[gnso-rds-pdp-data] Review of Additional articles 29 WP documents that may be of interest to PDP WG

[Richard Padilla]

Dear all

After reviewing the documents in the section above the following can be
summarised as follows:

There has been enough discussion on the if I can call it the maintenance of
how data should be kept in according to the laws of various countries as
all have different laws that more or less try to do the same thing in
different words and explanation. For e.g.

   1. Directive 95/46/EC - the protection of individuals with regard to the
   processing of the personal data, in Article 6.1 b), which establishes
   that personal data must be "collected for specified, explicit and
   legitimate purpose and not further processed in a way incompatible with
   those purposes"
   2. Note the purpose of conventional telephone directories is the
   disclosure of  subscriber's telephone number starting from the knowledge
   of subscriber's name and that its use is limited to that
   specific purposes.
   3. Must establish the balance of interests, the interests and risks
   to privacy at stake have to be identified and evaluated. Directive 97/66/EC
   gives helpful indications: as long as the minimum information necessary to
   identify a subscriber is at stake, thus this information can be included
   in conventional public directories unless the subscriber objects. It
   must be considered that the interest of the individual in being protected
   override the interests of controller or third parties. Therefore such
   processing is only legitimate if the individual has given his/her informed
   consent prior to any inclusion of his /her personal data in public
   directories for reverse or multi-criteria searches.
   4. Specific and informed consent of the subscriber must be obtained
   prior to the inclusion of his personal data into all kinds of public
   directories which include all type of communication devices used for
   reverse or multi-criteria searches. There must be some given consent on how
   personal data can be used.
   5. As most conclusions regard the directives of the EC previous WP
   on the Protection of Individuals with regards to protection of data takes
   the position that processing of said personal data in reverse directories or
   multi-criteria searching services without unambiguous and informed
   consent by subscriber is unfair and unlawful. Thus fully implementing and
   accepting the EC proposal for draft directive on processing personal
   data.
   6. Article 15 of draft Convention could create the impression that the
   protection of human rights shall only be considered when it is "due" and
   shall on be "adequate". It can be seen as limiting the safeguards and
   procedures it would considerably lower  if not fully undermine the
   protection of fundamental rights.
   7. Finally with several EU countries implementing Directive 95/46/EC
   shows that national laws requires personal data can be in principle only
   be sent to non-EU countries if this country does provide an adequate level
   of protection of individuals with regard to the processing of their
   personal data. the level of protection in these countries must be checked.
   Otherwise if no adequate protection on offer in third country then
   transfer f personal data may nevertheless be necessary to fight against
   crime.

This shows that the EU or EC directive on the protection of personal data
has been the benchmark used to protected personal data. No specfic mention
of length of time to hold such data although I think 6 weeks has been
mentioned in one document I think.

Let me know if I need to do more

Regards

R. Padilla MSc.

-- 
Richard Padilla MSc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-data/attachments/20160413/d01ebd29/attachment.html>