Data Protection (Privacy)
Download
Report
Transcript Data Protection (Privacy)
Mag. Dipl.-Ing. Dr. Michael Sonntag
Data Protection (Privacy)
Legal and Technical Aspects of E-Commerce, Budapest, 7.-11.10.2002
E-Mail: [email protected]
WWW: http://www.fim.uni-linz.ac.at/staff/sonntag.htm
Copyright, 2002 © Michael Sonntag
?
?
?
Questions?
?
Please ask them immediately!
?
Michael Sonntag
?
Legal and Technical Aspects of E-Commerce
2
Content
Why the need?
What/Who is protected (Categories, media, …)
Definitions (Controller Processor, …)
What constitutes “consent”?
Principles of data quality
When data may be processed
The rights of the subject
Information, access, rectification, deletion, objection
Remedies, liability, sanctions
Third countries (Non-EU)
Michael Sonntag
Legal and Technical Aspects of E-Commerce
3
Why the need?
Large desire for privacy by individuals
“The right to be left alone”
Large desire for information by companies
Know your customers, advertising, credit rating, …
Some balance must be found!
Danger of secretly gathering data
Danger of exchanging and correlating data
Advantages of personalization
Advantages of not requiring standard information
Michael Sonntag
Legal and Technical Aspects of E-Commerce
4
Data: Protection / Security
/ Privacy / … ?
Data Protection: Protection against disclosure
Data should be kept secret
(Data) Privacy = Data Protection
Data Security: Protection against loss
Data should be available (to the subject and the owner)
Subject = The person the data is related to
Michael Sonntag
Legal and Technical Aspects of E-Commerce
5
Who is protected?
Natural persons:
Everything human is protected from everything else
» Children with relation to their parents
» Employees with relation to their employing company
Personal data: Everything related to the person
» Color of hair, habits, creditworthiness, health, ...
Legal persons:
NOT in directive on protection of individuals
» 95/46/EC “Privacy directive”
INCLUDED in directive on privacy and el. communications
» 2002/58/EC “Electronic communications privacy directive”
“Personal” data: Balances, trade secrects, ...
Michael Sonntag
Legal and Technical Aspects of E-Commerce
6
What is protected?
(1)
Only personal data:
Must be connected to an individual
» No statistical data; relates to several persons
– Desires of a society might also be desires of the members protected!
This individual must be identifiable
» With reasonable accuracy
– One of three men in hungary with exactly the same name protected!
– Name not required; anything leading to a singular person suffices
Only data that is processed
Gathered, related to other, transferred, …
“Public” data might still be protected!
Especially if known only to a restricted public
Michael Sonntag
Legal and Technical Aspects of E-Commerce
7
What is protected?
(2)
Data must be either
automatically processed, or
» Computer systems in any form
contained (intended to be contained) in a filing system
» Criteria related to individuals necessary
» Unimportant: local or distributed / functionally or geographically
» E. g. Database, filing cabinet with index
NOT included are unordered collections
Not accessible according to personal criteria
E. g. conventional archive of records (paper)
» Sorted according to record numbers, which are not personally
related (finding all records for a certain person is practically
impossible!)
Michael Sonntag
Legal and Technical Aspects of E-Commerce
8
What is protected?
(3)
Special categories of data:
“Sensitive” data:
» Race, ethnic origin, political opinion, religious/philosophical
belief, trade-union membership, health, sex life
» More stringently protected (usually closed list of exemptions)!
“Criminal” data:
» Data relating to offences, criminal convictions or security
measures
» Specially protected
» Must usually be processed under control of official authority
National identification number
» No rules for processing them
» Member states must define conditions for processing
Michael Sonntag
Legal and Technical Aspects of E-Commerce
9
Controller Processor
Controller:
Who determines the purposes and means of processing
the personal data
If purpose and means are specified by law, the law may
specify who the controller is
Processor:
Who processes some data on behalf of the controller
Important for liability and rights of the subject
They are always in relation to the controller!
