SlideShare a Scribd company logo

Is Pandemia a Good Reason to Give Up on Privacy

Giovanni Maria Riccio
Giovanni Maria Riccio

Lecture on Data Protection in the Age of Covid-19 April 2020

Law
1 of 54
Download to read offline
Is pandemia a good reason to give up on privacy? Giovanni Maria Riccio Università di Salerno gmriccio@unisa.it
The History of the General Data protection Regulation • In 1995, the European Data protection Directive (Directive 95/46 CE) on the protection of individuals with regard to the processing of personal data and on the free movement of these data was adopted. • For the first time, a definition of «personal data» was provided: «any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity» • The Directive specified the meaning of processing data, with a broad definition: «any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction»
The History of the General Data protection Regulation • In 2011, the European Data Protection Supervisor published an Opinion on the European Commission Communication, entitled «a comprehensive approach on the personal data protection in EU» • In 2012, the European Commission proposed a comprehensive reform of the Directive 95/46 to streghten online privacy rights and the European Data Protection Supervisor adopted an opinion on the Commission’s data protection reform package. • In 2014, the European Parliament supported the new regulation on data protection and in 2015 an agreement was reached by the European Parliament, the Council and the Commission. • In 2016, the Regulation (EU) 2016/679 (GDPR) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data was published and entered into force from 24th May 2016. • From 25th May 2018, the GDPR started to be applied
General Data Protection Regulation The General Data Protection Regulation (EU) 2016/679 The same law and the same text for all the member States Approved on May 2016 – Came into force on May 2018 It is applicable also to non European entities where they offer products or services or when they monitor European citizens (eg Google Maps, Facebook, Instagram, etc.)
The scope of GDPR • The GDPR applies to the processing of personal data wholly or partly by automated means and to the processing other than by automated means of personal data which form part of a filing system or are intended to form part of a filing system. • Only to the processing of personal data of natural persons. • To the processing of personal data in the context of the activities of an establishment of a Controller or a Processor in the Union, regardless of whether the processing takes place in the Union or not. • To the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to: 1. the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; 2. the monitoring of their behaviour as far as their behaviour takes place within the Union.
The scope of GDPR The processing of personal data should be designed to serve mankind. But the right to the protection of personal data is not an absolute right: it must be balanced against other fundamental rights, in accordance with the principle of proportionality. The GDPR respects all fundamental rights and observes the freedoms and principles, specifically: -the respect for private and family life, home and communications; -the freedom of expression and information; - freedom to conduct a business; -the right to an effective remedy and to a fair trial, and cultural, religious and linguistic diversity. The GDPR does not apply to issues of protection of fundamental rights and freedoms or the free flow of personal data related to activities which fall outside the scope of Union law, such as activities concerning national security. Member States may, as far as necessary for coherence and for making the national provisions comprehensible to the persons to whom they apply, incorporate elements of the Regulation 679/2016 into their national law.
Definitions Article 4 of GDPR provides the most important definitions: Personal data Processing Controller Processor Data Subject Any information relating to an identified or identifiable natural person (“the data subject”); for instance, a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity The identified or identifiable natural person, that can be identified directly or indirectly, whose personal data is being collected, held or processed. Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller;
Definitions • There are special categories of personal data, including the personal data that reveal: 1. racial or ethnic origin; 2. political opinions; 3. religious or philosophical beliefs; 4. trade union membership; Or: 1. genetic data, biometric data; 2. concerning health or a natural person's sex life or sexual orientation. 3. data relating to criminal convictions and offences. Another category consists in anonymous information: the anonymous information is the one that does not relate to an identified or identifiable person or to personal data rendered anonymous in a such manner that the data subject is not or no longer identifiable. But the GDPR does not concern the processing of anonymous information, including for statistical or research purposes.
What’s a personal data? • any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
What’s a sensitive data? • personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation
What’s a processing of personal data? • any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction
Principles relating to processing of personal data • Lawfulness, fairness and transparency • Purpose limitation • Data minimisation Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject. The data subject must be informed about the processing of these data and the purposes. The Processing shall be lawful only if and to the extent that at least one of the conditions, provided by the Article 6 of GDPR. Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
Principles relating to processing of personal data • Accuracy • Storage limitation • Integrity and confidentiality Personal data shall be accurate and, where necessary, kept up to date. Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measure.
The principle of accountability The GDPR introduced a new principles to data protection, that of accountability. Controllers and processors have to take responsibility for their processing activities and for how they comply with data protection principles and they must be able to demonstrate compliance. Being responsible for compliance means being proactive and organised about data protection, while demonstrating compliance is the ability to present evidence of the steps taken to comply.
Consent • Processing of personal data is lawful only under one of the six legal basis, provided by the Article 6 of GDPR. • The first condition is CONSENT. The data subject has to give his or her consent to the processing of personal data for one or more specific purposes. What does consent mean? And what are the GDPR requirements ? Consent of the data subject means “any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her”. So, the consent must: 1. be freely given; 2. be specific; 3. be informed; 4. be unambiguous. The controller shall be able to demonstrate that the data subject has consented to processing of his or her personal data. The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Other legal basis • Contractual perfomance: the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. • Legal obligation: the processing is necessary for compliance with a legal obligation to which the controller is subject. • Vital interest: the processing is necessary in order to protect the vital interests of the data subject or of another natural person. • Public interest or acting under official public authority: the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. • Legitimate interest: processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
What are the rights of the data subject? • the right of access: the data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed • the right to rectification: the data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. • the right to erasure: the data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay. • the right to restrict processing: the data subject shall have the right to obtain from the controller restriction of processing, in case of lack of accuracy, when the processing is unlawful, and when the controller no longer needs the personal data for the purposes of the processing. • the right to data portability: the data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided. • the right to object to processing: the data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data • the rights in relation to automated decision making and profiling: the data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
The right to be informed There is a need for transparency regarding the gathering and use of data in order to allow EU citizens to exercise their right to the protection of personal data. The GDPR acknowledges to individuals the right to be informed about the collection and use of their personal data, which leads to a variety of information obligations by the controller. There are two cases: 1. Where data is obtained directly, the data subject must be immediately informed, at the time the data is obtained. In terms of content, the Controller’s obligation to inform includes his or her identity, the contact data of the Data Protection Processor (if available), the processing purposes and the legal basis, any legitimate interests pursued, the recipients when transmitting personal data, and any intention to transfer personal data to third countries. 2. If personal data is not obtained from the data subject, he or she must be provided the information within a reasonable period of time, but at latest after a month. In cases where the gathered information is used to directly contact the data subject, he or she has the right to be informed immediately upon being approached. As far as content is concerned, the controller has to provide the same specific information as if the personal data would have been directly obtained from the data subject.
The obligations of Controller The data Controller determines the purposes for which, the means by which personal data is processed. But, also the Controller determines the nature, the storage of the processing, and also the data categories. The Controller shall implement appropriate technical and organisational measures to ensure and to be able to demonstrate that processing is performed in accordance with this Regulation. Indeed, taking into account the nature, scope, context and purposes of processing, the Controller shall implement appropriate technical and organisational measures, such as pseudonymization and data minimization. The data pseudonymization consists in substituting the identity of the data subject in such a way that additional information is required to re-identify the data subject. It is different from anonymization, that actually consists in irreversibly destroying any way of identifying the data subject. The Controller shall maintain a record of processing activities under its responsibility, for instance: the purposes of the processing; a description of the categories of data subjects and of the categories of personal data; where applicable, transfers of personal data to a third country or an international organisation, including the identification of that third country or international organization etc.
The role of the Data Processor The data processor processes personal data only on behalf of the controller. Where processing is to be carried out on behalf of a Controller, the Controller shall use only Processors providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of this Regulation and ensure the protection of the rights of the data subject. Processing by a Processor shall be governed by a contract or other legal act under Union or Member State law, that is binding on the processor with regard to the Controller and that sets out the subject-matter and duration of the processing, the nature and purpose of the processing, the type of personal data and categories of data subjects and the obligations and rights of the controller. The Processor and any person acting under the authority of the controller or of the processor, who has access to personal data, shall not process those data except on instructions from the Controller.
What does DATA BREACH mean? Personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed. In case of data breach, the controller should communicate to the data subject, without undue delay, where that personal data breach is likely to result in a high risk to the rights and freedoms of the natural person in order to allow him or her to take the necessary precautions. The communication should describe the nature of the personal data breach as well as recommendations for the natural person concerned to mitigate potential adverse effects. Such communications to data subjects should be made as soon as reasonably feasible and in close cooperation with the supervisory authority, respecting guidance provided by it or by other relevant authorities such as law-enforcement authorities. Indeed, the Controller shall notify the personal data breach to the supervisor authority not later than 72 hours (unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons).
The role of DPO • The controller and the processor shall designate a data protection officer in any case where: 1. The processing is carried out by a public authority or body; 2. When the processing operations require regular and systematic monitoring of data subjects on a large scale; 3. When the processing on large scale involves special categories of data. The data protection officer shall have these tasks: 1. to inform and advise the Controller or the Processor and the employees who carry out processing of their obligations pursuant to this Regulation and to other Union or Member State data protection provisions; 2. to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies of the controller or processor in relation to the protection of personal data; 3. to provide advice where requested; 4. to cooperate with the supervisory authority
The role of the Data Protection Authority Each Member State shall provide for one or more independent public authorities to be responsible for monitoring the application of GDPR, in order to protect the fundamental rights and freedoms of natural persons in relation to processing and to facilitate the free flow of personal data within the Union. • Each supervisory authority shall act with complete independence in performing its tasks and exercising its powers. • Member States shall provide for each member of their supervisory authorities to be appointed by means of a transparent procedure by: - their Parliament; - their Government; - their head of State; or - an independent body entrusted with the appointment under Member State law Each member shall have the qualifications, experience and skills, in particular in the area of the protection of personal data, required to perform its duties and exercise its powers.
What is data mining? Data mining consists in the activity through which information is extracted from a large amount of data, contained within databases. The databases can be single or multiple: by crossing the data of the individual databases, it is possible to extract information more precisely. The concept of data mining includes all those types of techniques and strategies that are applied and that consist in most cases in automated software or algorithms (including, for instance, Spark or Panda), which have as a single function the extrapolation of information. The aims of data mining are mostly: economic; scientific; operational; etc.
Where does data mining come from? • Data mining is part of the Big data problem: a large amount of data, which can be stored. Almost all the daily activities performed produce data. Big data means the phenomenon of storing, managing and storing large amounts of data. There are several types of data, that can be classified in two big category: Østructured data, that are data with fixed and homogeneous characteristics, which can be easily saved; Øunstructured data, which are data reflecting the heterogeneity of reality. • The analysis and the search of the data in a huge quantity would be impossible for the human activity, or in any case it would take so much time, not to adhere to the fulfillment of the necessities for which the search is carried out. • For this reason, Data mining is the appropriate response to extrapolate information within a large amount of data, more efficiently and quickly than human activity.
The process of data mining Data mining manages to extrapolate cryptic information, scattered within a database, until it reaches an adequate knowledge that can be used for certain purposes. This process is called KDD (Knowledge Discovery in Database) and consists of a series of phases: 1. Identification of the purposes of the search for information; 2. Preliminary identification of the data that are useful to reach the information; 3. Cleaning of data and pre-processing: narrower selection of data for extrapolation of information;
The process of data mining Data mining: the selection of the best software to the individual case, which selectively scans the data warehouse to provide the information. Interpretation of the results: the results are analyzed in order to understand if the objective is reached; in case of failure, it proceeds with the reiteration (and eventual modification) of the previous step and sometimes also of others; Display of results in an understandable format.
The process of data mining
What are the purposes of data mining? Among the main purposes of the use of data mining are: • descriptive analyses: it is possible, thanks to some techniques of data mining, to analyze back data, identifying the reasons that led to the current state of success or failure. For instance: i. Clustering: this is a statistical analysis technique used to identify similar objects, dividing the data into different groups on the basis of characteristics that approach them. • predictive analyses: data mining can also be used to predict possible future results, through for example these techniques: i. Regression: it is a technique that measures the strength of the relationship between a dependent variable and a series of independent variables to predict, for example, in the medical field the probability of survival of a patient, considering the data related to its diagnostic tests. ii. Neural networks: these consist of computer programs capable to trace patterns, make predictions and progressively learn in full autonomy.
The advantages of using data mining Data mining is used in many areas, which can be grouped into these macro categories: a) Marketing: clustering of customers: identification of types of buyers who share purchasing habits and socio-demographic characteristics; customer retriever: analyzing the behavior of a brand’s customers’, it becomes predictable to identify those at risk of abandonment, and therefore adopt appropriate strategies to prevent it; market basket analysis: identification of which services and products are usually bought together. b) economics and finance: in finance, data mining is useful to fraud detection. science; information and communication technologies (ICT), especially in security sector, intrusion detection; statistics; industry.
What is text mining? • Text mining is an Artificial intelligence techinique aimed to transform a unstrucutured document, a text or an article into a meaninful and actionable information (so, in a structured document). • The scopes of text mining are: Identify the main thematic groups in a document; Classify documents into specific categories; Learn secret association between topics; Extrapolate specific information. • The process of text mining is composed by three steps: i. Indexing: a linguistic analysis of the document; ii. Mining: application of a Data mining algorithm to fulfill the purpose of the text mining; application of a Clustering algorithm to individuate the document topics. iii. Evaluation of the result
What is text mining? TEXT TEXT MINING STRUCTURED DATA INFORMATION UNSTRUCTURED DATA
An Example of Data Mining • A famous anecdotal story is the study conducted by a salesman in Walmart about 15 years ago. He was interested in finding way to increase sales in the shop. Initially, he bundled products together, applying a discount: for instance, bread and jam. The result is that costumers preferred to buy the bundled products, because of the discount. But, the salesman was interested in knowing other associations, that were not so typical. Analyzing the sales records, he observed that customers who usually bought diapers, also purchased beer. He decided to bundle diapers and beers together and the sales soared. This is an example of data mining association in real life.
An Example of Text Mining • Text mining is used especially in studying emotions in texts published on social networks, with the “Sentiment Analysis”: a complex process of analysis that in the phase of mining, through algorithms of computational linguistics allows to identify and extract subjective information from the different textual sources or opinions and emotions described in them. This study was used in Italy to quantify the degree of appreciation after visiting the Reggia of Caserta, through the analysis of Facebook and Twitter posts.
How social media influence our behaviour
How social media influence our political experience
Trump news was as many as four-time more than pro-Clinton fake news, and a third of the pro-Trump tweets were generated by bots Source: https://muse.jhu.edu/article/653377
Source: https://en.wikipedia.org/wiki/Social_media_use_in_politics
The Communication "Tackling online disinformation: a European approach" Improve transparency regarding the way information is produced or sponsored Diversity of information Credibility of information Inclusive solutions with broad stakeholder involvement
Covid-19 and data protection
The Chair of the Committee of Convention 108 and the Data Protection Commissioner of the Council of Europe recall the principles of data protection in these times of fight against the COVID-19 pandemic. • When it comes to the right to data protection, it should first of all be noted that Convention 108, as well as the modernised “Convention 108+”, set forth high standards for the protection of personal data which are compatible and reconcilable with other fundamental rights and relevant public interests. • One of the main data protection principles provided for by Convention 108+ is the principle of lawfulness, according to which processing of data can be carried out either on the basis of the data subject’s consent or some other legitimate basis laid down by law.
The Chair of the Committee of Convention 108 and the Data Protection Commissioner of the Council of Europe recall the principles of data protection in these times of fight against the COVID-19 pandemic. • The right to data protection for instance does not prevent public health authorities to share the list of health professionals (names and contact details) with entities tasked with the distribution of FFP2 masks. • Neither can the right to data protection be claimed to be incompatible with epidemiologic monitoring, stressing that anonymised data is not covered by data protection requirements. • The use of aggregate location information to signal gatherings infringing confinement requirements or to indicate movements of persons traveling away from a severely touched area (in terms of number of COVID-19 positive persons) would thus not be prevented by data protection requirements. • Recommendation CM/Rec(2019)2regarding health-related data provides specific guidelines in this regard. Its provisions on the sharing of data between health professionals and between health and other sectors should, in particular, guide the practices of professionals concerned.
EDPB - Statement on the processing of personal data in the context of the COVID-19 outbreak. Adopted on 19 March 2020
4 basic points • Lawfulness of processing • Core principles relating to the processing of personal data • Use of mobile location data • Employment

Recommended

GDPR and Copyright Law
GDPR and Copyright LawGDPR and Copyright Law
GDPR and Copyright LawGiovanni Maria Riccio
 
FCE Briefing GDPR and Equal Opportunities Monitoring MAY18
FCE Briefing GDPR and Equal Opportunities Monitoring MAY18FCE Briefing GDPR and Equal Opportunities Monitoring MAY18
FCE Briefing GDPR and Equal Opportunities Monitoring MAY18Fife Centre for Equalities
 
"Legal tips and compliance requirements" - Anastasia Botsi, ICT Legal
"Legal tips and compliance requirements" - Anastasia Botsi, ICT Legal"Legal tips and compliance requirements" - Anastasia Botsi, ICT Legal
"Legal tips and compliance requirements" - Anastasia Botsi, ICT LegalCyber Watching
 
mHealth Israel_EU General Data Protection Regulation_Simon Marks
mHealth Israel_EU General Data Protection Regulation_Simon MarksmHealth Israel_EU General Data Protection Regulation_Simon Marks
mHealth Israel_EU General Data Protection Regulation_Simon MarksLevi Shapiro
 
General Data Protection Regulation or GDPR
General Data Protection Regulation or GDPRGeneral Data Protection Regulation or GDPR
General Data Protection Regulation or GDPRNupur Samaddar
 
Protection of Personal Information
Protection of Personal InformationProtection of Personal Information
Protection of Personal InformationFrancois Naude Jr.
 
Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Werksmans Attorneys
 
ILP Durham webinar: GDPR in the Lighting Industry
ILP Durham webinar: GDPR in the Lighting IndustryILP Durham webinar: GDPR in the Lighting Industry
ILP Durham webinar: GDPR in the Lighting IndustryInstitution of Lighting Professionals
 

Recommended

GDPR and Copyright Law
GDPR and Copyright LawGDPR and Copyright Law
GDPR and Copyright LawGiovanni Maria Riccio
 
FCE Briefing GDPR and Equal Opportunities Monitoring MAY18
FCE Briefing GDPR and Equal Opportunities Monitoring MAY18FCE Briefing GDPR and Equal Opportunities Monitoring MAY18
FCE Briefing GDPR and Equal Opportunities Monitoring MAY18Fife Centre for Equalities
 
"Legal tips and compliance requirements" - Anastasia Botsi, ICT Legal
"Legal tips and compliance requirements" - Anastasia Botsi, ICT Legal"Legal tips and compliance requirements" - Anastasia Botsi, ICT Legal
"Legal tips and compliance requirements" - Anastasia Botsi, ICT LegalCyber Watching
 
mHealth Israel_EU General Data Protection Regulation_Simon Marks
mHealth Israel_EU General Data Protection Regulation_Simon MarksmHealth Israel_EU General Data Protection Regulation_Simon Marks
mHealth Israel_EU General Data Protection Regulation_Simon MarksLevi Shapiro
 
General Data Protection Regulation or GDPR
General Data Protection Regulation or GDPRGeneral Data Protection Regulation or GDPR
General Data Protection Regulation or GDPRNupur Samaddar
 
Protection of Personal Information
Protection of Personal InformationProtection of Personal Information
Protection of Personal InformationFrancois Naude Jr.
 
Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Werksmans Attorneys
 
ILP Durham webinar: GDPR in the Lighting Industry
ILP Durham webinar: GDPR in the Lighting IndustryILP Durham webinar: GDPR in the Lighting Industry
ILP Durham webinar: GDPR in the Lighting IndustryInstitution of Lighting Professionals
 
EU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketingEU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketingIT Governance Ltd
 
Revising policies and procedures under the new EU GDPR
Revising policies and procedures under the new EU GDPRRevising policies and procedures under the new EU GDPR
Revising policies and procedures under the new EU GDPRIT Governance Ltd
 
Accountability under the GDPR: What does it mean for Boards & Senior Management?
Accountability under the GDPR: What does it mean for Boards & Senior Management?Accountability under the GDPR: What does it mean for Boards & Senior Management?
Accountability under the GDPR: What does it mean for Boards & Senior Management?IT Governance Ltd
 
EU GDPR: The role of the data protection officer
EU GDPR: The role of the data protection officer EU GDPR: The role of the data protection officer
EU GDPR: The role of the data protection officer IT Governance Ltd
 
Gary Davis
Gary DavisGary Davis
Gary Davisdri_ireland
 
General Data Protection Regulation (GDPR) for Identity Architects
General Data Protection Regulation (GDPR) for Identity ArchitectsGeneral Data Protection Regulation (GDPR) for Identity Architects
General Data Protection Regulation (GDPR) for Identity ArchitectsWSO2
 
Browne Jacobson - Administrative and public law - October 2017
Browne Jacobson - Administrative and public law - October 2017Browne Jacobson - Administrative and public law - October 2017
Browne Jacobson - Administrative and public law - October 2017Browne Jacobson LLP
 
Clyrofor popia readiness webinar
Clyrofor popia readiness webinarClyrofor popia readiness webinar
Clyrofor popia readiness webinarLesedi Mnisi
 
Quick Guide to GDPR
Quick Guide to GDPRQuick Guide to GDPR
Quick Guide to GDPRPavol Balaj
 
GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017CloudWATCH Consortium
 
Datum DPO outsourced May 2016
Datum DPO outsourced May 2016Datum DPO outsourced May 2016
Datum DPO outsourced May 2016Mark Honeyball
 
Personal data: Legal Issues in Research Data Collection and Sharing by EUDAT ...
Personal data: Legal Issues in Research Data Collection and Sharing by EUDAT ...Personal data: Legal Issues in Research Data Collection and Sharing by EUDAT ...
Personal data: Legal Issues in Research Data Collection and Sharing by EUDAT ...EUDAT
 
ICEGOV - Tutorial 1 - Information Policy Concepts and Principles
ICEGOV - Tutorial 1 - Information Policy Concepts and PrinciplesICEGOV - Tutorial 1 - Information Policy Concepts and Principles
ICEGOV - Tutorial 1 - Information Policy Concepts and PrinciplesICEGOV
 
Information policy sunil sir
Information policy sunil sirInformation policy sunil sir
Information policy sunil sirbgshalini
 
Hacking Health Camp Strasbourg health data & data protection in the Netherlands
Hacking Health Camp Strasbourg health data & data protection in the Netherlands Hacking Health Camp Strasbourg health data & data protection in the Netherlands
Hacking Health Camp Strasbourg health data & data protection in the Netherlands Axon Lawyers
 
Appointing a Data Protection Officer under the GDPR
Appointing a Data Protection Officer under the GDPRAppointing a Data Protection Officer under the GDPR
Appointing a Data Protection Officer under the GDPRIT Governance Ltd
 
Chapter 08 – Data Protection, Privacy and Freedom of Information - BIT IT5104
Chapter 08 – Data Protection, Privacy and Freedom of Information - BIT IT5104 Chapter 08 – Data Protection, Privacy and Freedom of Information - BIT IT5104
Chapter 08 – Data Protection, Privacy and Freedom of Information - BIT IT5104 Upekha Vandebona
 
Preparing for EU GDPR
Preparing for EU GDPRPreparing for EU GDPR
Preparing for EU GDPRIT Governance Ltd
 
Example Association Internal GDPR Policy
Example Association Internal GDPR PolicyExample Association Internal GDPR Policy
Example Association Internal GDPR PolicyLen Murphy
 
Introduction to Information Policy
Introduction to Information PolicyIntroduction to Information Policy
Introduction to Information PolicyNiamh Headon
 
Data privacy act of 2012.pdf
Data privacy act of 2012.pdfData privacy act of 2012.pdf
Data privacy act of 2012.pdfrjrremolana
 
Seminar General Data Protection Regulation
Seminar General Data Protection RegulationSeminar General Data Protection Regulation
Seminar General Data Protection RegulationAxon Lawyers
 

More Related Content

What's hot

EU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketingEU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketingIT Governance Ltd
 
Revising policies and procedures under the new EU GDPR
Revising policies and procedures under the new EU GDPRRevising policies and procedures under the new EU GDPR
Revising policies and procedures under the new EU GDPRIT Governance Ltd
 
Accountability under the GDPR: What does it mean for Boards & Senior Management?
Accountability under the GDPR: What does it mean for Boards & Senior Management?Accountability under the GDPR: What does it mean for Boards & Senior Management?
Accountability under the GDPR: What does it mean for Boards & Senior Management?IT Governance Ltd
 
EU GDPR: The role of the data protection officer
EU GDPR: The role of the data protection officer EU GDPR: The role of the data protection officer
EU GDPR: The role of the data protection officer IT Governance Ltd
 
