technology– the data protection challenge billy hawkes data protection commissioner heanet...
TRANSCRIPT
![Page 1: Technology– the Data Protection Challenge Billy Hawkes Data Protection Commissioner HEAnet Conference Kilkenny, 13 November 2009](https://reader037.vdocuments.net/reader037/viewer/2022110401/56649e265503460f94b15a8f/html5/thumbnails/1.jpg)
Technology– the Data Protection Challenge
Billy HawkesData Protection Commissioner
HEAnet ConferenceKilkenny, 13 November 2009
![Page 2: Technology– the Data Protection Challenge Billy Hawkes Data Protection Commissioner HEAnet Conference Kilkenny, 13 November 2009](https://reader037.vdocuments.net/reader037/viewer/2022110401/56649e265503460f94b15a8f/html5/thumbnails/2.jpg)
Ubiquitous Technology• Part of daily life• Increased reliance – especially on
Information Technology• The Internet - Major Benefits
What would we do without search engines? What would teenagers do without social
networking/Instant Messaging?• The Future “Technology of Things”?
![Page 3: Technology– the Data Protection Challenge Billy Hawkes Data Protection Commissioner HEAnet Conference Kilkenny, 13 November 2009](https://reader037.vdocuments.net/reader037/viewer/2022110401/56649e265503460f94b15a8f/html5/thumbnails/3.jpg)
New Technologies
• Geo-location• RFID (Radio Frequency
IDentification)• Biometrics • DNA
![Page 4: Technology– the Data Protection Challenge Billy Hawkes Data Protection Commissioner HEAnet Conference Kilkenny, 13 November 2009](https://reader037.vdocuments.net/reader037/viewer/2022110401/56649e265503460f94b15a8f/html5/thumbnails/4.jpg)
Lots of Personal Data ….• Increased commercial and State gathering
of personal information and “data mining”• Temptation to present Privacy as an
obstacle rather than an entitlement But• Increasing appreciation that privacy
protection is good customer service and a “bottom line” issue
![Page 5: Technology– the Data Protection Challenge Billy Hawkes Data Protection Commissioner HEAnet Conference Kilkenny, 13 November 2009](https://reader037.vdocuments.net/reader037/viewer/2022110401/56649e265503460f94b15a8f/html5/thumbnails/5.jpg)
Technology and Data Protection• Data Protection Law developed in response
to proliferation of Information Technology• Recognition that capacity to process and link
personal information could be a threat to privacy
• Data Protection Law originally applied only to electronic processing of personal information
![Page 6: Technology– the Data Protection Challenge Billy Hawkes Data Protection Commissioner HEAnet Conference Kilkenny, 13 November 2009](https://reader037.vdocuments.net/reader037/viewer/2022110401/56649e265503460f94b15a8f/html5/thumbnails/6.jpg)
EU & Irish Legislation• Data Protection
Directive 95/46/EC
• Electronic Privacy Directive 2002/58/EC
• EUROPOL etc• Police & Justice Decision 2008/977/JHA
• Data Protection Acts 1988 & 2003
• EC Electronic Privacy Regulations 2003 (SI 535/2003) and 2008 (SI 526/2008)
• Corresponding Acts
• (to be transposed)
![Page 7: Technology– the Data Protection Challenge Billy Hawkes Data Protection Commissioner HEAnet Conference Kilkenny, 13 November 2009](https://reader037.vdocuments.net/reader037/viewer/2022110401/56649e265503460f94b15a8f/html5/thumbnails/7.jpg)
The Data Protection Rules1. Fair obtaining &
processing• Consent
2. Specified purpose3. No disclosure
• unless “compatible”
4. Safe and secure
5. Accurate, up-to-date6. Relevant, not
excessive7. Retention period8. Right of access
![Page 8: Technology– the Data Protection Challenge Billy Hawkes Data Protection Commissioner HEAnet Conference Kilkenny, 13 November 2009](https://reader037.vdocuments.net/reader037/viewer/2022110401/56649e265503460f94b15a8f/html5/thumbnails/8.jpg)
Data Protection & e-government• Drive for more customer-friendly public
services, with maximum e-delivery• Data sharing within government: how far?• Convenience & efficiency V Privacy• Govt working on framework for Identity
Management and Privacy
![Page 9: Technology– the Data Protection Challenge Billy Hawkes Data Protection Commissioner HEAnet Conference Kilkenny, 13 November 2009](https://reader037.vdocuments.net/reader037/viewer/2022110401/56649e265503460f94b15a8f/html5/thumbnails/9.jpg)
Privacy & State Security• Shifting balance in “post 9-11” world• Data Retention, CCTV, Data Sharing,
Border Controls – “Surveillance Society”? • Proposed Compulsory biometric ID Card
for non-nationals; towards National Identity Card?
