privacy by qingyunliuliu


									The processing of personal data
     (Personal Data Act)
          Leikny Øgrim

      Principles of the Norwegian regulations
       on the processing of personal data (the
       Personal Data Act)
      Schengen Information System SIS
      Some cases
Administration of the Personal
Data Act:
   The personal Data Act
   Personal Data Regulations
   The Data Inspectorate:
      1)   keep a public record of processing relevant to the Act
      2)   deal with applications for licences
      3)   keep informed of developments in the area
      4)   identify risks to protection of privacy
      5)   provide advice and guidance
      6)   give its opinion on matters relating to area
   The Privacy Appeals Board
      – decide appeals against the decisions of the Data Inspectorate.
     Protection of privacy
     Computerized society: databases and
Background cont.
      -78:
       – Act on Personal data registers
       – The society protects the individual
      Technological development
      ”Half member” of EU
      2000:
       – Personal Data Act
       – Individual protection of own rights
Societal interest vs. interest in privacy

             to protect natural persons from
              violation of their right to privacy
              through the processing of
              personal data.
             ensure that personal data are
              processed in accordance with
              fundamental respect for the right
              to privacy, including the need to
              protect personal integrity and
              private life and ensure that
              personal data are of adequate
Substantive scope of the Act

       processing of personal data wholly or
        partly by automatic means, and
       other processing of personal data which
        form part of or are intended to form part
        of a personal data filing system.
       (not private purposes)
personal data:

      any information and assessments that may
       be linked to a natural person,
processing of personal data:

      any use of personal data, such as
       collection, recording, alignment, storage
       and disclosure or a combination of such
personal data filing system:

      filing systems, records, etc. where
       personal data is systematically stored so
       that information concerning a natural
       person may be retrieved.
Conditions for the processing of
personal data - RELEVANCE
    Personal data may only be processed if the data subject
       has consented thereto, or there is statutory authority
       for such processing, or the processing is necessary in
    a) to fulfil a contract to which the data subject is party…
    b) to enable the controller to fulfil a legal obligation,
    c) to protect the vital interests of the data subject,
    d) to perform a task in the public interest,
    e) to exercise official authority, or
    f) … to protect a legitimate interest, except where such
       interest is overridden by the interests of the data
data subject:

      the person to whom personal data may
       be linked,

      any freely given, specific and informed
       declaration by the data subject to the
       effect that he or she agrees to the
       processing of personal data relating to
       him or her
Processing of sensitive personal data
sensitive personal data are
information relating to
   a)   racial or ethnic origin, or political
        opinions, philosophical or religious
   b)   the fact that a person has been
        suspected of, charged with, indicted for
        or convicted of a criminal act,
   c)   health,
   d)   sex life,
   e)   trade-union membership.
Basic requirements for the
processing of personal data
    The controller shall ensure that personal data
       which are processed
    a) are processed only when this is authorized

    b) are used only for explicitly stated purposes

    c) are adequate, relevant and not excessive in

       relation to the purpose of the processing, and
    d) are accurate and up-to-date, and are not stored
       longer than necessary
Right of access

    a)   the name and address of the controller
    b)   the purpose of the processing,
    c)   the categories of personal data,
    d)   the sources of the data, and
    e)   whether the personal data will be
         disclosed, and if so, the identity of the
   Right to demand manual processing
   Right to be excluded from direct marketing
   Rectification of deficient personal data
Prohibition against storing
unnecessary personal data
    The data subject may demand that data
       which are strongly disadvantageous to
       him or her shall be blocked or erased if
    a) is not contrary to another statute, and

    b) is justifiable on the basis of an overall

Obligation to give notification
    a)   processing personal data by automatic
    b)   establishing a manual personal data filing
         system which contains sensitive personal
Obligation to obtain a licence

       processing of sensitive personal data (except
        when volunteered by the data subject).
       If the processing will clearly violate weighty
        interests relating to protection of privacy (for
        instance based on quantity of the personal data
        and the purpose of the processing).

       The controller may demand that the Data
        Inspectorate decide whether processing
       will be subject to licensing.
Schengen Information System
      SIS is an information system related to the
       Schengen cooperation. The system consists
       of a national part for each country and a
       support function for all countries in the
       Schengen cooperation.
Information that can be registered

    a)   Family name and given name, possible alias name
    b)   Special physical attributes that are objective and
    c)   First letter in other given names
    d)   Date and place of birth
    e)   Sex
    f)   Nationality
    g)   If the person is armed
    h)   If the person is seen as violent
    i)   If the person has escaped from sentence
    j)   Reason for registration
    k)   Efforts to be set into action
Requirements for registering
personal data
    1.   data on persons who are wanted for
         detentation and extradition
    2.   data on persons who can not be given
         access to a country
    3.   data on missing persons or persons who
         are seen as dangerous to themselves or
         others and need to be taken into
         temporary detentation.
    4.   data on witnesses, persons who should
         be brought to court or prison.
Some cases
      Health related registers (societal interests are often
       given priority)
      Public information on financial inspection
      Personal data in insurance cases
      Drug testing
      Misuse of personal identity
      Misuse of personal data by Microsoft?
      Credit reports and privacy
      Direct marketing
      Electronic toll roads
      Video surveillance
      Internet
      Fingerprints
Video surveillance - cases

