Za

1
Zaštita licnih podatakaIskustva iz Republike
Slovenije

• Podgorica, 7.2.2010
• Nataša Pirc Musar
• Information Commissioner

2

• Access to public information v. Data protection
• Can one body handel both?

3
Situation in SloveniaWhat we do and how we do
it?
4
Trust in the Information Commissioner(public
poll Jan 2010)
5
Trust in supervisory authorities(public poll Oct
2010)
INFORMATION COMMISSIONER OMBUDSMAN POLICE GEN.
DIRECTOR STATE PROSECUTOR
DOES NOT TRUST / TRUSTS
6
Situation in SloveniaFormal supervisory
procedures
7
Informacijski povjerenik

• Poverenica, 3 zamjenika i voda inspektora
• 32 zaposlenih
• 18 na zaštiti osobnih podataka, 10 na pristupu
  informacijama, 4 u administraciji
• 9 (11) inspektora
• Aktivan od 31.12.2005 (ujedinjenje Poverenika i
  Inspekcije za licne podatke)
• Snažne komeptencije po Zakonu o inspekcijskom
  nadzoru
• Predlog za zatvaranje rukovalaca (ako ne plate
  kaznu),
• Novcane kazne,
• Podnošenje prijave krivicnog djela,
• Ulaz u kancelarije, pregled kompjutera...

8
Inspection procedures
9
Structure of procedures (2006-2009)
10
Misdemeanour procedures (2009)
11
Misdemeanour procedures (2009)

• 2009 163 violation procedures
• Public sector 41
• Private sector 70
• Natural persons 52
• 59 warnings
• 93 decisions
• 67 cautions
• 26 fines
• 12 payment orders
• 21 appeals to the court
• Fines
• Legal person. 4.170 to 12.510 EUR
• Responsible person 830 to 2.080 EUR
• Largest fine
• 112.000 EUR for data controller
• 20.000 EUR for responsible person

12
Data subjects access

• 2009 70 demands
• 2008 43 demands
• Some interesting cases, e.g. access to retained
  traffic data on telephone calls

Number of requests (complaints) for access to
individuals own data
13
Situation in SloveniaAwareness raising toolbox
14
Opinions

• 2009 1334 requests for opinion
• 2008 853 requests for opinion
• On-line publication (2000 opinions)
• Main areas
• Offcial procedures judicial, administrative and
  police procedures (67),
• Employment relationships (64),
• Transfer of personal data between data
  controllers(45),
• Internet related(43),
• Health data (33),

15
Guidelines
16
Identity theft self assesment testadapted from
NOR DPA original
17
Facebook profile
18
Data protectionThe challenges
19
Data protection challenges

• Location privacy
• Google Street View, Google Earth what is next?
• Probably other angles between vertical and
  horizontal pictures, higher frequency and perhaps
  real-time view-it-all?
• Drivers privacy
• Electronic toll collection and other
  location-based services
• Personal profiles and behavioural marketing
• Personalized, customized ads
• All media covered internet, print, (digital TV)!
• Smart videosurveillance, audience measurement
• Changing attitudes towards privacy
• DPAs awareness raising toolbox
• Can we influence it al all?
• REAL concern when statemets are made such as
• Privacy as a social norm is a matter of past!
  by____, CEO of______
• If you have something that you don't want anyone
  to know, maybe you shouldn't be doing it in the
  first place. by____, CEO of______

20
Data protection challenges cont.

• Worklapce privacy
• Many complaints
• Draft bill prepared
• Identity theft
• Abuse of publicly available data
• Abuse of private data
• Data business
• Interconnection of databases
• Outsourcing of personal data / cloud computing
• Digital dataveillance
• e.g. automated analysis of computer and telephone
  network traffic (i.e. Data retention ...)
• Creation of extensive personal profiles and
  activity histories can be used for many reasons
  can lead to errosion of privacy
• Lets have a closer look at some of them

21
The problem with the nothing to hide argument is
with its underlying assumption that privacy is
about hiding bad things. Daniel Solove
22

Thank you for your attention!
IC website in English
www.ic-rs.si