» Rarely the processor: E. g. if processing was expressly
forbidden by the controller
Michael Sonntag
Legal and Technical Aspects of E-Commerce
10
Methods for collecting
data in the Internet (1)
Cookies
Small text files sent from webservers to browsers and
sent from those to webservers on subsequent requests
Stored on local disk
Allow tracking a user within (and over several) websites
Used e. g. for shopping carts (storing a customer
number or the products selected themselves)
Example (Logging in to www.amazon.at):
Name: “x-abcde”, Domain: “amazon.de”, Path: “/”,
Expires: “31.12.2035”, Secure: “No”,
Data: “cNpGUcRlrDzE4Utuif2RxyamfN?WZV?Z”
» Plus 2 other cookies
Michael Sonntag
Legal and Technical Aspects of E-Commerce
11
Methods for collecting
data in the Internet (2)
Weblogs
Every access to a webserver is usually logged
What is logged depends on werbserver’s administrator
Allows tracking users within a website
May include a lot of information
» E. g. screen resolution, browser type, IP-address, …
» Depends on configuration of the webserver!
Example:
08:40:15 140.78.100.180 GET /Default.asp 200
“Time” “IP-address of requester” “Command” “Result”
Michael Sonntag
Legal and Technical Aspects of E-Commerce
12
Methods for collecting
data in the Internet (3)
Webbugs
Small (1x1) transparent images from a different server
» Usually employs cookies from the server the bug originates from
Can also be included in E-Mails
» Entry in weblog shows the time the message was actually read
Can be created by JavaScript or similar languages
Arbitrary information can be sent back to the server in
the request string
» Every data accessible to scripting language can be sent!
» E. g. operating system
Michael Sonntag
Legal and Technical Aspects of E-Commerce
13
H
Webbug - Example
http://www.denverpost.com/
http://192.168.112.2o7.net/b/ss/denverpost/1/31/2fsi1012312472080?[AQB]r=http%3A%2F%2Fwww.bugnosis.org%2Fexamples.html&s=1280x1024&c=24
&o=Win32&j=1.3&v=Y&k=Y&bw=1031&bh=530&t=29%2F0%2F2002%2014%3A54%3A32%202%2060&pageName=Denver%20Post%20%2F%20DPO%20Home&server=&ch=&pageType=&pageValue=&product=&c1=DPO%20Home&c2=&c3=&c4=&c5=
&c6=&c7=&c8=&g=http%3A%2F%2Fwww.denverpost.com%2F&a=Microsoft%20Internet%20Explorer%205.01&p=[AQE]
Visited site: http://www.denverpost.com/
Referer: http://www.bugnosis.org/examples.html
Screen resolution: 1280x1024 Pixel, 24 Bit color depth
Size of browser window: 1031x530 pixels
Operating system: Win32
Date: 29.0.2002 14:54
Browser: Internet Explorer 5.01
Cookie set on loading the image
…...
Invisible; locally created by JavaScript!
