in de samenvatting staan de verschillen tussen privacy en data protection goed uitgelegd. Verder zijn alle colleges en artikelen die voor de colleges gelezen moesten worden samengevat, waaronder de 7 principles. Met deze samenvatting heb ik het vak met een 8.5 gehaald.
Lecture 1
Now: informaton revoluton more advanced computnn capacity, more data available, more data nathered.
It is the internet of thinns.
This brinns also problems and concerns:
- Micro: threats to individual
- Macro: threats to society
Traditonal privacy concern:
- Intrusion into private sphere (1980 rinht to be led alone)
- Bin Brother and chillinn efects of ‘always beinn watched’.
- Errors in records
- Discriminaton
Little brother . surveillance throunh collecton of data.
Sustainable data science . development that meets the needs of the present without compromisinn the ability
of the future neneratons to meet their own needs.
How to do data science sustainable? Look at the laws & ethics.
o Privacy and data protecton are human rinhts.
Lecture 2
Sources of European privacy
Privacy and data protecton are human rinhts. This means that these are neneral values and need therefore to
be protected. They have a consttutonal status.
1950 European Conventon on Human Rinhts Artcle 8: Rinht to respect for privacy and family life:
There shall be no interference by a public authority with the exercise of this rinht except such as is in
accordance with the law and is necessary in a democratc society.
2000 EU Fundamental Rinhts Charter Artcle 7: Respect for private and family life
2000 EU Fundamental Rinhts Charter Artcle 8: Protecton of personal data
Privacy vs data protecton
Privacy Data Protecton
Broader than informaton (body, home, etc) Only personal data (informaton)
Only data in private sphere is protected All personal data is protected (not only private
sphere)
Mainly a nenatve rinht (‘not to’) Contains nenatve and positve rinhts (‘not to’ and
‘to’)
Creates nenatve oblinatons Creates nenatve and positve oblinatons
Related but not the same, overlap and reinforce each other.
Sources of EU data protecton law
Currently: 1995 Directve 95/46/EC On the protecton of individuals with renard to the processinn of
personal data and on the free movement of such data.
- Harmonizes natonal laws to create ‘sinnle market’ for transborder data transfers within the EU
- Addressed to all EU Member States
- Implemented into Natonal Law
- Recitals are not directly bindinn, but used for interpretaton
2012 a reformaton and proposed the draf GDPR Now we have General Data Protecton Renulaton to
replace Data Protecton Directve.
New: 2016 General Data Protecton Renulaton (GDPR)
- Will apply from 25 May 2018
- Applies directly, no natonal implementaton needed
- Recitals are not directly bindinn, but used for interpretaton
,What is the diference: directve does not have a direct efect. It is not equal in all natonal laws, because to be
able to use the norms, the directve needs to be implemented in the natonal law. The diference is that the
renulaton is directly applicable.
Two more important sourced of EU data protecton law:
- EU Court of Justce Judnments: interpret the law (bindinn).
- Artcle 29 Workinn Party opinion: advisory, there will be a similar renulaton in GDPR. These nuidelines
are not bindinn, because it has not the authority. However, consttutes the most nuidelines on how to
apply the data protecton law (not bindinn).
Scope, when/where data protecton law applies and to whom:
Two key concepts:
- Personal data trinners protecton: when there is personal data, data protecton applies. First step to
take to determine whether data law applies.
- Controller defnes purposes & means of data processinn bears oblinatons.
Material scope: Regulaton applies to the processing of personal data
Processinn: basically anythinn done with personal data.
Any operaton or set of operatons which is performed on personal data or on sets of personal data.
Personal data: Any informaton relatnn to a data subject, who is an identfed or identfable natural
person.
Any informaton.
- Renardless of the content: doesn’t matter if private life or public life. Informaton can be personal data
renardless of content.
- Renardless of the format or medium: Video or voice recordinn, child’s drawinn. However, human
tssue sample are carriers of data, not the data itself.
Relatnn to.
A livinn natural person (not a nroup) in:
- Content (about a person, someone has brown hair or sufers from a disease. A narratve about a
person)
- Purpose (when the data is processed with the purpose to evaluate of infuence. For example, IP
address does relate in terms of purpose, the number of steps is data about the person)
- Result (the efect of processinn has impact on the data subject.
The presence of 1 element is sufcient
Identfability (sinnle out).
Identfed or identfable:
- Directly: name or other unique identfer a telephone number, locaton data, online identfer, social
security number. By one sinnle identfer.
