Barry Ryan (Directeur Policy & Communication bij EFAMRO – the European Research Federation) is een expert in de Europese onderzoekssector in data privacy en zelfregulering. Hij is verantwoordelijk voor de vertegenwoordiging van de onderzoeksector bij de Britse regering, de toezichthouders en de Europese instellingen (inclusief de Europese Commissie en het Europees Parlement in Brussel). Hij zal lastige juridisch en etische punten bespreken bij het omzetten van offline regels en wetten naar de online wereld en wat we kunnen verwachten van nieuwe wetgeving in Europa.
5. Data Protection 101
• Data:
– means information which is processed by
means of equipment operating automatically
• Personal Data:
– any information relating to an identifiable,
living person
• Processing:
– obtaining, recording, holding, transferring,
altering, retrieval etc
8. Data Protection in the Matrix
• The online world is created entirely from data
• In that data will be personal data.
• Data Protection Law applies immediately.
• Key issue:
– What is the fair and lawful basis for
processing data?
9. Research practice vs. reality?
• Young people don’t care about privacy
• Anonymity is no longer a relevant
consideration
• Users of social networks are displaying
information to the world that researchers
should be free to harvest and use
10. Expectations of Users
• Each site has their own terms of use
• Access may be open or limited to age groups
• Information supplied may be public or limited to
sub-networks or friends
• See Facebook terms
• http://www.facebook.com/terms.php?ref=pf
11. Copyright
• Exists from moment of creation by author
• Literary works – blog posts, profiles, updates
• Photographs
• Video Clips
• Sound recordings
• Taking of information without permission of
author is a breach
• Remedy – injunction, damages
12. “This is public information”
• Directive 95/46/EC
• Wet bescherming persoonsgegevens
– No distinction between public and private
– What is the purpose for which the personal
data has been released?
13. “People want to be heard”
• Yes, but…
• Always or for a limited time?
• By an audience or by everyone?
• In DPA-speak: What is the purpose for which
personal data has been released?
– Twitter?
– Facebook?
– Patientslikeme?
14. “but we mask the identity…”
• Masking makes sense in regards to issues of
harm
• But does not solve issue of possible unlawful
collection
15. “we are collecting sentiment...”
• Great!
• What do you need to do that?
• Mentions?
• Positive/negative?
• Context?
• Principle of data minimisation
16. The Future
• Single law for data protection by 2014 2015
2016(?)
• General Regulation proposed by Commission
– No more national laws
• Currently being debated by MEPs and Council of
Ministers
16
17. Research watch list
• Consent – specific and explicit
– A single consent standard
– “Explicit” ≠ “Written”
• Changes in responsibility of controller
– Reduction in formalities
– One stop shop
– Forum shopping (choose your regulator?)
17
18. Research watch list
• Profiling
– Making automatic decisions about individuals
– Advertising and Credit Scoring
– Sampling or Media Measurement?
• Children
– Special considerations for under 18s
– Parental consent for under 13s
– MEPs will try to move age upwards
18
19. Research watch list
• Existing Exemptions
– Historical, Statistical and Scientific
– Commercial v Academic?
19
20. Questions?
• Barry Ryan
• T : +32 (0)2 550 3548
• E : barry.ryan@efamro.eu
• W : www.efamro.eu
20