Michael Sonntag
Legal and Technical Aspects of E-Commerce
14
H
Webbug-Source (1)
<!-- Start SuperStats tracking code version 3.1. Copyright 1997-2001 MyComputer.com, Inc. More info available at http://www.mycomputer.com -->
<script language="JavaScript">
/**** DO NOT ALTER ANYTHING BELOW THIS LINE! ****/
var pageName;if(!pageName)pageName='Denver Post / DPO Home'
var server;if(!server)server=''
var channel;if(!channel)channel=''
var pageType;if(!pageType)pageType=''
var pageValue;if(!pageValue)pageValue=''
var product;if(!product)product=''
var prop1;if(!prop1)prop1='DPO Home'
var prop2;if(!prop2)prop2=''
var prop3;if(!prop3)prop3=''
var prop4;if(!prop4)prop4=''
var prop5;if(!prop5)prop5=''
var prop6;if(!prop6)prop6=''
var prop7;if(!prop7)prop7=''
var prop8;if(!prop8)prop8=''
function mc_escape(s){var ch;s=escape(s)
while((ch=s.indexOf('+'))>0)s=s.substr(0,ch)+'%2B'+s.substr(ch+1,s.length)
while((ch=s.indexOf('/'))>0)s=s.substr(0,ch)+'%2F'+s.substr(ch+1,s.length)
return s}
var mc_t=new Date;var mc_n1=Math.floor(mc_t.getTime()/10800000)%10
var mc_n2=mc_t.getTime()%10000000000000;var mc_s=mc_n1+'fsi'+mc_n2
function mc_mkcd(){var s='',c='',v='',p='',bw='',bh=''
var j='1.0'
var g=window.location.href
var a=mc_apn+' '+mc_apv
var o=navigator.platform
var r=(mc_r?mc_r:(mc_noe?'NULL':'External Frame Referrer'))
var yr,t=mc_t.getDate()+'/'+mc_t.getMonth()+'/'+((yr=mc_t.getYear())<1900?yr+1900:yr)+' '+mc_t.getHours()+':'+mc_t.getMinutes()+':' + mc_t.getSeconds()+' '+mc_t.getDay()+'
'+mc_t.getTimezoneOffset()
document.cookie='ssACK=true';var k=(document.cookie.indexOf('ssACK=')!=-1?'Y':'N')
Michael Sonntag
Legal and Technical Aspects of E-Commerce
15
H
Webbug-Source (2)
if(mc_apv>=4)s=screen.width+'x'+screen.height
if(mc_apn=='Netscape'){var i1=0,i2=0,sta;while((i1<navigator.plugins.length)&&(i2<30)){sta=navigator.plugins[i1].name
if(sta.length>100)sta=sta.substring(0,100);sta+=';'
if(p.indexOf(sta)==-1)p+=sta;i1++;i2++}
v=(navigator.javaEnabled()?'Y':'N')
if(mc_apv>=3)j='1.1'
if(mc_apv>=4){j='1.2'
c=screen.pixelDepth
bw=window.innerWidth
bh=window.innerHeight
}if(mc_apv>=4.06)j='1.3'
}if(mc_apn=='Microsoft Internet Explorer'){if(mc_apv<4)r='NULL'
if(mc_apv>=3)v='P'
if(mc_apv>=4){j='1.2'
v=(navigator.javaEnabled()?'Y':'N')
c=screen.colorDepth
}if(mc_apv>=5&&navigator.platform.indexOf('Win')>=0){c=screen.colorDepth
bw=document.documentElement.offsetWidth
bh=document.documentElement.offsetHeight
j='1.3'
}}if(mc_apn=='Opera'){var i1=0,i2=0,sta
while((i1<navigator.plugins.length)&&(i2<30)){sta=navigator.plugins[i1].name
if(sta.length>100)sta=sta.substring(0,100);sta+=';'
if(p.indexOf(sta)==-1)p+=sta;i1++;i2++}
var v='N'
}code='<im'+'g
src="http://192.168.112.2O7.net/b/ss/denverpost/1/31/'+mc_s+'?[AQB]r='+mc_escape(r)+'&s='+mc_escape(s)+'&c='+mc_escape(c)+'&o='+mc_escape(o)+'&j='+j+'&v='+v+'&k='+k+'&
bw='+bw+'&bh='+bh+'&t='+mc_escape(t)+'&pageName='+mc_escape(pageName)+'&server='+mc_escape(server)+'&ch='+mc_escape(channel)+'&pageType='+mc_escape(pageType
)+'&pageValue='+mc_escape(pageValue)+'&product='+mc_escape(product)+'&c1='+mc_escape(prop1)+'&c2='+mc_escape(prop2)+'&c3='+mc_escape(prop3)+'&c4='+mc_escape(pr
op4)+'&c5='+mc_escape(prop5)+'&c6='+mc_escape(prop6)+'&c7='+mc_escape(prop7)+'&c8='+mc_escape(prop8)+'&g='+mc_escape(g)+'&a='+mc_escape(a)+'&p='+mc_escape(p)+'[
AQE]'+'" border=0 alt="" width=1 height=1>'
Michael Sonntag
Legal and Technical Aspects of E-Commerce
16
H
Webbug-Source (3)
if(!mc_noe)document.write(code)
return code}var mc_n=navigator,mc_apn=mc_n.appName,mc_w=mc_n.appVersion,mc_apv,mc_i
var mc_msie=mc_w.indexOf('MSIE ')
if(mc_w.indexOf('Opera')>0)mc_apn='Opera'
