Privacy and Data Protection (and more) for Big Data Marit Hansen Deputy Privacy and Information Commissioner Schleswig-Holstein, Germany marit.hansen@datenschutzzentrum.de Madrid, 25 February 2015
www.datenschutzzentrum.de Setting of ULD • Data Protection Authority (DPA) for both the public and private sector • Also responsible for freedom of information Source: en.wikipedia.org/ wiki/Schleswig-Holstein Privacy and Data Protection for Big Data 2 Source: www.maps-for-free.com
www.datenschutzzentrum.de Overview • European Data Protection Principles • Examples of big data and potential effects • Conclusion Privacy and Data Protection for Big Data 3
www.datenschutzzentrum.de European Data Protection Principles For personal data: • Lawfulness, e.g. statutory provision or consent • Purpose limitation • Necessity • Transparency • Data subject rights • Data security • Accountability Data Protection by Design? By Default? Privacy and Data Protection for Big Data 4
www.datenschutzzentrum.de Data Protection by Design & by Default • “Data Protection by Design and by Default” will be integrated in the upcoming European General Data Protection Regulation (Art. 23) • Targeted at: data processors + producers of IT systems • Objective: design systems + services from early on, for the full lifecycle a) in a data-minimising way b) with the most data protection-friendly pre-settings Not easy for Big Data if personal data are affected. Privacy and Data Protection for Big Data 5
www.datenschutzzentrum.de Guidance from the Art. 29 Data Protection Working Party Documents Take-away messages 1. Opinion 03/2013 on 1. Specified, explicit and Purpose Limitation legitimate purpose; (WP203, 2013) functional separation; compatibility check for 2. Opinion 05/2014 on changed purposes Anonymisation Techniques (WP216, 2014) 2. Case-by-case; avoid pitfalls; risks not excluded 3. Statement […] on the impact of the development 3. Data protection law is still of big data on the valid and must not be protection of ignored. individuals […] (WP221, 2014) Cf. Carmela’s talk on anonymity Privacy and Data Protection for Big Data 6
www.datenschutzzentrum.de Examples Privacy and Data Protection for Big Data 7
www.datenschutzzentrum.de Example: Old-fashioned big data: on a legal basis Source: US Census Bureau Privacy and Data Protection for Big Data 8
www.datenschutzzentrum.de … required by law … • Census: usually anonymised • Process is transparent for citizens • No simple opt-out • Controlled by Parliament • Possible: going to court Source: Quinn Dombrowski • Misuse will be sanctioned Privacy and Data Protection for Big Data 9
www.datenschutzzentrum.de Example: combining I nternet data • Personal data processed, profiling algorithm • Individual consequences possible • Purpose limitation? • Transparency? • Data subject rights? Source: Thierry Gregorius Privacy and Data Protection for Big Data 10
www.datenschutzzentrum.de Example: anonymised big data – sorting people • Consequences for groups of individuals possible: social sorting • Not necessarily regulated in data protection law • Transparency? • “Data subject” rights? Source: Neubie • Fairness? Privacy and Data Protection for Big Data 11
www.datenschutzzentrum.de Example: Traffic planning – biased data X Reasons for not contributing to the data: • Poor • Old • Privacy- aware • … • Effect on decisions? Source: Mehmet Karatay Icons: Axialis Team • Risk of manipulation? Privacy and Data Protection for Big Data 12
www.datenschutzzentrum.de Conclusion • Big data with personal data Within the data protection scope: lawfulness, consent, purpose limitation, data subject rights, … • Big data without personal data (check again: really no personal data?) Not within the data protection scope But maybe with consequences for individuals & society! Need for transparency & possibilities to intervene • Currently lack of understanding and reliable concepts – “quick & dirty” must not prevail & persist! Privacy and Data Protection for Big Data 13
Thank you for your attention! Marit Hansen marit.hansen@datenschutzzentrum.de
Recommend
More recommend
