410 likes | 433 Views
The processing of personal data (Personal Data Act). Leikny Øgrim. Contents. Principles of the Norwegian regulations on the processing of personal data (the Personal Data Act) Schengen Information System SIS Some cases. Administration of the Personal Data Act:. The personal Data Act
E N D
The processingof personal data(Personal Data Act) Leikny Øgrim
Contents • Principles of the Norwegian regulations on the processing of personal data (the Personal Data Act) • Schengen Information System SIS • Some cases
Administration of the Personal Data Act: The personal Data Act Personal Data Regulations The Data Inspectorate: • keep a public record of processing relevant to the Act • deal with applications for licences • keep informed of developments in the area • identify risks to protection of privacy • provide advice and guidance • give its opinion on matters relating to area The Privacy Appeals Board • decide appeals against the decisions of the Data Inspectorate.
Background • Protection of privacy • Computerized society: databases and Internet
Background cont. • -78: • Act on Personal data registers • The society protects the individual • Technological development • ”Half member” of EU • 2000: • Personal Data Act • Individual protection of own rights
Purpose • to protect natural persons from violation of their right to privacy through the processing of personal data. • ensure that personal data are processed in accordance with fundamental respect for the right to privacy, including the need to protect personal integrity and private life and ensure that personal data are of adequate quality.
Substantive scope of the Act • processing of personal data wholly or partly by automatic means, and • other processing of personal data which form part of or are intended to form part of a personal data filing system. • (not private purposes)
personal data: • any information and assessments that may be linked to a natural person,
processing of personal data: • any use of personal data, such as collection, recording, alignment, storage and disclosure or a combination of such uses,
personal data filing system: • filing systems, records, etc. where personal data is systematically stored so that information concerning a natural person may be retrieved.
Conditions for the processing of personal data - RELEVANCE Personal data may only be processed if the data subject has consented thereto, or there is statutory authority for such processing, or the processing is necessary in order • to fulfil a contract to which the data subject is party… • to enable the controller to fulfil a legal obligation, • to protect the vital interests of the data subject, • to perform a task in the public interest, • to exercise official authority, or • … to protect a legitimate interest, except where such interest is overridden by the interests of the data subject.
data subject: • the person to whom personal data may be linked,
consent: • any freely given, specific and informed declaration by the data subject to the effect that he or she agrees to the processing of personal data relating to him or her
sensitive personal data are information relating to • racial or ethnic origin, or political opinions, philosophical or religious beliefs, • the fact that a person has been suspected of, charged with, indicted for or convicted of a criminal act, • health, • sex life, • trade-union membership.
Basic requirements for the processing of personal data The controller shall ensure that personal data which are processed • are processed only when this is authorized • are used only for explicitly stated purposes • are adequate, relevant and not excessive in relation to the purpose of the processing, and • are accurate and up-to-date, and are not stored longer than necessary
Right of access • the name and address of the controller • the purpose of the processing, • the categories of personal data, • the sources of the data, and • whether the personal data will be disclosed, and if so, the identity of the recipient.
Right to demand manual processing • Right to be excluded from direct marketing • Rectification of deficient personal data
Prohibition against storing unnecessary personal data The data subject may demand that data which are strongly disadvantageous to him or her shall be blocked or erased if this • is not contrary to another statute, and • is justifiable on the basis of an overall assessment
Obligation to give notificationbefore • processing personal data by automatic means • establishing a manual personal data filing system which contains sensitive personal data.
Obligation to obtain a licence • processing of sensitive personal data (except when volunteered by the data subject). • If the processing will clearly violate weighty interests relating to protection of privacy (for instance based on quantity of the personal data and the purpose of the processing). • The controller may demand that the Data Inspectorate decide whether processing • will be subject to licensing.
Schengen Information System • SIS is an information system related to the Schengen cooperation. The system consists of a national part for each country and a support function for all countries in the Schengen cooperation.
Information that can be registered • Family name and given name, possible alias name • Special physical attributes that are objective and unchangeable • First letter in other given names • Date and place of birth • Sex • Nationality • If the person is armed • If the person is seen as violent • If the person has escaped from sentence • Reason for registration • Efforts to be set into action
Requirements for registering personal data • data on persons who are wanted for detentation and extradition • data on persons who can not be given access to a country • data on missing persons or persons who are seen as dangerous to themselves or others and need to be taken into temporary detentation. • data on witnesses, persons who should be brought to court or prison.
Some cases • Health related registers (societal interests are often given priority) • Public information on financial inspection • Personal data in insurance cases • Drug testing • Misuse of personal identity • Misuse of personal data by Microsoft? • Credit reports and privacy • Direct marketing • Electronic toll roads • Video surveillance • Internet • Fingerprints
Video surveillance - cases • Outside the Mosaic Religious Community • Passenger areas in public buses and local trains
The Mosaic Religious Community • There was video surveillance of public area but also a place which is ”regularly frequented by a limited group of people” (private garden). The surveillance is done by a camera with zoom-function, covering a rather large area. • The allowance for keeping the video tapes for more than 7 days on a routine basis was not given. • The Privacy Appeals Board judged the controller’s interests against the surveilled persons interests in privacy, and found that video surveillance of public area outside the area that already was notified by signs should not be allowed. • The video surveillance of the private garden was only allowed if accepted by the owner. • In this case there was a dissent in the board
Public buses Public buses wanted to use video surveillance in the passenger areas. The Data Inspectoratehad allowed video surveillance of the doors and near the driver. The Privacy Appeals Boardfound that video surveillance inside the bus can be allowed. The interests of privacy are found to be small, since the tapes only will be played and seen if there in an incidence in the bus. When there is no suspicion of criminal acts, no one will ever see the tape. The board further found that playing and watching the tapes needs and obligation to obtain a licence, since the images may contain sensitive personal data. Due to the strong connection between the surveillance and the playing of the tapes, the licence should also contain the surveillance.