• Intensified police/immigration cooperation
![Page 10: Technology– the Data Protection Challenge Billy Hawkes Data Protection Commissioner HEAnet Conference Kilkenny, 13 November 2009](https://reader037.vdocuments.net/reader037/viewer/2022110401/56649e265503460f94b15a8f/html5/thumbnails/10.jpg)
Things go Wrong …..
• Jobs.ie• Blood Transfusion Service• Garda/Social & Family Affairs/Revenue• TK Maxx • UK: HMRC (Revenue), HSBC Bank
![Page 11: Technology– the Data Protection Challenge Billy Hawkes Data Protection Commissioner HEAnet Conference Kilkenny, 13 November 2009](https://reader037.vdocuments.net/reader037/viewer/2022110401/56649e265503460f94b15a8f/html5/thumbnails/11.jpg)
Eurobarometer 2008
Individual (DS) Concern about Data Protection
EU Average%
Ireland %
Concerned 63.8 70.5
Not Concerned 34.8 28.2
Don’t know / no answer 1.4 1.3
![Page 12: Technology– the Data Protection Challenge Billy Hawkes Data Protection Commissioner HEAnet Conference Kilkenny, 13 November 2009](https://reader037.vdocuments.net/reader037/viewer/2022110401/56649e265503460f94b15a8f/html5/thumbnails/12.jpg)
Eurobarometer 2008Organisations View of Necessity of Data Protection Law Requirements
EU Average%
Ireland%
Tend to agree on necessity 91 99
Tend to disagree 6 0
Don’t know / No answer 3 0
![Page 13: Technology– the Data Protection Challenge Billy Hawkes Data Protection Commissioner HEAnet Conference Kilkenny, 13 November 2009](https://reader037.vdocuments.net/reader037/viewer/2022110401/56649e265503460f94b15a8f/html5/thumbnails/13.jpg)
Eurobarometer 2008Anti-Terrorism Phone Call Monitoring: Individual (DS) View EU Average
%Ireland
%
No 25.2 50.3
Yes, but only people who are suspected of terrorist activities 34.6 21.8
Yes, but even suspected terrorists should only be monitored under the supervision of a judge or with equivalent safeguards
21.2 14.6
Yes, in all cases 15.9 11.4
Don’t know / No answer 3 1.8
![Page 14: Technology– the Data Protection Challenge Billy Hawkes Data Protection Commissioner HEAnet Conference Kilkenny, 13 November 2009](https://reader037.vdocuments.net/reader037/viewer/2022110401/56649e265503460f94b15a8f/html5/thumbnails/14.jpg)
Eurbarometer 2008Anti-Terrorism Internet Monitoring: Individual (DS) View EU Average
&Ireland
%
No 18.9 31.3
Yes, but only people who are suspected of terrorist activities 31.7 23.2
Yes, but even suspected terrorists should only be monitored under the supervision of a judge or with equivalent safeguards
17.8 17.1
Yes, in all cases 24.8 25.9
Don’t know / No answer 6.9 2.5
![Page 15: Technology– the Data Protection Challenge Billy Hawkes Data Protection Commissioner HEAnet Conference Kilkenny, 13 November 2009](https://reader037.vdocuments.net/reader037/viewer/2022110401/56649e265503460f94b15a8f/html5/thumbnails/15.jpg)
Eurobarometer 2008Organisations’ Use of Enhanced Security for Internet-transferred Data
EU Average%
Ireland%
Yes 67 88
No 32 11
Don’t know / No answer 2 2
![Page 16: Technology– the Data Protection Challenge Billy Hawkes Data Protection Commissioner HEAnet Conference Kilkenny, 13 November 2009](https://reader037.vdocuments.net/reader037/viewer/2022110401/56649e265503460f94b15a8f/html5/thumbnails/16.jpg)
![Page 17: Technology– the Data Protection Challenge Billy Hawkes Data Protection Commissioner HEAnet Conference Kilkenny, 13 November 2009](https://reader037.vdocuments.net/reader037/viewer/2022110401/56649e265503460f94b15a8f/html5/thumbnails/17.jpg)
Change Happening: Data Security• Consensus on need for Action
More Data Breach Reports Public Pressure for action
• Department of Finance Guidelines for Public Service
• Working Group on possible need for change in Irish Legislation
• Data Breach reporting obligation in new EU ePrivacy Directive Commitment to broader EU measure?
