Identity management, privacy and data protection...Identity management, privacy and personal data...

18
Prof. Avv. Giusella Finocchiaro University of Bologna Studio Legale Finocchiaro www.studiolegalefinocchiaro.it www.blogstudiolegalefinocchiaro.it Identity management, privacy and personal data protection

Transcript of Identity management, privacy and data protection...Identity management, privacy and personal data...

Page 1: Identity management, privacy and data protection...Identity management, privacy and personal data protection Studio Legale Finocchiaro Identity management and personal data • Personal

Prof. Avv. Giusella Finocchiaro University of Bologna

Studio Legale Finocchiaro

www.studiolegalefinocchiaro.it www.blogstudiolegalefinocchiaro.it

Identity management, privacy and personal data protection

Page 2: Identity management, privacy and data protection...Identity management, privacy and personal data protection Studio Legale Finocchiaro Identity management and personal data • Personal

Studio Legale Finocchiaro

Identity management and personal data

• Personal data collected during the identification and authentication processes

• Storage of such personal data

Page 3: Identity management, privacy and data protection...Identity management, privacy and personal data protection Studio Legale Finocchiaro Identity management and personal data • Personal

Charter of fundamental rights in the European Union

• Right to be left alone (art. 7)

• Right to control on personal data (art. 8)

Page 4: Identity management, privacy and data protection...Identity management, privacy and personal data protection Studio Legale Finocchiaro Identity management and personal data • Personal

Studio Legale Finocchiaro

The European general data protection Regulation (1/2)

• Regulation on the protection of individuals with regard to the processing of personal data and on

the free movement of such data

Page 5: Identity management, privacy and data protection...Identity management, privacy and personal data protection Studio Legale Finocchiaro Identity management and personal data • Personal

Studio Legale Finocchiaro

The European general data protection Regulation (2/2)

• Proposal presented by the European Commission on 25 January 2012

• Council adopted the position on the European Regulation on 8 April 2016 (first reading)

• European Parliament approved the Council position with no amendments on 14 April 2016 (second reading)

• Will enter into force in 2018

Page 6: Identity management, privacy and data protection...Identity management, privacy and personal data protection Studio Legale Finocchiaro Identity management and personal data • Personal

Studio Legale Finocchiaro

The impact on the current legal scenario

• Directive 95/46/EC on the processing of personal data of 24 October 1995 will be repealed

• From a Directive to a Regulation

Page 7: Identity management, privacy and data protection...Identity management, privacy and personal data protection Studio Legale Finocchiaro Identity management and personal data • Personal

Studio Legale Finocchiaro

The European Regulation Fundamental principles (1/2)

• Personal data collected for specified, explicit and legitimate purposes

• not further processing in a manner that is incompatible with those purposes

Page 8: Identity management, privacy and data protection...Identity management, privacy and personal data protection Studio Legale Finocchiaro Identity management and personal data • Personal

Studio Legale Finocchiaro

The European Regulation Fundamental principles (2/2)

• Information to the data subject

• Consent of the data subject

• Public Administration processes personal data for purposes connected to the performance of its tasks

Page 9: Identity management, privacy and data protection...Identity management, privacy and personal data protection Studio Legale Finocchiaro Identity management and personal data • Personal

Studio Legale Finocchiaro

The European Regulation Security measures

• Processing and storage security measures provided for

• Notification of a personal data breach to the supervisory authority and to the data subject

Page 10: Identity management, privacy and data protection...Identity management, privacy and personal data protection Studio Legale Finocchiaro Identity management and personal data • Personal

Studio Legale Finocchiaro

The European Court of Justice’s decisions

Page 11: Identity management, privacy and data protection...Identity management, privacy and personal data protection Studio Legale Finocchiaro Identity management and personal data • Personal

Studio Legale Finocchiaro

Google Spain (1/2)

• Google Spain SL and Google Inc. v Agencia Española de Protección de Datos (AEPD) and Mario Costeja González (Case C-131/12)

Page 12: Identity management, privacy and data protection...Identity management, privacy and personal data protection Studio Legale Finocchiaro Identity management and personal data • Personal

Studio Legale Finocchiaro

Google Spain (2/2)

• European law is applicable to the service provider

• Data subject can take legal actions against the service provider

• Obligation to remove from the list of results displayed following a search made on the basis of a person’s name links to web pages published by third parties

Page 13: Identity management, privacy and data protection...Identity management, privacy and personal data protection Studio Legale Finocchiaro Identity management and personal data • Personal

Studio Legale Finocchiaro

Facebook (1/2)

• Maximillian Schrems v Data Protection Commissioner (Case C-362/14)

Page 14: Identity management, privacy and data protection...Identity management, privacy and personal data protection Studio Legale Finocchiaro Identity management and personal data • Personal

Studio Legale Finocchiaro

Facebook (2/2)

• European law is applicable to European subjects’ personal data

• Article 3 of the European general data protection Regulation drafted according to this principle

Page 15: Identity management, privacy and data protection...Identity management, privacy and personal data protection Studio Legale Finocchiaro Identity management and personal data • Personal

Studio Legale Finocchiaro

Policy implications

• Invalidation of the Safe Harbor

• Transmission of data: consent or pre-approved rules

• U.S.A.- Europe Privacy shield currently under negotiation

Page 16: Identity management, privacy and data protection...Identity management, privacy and personal data protection Studio Legale Finocchiaro Identity management and personal data • Personal

Studio Legale Finocchiaro

Economic value of personal data

• Big data

• “Anonymisation” processes

Page 17: Identity management, privacy and data protection...Identity management, privacy and personal data protection Studio Legale Finocchiaro Identity management and personal data • Personal

Studio Legale Finocchiaro

Personal data protection and open issues

• What is anonymous under European general data protection Regulation?

• Information that does not relate to

• identified or identifiable natural person or

• personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable

Page 18: Identity management, privacy and data protection...Identity management, privacy and personal data protection Studio Legale Finocchiaro Identity management and personal data • Personal

Studio Legale Finocchiaro

The end

www.studiolegalefinocchiaro.it www.blogstudiolegalefinocchiaro.it