Hackathon Privacy, Big data and protection of rights. Plesner Law Firm - Michael Hopp - Henrik Bechgaard. 29 May 2015

Transcription

1 Hackathon 2015 Privacy, Big data and protection of rights Plesner Law Firm - Michael Hopp - Henrik Bechgaard 29 May 2015

2 Agenda 1. Bigdata What is big data? Why big data? 2. Regulation Shortpresentation of relevant rules; Personal Data Act, Executive order on Cookies Correlation between different rules and regulations 3. Protection of rights 2

3 What is big data "Big data is like teenage sex: everyone talks about it, nobody really knows how to do it, everyone thinks everyone else is doing it, so everyone claims they are doing it..." Dan Ariely 3

4 Legislator is aware Søren Pape Poulsen, Berlingske, 9 November 2014 "In the DDR the state and consequently the citizens were under surveillance by each other in an extreme way. Today, we are all in reality under surveillance to a greater extent than most of us are aware of. Certainly, it is not "the system", but rather "the systems" that e.g. via our credit card transactions, activities with our mobile phones and use of the internet follow every small step. And I know that most information is by far -used for marketing purposes. And I will never suggest, that it is just as bad. However, we can still ask: Is it everyone else's business how often I shop, where I shop, where I am and who I am writing with on Facebook?" 4

5 Why big data Big data as creator of European growth The Commission's estimate of the value of European data EUR 140,000,000,000,000 The volume of data increases with 40 % each year Due to the value of big data it is used as a creator of growth on a political level EU's PSI Directive (implemented in the Danish PSI Act) Transfer of the public sector's information Give the European companies the possibility to use the potential of the data Companies that use big data have a 5-6 % higher effectivity and profit 5

6 Why big data Production strategy Target prices/services based on risk assessment, current demand etc. Maintainand understand customers Smart cities Useof big data Infrastructure Basis for direct and indirect marketing Business Development 6

7 Big data and personal data The definition of personal data in the Data Protection Act Any information relating to an identified or identifiable natural person (Article 3, no. 1) Preliminary work: "When determining whether a person is identifiable, all means and devices which reasonably could be usedin order to identify the person by the data controller or any other person be taken into consideration." Information which identifies the device? big data big data Big data IP-addresses, MAC-addresses, UDID etc. Specific assessment! A combination of multiple sets of big data may constitute personal data Personal data? 7

8 Obtaining data Public data "Cookies" Storing and reading of information from the user device Broad interpretation - Technology neutral! IP address GPS data Device fingerprinting User data 8

9 2 Regulation Regulation overview 1 Relevant rules 2 Correlation between different rules and regulations 9 30 May 2015 [Hackathon

10 Relevant rules The Data Protection Act (DPA) Relevant when big data contains or otherwise is deemed to be personal data The Act stipulate requirements with respect to legal basis to process and the extent of the processing Regulates the data controller's use of third parties with respect to data processing Obligations towards data subjects! Executive order regarding cookies Relevant when obtaining (all) information by way of a cookie Determines guidelines with respect to consent which must be obtained from the user The Marketing Practices Act (MFL) Direct marketing requires consent! 10

11 Main rules for processing of personal data General principles Finalité Legal basis for processing Consent Balance of interests Transparency Privacy by design // privacy by default Right of access, right to be forgotten Security 11

12 Main rules for collection of cookie data Legal basis for collection Consent, unless data strictly required to provide a service requested by the user Passive collection, e.g. MAC addresses from devices? Interim processing (=> hashing etc) may in some cases be permitted Blip Systems case 12

13 Correlation between the different rules Data Collection Rules Use Via Cookies Cookie-regulation Processing (general): DPA Personal information Direct marketing: MFL Section 6 Big Data Otherwise DPA Section5 and 6(1) Disclosure: DPA Section 6(2-4) and Section36 Anonymous information Via cookies Cookie-regulation May freelybeused and disclosed(but bewareof aggregation) 13

14 3 Protection of Rights New technologies and opportunities entail need for different contractual approach From software rights (copyright) to data ownership and access to data Regardless of technology or business model, you need an agreement(!) Utilization of big data is still in its cradle infrastructure, business models etc. are still in the making Creates many opportunity but also (legal) pitfalls 14

15 3. Protection of Rights What type of agreements should be considered? Development/Ownership Agreement Cooperation Agreement Hosting Agreement Data Processor Agreement Third party license agreement End User License Terms Publisher (AppStore, Google Play, Microsoft App store) Etc. 15

16 3. Protection of Rights What to protect? Software, source code, documentation Search algorithm Ownership to/use of data 16

17 QUESTIONS? 17

18 Plesner Plesner Law Firm Amerika Plads 37 DK-2100 Copenhagen Denmark Phone: VAT-No.: