice
- Include all national legal requirements and
specificities - It may be possible to include a full privacy
statement with possible additional links to
national contact information.
14Research in the PRIME Project
- Traditional approach (state-of-the art) Stating
of privacy policies (P3P) - Automated protocols for policy negotiation
- See http//www.prime-project.eu.org/public/prime_p
roducts/PRIME-White-Paper-V1.pdf - Use of policies sticking to personal data (sticky
policies) - Policies have to be acknowledged to decrypt
personal data - Policies have to be acknowledged to use personal
data - Current concepts include trusted third parties
- See http//www.prime-project.eu.org/public/prime_p
roducts/deliverables/arch/pub_del_D14.2.a_ec_wp14.
2_V5_final.pdf
15Additional Aspects
- Privacy once lost cannot be restored easily (or
not at all!) - Feedback system is very indirect
- Balancing privacy and security (crime prevention
etc.) is necessary - What privacy price we are willing to pay for
what level of perceived or effective security? - Operative aspects
- How to achieve a convenient and effective consent
for data processing in AmI environments?
Implicit consent?
16Conclusions
- Limitations
- Challenges multilateral security and improved
attacker models - Interactive versus non-interactive (passive)
authentication (policies?) - What about international AmI providers and
legislation? - Possibility to enforce privacy protection
technically is limited today and in future - Trends
- AmI RFID biometrics data mining etc.
- Technical maturity, security and data protection?
- Increased complexity
- Future developments in PETs?
- Data protection from the economic perspective
USP vs. compliance vs. violation
17Thank you for your attention! Dr. Martin
Meints, ICPP
18Directive 95/46/EC of 24 October 1995
- Definition of the data subjects consent
shall mean any freely given specific and
informed indication of his wishes by which the
data subject signifies his agreement to personal
data relating to him being processed (Art. 2 h).
19Article 6
- Member States shall provide that personal data
must be (a) processed fairly and lawfully - Recital No. 38 of the Directive, if the
processing of data is to be fair, the data
subject must be in a position to learn of the
existence of a processing operation and, where
data are collected from him, must be given
accurate and full information, bearing in mind
the circumstances of the collection....
20Art. 10Information in cases of collection of
data from the data subject
- Member States shall provide that the controller
or his representative must provide a data subject
from whom data relating to himself are collected
with at least the following information, except
where he already has it - (a) the identity of the controller and of his
representative, if any - (b) the purposes of the processing for which the
data are intended - (c) any further information such as
- the recipients or categories of recipients of the
data, - whether replies to the questions are obligatory
or voluntary, as well as the possible
consequences of failure to reply, - the existence of the right of access to and the
right to rectify the data concerning him - in so far as such further information is
necessary, having regard to the specific
circumstances in which the data are collected, to
guarantee fair processing in respect of the data
subject.
21Article 11Information where the data have not
been obtained from the data subject
- 1. Where the data have not been obtained from the
data subject, Member States shall provide that
the controller or his representative must at the
time of undertaking the recording of personal
data or if a disclosure to a third party is
envisaged, no later than the time when the data
are first disclosed provide the data subject with
at least the following information, except where
he already has it - (a) the identity of the controller and of his
representative, if any - (b) the purposes of the processing
- (c) any further information such as
- the categories of data concerned,
- the recipients or categories of recipients,
- the existence of the right of access to and the
right to rectify the data concerning him - in so far as such further information is
necessary, having regard to the specific
circumstances in which the data are processed, to
guarantee fair processing in respect of the data
subject. - 2. Paragraph 1 shall not apply where, in
particular for processing for statistical
purposes or for the purposes of historical or
scientific research, the provision of such
information proves impossible or would involve a
disproportionate effort or if recording or
disclosure is expressly laid down by law. In
these cases Member States shall provide
appropriate safeguards.
22Article 14The data subjects right to object
- Member States shall grant the data subject the
right - (a) at least in the cases referred to in Article
7 (e) and (f), to object at any time on
compelling legitimate grounds relating to his
particular situation to the processing of data
relating to him, save where otherwise provided by
national legislation. Where there is a justified
objection, the processing instigated by the
controller may no longer involve those data - (b) to object, on request and free of charge, to
the processing of personal data relating to him
which the controller anticipates being processed
for the purposes of direct marketing, or to be
informed before personal data are disclosed for
the first time to third parties or used on their
behalf for the purposes of direct marketing, and
to be expressly offered the right to object free
of charge to such disclosures or uses. - Member States shall take the necessary measures
to ensure that data subjects are aware of the
existence of the right referred to in the first
subparagraph of (b).
23Directive 2002/58/EC Directive on privacy and
electronic communications
- Article 6 par. 4 (traffic data) The service
provider must inform the subscriber or user of
the types of traffic data which are processed and
of the duration of such processing for the
purposes mentioned in paragraph 2 (purpose of
billing) and, prior to obtaining consent, for the
purposes mentioned in paragraph 3 (purpose of
marketing).
24Art. 9 Directive 2002/58/EG LBS
- Location data other than traffic data relating
to users - Only processed when
- Made anonymous or
- Consent of the users (to the extent / for the
duration necessary for the provision) - Service Provider must inform the users prior to
obtaining consent about - Type of location data
- Purposes
- Duration of the processing
- Whether the data will be transmitted to a third
party - Possibility to withdraw the consent at any time
25Art. 9 Directive 2002/58/EG LBS
- Where consent of user has been obtained
- Possibility of temporarily refusing the
processing - For each connection to the network or
- For each transmission of a communication
- Using a simple means / free of charge