General Data Protection Regulation (GDPR) for Identity Architects
General Data Protection Regulation (GDPR) for Identity ArchitectsGeneral Data Protection Regulation (GDPR) for Identity Architects
General Data Protection Regulation (GDPR) for Identity ArchitectsWSO2
 
Browne Jacobson - Administrative and public law - October 2017
Browne Jacobson - Administrative and public law - October 2017Browne Jacobson - Administrative and public law - October 2017
Browne Jacobson - Administrative and public law - October 2017Browne Jacobson LLP
 
Clyrofor popia readiness webinar
Clyrofor popia readiness webinarClyrofor popia readiness webinar
Clyrofor popia readiness webinarLesedi Mnisi
 
Quick Guide to GDPR
Quick Guide to GDPRQuick Guide to GDPR
Quick Guide to GDPRPavol Balaj
 
GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017CloudWATCH Consortium
 
Datum DPO outsourced May 2016
Datum DPO outsourced May 2016Datum DPO outsourced May 2016
Datum DPO outsourced May 2016Mark Honeyball
 
Personal data: Legal Issues in Research Data Collection and Sharing by EUDAT ...
Personal data: Legal Issues in Research Data Collection and Sharing by EUDAT ...Personal data: Legal Issues in Research Data Collection and Sharing by EUDAT ...
Personal data: Legal Issues in Research Data Collection and Sharing by EUDAT ...EUDAT
 
ICEGOV - Tutorial 1 - Information Policy Concepts and Principles
ICEGOV - Tutorial 1 - Information Policy Concepts and PrinciplesICEGOV - Tutorial 1 - Information Policy Concepts and Principles
ICEGOV - Tutorial 1 - Information Policy Concepts and PrinciplesICEGOV
 
Information policy sunil sir
Information policy sunil sirInformation policy sunil sir
Information policy sunil sirbgshalini
 
Hacking Health Camp Strasbourg health data & data protection in the Netherlands
Hacking Health Camp Strasbourg health data & data protection in the Netherlands Hacking Health Camp Strasbourg health data & data protection in the Netherlands
Hacking Health Camp Strasbourg health data & data protection in the Netherlands Axon Lawyers
 
Appointing a Data Protection Officer under the GDPR
Appointing a Data Protection Officer under the GDPRAppointing a Data Protection Officer under the GDPR
Appointing a Data Protection Officer under the GDPRIT Governance Ltd
 
Chapter 08 – Data Protection, Privacy and Freedom of Information - BIT IT5104
Chapter 08 – Data Protection, Privacy and Freedom of Information - BIT IT5104 Chapter 08 – Data Protection, Privacy and Freedom of Information - BIT IT5104
Chapter 08 – Data Protection, Privacy and Freedom of Information - BIT IT5104 Upekha Vandebona
 
Example Association Internal GDPR Policy
Example Association Internal GDPR PolicyExample Association Internal GDPR Policy
Example Association Internal GDPR PolicyLen Murphy
 
Introduction to Information Policy
Introduction to Information PolicyIntroduction to Information Policy
Introduction to Information PolicyNiamh Headon
 

What's hot (20)

EU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketingEU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketing
 
Revising policies and procedures under the new EU GDPR
Revising policies and procedures under the new EU GDPRRevising policies and procedures under the new EU GDPR
Revising policies and procedures under the new EU GDPR
 
Accountability under the GDPR: What does it mean for Boards & Senior Management?
Accountability under the GDPR: What does it mean for Boards & Senior Management?Accountability under the GDPR: What does it mean for Boards & Senior Management?
Accountability under the GDPR: What does it mean for Boards & Senior Management?
 
EU GDPR: The role of the data protection officer
EU GDPR: The role of the data protection officer EU GDPR: The role of the data protection officer
EU GDPR: The role of the data protection officer
 
Gary Davis
Gary DavisGary Davis
Gary Davis
 
General Data Protection Regulation (GDPR) for Identity Architects
General Data Protection Regulation (GDPR) for Identity ArchitectsGeneral Data Protection Regulation (GDPR) for Identity Architects
General Data Protection Regulation (GDPR) for Identity Architects
 
Browne Jacobson - Administrative and public law - October 2017
Browne Jacobson - Administrative and public law - October 2017Browne Jacobson - Administrative and public law - October 2017
Browne Jacobson - Administrative and public law - October 2017
 
Clyrofor popia readiness webinar
Clyrofor popia readiness webinarClyrofor popia readiness webinar
Clyrofor popia readiness webinar
 
Quick Guide to GDPR
Quick Guide to GDPRQuick Guide to GDPR
Quick Guide to GDPR
 
GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017
 
Datum DPO outsourced May 2016
Datum DPO outsourced May 2016Datum DPO outsourced May 2016
Datum DPO outsourced May 2016
 
Personal data: Legal Issues in Research Data Collection and Sharing by EUDAT ...
Personal data: Legal Issues in Research Data Collection and Sharing by EUDAT ...Personal data: Legal Issues in Research Data Collection and Sharing by EUDAT ...
Personal data: Legal Issues in Research Data Collection and Sharing by EUDAT ...
 
ICEGOV - Tutorial 1 - Information Policy Concepts and Principles
ICEGOV - Tutorial 1 - Information Policy Concepts and PrinciplesICEGOV - Tutorial 1 - Information Policy Concepts and Principles
ICEGOV - Tutorial 1 - Information Policy Concepts and Principles
 
Information policy sunil sir
Information policy sunil sirInformation policy sunil sir
Information policy sunil sir
 
Hacking Health Camp Strasbourg health data & data protection in the Netherlands
Hacking Health Camp Strasbourg health data & data protection in the Netherlands Hacking Health Camp Strasbourg health data & data protection in the Netherlands
Hacking Health Camp Strasbourg health data & data protection in the Netherlands
 
Appointing a Data Protection Officer under the GDPR
Appointing a Data Protection Officer under the GDPRAppointing a Data Protection Officer under the GDPR
Appointing a Data Protection Officer under the GDPR
 
Chapter 08 – Data Protection, Privacy and Freedom of Information - BIT IT5104
Chapter 08 – Data Protection, Privacy and Freedom of Information - BIT IT5104 Chapter 08 – Data Protection, Privacy and Freedom of Information - BIT IT5104
Chapter 08 – Data Protection, Privacy and Freedom of Information - BIT IT5104
 
Preparing for EU GDPR
Preparing for EU GDPRPreparing for EU GDPR
Preparing for EU GDPR
 
Example Association Internal GDPR Policy
Example Association Internal GDPR PolicyExample Association Internal GDPR Policy
Example Association Internal GDPR Policy
 
Introduction to Information Policy
Introduction to Information PolicyIntroduction to Information Policy
Introduction to Information Policy
 

Similar to Is Pandemia a Good Reason to Give Up on Privacy

Data privacy act of 2012.pdf
Data privacy act of 2012.pdfData privacy act of 2012.pdf
Data privacy act of 2012.pdfrjrremolana
 
Seminar General Data Protection Regulation
Seminar General Data Protection RegulationSeminar General Data Protection Regulation
Seminar General Data Protection RegulationAxon Lawyers
 
Overview of privacy and data protection considerations for DEVELOP
Overview of privacy and data protection considerations for DEVELOPOverview of privacy and data protection considerations for DEVELOP
Overview of privacy and data protection considerations for DEVELOPTrilateral Research
 
GDPR - New European Union Legislation
GDPR - New European Union LegislationGDPR - New European Union Legislation
GDPR - New European Union LegislationTekwill
 
Data Privacy and consent management .. .
Data Privacy and consent management .. .Data Privacy and consent management .. .
Data Privacy and consent management .. .ClinosolIndia
 
OVERVIEW OF DATA PROTECTION AND PRIVACY.pptx
OVERVIEW OF DATA PROTECTION AND PRIVACY.pptxOVERVIEW OF DATA PROTECTION AND PRIVACY.pptx
OVERVIEW OF DATA PROTECTION AND PRIVACY.pptxUsmanMAmeer
 
Data legislation, governance and policy/Abraham M Keetshabe
Data legislation, governance and policy/Abraham M KeetshabeData legislation, governance and policy/Abraham M Keetshabe
Data legislation, governance and policy/Abraham M KeetshabeAfrican Open Science Platform
 
Ready for the GDPR, Ready for the Digital Economy
Ready for the GDPR, Ready for the Digital EconomyReady for the GDPR, Ready for the Digital Economy
Ready for the GDPR, Ready for the Digital EconomyRay ABOU
 
