AmI - PowerPoint PPT Presentation

1 / 25
About This Presentation
Title:

AmI

Description:

Applies except for (see Recital 13): Public security. State defence. State security ... Recital No. 38 of the Directive, '...if the processing of data is to be fair, ... – PowerPoint PPT presentation

Number of Views:39
Avg rating:3.0/5.0
Slides: 26
Provided by: drmme
Category:
Tags: ami | recital

less

Transcript and Presenter's Notes

Title: AmI


1
AmI The European Perspective on Data Protection
Legislation and Privacy Policies
  • SWAMI-Workshop
  • 21st and 22nd of March 2006 in Brussels
  • Dr. Martin Meints,
  • Henry Krasemann, both ICPP

2
Agenda
  • Legal Grounds
  • European Charta
  • Data Protection Directive (95/46/EC)
  • Directive on Privacy and Electronic Communication
    (2002/58/EC)
  • Data Retention Directive
  • Suggestions for the Application of Privacy
    Policies
  • Suggestions of the Article 29 Working Party
  • Technical approaches within the PRIME Project
  • Conclusions

3
Legal Grounds
  • European Charta
  • Applies, but concerning data protection not very
    specific
  • Data Protection Directive (95/46/EC)
  • Applies except for (see Recital 13)
  • Public security
  • State defence
  • State security
  • Criminal law
  • States fundamental principals that are highly
    relevant for AmI such as
  • Data minimisation principle (Art. 6)
  • Purpose binding principle (Art. 6)
  • Transparency of processes (Art. 6)
  • Consent of the data subject for data processing
    (Art. 7)
  • Information of the data subject (Art. 10 and 11)
  • The data subjects right to object (Art. 14)

4
Legal Grounds (cont.)
  • Directive on Privacy of Electronic Communication
    (2002/58/EC)
  • Exceptions for applications are the same as for
    the Data Protection Directive (95/46/EC)
  • States in addition concerning location and
    traffic data
  • Information on traffic data (Art. 6)
  • Information of the data subject with respect to
    location data (Art. 9)
  • Consent prior to processing and transfer of
    location data needed (Art. 9)
  • Consent can be withdrawn at any time (Art. 9)
  • Where consent of user has been obtained (Art. 9)
  • Possibility of temporarily refusing the
    processing
  • For each connection to the network or
  • For each transmission of a communication
  • Using a simple means / free of charge

5
Legal Grounds (cont.)
  • Data Retention Directive (2006/../EC not finally
    defined)
  • Data has to be saved by the telecommunication
    provider for at least 6 months
  • Concerning telephone or mobile phone
  • Originating and targeting phone number, name and
    address of the user of the phone or mobile phone
    (including IMSI, IMEI, Cell-ID)
  • Date and time
  • Services used
  • Concerning the internet and VoIP
  • Originating and targeting user ID, phone number,
    name and address and IP address of the user
  • Date, time, time zone, for login and logout
  • Services used
  • See http//register.consilium.eu.int/pdf/de/05/st0
    3/st03677-re10.de05.pdf
  • Economic aspects in the context of AmI unclear

6
Suggestions Article 29 Data Protection Working
Party
  • Aims
  • Easier compliance
  • Improved awareness on data protection rights and
    responsibilities
  • Enhanced quality of information on data
    protection
  • Support for the concept of a multi-layered format
    for data subject notices
  • Improve the quality of information on data
    protection received
  • Focusing each layer on the information that the
    individual needs to understand their position and
    make decisions
  • Where communication space/time is limited,
    multi-layered formats can improve the readability
    of notices

7
Information to be given
  • Essential information that should be provided in
    all circumstances where data subject does not
    have this information already which includes the
    identity of the data controller and of his
    representative, if any, as well as the purpose of
    the data processing
  • Further information which should be provided if
    it is necessary to guarantee fair processing
    having regard to the specific circumstances in
    which the data are collected
  • Information which is nationally required and goes
    beyond the Directives requirements
  • Name or address of the data protection
    commissioner
  • Details of the database
  • Reference to local laws

8
Layer 1Short Notice
  • Core information required under Article 10 of the
    Directive
  • Identity of the controller
  • Purposes of processing
  • Any additional information which in view of the
    particular circumstances of the case must be
    provided beforehand to ensure a fair processing
  • A clear indication must be given as to how the
    individual can access additional information

9
Layer 1Example
10
Layer 2Condensed Notice
  • All relevant information required under the
    Directive
  • The name of the company
  • The purpose of the data processing
  • The recipients or categories of recipients of the
    data
  • Whether replies to the questions are obligatory
    or voluntary, as well as the possible
    consequences of failure to reply
  • The possibility of transfer to third parties
  • The right to access, to rectify and oppose
  • Choices available to the individual
  • Contact for questions and information on redress
    mechanisms
  • Available on-line as well as in hard copy via
    written or phone request
  • Present this notice in a table format that allows
    for ease of comparison

11
Layer 2Example 1
12
Layer 2Example 2
13
Layer 3Full Notice
  • Include all national legal requirements and
    specificities
  • It may be possible to include a full privacy
    statement with possible additional links to
    national contact information.

