80 likes | 101 Views
This article discusses the importance of implementing personal privacy settings for the re-use of Public Sector Information (PSI) to comply with data protection laws. It explores the implications of the PSI Directive on individual privacy and proposes solutions to balance data protection and economic interests.
E N D
Public Sector Information & Data Protection: A plea for personal privacy settings for the re-use of PSI Bart van der Sloot Institute for Information Law University of Amsterdam
PSI & DP PSI-Directive Recital (21): “This Directive should be implemented and applied in full compliance with the principles relating to the protection of personal data in accordance with Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and of the free movement of such data.” Article 1, §4: “This Directive leaves intact and in no way affects the level of protection of individuals with regard to the processing of personal data under the provisions of Community and national law, and in particular does not alter the obligations and rights set out in Directive 95/46/EC.” And Article 2, §5: “‘personal data’ means data as defined in Article 2(a) of Directive 95/46/EC.”
Personal data • any information: objective or subjective; the form is irrelevant • relating to: content, purpose or effect. • an identified or identifiable: reasonable possible by anyone that has access to the information. Either direct identifiable or indirect identifiable data might qualify. "the man wearing a black suit" • natural person
Fairly and Lawfully • personal data must be collected for specified, explicit and legitimate purposes • Consent, • Legal/public obligations • Balance • not further processed if incompatible with original purposes • Not the case when re-used in commercial interests. • adequate, relevant and not excessive • kept no longer than is necessary • Security and confidentially
Information & Rights • Information about the identity of the controller • About purposes of the processing; • About the categories of data concerned; • About the recipients or categories of recipients; • About the existence of the rights. • Right of access & information • Right of rectification, erasure or blocking • Right of notification to third parties to whom the data have been disclosed of any rectification, erasure or blocking unless disproportionate. • Right to object, especially in case of grounds of public interest and third party interest.
Solution (1) Radical solutions • Prohibit re-use of PSI • Good for Data Protection and Privacy • But would leave economical potential unused. • Deny Data Protection rights • Good for economical interests/profit and re-use of PSI in general • But would be catastrophic for privacy and data protection of citizens
Solution (2) Anonymization • Would if successfully deployed • Leave privacy and data protection in tact • Preserve the economical potential • Almost impossible: the scope of the concept of personal data is all-encompassing • Even if successful: ‘Data can be either useful or perfectly anonymous but never both.’
Solution (3) Personal Privacy Settings • Consent is any freely given specific and informed, explicit indication of ones wish. • Informed consent: specifying/identifying categories: • Kind of data: direct-indirect, ordinary-sensitive • Purposes: commercial-non-commercial • Parties: citizens, states, companies • Countries: country of origin, Europe, outside • Free consent: • Opt-in • Money: lump sum or share of the profit