Key Issues on the new General Data Protection Regulation
Key Issues on the new General Data Protection RegulationKey Issues on the new General Data Protection Regulation
Key Issues on the new General Data Protection RegulationOlivier Vandeputte
 
Complete Guide to General Data Protection Regulation (GDPR)
Complete Guide to General Data Protection Regulation (GDPR)Complete Guide to General Data Protection Regulation (GDPR)
Complete Guide to General Data Protection Regulation (GDPR)Happiest Minds Technologies
 
Legal and ethical considerations for sharing research data
Legal and ethical considerations for sharing research dataLegal and ethical considerations for sharing research data
Legal and ethical considerations for sharing research dataOpenAIRE
 
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...Harrison Clark Rickerbys
 
Kyverna Privacy Policy.pdf
Kyverna Privacy Policy.pdfKyverna Privacy Policy.pdf
Kyverna Privacy Policy.pdfmakaylaklenke
 

Similar to Is Pandemia a Good Reason to Give Up on Privacy (20)

Data privacy act of 2012.pdf
Data privacy act of 2012.pdfData privacy act of 2012.pdf
Data privacy act of 2012.pdf
 
Seminar General Data Protection Regulation
Seminar General Data Protection RegulationSeminar General Data Protection Regulation
Seminar General Data Protection Regulation
 
Presentation gdpr ahti
Presentation gdpr ahtiPresentation gdpr ahti
Presentation gdpr ahti
 
Overview of privacy and data protection considerations for DEVELOP
Overview of privacy and data protection considerations for DEVELOPOverview of privacy and data protection considerations for DEVELOP
Overview of privacy and data protection considerations for DEVELOP
 
Data Protection GDPR Basics
Data Protection GDPR BasicsData Protection GDPR Basics
Data Protection GDPR Basics
 
GDPR Presentation
GDPR PresentationGDPR Presentation
GDPR Presentation
 
GDPR - New European Union Legislation
GDPR - New European Union LegislationGDPR - New European Union Legislation
GDPR - New European Union Legislation
 
Data privacy act of 2012 presentation
Data privacy act of 2012 presentationData privacy act of 2012 presentation
Data privacy act of 2012 presentation
 
Data Privacy and consent management .. .
Data Privacy and consent management .. .Data Privacy and consent management .. .
Data Privacy and consent management .. .
 
Overview on data privacy
Overview on data privacy Overview on data privacy
Overview on data privacy
 
OVERVIEW OF DATA PROTECTION AND PRIVACY.pptx
OVERVIEW OF DATA PROTECTION AND PRIVACY.pptxOVERVIEW OF DATA PROTECTION AND PRIVACY.pptx
OVERVIEW OF DATA PROTECTION AND PRIVACY.pptx
 
Data legislation, governance and policy/Abraham M Keetshabe
Data legislation, governance and policy/Abraham M KeetshabeData legislation, governance and policy/Abraham M Keetshabe
Data legislation, governance and policy/Abraham M Keetshabe
 
Ready for the GDPR, Ready for the Digital Economy
Ready for the GDPR, Ready for the Digital EconomyReady for the GDPR, Ready for the Digital Economy
Ready for the GDPR, Ready for the Digital Economy
 
Key Issues on the new General Data Protection Regulation
Key Issues on the new General Data Protection RegulationKey Issues on the new General Data Protection Regulation
Key Issues on the new General Data Protection Regulation
 
Complete Guide to General Data Protection Regulation (GDPR)
Complete Guide to General Data Protection Regulation (GDPR)Complete Guide to General Data Protection Regulation (GDPR)
Complete Guide to General Data Protection Regulation (GDPR)
 
POPI Seminar
POPI SeminarPOPI Seminar
POPI Seminar
 
Legal and ethical considerations for sharing research data
Legal and ethical considerations for sharing research dataLegal and ethical considerations for sharing research data
Legal and ethical considerations for sharing research data
 
Ichec & ESC gdpr feb 2020
Ichec & ESC gdpr feb 2020Ichec & ESC gdpr feb 2020
Ichec & ESC gdpr feb 2020
 
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
 
Kyverna Privacy Policy.pdf
Kyverna Privacy Policy.pdfKyverna Privacy Policy.pdf
Kyverna Privacy Policy.pdf
 

More from Giovanni Maria Riccio

Artificial Intelligence and Copyright: How to Find Balances between Human Cr...
Artificial Intelligence and Copyright: How to Find Balances between Human Cr...Artificial Intelligence and Copyright: How to Find Balances between Human Cr...
Artificial Intelligence and Copyright: How to Find Balances between Human Cr...Giovanni Maria Riccio
 
Intelligenza artificiale, data protection e copyright
Intelligenza artificiale, data protection e copyrightIntelligenza artificiale, data protection e copyright
Intelligenza artificiale, data protection e copyrightGiovanni Maria Riccio
 
Authorship NFT Artificial Intelligence.pptx
Authorship NFT Artificial Intelligence.pptxAuthorship NFT Artificial Intelligence.pptx
Authorship NFT Artificial Intelligence.pptxGiovanni Maria Riccio
 
Metaverso e proprietà intellettuale (copyright, trademark)
Metaverso e proprietà intellettuale (copyright, trademark)Metaverso e proprietà intellettuale (copyright, trademark)
Metaverso e proprietà intellettuale (copyright, trademark)Giovanni Maria Riccio
 
Art in Public Spaces and Cultural Heritage
Art in Public Spaces and Cultural HeritageArt in Public Spaces and Cultural Heritage
Art in Public Spaces and Cultural HeritageGiovanni Maria Riccio
 
Patrimonio culturale e mondo digitale
Patrimonio culturale e mondo digitalePatrimonio culturale e mondo digitale
Patrimonio culturale e mondo digitaleGiovanni Maria Riccio
 
Out-of-Commerce Works and the Copyright Proposal Directive
Out-of-Commerce Works and the Copyright Proposal DirectiveOut-of-Commerce Works and the Copyright Proposal Directive
Out-of-Commerce Works and the Copyright Proposal DirectiveGiovanni Maria Riccio
 
Startup - Marchi, Copyright, Confidentiality Agreement
Startup - Marchi, Copyright, Confidentiality AgreementStartup - Marchi, Copyright, Confidentiality Agreement
Startup - Marchi, Copyright, Confidentiality AgreementGiovanni Maria Riccio
 
G.M. Riccio - National Efforts to Control the Internet: to Regulate or Not? ...
G.M. Riccio - National Efforts to Control the Internet: to Regulate or Not? ...G.M. Riccio - National Efforts to Control the Internet: to Regulate or Not? ...
G.M. Riccio - National Efforts to Control the Internet: to Regulate or Not? ...Giovanni Maria Riccio
 
International Summer School on Cyber Law - Moscow - July 2014
International Summer School on Cyber Law - Moscow - July 2014International Summer School on Cyber Law - Moscow - July 2014
International Summer School on Cyber Law - Moscow - July 2014Giovanni Maria Riccio
 
Social Network: come rispettare la legge
Social Network: come rispettare la leggeSocial Network: come rispettare la legge
Social Network: come rispettare la leggeGiovanni Maria Riccio
 
La dematerializzazione dei contratti
La dematerializzazione dei contrattiLa dematerializzazione dei contratti
La dematerializzazione dei contrattiGiovanni Maria Riccio
 
Copyright collecting societies luiss 19.4.13
Copyright collecting societies luiss 19.4.13Copyright collecting societies luiss 19.4.13
Copyright collecting societies luiss 19.4.13Giovanni Maria Riccio
 

More from Giovanni Maria Riccio (20)

Artificial Intelligence and Copyright: How to Find Balances between Human Cr...
Artificial Intelligence and Copyright: How to Find Balances between Human Cr...Artificial Intelligence and Copyright: How to Find Balances between Human Cr...
Artificial Intelligence and Copyright: How to Find Balances between Human Cr...
 
