Transcript PRIVACY ASPECTS OF PSI BETWEEN PRIVATE AND PUBLIC …

Public Sector Information &
Data Protection: A plea for
personal privacy settings
for the re-use of PSI
Bart van der Sloot
Institute for Information Law
University of Amsterdam
PSI & DP
PSI-Directive Recital (21): “This Directive should be
implemented and applied in full compliance with the
principles relating to the protection of personal data in
accordance with Directive 95/46/EC of the European
Parliament and of the Council of 24 October 1995 on the
protection of individuals with regard to the processing of
personal data and of the free movement of such data.”
Article 1, §4: “This Directive leaves intact and in no way
affects the level of protection of individuals with regard
to the processing of personal data under the provisions
of Community and national law, and in particular does not
alter the obligations and rights set out in Directive
95/46/EC.”
And Article 2, §5: “‘personal data’ means data as defined in
Article 2(a) of Directive 95/46/EC.”
Personal data
• any information: objective or subjective;
the form is irrelevant
• relating to: content, purpose or effect.
• an identified or identifiable: reasonable
possible by anyone that has access to the
information. Either direct identifiable or
indirect identifiable data might qualify. "the
man wearing a black suit"
• natural person
Fairly and Lawfully
• personal data must be collected for specified,
explicit and legitimate purposes
– Consent,
– Legal/public obligations
– Balance
• not further processed if incompatible with original
purposes
– Not the case when re-used in commercial interests.
• adequate, relevant and not excessive
• kept no longer than is necessary
• Security and confidentially
Information & Rights
•
•
•
•
•
•
•
•
Information about the identity of the controller
About purposes of the processing;
About the categories of data concerned;
About the recipients or categories of recipients;
About the existence of the rights.
Right of access & information
Right of rectification, erasure or blocking
Right of notification to third parties to whom the
data have been disclosed of any rectification,
erasure or blocking unless disproportionate.
• Right to object, especially in case of grounds
of public interest and third party interest.
Solution (1) Radical solutions
• Prohibit re-use of PSI
– Good for Data Protection and Privacy
– But would leave economical potential unused.
• Deny Data Protection rights
– Good for economical interests/profit and reuse of PSI in general
– But would be catastrophic for privacy and
data protection of citizens
Solution (2) Anonymization
• Would if successfully deployed
– Leave privacy and data protection in tact
– Preserve the economical potential
• Almost impossible: the scope of the
concept of personal data is allencompassing
• Even if successful: ‘Data can be either
useful or perfectly anonymous but never
both.’
Solution (3) Personal Privacy
Settings
• Consent is any freely given specific and
informed, explicit indication of ones wish.
• Informed consent: specifying/identifying
categories:
–
–
–
–
Kind of data: direct-indirect, ordinary-sensitive
Purposes: commercial-non-commercial
Parties: citizens, states, companies
Countries: country of origin, Europe, outside
• Free consent:
– Opt-in
– Money: lump sum or share of the profit