[Gnso-rds-pdp-privacy] The International Working Group on Data Protection in Telecommunications' Common Position on Privacy and Data Protection Aspects of the Publication of Personal Data contained in publicly available Documents on the Internet

Sana Ali sana.ali2030 at gmail.com
Tue Apr 12 21:12:42 UTC 2016 

Dear All, 

The International Working Group on Data Protection in Telecommunications' Common Position on Privacy and Data Protection Aspects of the Publication of Personal Data contained in publicly available Documents on the Internet 
adopted at the 27th meeting of the Working Group on 4/5 May 2000 in Rethymnon / Crete 

Privacy: What steps are needed to protect data and privacy?
The Working Group notes that the "Working Party on the protection of individuals with regard to the
processing of personal data" of Data Protection Commissioners in the European Union ("Article 29
Group") has addressed these issues extensively in their “Opinion 3/99 on Public Sector information and the Protection of Personal Data” and fully supports their findings.

As the document referenced is not included in any of the subgroups’ lists, I recommend introducing Opinion No  3/99 of the Article 29 Working Party as its own document in all 3 subgroups. 

Please see below my summary of the relevant sections to this subgroup (Privacy). 
I shall reiterate my recommendation to include this document summary in the other subgroups as well, since it is an important and interesting opinion which speaks to both privacy frames and purpose requirements in addition to data elements. 

Relevant Sections Contained Within Referenced “Opinion No 3/99 on
Public sector information and the protection of personal data” by the Working Party on the protection of individuals with regard to the processing of personal data


One of the key aspects of this opinion is the availability of public sector information. At issue is a specific category of information held by public sector bodies known as "public" information, which would be made public subject to certain rules or for a particular purpose and based, implicitly or explicitly, on the State's desire for transparency with regard to its citizens.

The objective of this Opinion is to provide input for the discussion on the protection of personal data, a dimension which must be taken into consideration when undertaking to grant greater access to public sector data, where such data relates to individuals. 

~ THE RULES ON DATA PROTECTION APPLY TO PERSONAL DATA WHICH
HAVE BEEN MADE PUBLIC


 Directive 95/46/EC on the protection of individuals with regard to the processing of
personal data and on the free movement of such data covers the principle of the right of public access to administrative documents and other factors which are relevant to the discussion
The principle of purpose requires that personal data are collected for specific, explicit and legitimate purposes and are not subsequently processed in a manner which is incompatible with these purposes.
 
Personal data to be made public do not constitute a homogeneous category which can be dealt with uniformly from a data protection point of view. Instead, a step-by-step analysis is needed of the rights of the data subject and the right of the public to access the data respectively. While there may be public access to data, such access may be subject to certain conditions (such as proof of legitimate interest). Alternatively, the purposes for which the data may be used, for example
for commercial purposes or by the media, may be restricted.

At this point it is worth mentioning that regardless of whether or not personal data are published, data subjects always has the right to access their data and, where necessary, to require that they be rectified or erased if they have not been processed in accordance with the Directive, and in particular if they are incomplete or inaccurate.


THE NEW TECHNOLOGIES CAN HELP STRIKE A BALANCE BETWEEN THE
PROTECTION OF PERSONAL DATA AND THE PUBLICATION OF SUCH
DATA

In addition to promoting access to public data, in particular by providing on-line access, the new technologies and some of the accompanying administrative measures can also help to ensure compliance with the main principles of data protection, such as end purpose, the principle of information, the right to object and the principle of security. However, these technologies do not provide an absolute guarantee against abuses of the principles of personal data protection described above.


Directive 95/46/EC recognises the right of data subjects to be informed about the processing of data concerning them and stipulates that at the very least they have the right to object to legitimate processing. Data subjects must therefore be informed about the commercial usage of data concerning them and must be able to object to such usage by simple and effective means.

Another possibility mentioned in the opinion was to obtain the data subject's consent for commercial usage. Data subjects must have given their consent unambiguously and in full knowledge of the facts, taking into account the fact that anyone applying for planning permission is required to submit a file which meets certain stipulations.


CONCLUSION:
Public access to data does not mean unfettered access: all Member States base their legislation on this philosophy. When personal data are made public, either by virtue of a regulation or because the data subject himself authorises it, the data subject is not deprived of protection, ipso facto and forever. He is guaranteed such protection by law in accordance with the fundamental principles of the right to privacy.

In order to strike a balance between the right to privacy and the protection of personal data on the one hand, and the right of the general public to access public sector data on the other, conclusions must take account of the following factors and issues:
- a case-by-case assessment of whether personal data can be published/should be accessible or not, and if so, under what conditions and on which media (computerised or not, Internet dissemination or not, etc.);
- the principles of purpose and legitimacy;
- the obligation to inform the data subject;
- the data subject's right to object; 
- the use of the new technologies to help protect the right to privacy.

These factors should be taken into account not just in situations where publication or access is already regulated, but also in situations where regulation does not appear necessary, with a view to satisfying the general public's demand for access to public sector information, including personal data.


Warm wishes, 
Sana Ali
sana.ali2030 at gmail.com <mailto:sana.ali2030 at gmail.com>
https://ca.linkedin.com/in/sanaali2030 <https://ca.linkedin.com/in/sanaali2030>






> On Apr 12, 2016, at 9:24 AM, Lisa Phifer via Gnso-rds-pdp-privacy <gnso-rds-pdp-privacy at icann.org> wrote:
> 
> Argh! Resending same email but this time with the correct subject!
> 
> Dear privacy team,
> 
> Today's privacy team checklist (attached) has been posted to the wiki at:
> https://community.icann.org/x/p4xlAw
> 
> Thanks to all who have been posting summaries, which you will find hyperlinked in the attached checklist.
> 
> David will be using this to discuss the team's progress during today's WG call. As you know, David is seeking privacy team volunteers to review unassigned docs, highlighted in yellow. This checklist will be updated again later today with those additional assignments still under discussion.
> 
> Best,
> Lisa<Input-Checklist-Privacy 12 April 2016 1300.docx>_______________________________________________
> Gnso-rds-pdp-privacy mailing list
> Gnso-rds-pdp-privacy at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-privacy

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-privacy/attachments/20160412/152b9969/attachment-0001.html>

More information about the Gnso-rds-pdp-privacy mailing list