Intelligenza artificiale, data protection e copyright
Intelligenza artificiale, data protection e copyrightIntelligenza artificiale, data protection e copyright
Intelligenza artificiale, data protection e copyright
 
Authorship NFT Artificial Intelligence.pptx
Authorship NFT Artificial Intelligence.pptxAuthorship NFT Artificial Intelligence.pptx
Authorship NFT Artificial Intelligence.pptx
 
Metaverso e proprietà intellettuale (copyright, trademark)
Metaverso e proprietà intellettuale (copyright, trademark)Metaverso e proprietà intellettuale (copyright, trademark)
Metaverso e proprietà intellettuale (copyright, trademark)
 
Diritto d'autore, design e moda
Diritto d'autore, design e modaDiritto d'autore, design e moda
Diritto d'autore, design e moda
 
Art in Public Spaces and Cultural Heritage
Art in Public Spaces and Cultural HeritageArt in Public Spaces and Cultural Heritage
Art in Public Spaces and Cultural Heritage
 
Privacy e telemarketing
Privacy e telemarketing Privacy e telemarketing
Privacy e telemarketing
 
Patrimonio culturale e mondo digitale
Patrimonio culturale e mondo digitalePatrimonio culturale e mondo digitale
Patrimonio culturale e mondo digitale
 
Cinema e contratti
Cinema e contratti Cinema e contratti
Cinema e contratti
 
Out-of-Commerce Works and the Copyright Proposal Directive
Out-of-Commerce Works and the Copyright Proposal DirectiveOut-of-Commerce Works and the Copyright Proposal Directive
Out-of-Commerce Works and the Copyright Proposal Directive
 
Le regole dei giochi
Le regole dei giochiLe regole dei giochi
Le regole dei giochi
 
Startup - Marchi, Copyright, Confidentiality Agreement
Startup - Marchi, Copyright, Confidentiality AgreementStartup - Marchi, Copyright, Confidentiality Agreement
Startup - Marchi, Copyright, Confidentiality Agreement
 
G.M. Riccio - National Efforts to Control the Internet: to Regulate or Not? ...
G.M. Riccio - National Efforts to Control the Internet: to Regulate or Not? ...G.M. Riccio - National Efforts to Control the Internet: to Regulate or Not? ...
G.M. Riccio - National Efforts to Control the Internet: to Regulate or Not? ...
 
Startup innovative
Startup innovativeStartup innovative
Startup innovative
 
International Summer School on Cyber Law - Moscow - July 2014
International Summer School on Cyber Law - Moscow - July 2014International Summer School on Cyber Law - Moscow - July 2014
International Summer School on Cyber Law - Moscow - July 2014
 
Social Network: come rispettare la legge
Social Network: come rispettare la leggeSocial Network: come rispettare la legge
Social Network: come rispettare la legge
 
La dematerializzazione dei contratti
La dematerializzazione dei contrattiLa dematerializzazione dei contratti
La dematerializzazione dei contratti
 
Copyright collecting societies luiss 19.4.13
Copyright collecting societies luiss 19.4.13Copyright collecting societies luiss 19.4.13
Copyright collecting societies luiss 19.4.13
 
E commerce - slide
E commerce - slideE commerce - slide
E commerce - slide
 
Axioma privacy 29.2.12
Axioma privacy 29.2.12Axioma privacy 29.2.12
Axioma privacy 29.2.12
 

Recently uploaded

Alexis O'Connell Arrest Records Houston Texas lexileeyogi
Alexis O'Connell Arrest Records Houston Texas lexileeyogiAlexis O'Connell Arrest Records Houston Texas lexileeyogi
Alexis O'Connell Arrest Records Houston Texas lexileeyogiBlayneRush1
 
John Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A HistoryJohn Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A HistoryJohn Hustaix
 
The Patents Act 1970 Notes For College .pptx
The Patents Act 1970 Notes For College .pptxThe Patents Act 1970 Notes For College .pptx
The Patents Act 1970 Notes For College .pptxAdityasinhRana4
 
Hungarian legislation made by Robert Miklos
Hungarian legislation made by Robert MiklosHungarian legislation made by Robert Miklos
Hungarian legislation made by Robert Miklosbeduinpower135
 
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTSTHE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTSRoshniSingh312153
 
Grey Area of the Information Technology Act, 2000.pptx
Grey Area of the Information Technology Act, 2000.pptxGrey Area of the Information Technology Act, 2000.pptx
Grey Area of the Information Technology Act, 2000.pptxBharatMunjal4
 
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis Lee
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis LeeAlexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis Lee
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis LeeBlayneRush1
 
Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791
Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791
Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791BlayneRush1
 
Rights of under-trial Prisoners in India
Rights of under-trial Prisoners in IndiaRights of under-trial Prisoners in India
Rights of under-trial Prisoners in IndiaAbheet Mangleek
 
Special Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreementSpecial Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreementShubhiSharma858417
 
Illinois Department Of Corrections reentry guide
Illinois Department Of Corrections reentry guideIllinois Department Of Corrections reentry guide
Illinois Department Of Corrections reentry guideillinoisworknet11
 
Guide for Drug Education and Vice Control.docx
Guide for Drug Education and Vice Control.docxGuide for Drug Education and Vice Control.docx
Guide for Drug Education and Vice Control.docxjennysansano2
 
Comparison of GenAI benchmarking models for legal use cases
Comparison of GenAI benchmarking models for legal use casesComparison of GenAI benchmarking models for legal use cases
Comparison of GenAI benchmarking models for legal use casesritwikv20
 
Understanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
Understanding Cyber Crime Litigation: Key Concepts and Legal FrameworksUnderstanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
Understanding Cyber Crime Litigation: Key Concepts and Legal FrameworksFinlaw Associates
 
Presentation1.pptx on sedition is a good legal point
Presentation1.pptx on sedition is a good legal pointPresentation1.pptx on sedition is a good legal point
Presentation1.pptx on sedition is a good legal pointMohdYousuf40
 
Succession (Articles 774-1116 Civil Code
Succession (Articles 774-1116 Civil CodeSuccession (Articles 774-1116 Civil Code
Succession (Articles 774-1116 Civil CodeMelvinPernez2
 
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书1k98h0e1
 
SecuritiesContracts(Regulation)Act,1956.pdf
SecuritiesContracts(Regulation)Act,1956.pdfSecuritiesContracts(Regulation)Act,1956.pdf
SecuritiesContracts(Regulation)Act,1956.pdfDrNiteshSaraswat
 
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptxSarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptxAnto Jebin
 
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdf
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdfWurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdf
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdfssuser3e15612
 

Recently uploaded (20)

Alexis O'Connell Arrest Records Houston Texas lexileeyogi
Alexis O'Connell Arrest Records Houston Texas lexileeyogiAlexis O'Connell Arrest Records Houston Texas lexileeyogi
Alexis O'Connell Arrest Records Houston Texas lexileeyogi
 
John Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A HistoryJohn Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A History
 
The Patents Act 1970 Notes For College .pptx
The Patents Act 1970 Notes For College .pptxThe Patents Act 1970 Notes For College .pptx
The Patents Act 1970 Notes For College .pptx
 
Hungarian legislation made by Robert Miklos
Hungarian legislation made by Robert MiklosHungarian legislation made by Robert Miklos
Hungarian legislation made by Robert Miklos
 
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTSTHE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
 
Grey Area of the Information Technology Act, 2000.pptx
Grey Area of the Information Technology Act, 2000.pptxGrey Area of the Information Technology Act, 2000.pptx
Grey Area of the Information Technology Act, 2000.pptx
 
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis Lee
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis LeeAlexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis Lee
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis Lee
 
Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791
Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791
Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791
 
Rights of under-trial Prisoners in India
Rights of under-trial Prisoners in IndiaRights of under-trial Prisoners in India
Rights of under-trial Prisoners in India
 
Special Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreementSpecial Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreement
 
Illinois Department Of Corrections reentry guide
Illinois Department Of Corrections reentry guideIllinois Department Of Corrections reentry guide
Illinois Department Of Corrections reentry guide
 
Guide for Drug Education and Vice Control.docx
Guide for Drug Education and Vice Control.docxGuide for Drug Education and Vice Control.docx
Guide for Drug Education and Vice Control.docx
 
Comparison of GenAI benchmarking models for legal use cases
Comparison of GenAI benchmarking models for legal use casesComparison of GenAI benchmarking models for legal use cases
Comparison of GenAI benchmarking models for legal use cases
 
Understanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
Understanding Cyber Crime Litigation: Key Concepts and Legal FrameworksUnderstanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
Understanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
 
Presentation1.pptx on sedition is a good legal point
Presentation1.pptx on sedition is a good legal pointPresentation1.pptx on sedition is a good legal point
Presentation1.pptx on sedition is a good legal point
 
Succession (Articles 774-1116 Civil Code
Succession (Articles 774-1116 Civil CodeSuccession (Articles 774-1116 Civil Code
Succession (Articles 774-1116 Civil Code
 
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
 
SecuritiesContracts(Regulation)Act,1956.pdf
SecuritiesContracts(Regulation)Act,1956.pdfSecuritiesContracts(Regulation)Act,1956.pdf
SecuritiesContracts(Regulation)Act,1956.pdf
 