if(mc_msie>0){mc_apv=parseInt(mc_i=mc_w.substring(mc_msie+5))
if(mc_apv>3)mc_apv=parseFloat(mc_i)}else mc_apv=parseFloat(mc_w)
function mc_et(){window.onerror=window.oe;return true}var mc_noe=false
if(navigator.userAgent.indexOf('Mac')>=0&&navigator.userAgent.indexOf('MSIE 4')>=0)var mc_r=document.referrer
else{window.oe=window.onerror;window.onerror=mc_et;var mc_r=parent.document.referrer;mc_noe=mc_et()}
</script><script language="JavaScript">
document.write(mc_mkcd()+(mc_msie>0?'<'+'!--':''))
</script><noscript><a href="http://192.168.112.2O7.net/c/ss/denverpost"
target="_top"><img src="http://192.168.112.2O7.net/b/ss/denverpost/1"
border=0 width=1 height=1></a></noscript><script language="JavaScript">
if(mc_msie>0)document.write(' --'+'>')
</script> <!-- End SuperStats tracking code. -->
Cookie set:
Name:ss_vi_denverpost
Domain: 2o7.net
Path: /
Expires: Do, Apr 15 2010 20:00:00
Secure: No
Data: v2|0-0|1013174171|0|0|0|0|0||
Michael Sonntag
Legal and Technical Aspects of E-Commerce
17
Methods for collecting
data in the Internet (4)
Registration for a service
“Free” services are often only provided in exchange for
personal information ( some kind of payment)
Used for advertisements, which are sold
Allows personalization
» Often in several levels: Additional services requires further
configuration and disclosure of information
Important to check, whether the information collected
might also be sold or with whom it is shared
Usually legal, as user is asked and gives away the data
freely
» No “secret” gathering like webbugs, cookies, spyware, … !
Michael Sonntag
Legal and Technical Aspects of E-Commerce
18
Methods for collecting
data in the Internet (5)
The role of advertisements on the Web
Usually coupled with Cookies from a central server
Allows tracking users across different sites
Profiling according to which sites are visited how often
Users have learned to ignore advertisements
Source of income for free services is lost
Advertisements get ever more intrusive
Problem: Nobody knows where the ads come from,
where his information is stored, what is collected
Special filtering software already exists
Michael Sonntag
Legal and Technical Aspects of E-Commerce
19
Methods for collecting
data in the Internet (6)
Spyware, AdWare
Programs secretly or openly installed on your computer,
which gather data
» Addresses of webpages visited
» Files used (videos/sounds played, documents edited, …)
» Can do everything, as locally installed with your own rights!
Programs with “E.T.-Syndrome”: Phoning home
» Regularly sending the information gathered to someone
» Even if not, specific requests allow building a profile
Spyware is in most cases illegal
» EULA might not be sufficient for consent; if applicable at all
AdWare: Payment for program by spying (mostly legal)
Michael Sonntag
Legal and Technical Aspects of E-Commerce
20
Data Security
El. Comm. Privacy directive:
Users must be informed free of charge by provider on
particular security risks and possible remedies
Privacy directive:
Controller must implement appropriate measures to
protect personal data against loss and disclosure
Especially during transmission over networks
» Almost an obligation for encryption
Contract with processor must be in writing and include:
» Processor may only act on instruction from the controller
» Processor must also protect against loss and disclosure
Both: Measures for appropriate level of security
Michael Sonntag
Legal and Technical Aspects of E-Commerce
21
Informed consent
Must be given freely
No duress or compulsion
» Denial of contract (if not unethical) possible!
– BUT: Effective monopolies; e. g. banks???
