Privacy and care robots
12
Privacy and care robots Lilian Edwards Professor of E-Governance University of Strathclyde Wurzburg, November 2011
-
Upload
lilianedwards -
Category
Technology
-
view
294 -
download
0
description
Increasing use of robots in domestic and care situations - eg in hospital, to help the aged at home, etc - combined with the likelihood that robots may surveille and record both the humans they aid and the general environment - leads to a need to think about the privacy implications of use of robots as carers or caring aids.
Transcript of Privacy and care robots
Privacy and care robotsLilian Edwards
Professor of E-GovernanceUniversity of StrathclydeWurzburg, November 2011
Introduction: EC data protection (DPD 95/46/EC) Eight Principles (mainly art 6)1. Personal Data shall be processed
lawfully and fairly.2. Personal Data shall be obtained for
specific, explicit and limited lawful purposes, and shall not be further processed in a manner incompatible with those purposes.
3. Personal data shall be adequate, relevant and not excessive in relation to the purpose for which it was processed
4. Personal data shall be accurate and kept to date if necessary.
5. Personal data shall not be kept for a longer time than it is necessary for its purpose. (“retention”)
6. Personal data can only be processed in accordance with the rights of the data subjects (art 12)
7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing (“security”)
8. Restriction on transferring personal data to countries that do not provide adequate data protection (“data exports”).
Key DPD terms “Data” means information which is being processed
by means of equipment operating automatically, or is recorded with the intent that it should be processed by this equipment, or is recorded as a part of a relevant manual filing system.
“Data controller”: a person or company who determines the purpose and manner of the data processing. Obligations largely fall on DC , not..
“Data processor” is the person who processes the data on behalf of the data controller. SWIFT case. Cloud computing? SNSs?
“Data subject” is the person who is the subject of the personal data.
“Personal data “ is any information relating to an identified or identifiable natural person ('data subject'); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity
“Sensitive PD” includes racial, ethnic origin of DS (pictures?); data concerning health or sex life.
“Processing”, means any operation performed on personal data whether or not by automatic means, inc obtaining, recording, storing, altering, retrieving, using, disseminating, combining, erasing (etc) information or data on the data subject.
DP and care robots Is “personal data” (PD) processed?
Do autonomous care robots process (collect, store etc) PD relating to identifiable persons (DSs) they care for? eg images taken by sensors; location of DS; symptoms of illness which can be connected to DS?
Apparently - though may not be stored, or not stored locally (is PD anonymised? Unlikely as would not help with learning/memory?)
“Identifiable” – need not require to be tagged with full name of patient
Debate – UK transposition – “data which relate to a living person who can be identified (a) from these data or (b)from these data and other info which is in the possession of or likely to come into possession of, the DC”
Durant v FSA – narrowed def of PD to where DS was the “biographical focus” of the data
Who is the data controller? Determines the purposes and means of processing
(“why” and “how”). Can be joint DCs. Data Processor merely processes on behalf of the DC. DC: Programmer of robot? Ie producing co? Tho’
user/owner- leaser (eg care home) might alter parameters. Do they become joint DC?
If programming is outsourced by manufacturer, possible for programmer just to be data processor depending on scope of discretion & manfr = DC.
Art 29 WP op 1/2010 – data processor is called on to implement the data controllers’ instructions at least with regard to the purposes and the essential means of the processing, tho can decide the “means”; can be clarified by contract, though this not always decisive, depends on actual facts
Obligations on DCs - 1 1. Notify with local DPA (art 19).
Usually a fine if not done. Exemption where processing “in the course of a purely personal or household activity” (? Care at home? Cf in care home?) Only have to notify types of data collected – not actual data.
Jurisdiction re foreign robot supplier? See Art 4 – “establishment” or “equipment” used to process PD in EU
Obligations on DC - 2 Process PD fairly and lawfully (DP Princ 1)-
needs grounds (art 7) – not neccessarily consent eg “processing is necc for performance of the
contract to which DS is party” (who made the contract?? Incapax – DS? Guardian?)
“necessary for compliance with a legal obligation on DC” (what obligations do care homes/ hospitals have?)
“necessary in order to protect vital interests of DS” – generally applied only when DS and no one else able to give consent
“unambiguous consent of DS” – in contract for robot?
Obligations on DC - 3 Sensitive personal data Eg medical condition/history Grounds for lawful processing (art 8) Tighter – “explicit consent” – in practice, little
different though should watch out for vague oKs to blanket monitoring
“necc for vital interests” + explicit DS must be unable to give consent physically/legally
But note: art 8(3) special rules apply for “preventive medicine, med diagnosis, provision of care or treatment” in each EU state
Other obligations 1. Keep data secure: could involve data stored
locally in robot (?) or remotely on servers or made available to data processors (DC is resp for D Processor’s security + DP confidentiality req’t– art 16). Needs password control; encryption of data?; possibility of hacks/malware?
2. Not retain data longer than necessary for purposes. Could data be anonymised after used by robot to “learn”?
3. Allow subject access rights, including rectifying errors
4. Not export PD to non-adequate non-EU states. Data in the cloud? Remedies – consent by DS ; specify no non EU server storage/processing.
Location surveillance Special concern? Do robots collect and store locations of DSs? - yes, said Andrea
(by ref? by image? Tagged to unique ID?) Special EU rules in E-Privacy Directive re location data collected by
mobile phones. Art 2(h) “data processed in an electronic communications network
or by an electronic communications service indicating the geographic position of the terminal equipment of a
To collect or process this data needs consent of the user (art 9) after info given on purposes of collection.
Clearly not applicable. Cf images collected by CCTV or G. Street View – regulated only as
PD (if at all) not as “location data”. Is this acceptable? What if locations of DSs who have not given
consent (or equiv) are collected? UK (Durant case) might see such data as not personal as person was not the “focus” of the data collection – cf CCTV.