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptxSarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
 
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdf
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdfWurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdf
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdf
 

Is Pandemia a Good Reason to Give Up on Privacy

  • 1. Is pandemia a good reason to give up on privacy? Giovanni Maria Riccio Università di Salerno gmriccio@unisa.it
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7. The History of the General Data protection Regulation • In 1995, the European Data protection Directive (Directive 95/46 CE) on the protection of individuals with regard to the processing of personal data and on the free movement of these data was adopted. • For the first time, a definition of «personal data» was provided: «any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity» • The Directive specified the meaning of processing data, with a broad definition: «any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction»
  • 8. The History of the General Data protection Regulation • In 2011, the European Data Protection Supervisor published an Opinion on the European Commission Communication, entitled «a comprehensive approach on the personal data protection in EU» • In 2012, the European Commission proposed a comprehensive reform of the Directive 95/46 to streghten online privacy rights and the European Data Protection Supervisor adopted an opinion on the Commission’s data protection reform package. • In 2014, the European Parliament supported the new regulation on data protection and in 2015 an agreement was reached by the European Parliament, the Council and the Commission. • In 2016, the Regulation (EU) 2016/679 (GDPR) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data was published and entered into force from 24th May 2016. • From 25th May 2018, the GDPR started to be applied
  • 9. General Data Protection Regulation The General Data Protection Regulation (EU) 2016/679 The same law and the same text for all the member States Approved on May 2016 – Came into force on May 2018 It is applicable also to non European entities where they offer products or services or when they monitor European citizens (eg Google Maps, Facebook, Instagram, etc.)
  • 10. The scope of GDPR • The GDPR applies to the processing of personal data wholly or partly by automated means and to the processing other than by automated means of personal data which form part of a filing system or are intended to form part of a filing system. • Only to the processing of personal data of natural persons. • To the processing of personal data in the context of the activities of an establishment of a Controller or a Processor in the Union, regardless of whether the processing takes place in the Union or not. • To the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to: 1. the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; 2. the monitoring of their behaviour as far as their behaviour takes place within the Union.
  • 11. The scope of GDPR The processing of personal data should be designed to serve mankind. But the right to the protection of personal data is not an absolute right: it must be balanced against other fundamental rights, in accordance with the principle of proportionality. The GDPR respects all fundamental rights and observes the freedoms and principles, specifically: -the respect for private and family life, home and communications; -the freedom of expression and information; - freedom to conduct a business; -the right to an effective remedy and to a fair trial, and cultural, religious and linguistic diversity. The GDPR does not apply to issues of protection of fundamental rights and freedoms or the free flow of personal data related to activities which fall outside the scope of Union law, such as activities concerning national security. Member States may, as far as necessary for coherence and for making the national provisions comprehensible to the persons to whom they apply, incorporate elements of the Regulation 679/2016 into their national law.
  • 12. Definitions Article 4 of GDPR provides the most important definitions: Personal data Processing Controller Processor Data Subject Any information relating to an identified or identifiable natural person (“the data subject”); for instance, a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity The identified or identifiable natural person, that can be identified directly or indirectly, whose personal data is being collected, held or processed. Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller;
  • 13. Definitions • There are special categories of personal data, including the personal data that reveal: 1. racial or ethnic origin; 2. political opinions; 3. religious or philosophical beliefs; 4. trade union membership; Or: 1. genetic data, biometric data; 2. concerning health or a natural person's sex life or sexual orientation. 3. data relating to criminal convictions and offences. Another category consists in anonymous information: the anonymous information is the one that does not relate to an identified or identifiable person or to personal data rendered anonymous in a such manner that the data subject is not or no longer identifiable. But the GDPR does not concern the processing of anonymous information, including for statistical or research purposes.
  • 14. What’s a personal data? • any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
  • 15. What’s a sensitive data? • personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation
  • 16. What’s a processing of personal data? • any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction
  • 17. Principles relating to processing of personal data • Lawfulness, fairness and transparency • Purpose limitation • Data minimisation Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject. The data subject must be informed about the processing of these data and the purposes. The Processing shall be lawful only if and to the extent that at least one of the conditions, provided by the Article 6 of GDPR. Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
  • 18. Principles relating to processing of personal data • Accuracy • Storage limitation • Integrity and confidentiality Personal data shall be accurate and, where necessary, kept up to date. Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measure.
  • 19. The principle of accountability The GDPR introduced a new principles to data protection, that of accountability. Controllers and processors have to take responsibility for their processing activities and for how they comply with data protection principles and they must be able to demonstrate compliance. Being responsible for compliance means being proactive and organised about data protection, while demonstrating compliance is the ability to present evidence of the steps taken to comply.
  • 20. Consent • Processing of personal data is lawful only under one of the six legal basis, provided by the Article 6 of GDPR. • The first condition is CONSENT. The data subject has to give his or her consent to the processing of personal data for one or more specific purposes. What does consent mean? And what are the GDPR requirements ? Consent of the data subject means “any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her”. So, the consent must: 1. be freely given; 2. be specific; 3. be informed; 4. be unambiguous. The controller shall be able to demonstrate that the data subject has consented to processing of his or her personal data. The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
  • 21. Other legal basis • Contractual perfomance: the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. • Legal obligation: the processing is necessary for compliance with a legal obligation to which the controller is subject. • Vital interest: the processing is necessary in order to protect the vital interests of the data subject or of another natural person. • Public interest or acting under official public authority: the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. • Legitimate interest: processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
  • 22. What are the rights of the data subject? • the right of access: the data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed • the right to rectification: the data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. • the right to erasure: the data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay. • the right to restrict processing: the data subject shall have the right to obtain from the controller restriction of processing, in case of lack of accuracy, when the processing is unlawful, and when the controller no longer needs the personal data for the purposes of the processing. • the right to data portability: the data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided. • the right to object to processing: the data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data • the rights in relation to automated decision making and profiling: the data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
  • 23. The right to be informed There is a need for transparency regarding the gathering and use of data in order to allow EU citizens to exercise their right to the protection of personal data. The GDPR acknowledges to individuals the right to be informed about the collection and use of their personal data, which leads to a variety of information obligations by the controller. There are two cases: 1. Where data is obtained directly, the data subject must be immediately informed, at the time the data is obtained. In terms of content, the Controller’s obligation to inform includes his or her identity, the contact data of the Data Protection Processor (if available), the processing purposes and the legal basis, any legitimate interests pursued, the recipients when transmitting personal data, and any intention to transfer personal data to third countries. 2. If personal data is not obtained from the data subject, he or she must be provided the information within a reasonable period of time, but at latest after a month. In cases where the gathered information is used to directly contact the data subject, he or she has the right to be informed immediately upon being approached. As far as content is concerned, the controller has to provide the same specific information as if the personal data would have been directly obtained from the data subject.
  • 24. The obligations of Controller The data Controller determines the purposes for which, the means by which personal data is processed. But, also the Controller determines the nature, the storage of the processing, and also the data categories. The Controller shall implement appropriate technical and organisational measures to ensure and to be able to demonstrate that processing is performed in accordance with this Regulation. Indeed, taking into account the nature, scope, context and purposes of processing, the Controller shall implement appropriate technical and organisational measures, such as pseudonymization and data minimization. The data pseudonymization consists in substituting the identity of the data subject in such a way that additional information is required to re-identify the data subject. It is different from anonymization, that actually consists in irreversibly destroying any way of identifying the data subject. The Controller shall maintain a record of processing activities under its responsibility, for instance: the purposes of the processing; a description of the categories of data subjects and of the categories of personal data; where applicable, transfers of personal data to a third country or an international organisation, including the identification of that third country or international organization etc.
  • 25. The role of the Data Processor The data processor processes personal data only on behalf of the controller. Where processing is to be carried out on behalf of a Controller, the Controller shall use only Processors providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of this Regulation and ensure the protection of the rights of the data subject. Processing by a Processor shall be governed by a contract or other legal act under Union or Member State law, that is binding on the processor with regard to the Controller and that sets out the subject-matter and duration of the processing, the nature and purpose of the processing, the type of personal data and categories of data subjects and the obligations and rights of the controller. The Processor and any person acting under the authority of the controller or of the processor, who has access to personal data, shall not process those data except on instructions from the Controller.