Must be specific
For a certain purpose (or a closed list/described set)
» NOT “we are allowed to do with it what we want”
For a certain controller
» NOT “we may transfer it to everyone we like”
Subject must be informed
» NOT “to all members of our company group”
Can be given expressly or implied
Michael Sonntag
Legal and Technical Aspects of E-Commerce
22
Principles of
data quality (1)
In relation to purpose of the processing data must be
adequate: Minimum necessary for the purpose
relevant: Must help fulfilling the purpose
not excessive: Must actually (not potentially /
minimally) improve fulfilling the purpose
accurate: No guessing the data / no interpolation
Also includes that they must be as complete as possible
» If not complete enough for the purpose, they may not be used!
Michael Sonntag
Legal and Technical Aspects of E-Commerce
23
Principles of
data quality (2)
kept up to date: Later verification / updates are
necessary
Only with regard to the purpose
Only if reasonable, i. e. not too expensive
erased: If no longer needed they MUST be destroyed
Putting them on backup somewhere is NOT sufficient!
rectified: If incomplete or wrong
anonymized: If no longer necessary for the purpose
Exceptions for historical, statistical, or scientific use
Michael Sonntag
Legal and Technical Aspects of E-Commerce
24
Data may only be
processed if … (1)
the subject has unambiguously given consent
See definition of consent above!
Everyone can do with his data as he wants
» The freedom not to use the protection of the law
» See e. g. television talkshows!
it is necessary for the performance of a contract
Data subject must be party to contract, or
For taking steps at request of subject prior to contract
» E. g. checking creditworthiness, calculating shipping costs, …
Otherwise this could be used as a right of withdrawal
» Later you do not want the contract any more and prohibit the
seller to use your address he couldn’t send the goods to you!
Michael Sonntag
Legal and Technical Aspects of E-Commerce
25
Data may only be
processed if … (2)
it is necessary for compliance with a legal
obligation of the controller
E. g. archiving or records, processing of data of the
employee by the employer (holidays, payment, ...)
necessary for protection of vital interests of subject
E. g. looking up his blood group
“Vital” must be seen narrowly
» “Of interest” or “possibly beneficial” is not enough!
necessary for tasks of public interest/official authority
To avoid having to grant ALL processing by law
Must be important requirement, not just reduction of work
Michael Sonntag
Legal and Technical Aspects of E-Commerce
26
Data may only be
processed if … (3)
necessary for legitimate interests of controller or
third parties or those to whom data is disclosed
EXCEPT where interests of subject are stronger!
Weighing up of interests is required
Examples:
» Vital interests of thirds: Blood group to find suitable blood donors
» Required for pursuing a claim before public authorities
» Cooperation through official channels to improve pub. admin.
May not be just a monetary comparison
» Gain for processor vs. damage to subject
General clause for all other uses!
Michael Sonntag
Legal and Technical Aspects of E-Commerce
27
Rights of the subject:
Information
When collecting information from the subject, the
following information must be given:
Identity of the controller (and his representative)
» To allow exercising his/her rights
Purposes of processing the data is intended for
» To enable consent and informed decision (“Do I want this?”)
Any other information necessary for fair processing
» Recipients or categories of recipients of the data
» Whether answers are obligatory or voluntary as well as
possible consequences of failure to reply
» The existence of the rights of access/rectify
Michael Sonntag
Legal and Technical Aspects of E-Commerce
28
Rights of the subject:
Access
Every subject can request information:
Only from the controller
At reasonable intervals
Without excessive delay or expense
Whether or not data relating to him/her is processed
» Including purpose of processing, categories of data, recpients
or categories of recipients to whom data is/was disclosed
In intelligible form “his” data and any information
available as to their source
The logic involved in automatic processing
» Restricted: Trade secrets, complexity, ...
Michael Sonntag
Legal and Technical Aspects of E-Commerce
29
Rights of the subject:
Rectification
If through the right of access (or otherwise) wrong
data is discovered:
The processor must correct it himself
The subject can request rectification
Both only if data is incomplete or inaccurate
If no modification is possible (e. g. write-once
records), additional information must be appended
All third parties who received the wrong data must
be notified of the rectification
NOT if impossible or disproportional effort required!