14
Research in the PRIME Project
  • Traditional approach (state-of-the art) Stating
    of privacy policies (P3P)
  • Automated protocols for policy negotiation
  • See http//www.prime-project.eu.org/public/prime_p
    roducts/PRIME-White-Paper-V1.pdf
  • Use of policies sticking to personal data (sticky
    policies)
  • Policies have to be acknowledged to decrypt
    personal data
  • Policies have to be acknowledged to use personal
    data
  • Current concepts include trusted third parties
  • See http//www.prime-project.eu.org/public/prime_p
    roducts/deliverables/arch/pub_del_D14.2.a_ec_wp14.
    2_V5_final.pdf

15
Additional Aspects
  • Privacy once lost cannot be restored easily (or
    not at all!)
  • Feedback system is very indirect
  • Balancing privacy and security (crime prevention
    etc.) is necessary
  • What privacy price we are willing to pay for
    what level of perceived or effective security?
  • Operative aspects
  • How to achieve a convenient and effective consent
    for data processing in AmI environments?
    Implicit consent?

16
Conclusions
  • Limitations
  • Challenges multilateral security and improved
    attacker models
  • Interactive versus non-interactive (passive)
    authentication (policies?)
  • What about international AmI providers and
    legislation?
  • Possibility to enforce privacy protection
    technically is limited today and in future
  • Trends
  • AmI RFID biometrics data mining etc.
  • Technical maturity, security and data protection?
  • Increased complexity
  • Future developments in PETs?
  • Data protection from the economic perspective
    USP vs. compliance vs. violation

17
Thank you for your attention! Dr. Martin
Meints, ICPP
18
Directive 95/46/EC of 24 October 1995
  • Definition of the data subjects consent
    shall mean any freely given specific and
    informed indication of his wishes by which the
    data subject signifies his agreement to personal
    data relating to him being processed (Art. 2 h).

19
Article 6
  • Member States shall provide that personal data
    must be (a) processed fairly and lawfully
  • Recital No. 38 of the Directive, if the
    processing of data is to be fair, the data
    subject must be in a position to learn of the
    existence of a processing operation and, where
    data are collected from him, must be given
    accurate and full information, bearing in mind
    the circumstances of the collection....

20
Art. 10Information in cases of collection of
data from the data subject
  • Member States shall provide that the controller
    or his representative must provide a data subject
    from whom data relating to himself are collected
    with at least the following information, except
    where he already has it
  • (a) the identity of the controller and of his
    representative, if any
  • (b) the purposes of the processing for which the
    data are intended
  • (c) any further information such as
  • the recipients or categories of recipients of the
    data,
  • whether replies to the questions are obligatory
    or voluntary, as well as the possible
    consequences of failure to reply,
  • the existence of the right of access to and the
    right to rectify the data concerning him
  • in so far as such further information is
    necessary, having regard to the specific
    circumstances in which the data are collected, to
    guarantee fair processing in respect of the data
    subject.

21
Article 11Information where the data have not
been obtained from the data subject
  • 1. Where the data have not been obtained from the
    data subject, Member States shall provide that
    the controller or his representative must at the
    time of undertaking the recording of personal
    data or if a disclosure to a third party is
    envisaged, no later than the time when the data
    are first disclosed provide the data subject with
    at least the following information, except where
    he already has it
  • (a) the identity of the controller and of his
    representative, if any
  • (b) the purposes of the processing
  • (c) any further information such as
  • the categories of data concerned,
  • the recipients or categories of recipients,
  • the existence of the right of access to and the
    right to rectify the data concerning him
  • in so far as such further information is
    necessary, having regard to the specific
    circumstances in which the data are processed, to
    guarantee fair processing in respect of the data
    subject.
  • 2. Paragraph 1 shall not apply where, in
    particular for processing for statistical
    purposes or for the purposes of historical or
    scientific research, the provision of such
    information proves impossible or would involve a
    disproportionate effort or if recording or
    disclosure is expressly laid down by law. In
    these cases Member States shall provide
    appropriate safeguards.

22
Article 14The data subjects right to object
  • Member States shall grant the data subject the
    right
  • (a) at least in the cases referred to in Article
    7 (e) and (f), to object at any time on
    compelling legitimate grounds relating to his
    particular situation to the processing of data
    relating to him, save where otherwise provided by
    national legislation. Where there is a justified
    objection, the processing instigated by the
    controller may no longer involve those data
  • (b) to object, on request and free of charge, to
    the processing of personal data relating to him
    which the controller anticipates being processed
    for the purposes of direct marketing, or to be
    informed before personal data are disclosed for
    the first time to third parties or used on their
    behalf for the purposes of direct marketing, and
    to be expressly offered the right to object free
    of charge to such disclosures or uses.
  • Member States shall take the necessary measures
    to ensure that data subjects are aware of the
    existence of the right referred to in the first
    subparagraph of (b).

23
Directive 2002/58/EC Directive on privacy and
electronic communications
  • Article 6 par. 4 (traffic data) The service
    provider must inform the subscriber or user of
    the types of traffic data which are processed and
    of the duration of such processing for the
    purposes mentioned in paragraph 2 (purpose of
    billing) and, prior to obtaining consent, for the
    purposes mentioned in paragraph 3 (purpose of
    marketing).

24
Art. 9 Directive 2002/58/EG LBS
  • Location data other than traffic data relating
    to users
  • Only processed when
  • Made anonymous or
  • Consent of the users (to the extent / for the
    duration necessary for the provision)
  • Service Provider must inform the users prior to
    obtaining consent about
  • Type of location data
  • Purposes
  • Duration of the processing
  • Whether the data will be transmitted to a third
    party
  • Possibility to withdraw the consent at any time

25
Art. 9 Directive 2002/58/EG LBS
  • Where consent of user has been obtained
  • Possibility of temporarily refusing the
    processing
  • For each connection to the network or
  • For each transmission of a communication
  • Using a simple means / free of charge
Write a Comment
User Comments (0)
About PowerShow.com