The processing of personal data

(Personal Data Act)Leikny Øgrim

Contents

Principles of the Norwegian regulations on the processing of personal data (the Personal Data Act)

Schengen Information System SIS Some cases

Administration of the Personal Data Act:

The personal Data ActPersonal Data RegulationsThe Data Inspectorate:

1) keep a public record of processing relevant to the Act2) deal with applications for licences3) keep informed of developments in the area4) identify risks to protection of privacy5) provide advice and guidance 6) give its opinion on matters relating to area

The Privacy Appeals Board – decide appeals against the decisions of the Data

Inspectorate.

Background

Protection of privacy Computerized society:

databases and Internet

Background cont.

-78: – Act on Personal data registers– The society protects the individual

Technological development ”Half member” of EU 2000:

– Personal Data Act – Individual protection of own rights

Societal interest vs. interest in privacy

Purpose

to protect natural persons from violation of their right to privacy through the processing of personal data.

ensure that personal data are processed in accordance with fundamental respect for the right to privacy, including the need to protect personal integrity and private life and ensure that personal data are of adequate quality.

Substantive scope of the Act

processing of personal data wholly or partly by automatic means, and

other processing of personal data which form part of or are intended to form part of a personal data filing system.

(not private purposes)

personal data:

any information and assessments that may be linked to a natural person,

processing of personal data:

any use of personal data, such as collection, recording, alignment, storage and disclosure or a combination of such uses,

personal data filing system:

filing systems, records, etc. where personal data is systematically stored so that information concerning a natural person may be retrieved.

Conditions for the processing of personal data - RELEVANCEPersonal data may only be processed if the data

subject has consented thereto, or there is statutory authority for such processing, or the processing is necessary in order

a) to fulfil a contract to which the data subject is party…

b) to enable the controller to fulfil a legal obligation,

c) to protect the vital interests of the data subject,d) to perform a task in the public interest,e) to exercise official authority, orf) … to protect a legitimate interest, except where

such interest is overridden by the interests of the data subject.

data subject:

the person to whom personal data may be linked,

consent:

any freely given, specific and informed declaration by the data subject to the effect that he or she agrees to the processing of personal data relating to him or her

Processing of sensitive personal data - NECESSITY

sensitive personal data are information relating to

a) racial or ethnic origin, or political opinions, philosophical or religious beliefs,

b) the fact that a person has been suspected of, charged with, indicted for or convicted of a criminal act,

c) health,d) sex life,e) trade-union membership.

Basic requirements for the processing of personal data

The controller shall ensure that personal data which are processed

a) are processed only when this is authorized

b) are used only for explicitly stated purposes

c) are adequate, relevant and not excessive in relation to the purpose of the processing, and

d) are accurate and up-to-date, and are not stored longer than necessary

Right of access

a) the name and address of the controller

b) the purpose of the processing,c) the categories of personal data,d) the sources of the data, ande) whether the personal data will be

disclosed, and if so, the identity of the recipient.

Right to demand manual processing

Right to be excluded from direct marketing

Rectification of deficient personal data

Prohibition against storing unnecessary personal data

The data subject may demand that data which are strongly disadvantageous to him or her shall be blocked or erased if this

a) is not contrary to another statute, and

b) is justifiable on the basis of an overall assessment

Obligation to give notificationbeforea) processing personal data by

automatic meansb) establishing a manual personal

data filing system which contains sensitive personal data.

Obligation to obtain a licence

processing of sensitive personal data (except when volunteered by the data subject).

If the processing will clearly violate weighty interests relating to protection of privacy (for instance based on quantity of the personal data and the purpose of the processing).

The controller may demand that the Data Inspectorate decide whether processing

will be subject to licensing.

Schengen Information System

SIS is an information system related to the Schengen cooperation. The system consists of a national part for each country and a support function for all countries in the Schengen cooperation.

Information that can be registered

a) Family name and given name, possible alias name

b) Special physical attributes that are objective and unchangeable

c) First letter in other given namesd) Date and place of birthe) Sex f) Nationality g) If the person is armed h) If the person is seen as violent i) If the person has escaped from sentence j) Reason for registration k) Efforts to be set into action

Requirements for registering personal data

1. data on persons who are wanted for detentation and extradition

2. data on persons who can not be given access to a country

3. data on missing persons or persons who are seen as dangerous to themselves or others and need to be taken into temporary detentation.

4. data on witnesses, persons who should be brought to court or prison.

Some cases Health related registers (societal interests

are often given priority) Public information on financial inspection Personal data in insurance cases Drug testing Misuse of personal identity Misuse of personal data by Microsoft? Credit reports and privacy Direct marketing Electronic toll roads Video surveillance Internet Fingerprints

Video surveillance - cases

Outside the Mosaic Religious Community

Passenger areas in public buses and local trains

The Mosaic Religious Community There was video surveillance of public area but

also a place which is ”regularly frequented by a limited group of people” (private garden). The surveillance is done by a camera with zoom-function, covering a rather large area.

The allowance for keeping the video tapes for more than 7 days on a routine basis was not given.

The Privacy Appeals Board judged the controller’s interests against the surveilled persons interests in privacy, and found that video surveillance of public area outside the area that already was notified by signs should not be allowed.