Michael Sonntag
Legal and Technical Aspects of E-Commerce
30
Rights of the subject:
Deletion / Blocking
If through the right of access (or otherwise) illegal
data is discovered:
The processor must delete it himself
The subject can request deletion
Both only if data may not be processed
E. g. illegally acquired
If no deletion is possible (e. g. write-once records),
the data must be blocked (black-list)
All third parties who received the illegal data must
be notified; similar to rectification
Michael Sonntag
Legal and Technical Aspects of E-Commerce
31
Rights of the subject:
Objection-Version 1
Tasks of public interest/official authority or
processing with legitimate interests
Even though ordinarily allowed & when legally obtained
Subject can object to the use of his data at any time
Requires compelling legitimate grounds
» Subject must declare why his position is special
» Subject must declare what specific danger this poses to him
National laws may set exemptions
The subjects data may no longer be processed then
Michael Sonntag
Legal and Technical Aspects of E-Commerce
32
Rights of the subject:
Objection-Version 2
In the case of (intended or actual) use of personal
data for direct marketing
Subject can request to be left out of this
Free of charge (previous right of objection might cost!)
Subject must be expressively informed of this right
Very early form of anti-spam provision
Opt-out solution
States must take measures to ensure that subjects are
aware of this right
Michael Sonntag
Legal and Technical Aspects of E-Commerce
33
Exemptions from rights
Exemptions from most rights possible in case of
national security
defense
public security
prevention, investigation, detection, prosecution of crimes
important economic of financial interest of the state
monitoring, inspection, regulatory inspection with
exercise of official authority in cases 3-5
protection of the data subject or his/her rights
protection of freedom of others
scientific research, press, purely personal use, …
Michael Sonntag
Legal and Technical Aspects of E-Commerce
34
Remedies, Liability,
Sanctions
Every person must have right for a judicial remedy
Administrative remedies might be obligatory before
Damages because of unlawful processing must be
compensable by the controller
Controller MAY only be exempted if he proves that he is
not responsible
» Processor or subject may then be liable
Member states must lay down suitable sanctions
Sanctions are never covered by EU treaties and
therefore always duty of the countries!
Michael Sonntag
Legal and Technical Aspects of E-Commerce
35
Case study:
Directories of subscribers
Subscribers must be informed
free of charge
before inclusion in a public directory
especially for further usage possibilities (e. g. reverse lookup)
only for natural persons
» States may decide what to do with legal persons
Subscribers can decide whether (and what) to include
Includes verification / correction / withdrawing (free of charge)
NOT being included MUST be free of charge
Existing directories of public voice telephony:
Opt-out (can remain included) applicable only to new
subscribers
Michael Sonntag
Legal and Technical Aspects of E-Commerce
36
Data exchange with
third countries
Transfer of data only allowed to countries with
adequate level of protection
Adequacy: Generally as well as for the actual transfer
Nature of the data, purpose, duration, professional rules in
destination country, security measures, …
Exemptions exist, when transfer is still allowed
E. g. unambiguous consent of the subject for this transfer
EU commission may decide that a certain country
possesses an adequate level of protection
All states must adhere to this decision
Data transfers are freely possible then (from and to)
Michael Sonntag
Legal and Technical Aspects of E-Commerce
37
Countries with
adequate protection
Countries with decisions of the EU commission
Hungary (26.7.2000)
Switzerland (26.7.2000)
USA (25.8.2000)
» Safe Harbor only!
Canada (20.12.2001)
Model contracts for transfer of data to other countries exist
See data protection website of the EU!
Michael Sonntag
Legal and Technical Aspects of E-Commerce
38
Literature/Links:
Data Protection website of the EU:
http://europa.eu.int/comm/internal_market/en/dataprot/index.htm
EU data protection directive:
1995/46/EC, L 281/31-50 23.11.1995
EU electronic communications data protection directive:
2002/58/EC, L 201/37-47 31.7.2002
Electronic Privacy Information Center & Privacy International
http://www.privacy.org/
Michael Sonntag
Legal and Technical Aspects of E-Commerce
39