![Page 18: Technology– the Data Protection Challenge Billy Hawkes Data Protection Commissioner HEAnet Conference Kilkenny, 13 November 2009](https://reader037.vdocuments.net/reader037/viewer/2022110401/56649e265503460f94b15a8f/html5/thumbnails/18.jpg)
Change Happening: Ireland
• More emphasis on enforcement of data protection law Successful prosecutions for “Spam” Greater use of audit powers (including “dawn
raids” where necessary)
• Focus on “big picture” as well as individual complaints
![Page 19: Technology– the Data Protection Challenge Billy Hawkes Data Protection Commissioner HEAnet Conference Kilkenny, 13 November 2009](https://reader037.vdocuments.net/reader037/viewer/2022110401/56649e265503460f94b15a8f/html5/thumbnails/19.jpg)
Lisbon Treaty Article 16 Treaty on the Functioning of the Union• 1. Everyone has the right to the protection of personal data
concerning them.• 2. The European Parliament and the Council, acting in
accordance with the ordinary legislative procedure, shall lay down the rules relating to the protection of individuals with regard to the processing of personal data by Union institutions, bodies, offices and agencies, and by the Member States when carrying out activities which fall within the scope of Union law, and the rules relating to the free movement of such data.
• Compliance with these rules shall be subject to the control of independent authorities. …..
![Page 20: Technology– the Data Protection Challenge Billy Hawkes Data Protection Commissioner HEAnet Conference Kilkenny, 13 November 2009](https://reader037.vdocuments.net/reader037/viewer/2022110401/56649e265503460f94b15a8f/html5/thumbnails/20.jpg)
“Stockholm Programme” • EU Commission Communication “An area of
Freedom, Security and Justice serving the Citizen” (June 09) The Union must establish a comprehensive
personal data protection scheme covering all areas of EU competence
The Union must be a driving force behind the development and promotion of international standards for personal data protection and in the conclusion of appropriate bilateral or multilateral instruments. (Work with USA quoted approvingly)
![Page 21: Technology– the Data Protection Challenge Billy Hawkes Data Protection Commissioner HEAnet Conference Kilkenny, 13 November 2009](https://reader037.vdocuments.net/reader037/viewer/2022110401/56649e265503460f94b15a8f/html5/thumbnails/21.jpg)
Future Change: EU Legal Framework • Study commissioned by UK Information
Commissioner (“Rand Report”) discussed By European DPAs in April 09 Study acknowledged strengths of EU system but
declared it “not fit for purpose”• EU Commission Data Protection Conference,
May 2009 • Public Consultation on the legal framework for
the protection of the fundamental right for the protection of personal data – launched July, finishes December 09
• Revised horizontal Directive 2012?
![Page 22: Technology– the Data Protection Challenge Billy Hawkes Data Protection Commissioner HEAnet Conference Kilkenny, 13 November 2009](https://reader037.vdocuments.net/reader037/viewer/2022110401/56649e265503460f94b15a8f/html5/thumbnails/22.jpg)
Future Change: Towards International DP Standards?• EU: Making Binding Corporate Rules work; more
“adequacy” decisions?• APEC (Asia-Pacific): Privacy Principles, Pathfinder• ISO: New draft Privacy Standard • International DP Conference: Draft Standards
approved at November (Madrid) Conference• Private Sector: IAPP (certification/training);
“Accountability” Project
![Page 23: Technology– the Data Protection Challenge Billy Hawkes Data Protection Commissioner HEAnet Conference Kilkenny, 13 November 2009](https://reader037.vdocuments.net/reader037/viewer/2022110401/56649e265503460f94b15a8f/html5/thumbnails/23.jpg)
Protecting Privacy – How?• Empowering Individuals (e.g. Electoral
Register ‘opt-out’; Phone etc ‘opt-out’; Access Right)
• Law and the Courts• Role of the Market & self-regulation• International data flows - Towards
international principles?
![Page 24: Technology– the Data Protection Challenge Billy Hawkes Data Protection Commissioner HEAnet Conference Kilkenny, 13 November 2009](https://reader037.vdocuments.net/reader037/viewer/2022110401/56649e265503460f94b15a8f/html5/thumbnails/24.jpg)
Privacy and Technology• Tension – manageable?• Privacy by Design – Privacy
Enhancing Technologies• Work with Industry• Security Breach Legislation?• How to control State (mis-) use?
![Page 25: Technology– the Data Protection Challenge Billy Hawkes Data Protection Commissioner HEAnet Conference Kilkenny, 13 November 2009](https://reader037.vdocuments.net/reader037/viewer/2022110401/56649e265503460f94b15a8f/html5/thumbnails/25.jpg)
Thank You
• www.dataprotection.ie