1 / 12

Dataprotection , databases and related issues

Dataprotection , databases and related issues. Dr. Katrin Nyman-Metcalf. Data Protection. Data protection is a key issue in a modern information society Human right to privacy (Art.8 ECHR, etc.)

mshelley
Télécharger la présentation

Dataprotection , databases and related issues

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Dataprotection, databases and related issues Dr. Katrin Nyman-Metcalf

  2. Data Protection • Data protection is a key issue in a modern information society • Human right to privacy (Art.8 ECHR, etc.) • The development of information society must not undermine people’s sense of security or the protection of their fundamental rights. • Albanian Law on Data Protection 2008 • Importance of implementing structures • Data protection commissioner

  3. Data protection and access to information • Some data protection issues are the same regardless of whether the data is kept in traditional hard copy form or electronically. • There are different risks involved with electronic data, the protection legislation is extra important. • Access to information (Public information) legislation should determine the criteria for getting information. • Data protection legislation safeguards the information. • The laws fulfil different but complimentary tasks and both laws should focus on the content of information rather than its form.

  4. Access to electronic information • There may be a need for law or regulations (other secondary legal acts) to make access to electronic information practically possible, as this will be different from traditional hard copy material. • Generally the law should not be special for access to electronic information. • Classified information law must be compatible with the public information law • Any exceptions from access clear and transparent. • The form of the information should not matter, only the content.

  5. Data Protection Commissioner • Key role in drafting regulations or other secondary legislation • Essential for the implementation of laws (on e.g. e-documents or e-commerce) • Important for NAIS to work with the Commissioner, creating good data processing principles and practices. • To be in line with the Directive, the Commissioner shall be independent from government.

  6. Examples of secondary legislation • Terminology • How to give consent, how to make sure that the person who gives consent understands what he/she is consenting to, what this will mean, etc. • Standards for e.g. freedom of speech exception through guidelines.

  7. Importance of practice • Build up a body of case law. • Not only cases from courts but also decisions from the Commissioner (or any other relevant bodies). • Article 11 Data Protection Law and the reference to freedom of speech as a basis for exceptions from data protection provisions is an example of an area where case law is needed. • It is not possible to describe in detail the exceptions in law, but it is important that case law is accessible and can form a basis for setting the standards.

  8. Law on Public Information • May contain provisions on databases • Example: Estonian Law (previously special law on databases, now a section in the Law on Public Information) • Definition of databases: an organised collection of information, regardless of if using ICT or traditional means (or both) • Practical issues, access issues and data protection issues differs depending on form but legal protection should be the same • Who is owner of the data? Rights of users of information. • Data services are the priority, not data collection

  9. Databases • Special rules for State and local government databases/registers (integrated system) • Responsible body (Ministry or other) for databases and for the integrated system must be designated • Each database has a responsible administrator • Registration of databases including verification of technical systems • Public access to databases (in line with general principles for access to information) • Cross institutional interoperability

  10. Setting up a database • Database set up through law or a legal act based on law. • Prohibited to set up separate databases for the same information. • Before the creation/amendment of the database the technical documentation should be coordinated with the responsible Ministry and the Data Protection Commissioner (and possibly other bodies) • Databases for internal work or exchange of documents between authorities that are not part of the state information system do not have to be coordinated • The details on coordination should be set out in regulations • Rules on termination of databases

  11. Basic rules for databases • Basic act of the database, setting out fundamental rules (composition of information, providers of it, administrator) • Obligations and possibilities to provide information to the database • Basic data: what it is and who can change it • Basic data should be in one main database and emanate from this database • Changes made in one database and reflected where necessary • Special systems/methods for exchange of data between databases, for how databases communicate with one-another • System to ask for data only once

  12. Databases • Components of the integrated system. Database of databases – responsibility of institutions to give metadata about their databases. • Finance principles • Regulate the supporting systems of the framework: • System of unified classifications • Address system • Geodetic system • System of data security measures of databases • Environment of sharing data (data exchange system between registers) • What services need authorization and authentication? • Auditing of databases

More Related