- Indirectly: by combinaton of sinnifcant criteria which allows him to be reconnized.
Other element that needs to be taken into account: whether or not is someone identfable? At what point
between 0 and 10 does it mean that someone is identfable? We should consider identfcaton means which
are reasonable likely to be used. The likelihood needs to be reasonable. We have to demonstrate the
likelihood. When do we know when it is likelihood?
- Takinn objectve factors into account;
- Technolonical state of art at the tme of precessinn; (it evolves, we have to assess the state of art that
is available at the moment. Data 10 years ano could be no personal data anymore)
- Cost and efort;
- Risk of data/confdentality/security breaches
- Purpose of processinn is identfcaton
Identfcaton by whom?
- Either by controller or by any other person to identfy
Material scope: anonymous data
If data is anonymous data, data protecton law does not apply.
, WP 136 & 216 on anonymizaton techniques:
- Informaton which does not relate to an identfed or identfable natural person or to personal data
rendered anonymous in such a manner that the data subject is no lonner identfable;
- Data protecton does not apply to truly and irreversible anonymized data (if you keep identfers to
yourself you can reverse anonymizaton);
- Anonymizaton is an instance of data processinn itself.
Material scope: pseudonymous data
Pseudonymisaton (when you keep the identfers) means the processinn of personal data in such a manner
that:
- The personal data can no lonner be attributed to a specifc data subject without …. additonal
informaton
- Provided that such additonal informaton is kept separately
- And is subject to technical and ornanizatonal measures to ensure that the personal data are not
attributed to an identfed or identfable natural person.
Data protecton law stll applies because you are able to sinnle out.
Personal scope: the ‘who’ of data protecton
Key actors:
- Data subject: is an identfed or identfable natural person
o Have rinhts rather than oblinatons
- Controllers: is the natural or lenal person which alone or jointly with others determines the purposes
and means of the processinn of personal data
o Have oblinatons, is the primary carrier of the oblinatons. Decides if data is processed and
how. Determines for what purposes.
- Processors: is a natural or lenal person which processes personal data in behalf of the controller
o Is lenal person which processes personal data on behalf of the controller.
Lecture 3
If data is available, this does not mean you can do with it whatever you want data protecton principles do
apply. Sources:
- 1995 directve
- 2016 neneral data protecton renulaton
The neneral principles are put in efect by enforcement and supervision.
It is very difcult to draw a border between principles. One principle enforces another principle. Fair, lawful and
transparent includes the rest. They work tonether to achieve common noals.
Seven neneral data protecton nenerals. We
fnd them in Artcle 5 of the GDPR.
- Lawfully, fairly and transparency:
- Purpose limitaton
- Data minimizaton
- Accuracy
- Storane limitaton
- Intenrity & confdentality
- accountability
Processinn conditons are broadly similar to
those under the Data Protecton Directve.
However:
- It will become much harder to obtain consent, meaninn that controllers will have to fall back on other
conditons
- Public authorites cannot use the lenitmate interests conditon
1. Accountability (new right)
The controller shall be responsible for, and be able to demonstrate, compliance with data protecton law.
Voordelen van het kopen van samenvattingen bij Stuvia op een rij:
Verzekerd van kwaliteit door reviews
Stuvia-klanten hebben meer dan 700.000 samenvattingen beoordeeld. Zo weet je zeker dat je de beste documenten koopt!
Snel en makkelijk kopen
Je betaalt supersnel en eenmalig met iDeal, creditcard of Stuvia-tegoed voor de samenvatting. Zonder lidmaatschap.
Focus op de essentie
Samenvattingen worden geschreven voor en door anderen. Daarom zijn de samenvattingen altijd betrouwbaar en actueel. Zo kom je snel tot de kern!
Veelgestelde vragen
Wat krijg ik als ik dit document koop?
Je krijgt een PDF, die direct beschikbaar is na je aankoop. Het gekochte document is altijd, overal en oneindig toegankelijk via je profiel.
Tevredenheidsgarantie: hoe werkt dat?
Onze tevredenheidsgarantie zorgt ervoor dat je altijd een studiedocument vindt dat goed bij je past. Je vult een formulier in en onze klantenservice regelt de rest.
Van wie koop ik deze samenvatting?
Stuvia is een marktplaats, je koop dit document dus niet van ons, maar van verkoper lauraschreuder. Stuvia faciliteert de betaling aan de verkoper.
Zit ik meteen vast aan een abonnement?
Nee, je koopt alleen deze samenvatting voor €3,99. Je zit daarna nergens aan vast.
