Legal aspects of data gathering and information exchange. Steven Segaert
|
|
|
- Ashlyn Barrett
- 5 years ago
- Views:
Transcription
1 Legal aspects of data gathering and information exchange Steven Segaert
2 Main topics 1. What law is relevant to data gathering and information exchange? What can you expect to find? 2. How to take into account, and use, law? 2
3 Information society... An information society is a society in which the creation, distribution, diffusion, use, integration and manipulation of information is a significant economic, political, and cultural activity. The knowledge economy is its economic counterpart whereby wealth is created through the economic exploitation of understanding. Specific to this kind of society is the central position information technology has for production, economy, and society at large. Information society is seen as the successor to industrial society. (Wikipedia) 3
4 Information society... 4
5 Why do we need law? Law is instrumental: it needs to facilitate societal developments while protecting us from the state and from ourselves Law can not create, nor should it dictate, reality. The information society is a reality. Law should enable it to develop; not impede it... 5
6 What needs to be regulated? Common resources and infrastructure The flow of information Protect the new environment 6
7 Common resources and infrastructure Spectrum, airwaves, networks,... are all limited; allowing it to be monopolized is unfair and hampers development Telecommunications Act, Cable Distribution Act, etc. To create favourable conditions for development To regulate the use of limited resources through purposeful planning To establish the requirements for telecommunications networks and provision of services To install a level of state supervision to market players 7
8 The flow of information 8
9 The flow of information Historical trend State secrets acts 2. Freedom of information laws 3. Protection of the individual 4. Copyright and patent laws as protection of property rights 9
10 Freedom of information You can expect to find... A constitutional provision on right to information A Public Information Act Goal: to provide everyone and anyone with access to public information... and to create possibilities for the public to monitor the performance of public duties 10
11 Freedom of information What is Public Information? Information which is recorded and documented in execution of public power as directed by laws and other legal acts (irrespective of the way it is recorded and documented, the medium or the location) (= also for you) 11
12 Freedom of information Who is the Owner of public information? State and local government Public legal persons Private legal persons, if... they execute public tasks receive public funds or have a natural monopoly 12
13 Freedom of information Obligations as an owner of public information? The owner of public information is obliged to grant access... in the quickest and easiests manner... while protecting private data (!). Access should not cost anything extra (the law can contain charges for the carrier, not for the information) Everybody has the right to contest a restriction on access to information 13
14 Freedom of information Exceptions (when is access not to be granted) When openness ruins the possibility of work, Puts something into danger, Puts someone groundlessly into danger, Or there are obligations to the contrary from a higher level (international agreements, constitution) Even then: time limit to restrictions 14
15 Freedom of information Active measures and good practices? Not always found in Freedom of Information laws. e.g. Law can have a list of obligatory online content Law can provide that you have to have a website, or join a portal site Law can tell you to publish a document register, what is kept and why, and the rules to get access 15
16 Freedom of information Active measures and good practices? Still a good idea to organise a humane process yourself... Register a request only if you cannot satisfy it immediately Move requests from official to official (one entry point for requests) Answer immediately or within a very short timeframe Tell people clearly where they can complain Offer an easy way to ask questions (web,...) Limit the need for asking by providing information 16
17 Way too much work! We can t let all that information go public, surely?! How much will all that cost? Don t tell people what we do; they won t understand it anyway... Ok, I got it. Give us three years, we will make it then! Journalists would have a field day... 17
18 Freedom of information Radical? No it is necessary! Controversial? Only until implemented... Success comes from working together Training and awareness-building is necessary for all: civil servants, politicians, citizens and even journalists 18
19 Protection of personal data Personal data? personal data shall mean any information relating to an identified or identifiable natural person ( Data Subject ); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity. (Directive 95/46/EC, 24/10/1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data) broad definition; technology neutral 19
20 Protection of personal data Sensitive personal data? A subset of personal data; separately defined; more conditions are set for processing to be legal (usually the consent of the person involved is required). EC Directive: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of data concerning health or sex life... but the definition can be larger in your own law. Rule: no processing, with exceptions 20
21 Protection of personal data For who? All legal entities (public or private) that control personal data The individual or the legal person who controls and is responsible for the keeping and use of personal information on computer or in structured manual files. (= you too) 21
22 Protection of personal data Personal data should not be processed at all, except when certain conditions are met... Transparency The data subject must be informed; the controller must provide its contact data, the prupose of processing, the recipients of the data and all other relevant information required to ensure the processing is fair. The data subject can access, demand rectification, deletion or blocking if the conditions are not met. 22
23 Protection of personal data Personal data should not be processed at all, except when certain conditions are met... Legitimate purpose Personal data can only be processed for specified explicit and legitimate purposes, and for nothing else. There are certain conditions to be fulfilled before personal data can be processed. When it involves sensitive personal data, extra restrictions apply. 23
24 Protection of personal data Personal data should not be processed at all, except when certain conditions are met... Proportionality Process only insofar as it is adequate, relevant and not excessive in relation to the purposes. Data must be kept accurate and up to date. Don t keep it longer than needed. Decisions with legal or otherwise significant effects may not be taken only on the automated processing of data. A form of appeal is to be provided. 24
25 Protection of personal data Supervisory authority Must be an independent body that monitors, advises and starts legal procedures when the rules are broken. A controller of data must notify the supervisory authority before he starts to process data who controls what data is kept in a public register. 25
26 Protection of personal data Still... Personal data may only be transferred to third countries IF that country provides an adequate level of protection. Rules also apply whenever the controller uses equipment situated in the EU, or processes data in the EU. 26
27 Protection of personal data What can you do? Adhere to the principles, even if you don t have to - they are valid and make sense Check your own situation (incl. your own laws) Cooperate with your supervisory authority Plus: add the information used to come to a decision to all decisions you communicate... 27
28 Database act What should be done in order to build and maintain government databases? No law, only guidance... 2-level management Chief processors: the politically responsable Authorised processors: technically responsable Classification of data or classification of databases? 28
29 Protect the new environment Development needs to be facilitated Certain interests need to be protected 29
30 Digital signature law Issues and needs: You can hardly put a handwritten signature on an electronic document... What is an original document when you only have electronic copies? Solution: look at what a signature does Identifies the signer The signer takes ownership / responsability of the document 30
31 Digital signature law Issues and needs: You can hardly put a handwritten signature on an electronic document... What is an original document when you only have electronic copies? False issues emerge... 31
32 Digital signature law Identifies the signer The signer takes ownership / responsability of the document 32
33 Digital signature law Digital signatures are equivalent to handwritten ones, if it... Uniquely identifies the signer Authenticates the signed document Allows to set a sequence of events 33
34 Digital signature law Equivalent = you must accept it (might mean you have to adapt your law) Technology-neutral When a certification authority adheres to the rules, you must trust him! Signing is not encrypting! Also machines and entities can use digital signatures 34
35 Other useful acts Identity documents act (EID?) Information society services act ISP liability, spam legislation, conditions for providing services online Re-use of public information by businesses Cyber-crime provisions Charter of electronic rights Provide standards for public e-service delivery (possibility to access services online, right to be involved in decision making processes,...) 35
36 Some conclusions Law does not create an information society... but impeding laws can hamper it Society without law is not realistic No need to re-invent, but also no use to copy using the principles is usually the best idea Eu integration can inspire Inaction is worse than not getting it perfect straight away The order of enacting is of little importance Don t regulate technology, but functionality! 36
37 More information (lots of it) 37
38 Thank you! Time for a round-up, questions and remarks... Steven Segaert ssegaert@confer.eu 38