Video surveillance • The continuous or regularly repeated surveillance of persons by means of a remote-controlled or automatically operated video camera, camera or similar device. • Video surveillance of a place which is regularly frequented by a limited group of people is only permitted if there is a special need for such surveillance in the interests of the said activities. • Personal data which are collected by with video surveillance may only be disclosed to a person other than the controller if the subject of the recording consents thereto or if there is statutory provision for such disclosure. However, unless the statutory obligation of professional secrecy prevents disclosure, image recordings may be disclosed to the police in connection with the investigation of criminal acts or accidents. • When a public place or a place which is regularly frequented by a limited group of people is subject to video surveillance, attention shall be drawn clearly by means of a sign or in some other way to the fact that the place is under surveillance and to the identity of the controller.
Information on the Internet • Persons employed in the social services claimed erased from a web site critical comments to child welfare cases and related questions. • Both the Data Inspectorate and the Privacy Appeals Board found that the web site has "journalistic, including opinion-forming, purposes". • The Privacy Appeals Board adds that even if the web site is not illigal according to the Personal Data Act, the web site must, as other media, keep to and respect edicts on characterizing individuals.
Internet – historical data • An earlier member of a sports club, did not want to be mentioned on the sports club’s web site. • The Privacy Appeals Board found that the web site can be categorized as "journalistic means"; and as such protected by the freedom of expression. • The personal data could not be claimed erased. The opposite result would mean that a person can ”edit" history.
Internet-debate • A private person wanted her contributions to a net based forum of debate erased. Also, she wanted all contributions which mentioned her name erased. • The Privacy Appeals Board found, as did The Data Inspectorate, that utterances in debate forums do not fall into the scope of the act, and can not be claimed erased.
Finger prints as identification • Sports centres • Work places • Gasoline terminal • Log in system for health personnel
Sports Centres • The Data Inspectorate prescribed two sports centres from using finger prints of its members as an entrance key. • The Data Inspectorate found there was a substantive need for identification at the entrance, but that the required neccessity was not fulfilled. • The Privacy Appeals Board agreed
REMA 1000 • The Data Inspectorate prescribed REMA 1000 to stop using finger prints in relation to work hour registration of their employees. Registration is done with ID-number in combination with finger prints. • The Data Inspectorate agrees that REMA 1000 has a substantive need of qualitative wage calculation. The inspectorate argues that ID-number is used for identification, and finger prints for authentication. The inspectorate states that the use of finger prints is not necessary. • The Privacy Appeals Board agrees
Esso Norway • The Data Inspectorate prescribed Esso Norway to stop the use of finger prints as identification of truck drivers arriving at the gasoline terminals. The system should be based on consent and a ”Safety Policy” assure that only authorized and trained personnel were given access to the terminals. • The Data Inspectorate argued that the substantive need of physical security is not equivalent to substantive need of secure identification. Continuous human access control is a good alternative, from the inspectorate’s point of view. • The Privacy Appeals Board argues that the use of finger prints covers both identification and authentication. The board finds that the use of ID-card combined with finger prints assure both identification and authentication. Further, the board finds ut out of it’s competence to judge physical changes, like fences, guards and so on. • The Privacy Appeals Board finds there is a sustainable need for secure identification, and allow the use of finger • There was a dissent in the board.
Tysvær kommune • Tysvær kommune uses biometric access control for logging into all new lap tops used especially in the health and social sector. • The Data Inspectorate denied the use. Even if there was a substantive need for secure identification in order to protect sensitive personal data in the system, the inspectorate argued that the use of finger prints were not necessary. • The use of smart cards combined with passwords was said to be an alternative. • The Privacy Appeals Board disagreed. The board meant the use of finger prints is necessary. A smart card can be lost or stolen, and finger prints are seen as the most secure alternative.
Use of national identity numbers, etc. National identity numbers and other clear means of identification may only be used in the processing when there is a objective need for certain identification and the method is necessary to achieve such identification. The Data Inspectorate may require a controller to use such means of identification as are mentioned in the first paragraph to ensure that the personal data are of adequate quality.
References • http://www.datatilsynet.no/templates/Page____194.aspx(the Data Inspectorate) • http://www.datatilsynet.no/upload/Dokumenter/regelverk/lov_forskrift/lov-20000414-031-eng.pdf(The Personal Data Act) • http://www.datatilsynet.no/upload/Dokumenter/regelverk/lov_forskrift/POF_eng_v2.pdf(Regulations on the processing of personal data)