Post on 12-Jan-2016
description
Zaštita ličnih podatakaIskustva iz Republike Slovenije
Podgorica, 7.2.2010
Nataša Pirc MusarInformation Commissioner
• Access to public information v. Data protection
Can one body handel both?
Situation in Slovenia
What we do and how we do it?
Trust in the Information Commissioner
(public poll Jan 2010)
Trust in supervisory authorities(public poll Oct 2010)
INFORMATION COMMISSIONER
OMBUDSMAN
POLICE GEN. DIRECTOR
STATE PROSECUTOR
DOES NOT TRUST / TRUSTS
Situation in Slovenia
Formal supervisory procedures
Informacijski povjerenik
• Poverenica, 3 zamjenika i vođa inspektora• 32 zaposlenih
18 na zaštiti osobnih podataka, 10 na pristupu informacijama, 4 u administraciji
• 9 (11) inspektora• Aktivan od 31.12.2005
(ujedinjenje Poverenika i Inspekcije za lične podatke)
Snažne komeptencije po Zakonu o inspekcijskom nadzoru Predlog za zatvaranje rukovalaca (ako ne plate kaznu), Novčane kazne, Podnošenje prijave krivičnog djela, Ulaz u kancelarije, pregled kompjutera...
Inspection procedures
Structure of procedures (2006-2009)
Misdemeanour procedures (2009)
Misdemeanour procedures (2009)
• 2009: 163 violation procedures– Public sector: 41 – Private sector: 70– Natural persons: 52
• 59 warnings• 93 decisions
– 67 cautions– 26 fines
• 12 payment orders• 21 appeals to the court
• Fines:– Legal person.: 4.170 to 12.510 EUR– Responsible person: 830 to 2.080 EUR
Largest fine:– 112.000 EUR for data controller– 20.000 EUR for responsible person
Data subject’s access
• 2009: 70 demands– 2008: 43 demands
• Some interesting cases, e.g. access to retained traffic data on telephone calls
Number of requests (complaints) for
access to individual’s own data
Situation in Slovenia
Awareness raising toolbox
Opinions
• 2009: 1334 requests for opinion– 2008: 853 requests for opinion
• On-line publication (2000 + opinions)
• Main areas:– Offcial procedures – judicial,
administrative and police procedures (67),
– Employment relationships (64),– Transfer of personal data between
data controllers(45),– Internet related(43),– Health data (33),
Guidelines
Identity theft – self assesment testadapted from NOR DPA original
Facebook profile
Data protection
The challenges
Data protection challenges– Location privacy
• Google Street View, Google Earth – what is next?– Probably other angles between vertical and horizontal pictures, higher frequency and
perhaps “real-time view-it-all?”
• Drivers’ privacy– Electronic toll collection and other location-based services
– Personal profiles and behavioural marketing• Personalized, customized ads• All media covered: internet, print, (digital TV)!• Smart videosurveillance, audience measurement…
– Changing attitudes towards privacy• DPA’s awareness raising toolbox• Can we influence it al all?
– REAL concern when statemets are made such as:• “Privacy as a social norm is a matter of past!” by____, CEO of______• “If you have something that you don't want anyone to know, maybe you
shouldn't be doing it in the first place.” by____, CEO of______
Data protection challenges cont.
– Worklapce privacy• Many complaints• Draft bill prepared
– Identity theft• Abuse of publicly available data• Abuse of private data
– Data business• Interconnection of databases• Outsourcing of personal data / cloud computing
– Digital dataveillance• e.g. automated analysis of computer and telephone network
traffic (i.e. Data retention ...)• Creation of extensive personal profiles and activity histories;
can be used for many reasons – can lead to errosion of privacy
– Let’s have a closer look at some of them …
“The problem with the nothing to hide argument is with its underlying assumption that privacy is about hiding bad things.“
Daniel Solove
Thank you for
your attention!IC website in English
www.ic-rs.si