ENABLING POLICY AND REGULATORY ENVIRONMENTS ITU ASIA-PACIFIC REGIONAL DEVELOPMENT FORUM 2018 MAY 21-22, BANGKOK Mila Romanoff, Privacy and Legal Specialist, UN Global Pulse, EOSG
UN Global Pulse is an innovation initiative of the Executive Office of the UN Secretary-General VISION: Big Data harnessed responsibly as a public good HOW: Privacy Research & Innovation • Advocacy and Adoption of Responsible • Data Practices Operational Privacy and Capacity • Building
• Citizens and Customers expect privacy protection • Regional Regulations affect businesses and globally and impose large fines and costs • Breach of privacy risks & loss of trust and reputation DATA PRIVACY AND ETHICS • Digital Transformation and Era of AI calls for a person and data centric approaches and services
EV EVOLUTION N OF REGIONA NAL PRIVACY LAWS African Union Convention on Cyber Security 2018 2014 EU GDPR UN 2010 Resolution: Guidelines on 2005 Handling ECOWAS APEC Computerized Data Protection Framework Data Files 1995 EU Directive OECD 1991 1980 Council of Europe Convention 108
DATA PRIVACY & DATA PROTECTION: DEVELOPMENT & HUMANITARIAN CONTEXT INTERNATIONAL LAW • UDHR, ICCPR ( incl. Comment 16) • UN RESOLUTION 45/95 Guidelines for the Regulation of Computerized Personal Data Files • ICDPDPC: • Resolution on International Privacy Standards • Resolution on Privacy and International Humanitarian Action • Resolution on Data Protection and International Organizations • Resolution on Data Protection and Major Natural Disasters • Convention 108 (mostly European countries) INTERNATIONAL ORGANIZATIONS GUIDELINES/POLICIES • UNDG Guidance Note on Big Data for SDGs: Data Privacy, Protection and Ethics • IOM, WFP, Global Pulse, UNHCR, ILO,OHCHR, ICRC, etc…
KEY POINTS OF GDPR: ENFORCED AS OF 25 MAY 2018 Consent must be clear and affirmative Any information • Relating to • Expanded territorial Scope • An identified or identifiable • • Transfers to a third country/International Natural data • Organization ONLY if adequate or Contractual Model Clauses apply Data Breach Notifications of 72 hrs • PIA: Privacy Impact Assessment is a requirement for high risk projects Right to be forgotten ISO 27001 is the recommended adequate security standard
SUSTAINABLE DATA ACCESS & ANALYTICS For SDGs: GAPS & CHALLENGES Globalization & New Data & Social Good Concept Interconnectivity Technology Surveillance vs Social Legal vs Ethical Enforcement cooperation Good Awareness & Data Literacy What is anonymous? Regulatory What is Personal? Fragmentation Stakeholder collaboration & Understanding Practical application for Consent, Data Minimization and Purpose Specification
SUSTAINABLE DATA ACCESS & ANALYTICS For SDGs: KEY ELEMENTS & SOLUTIONS E- Commerce Public Services Peace and Infrastructure Security Privacy Development and Protection Humanitarian ICTs Finance Health
SUSTAINABLE DATA ACCESS & ANALYTICS FOR SDGS: KEY ELEMENTS & SOLUTIONS UNIFIED DATA PRIVACY GUIDELINES ( taking into consideration “society & technology for all approach”) REGULATORY COMPLIANCE & ADEQUATE LIABILITY “SAFE” SPACE FRAMEWORK FOR PRIVATE-PUBLIC SECTOR DATA COLLABORATIONS? PUBLIC SECTOR ACCOUNTABILITY & COMPLIANCE WITH DATA PRIVACY AND ETHICS RISK-UTILITY MANAGEMENT FRAMEWORK ( DATA CLASSIFICATION SCHEME, RISK ASSESSMENT, DE-IDENTIFICATION GUIDELINES?) INCENTIVES FOR PRIVATE SECTOR & CAPACITY BUILDING AND TRAINING SUSTAINABILITY FOR PUBLIC SECTOR MULTISTAKEHOLDER ENGAGEMENT PUBLIC TRUST INNOVATIVE PRIVACY ENHANCING TECHNOLOGIES & METHODS PRACTICAL SOLUTIONS FOR DECISION MAKERS ON THE GROUND ADAPTATION OF PRIVACY AND ETHICS TO THE NEEDS OF HUMANITARIAN AND DEVELOPMENT ACTION
THANK YOU! dataprivacy@unglobalpulse.org romanoff@unglobalpulse.org www.unglobalpulse.org/privacy-and-data- protection
Recommend
More recommend