  • 26. What does DATA BREACH mean? Personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed. In case of data breach, the controller should communicate to the data subject, without undue delay, where that personal data breach is likely to result in a high risk to the rights and freedoms of the natural person in order to allow him or her to take the necessary precautions. The communication should describe the nature of the personal data breach as well as recommendations for the natural person concerned to mitigate potential adverse effects. Such communications to data subjects should be made as soon as reasonably feasible and in close cooperation with the supervisory authority, respecting guidance provided by it or by other relevant authorities such as law-enforcement authorities. Indeed, the Controller shall notify the personal data breach to the supervisor authority not later than 72 hours (unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons).
  • 27. The role of DPO • The controller and the processor shall designate a data protection officer in any case where: 1. The processing is carried out by a public authority or body; 2. When the processing operations require regular and systematic monitoring of data subjects on a large scale; 3. When the processing on large scale involves special categories of data. The data protection officer shall have these tasks: 1. to inform and advise the Controller or the Processor and the employees who carry out processing of their obligations pursuant to this Regulation and to other Union or Member State data protection provisions; 2. to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies of the controller or processor in relation to the protection of personal data; 3. to provide advice where requested; 4. to cooperate with the supervisory authority
  • 28. The role of the Data Protection Authority Each Member State shall provide for one or more independent public authorities to be responsible for monitoring the application of GDPR, in order to protect the fundamental rights and freedoms of natural persons in relation to processing and to facilitate the free flow of personal data within the Union. • Each supervisory authority shall act with complete independence in performing its tasks and exercising its powers. • Member States shall provide for each member of their supervisory authorities to be appointed by means of a transparent procedure by: - their Parliament; - their Government; - their head of State; or - an independent body entrusted with the appointment under Member State law Each member shall have the qualifications, experience and skills, in particular in the area of the protection of personal data, required to perform its duties and exercise its powers.
  • 29. What is data mining? Data mining consists in the activity through which information is extracted from a large amount of data, contained within databases. The databases can be single or multiple: by crossing the data of the individual databases, it is possible to extract information more precisely. The concept of data mining includes all those types of techniques and strategies that are applied and that consist in most cases in automated software or algorithms (including, for instance, Spark or Panda), which have as a single function the extrapolation of information. The aims of data mining are mostly: economic; scientific; operational; etc.
  • 30. Where does data mining come from? • Data mining is part of the Big data problem: a large amount of data, which can be stored. Almost all the daily activities performed produce data. Big data means the phenomenon of storing, managing and storing large amounts of data. There are several types of data, that can be classified in two big category: Østructured data, that are data with fixed and homogeneous characteristics, which can be easily saved; Øunstructured data, which are data reflecting the heterogeneity of reality. • The analysis and the search of the data in a huge quantity would be impossible for the human activity, or in any case it would take so much time, not to adhere to the fulfillment of the necessities for which the search is carried out. • For this reason, Data mining is the appropriate response to extrapolate information within a large amount of data, more efficiently and quickly than human activity.
  • 31. The process of data mining Data mining manages to extrapolate cryptic information, scattered within a database, until it reaches an adequate knowledge that can be used for certain purposes. This process is called KDD (Knowledge Discovery in Database) and consists of a series of phases: 1. Identification of the purposes of the search for information; 2. Preliminary identification of the data that are useful to reach the information; 3. Cleaning of data and pre-processing: narrower selection of data for extrapolation of information;
  • 32. The process of data mining Data mining: the selection of the best software to the individual case, which selectively scans the data warehouse to provide the information. Interpretation of the results: the results are analyzed in order to understand if the objective is reached; in case of failure, it proceeds with the reiteration (and eventual modification) of the previous step and sometimes also of others; Display of results in an understandable format.
  • 34. What are the purposes of data mining? Among the main purposes of the use of data mining are: • descriptive analyses: it is possible, thanks to some techniques of data mining, to analyze back data, identifying the reasons that led to the current state of success or failure. For instance: i. Clustering: this is a statistical analysis technique used to identify similar objects, dividing the data into different groups on the basis of characteristics that approach them. • predictive analyses: data mining can also be used to predict possible future results, through for example these techniques: i. Regression: it is a technique that measures the strength of the relationship between a dependent variable and a series of independent variables to predict, for example, in the medical field the probability of survival of a patient, considering the data related to its diagnostic tests. ii. Neural networks: these consist of computer programs capable to trace patterns, make predictions and progressively learn in full autonomy.
  • 35. The advantages of using data mining Data mining is used in many areas, which can be grouped into these macro categories: a) Marketing: clustering of customers: identification of types of buyers who share purchasing habits and socio-demographic characteristics; customer retriever: analyzing the behavior of a brand’s customers’, it becomes predictable to identify those at risk of abandonment, and therefore adopt appropriate strategies to prevent it; market basket analysis: identification of which services and products are usually bought together. b) economics and finance: in finance, data mining is useful to fraud detection. science; information and communication technologies (ICT), especially in security sector, intrusion detection; statistics; industry.
  • 36. What is text mining? • Text mining is an Artificial intelligence techinique aimed to transform a unstrucutured document, a text or an article into a meaninful and actionable information (so, in a structured document). • The scopes of text mining are: Identify the main thematic groups in a document; Classify documents into specific categories; Learn secret association between topics; Extrapolate specific information. • The process of text mining is composed by three steps: i. Indexing: a linguistic analysis of the document; ii. Mining: application of a Data mining algorithm to fulfill the purpose of the text mining; application of a Clustering algorithm to individuate the document topics. iii. Evaluation of the result
  • 37. What is text mining? TEXT TEXT MINING STRUCTURED DATA INFORMATION UNSTRUCTURED DATA
  • 38.
  • 39. An Example of Data Mining • A famous anecdotal story is the study conducted by a salesman in Walmart about 15 years ago. He was interested in finding way to increase sales in the shop. Initially, he bundled products together, applying a discount: for instance, bread and jam. The result is that costumers preferred to buy the bundled products, because of the discount. But, the salesman was interested in knowing other associations, that were not so typical. Analyzing the sales records, he observed that customers who usually bought diapers, also purchased beer. He decided to bundle diapers and beers together and the sales soared. This is an example of data mining association in real life.
  • 40. An Example of Text Mining • Text mining is used especially in studying emotions in texts published on social networks, with the “Sentiment Analysis”: a complex process of analysis that in the phase of mining, through algorithms of computational linguistics allows to identify and extract subjective information from the different textual sources or opinions and emotions described in them. This study was used in Italy to quantify the degree of appreciation after visiting the Reggia of Caserta, through the analysis of Facebook and Twitter posts.
  • 42.
  • 44. Trump news was as many as four-time more than pro-Clinton fake news, and a third of the pro-Trump tweets were generated by bots Source: https://muse.jhu.edu/article/653377
  • 45.
  • 46.
  • 48.
  • 49. The Communication "Tackling online disinformation: a European approach" Improve transparency regarding the way information is produced or sponsored Diversity of information Credibility of information Inclusive solutions with broad stakeholder involvement
  • 51. The Chair of the Committee of Convention 108 and the Data Protection Commissioner of the Council of Europe recall the principles of data protection in these times of fight against the COVID-19 pandemic. • When it comes to the right to data protection, it should first of all be noted that Convention 108, as well as the modernised “Convention 108+”, set forth high standards for the protection of personal data which are compatible and reconcilable with other fundamental rights and relevant public interests. • One of the main data protection principles provided for by Convention 108+ is the principle of lawfulness, according to which processing of data can be carried out either on the basis of the data subject’s consent or some other legitimate basis laid down by law.
  • 52. The Chair of the Committee of Convention 108 and the Data Protection Commissioner of the Council of Europe recall the principles of data protection in these times of fight against the COVID-19 pandemic. • The right to data protection for instance does not prevent public health authorities to share the list of health professionals (names and contact details) with entities tasked with the distribution of FFP2 masks. • Neither can the right to data protection be claimed to be incompatible with epidemiologic monitoring, stressing that anonymised data is not covered by data protection requirements. • The use of aggregate location information to signal gatherings infringing confinement requirements or to indicate movements of persons traveling away from a severely touched area (in terms of number of COVID-19 positive persons) would thus not be prevented by data protection requirements. • Recommendation CM/Rec(2019)2regarding health-related data provides specific guidelines in this regard. Its provisions on the sharing of data between health professionals and between health and other sectors should, in particular, guide the practices of professionals concerned.
  • 53. EDPB - Statement on the processing of personal data in the context of the COVID-19 outbreak. Adopted on 19 March 2020
  • 54. 4 basic points • Lawfulness of processing • Core principles relating to the processing of personal data • Use of mobile location data • Employment