The video surveillance of the private garden was only allowed if accepted by the owner.

In this case there was a dissent in the board

Public buses

Public buses wanted to use video surveillance in the passenger areas. The Data Inspectorate had allowed video surveillance of the doors and near the driver.

The Privacy Appeals Board found that video surveillance inside the bus can be allowed. The interests of privacy are found to be small, since the tapes only will be played and seen if there in an incidence in the bus. When there is no suspicion of criminal acts, no one will ever see the tape.

The board further found that playing and watching the tapes needs and obligation to obtain a licence, since the images may contain sensitive personal data. Due to the strong connection between the surveillance and the playing of the tapes, the licence should also contain the surveillance.

Video surveillance

The continuous or regularly repeated surveillance of persons by means of a remote-controlled or automatically operated video camera, camera or similar device.

Video surveillance of a place which is regularly frequented by a limited group of people is only permitted if there is a special need for such surveillance in the interests of the said activities.

Personal data which are collected by with video surveillance may only be disclosed to a person other than the controller if the subject of the recording consents thereto or if there is statutory provision for such disclosure. However, unless the statutory obligation of professional secrecy prevents disclosure, image recordings may be disclosed to the police in connection with the investigation of criminal acts or accidents.

When a public place or a place which is regularly frequented by a limited group of people is subject to video surveillance, attention shall be drawn clearly by means of a sign or in some other way to the fact that the place is under surveillance and to the identity of the controller.

Information on the Internet

Persons employed in the social services claimed erased from a web site critical comments to child welfare cases and related questions.

Both the Data Inspectorate and the Privacy Appeals Board found that the web site has "journalistic, including opinion-forming, purposes".

The Privacy Appeals Board adds that even if the web site is not illigal according to the Personal Data Act, the web site must, as other media, keep to and respect edicts on characterizing individuals.

Internet – historical data

An earlier member of a sports club, did not want to be mentioned on the sports club’s web site.

The Privacy Appeals Board found that the web site can be categorized as "journalistic means"; and as such protected by the freedom of expression.

The personal data could not be claimed erased. The opposite result would mean that a person can ”edit" history.

Internet-debate

A private person wanted her contributions to a net based forum of debate erased. Also, she wanted all contributions which mentioned her name erased.

The Privacy Appeals Board found, as did The Data Inspectorate, that utterances in debate forums do not fall into the scope of the act, and can not be claimed erased.

Finger prints as identification

Sports centres Work places Gasoline terminal Log in system for health

personnel

Sports Centres

The Data Inspectorate prescribed two sports centres from using finger prints of its members as an entrance key.

The Data Inspectorate found there was a substantive need for identification at the entrance, but that the required neccessity was not fulfilled.

The Privacy Appeals Board agreed

REMA 1000 The Data Inspectorate prescribed REMA

1000 to stop using finger prints in relation to work hour registration of their employees. Registration is done with ID-number in combination with finger prints.

The Data Inspectorate agrees that REMA 1000 has a substantive need of qualitative wage calculation. The inspectorate argues that ID-number is used for identification, and finger prints for authentication. The inspectorate states that the use of finger prints is not necessary.

The Privacy Appeals Board agrees

Esso Norway

The Data Inspectorate prescribed Esso Norway to stop the use of finger prints as identification of truck drivers arriving at the gasoline terminals. The system should be based on consent and a ”Safety Policy” assure that only authorized and trained personnel were given access to the terminals.

The Data Inspectorate argued that the substantive need of physical security is not equivalent to substantive need of secure identification. Continuous human access control is a good alternative, from the inspectorate’s point of view.

The Privacy Appeals Board argues that the use of finger prints covers both identification and authentication. The board finds that the use of ID-card combined with finger prints assure both identification and authentication. Further, the board finds ut out of it’s competence to judge physical changes, like fences, guards and so on.

The Privacy Appeals Board finds there is a sustainable need for secure identification, and allow the use of finger

There was a dissent in the board.

Tysvær kommune

Tysvær kommune uses biometric access control for logging into all new lap tops used especially in the health and social sector.

The Data Inspectorate denied the use. Even if there was a substantive need for secure identification in order to protect sensitive personal data in the system, the inspectorate argued that the use of finger prints were not necessary.

The use of smart cards combined with passwords was said to be an alternative.

The Privacy Appeals Board disagreed. The board meant the use of finger prints is necessary. A smart card can be lost or stolen, and finger prints are seen as the most secure alternative.

Use of national identity numbers, etc.

National identity numbers and other clear means of identification may only be used in the processing when there is a objective need for certain identification and the method is necessary to achieve such identification.

The Data Inspectorate may require a controller to use such means of identification as are mentioned in the first paragraph to ensure that the personal data are of adequate quality.

References

http://www.datatilsynet.no/templates/Page____194.aspx (the Data Inspectorate)

http://www.datatilsynet.no/upload/Dokumenter/regelverk/lov_forskrift/lov-20000414-031-eng.pdf(The Personal Data Act)

http://www.datatilsynet.no/upload/Dokumenter/regelverk/lov_forskrift/POF_eng_v2.pdf(Regulations on the processing of personal data)