      Outside the Mosaic Religious Community
      Passenger areas in public buses and local
The Mosaic Religious Community
      There was video surveillance of public area but also a
       place which is ”regularly frequented by a limited group
       of people” (private garden). The surveillance is done by
       a camera with zoom-function, covering a rather large
      The allowance for keeping the video tapes for more
       than 7 days on a routine basis was not given.
      The Privacy Appeals Board judged the controller’s
       interests against the surveilled persons interests in
       privacy, and found that video surveillance of public area
       outside the area that already was notified by signs
       should not be allowed.
      The video surveillance of the private garden was only
       allowed if accepted by the owner.
      In this case there was a dissent in the board
Public buses
    Public buses wanted to use video surveillance in the
      passenger areas. The Data Inspectorate had allowed
      video surveillance of the doors and near the driver.
    The Privacy Appeals Board found that video surveillance
      inside the bus can be allowed. The interests of privacy
      are found to be small, since the tapes only will be
      played and seen if there in an incidence in the bus.
      When there is no suspicion of criminal acts, no one will
      ever see the tape.
    The board further found that playing and watching the
      tapes needs and obligation to obtain a licence, since the
      images may contain sensitive personal data. Due to the
      strong connection between the surveillance and the
      playing of the tapes, the licence should also contain the
Video surveillance
       The continuous or regularly repeated surveillance of persons by means of
        a remote-controlled or automatically operated video camera, camera or
        similar device.

       Video surveillance of a place which is regularly frequented by a limited
        group of people is only permitted if there is a special need for such
        surveillance in the interests of the said activities.
       Personal data which are collected by with video surveillance may only be
        disclosed to a person other than the controller if the subject of the
        recording consents thereto or if there is statutory provision for such
        disclosure. However, unless the statutory obligation of professional
        secrecy prevents disclosure, image recordings may be disclosed to the
        police in connection with the investigation of criminal acts or
       When a public place or a place which is regularly frequented by a limited
        group of people is subject to video surveillance, attention shall be drawn
        clearly by means of a sign or in some other way to the fact that the place
        is under surveillance and to the identity of the controller.
Information on the Internet
      Persons employed in the social services claimed
       erased from a web site critical comments to
       child welfare cases and related questions.
      Both the Data Inspectorate and the Privacy
       Appeals Board found that the web site has
       "journalistic, including opinion-forming,
      The Privacy Appeals Board adds that even if the
       web site is not illigal according to the Personal
       Data Act, the web site must, as other media,
       keep to and respect edicts on characterizing
Internet – historical data
      An earlier member of a sports club, did
       not want to be mentioned on the sports
       club’s web site.
      The Privacy Appeals Board found that
       the web site can be categorized as
       "journalistic means"; and as such
       protected by the freedom of expression.
      The personal data could not be claimed
       erased. The opposite result would mean
       that a person can ”edit" history.

      A private person wanted her
       contributions to a net based forum of
       debate erased. Also, she wanted all
       contributions which mentioned her name
      The Privacy Appeals Board found, as did
       The Data Inspectorate, that utterances in
       debate forums do not fall into the scope
       of the act, and can not be claimed erased.
Finger prints as identification

      Sports centres
      Work places
      Gasoline terminal
      Log in system for health personnel
Sports Centres

      The Data Inspectorate prescribed two
       sports centres from using finger prints of
       its members as an entrance key.
      The Data Inspectorate found there was a
       substantive need for identification at the
       entrance, but that the required neccessity
       was not fulfilled.
      The Privacy Appeals Board agreed
REMA 1000
     The Data Inspectorate prescribed REMA 1000
      to stop using finger prints in relation to work
      hour registration of their employees.
      Registration is done with ID-number in
      combination with finger prints.
     The Data Inspectorate agrees that REMA 1000
      has a substantive need of qualitative wage
      calculation. The inspectorate argues that ID-
      number is used for identification, and finger
      prints for authentication. The inspectorate
      states that the use of finger prints is not
     The Privacy Appeals Board agrees
Esso Norway
     The Data Inspectorate prescribed Esso Norway to stop the use of
      finger prints as identification of truck drivers arriving at the
      gasoline terminals. The system should be based on consent and a
      ”Safety Policy” assure that only authorized and trained personnel
      were given access to the terminals.
     The Data Inspectorate argued that the substantive need of physical
      security is not equivalent to substantive need of secure
      identification. Continuous human access control is a good
      alternative, from the inspectorate’s point of view.
     The Privacy Appeals Board argues that the use of finger prints
      covers both identification and authentication. The board finds that
      the use of ID-card combined with finger prints assure both
      identification and authentication. Further, the board finds ut out of
      it’s competence to judge physical changes, like fences, guards and
      so on.
     The Privacy Appeals Board finds there is a sustainable need for
      secure identification, and allow the use of finger
     There was a dissent in the board.
Tysvær kommune
     Tysvær kommune uses biometric access control for
      logging into all new lap tops used especially in the
      health and social sector.
     The Data Inspectorate denied the use. Even if there was
      a substantive need for secure identification in order to
      protect sensitive personal data in the system, the
      inspectorate argued that the use of finger prints were
      not necessary.
     The use of smart cards combined with passwords was
      said to be an alternative.
     The Privacy Appeals Board disagreed. The board
      meant the use of finger prints is necessary. A smart
      card can be lost or stolen, and finger prints are seen as
      the most secure alternative.
Use of national identity numbers, etc.

      National identity numbers and other clear
      means of identification may only be used in
      the processing when there is a objective
      need for certain identification and the
      method is necessary to achieve such

      The Data Inspectorate may require a controller
      to use such means of identification as are
      mentioned in the first paragraph to ensure that
      the personal data are of adequate quality.

    (the Data Inspectorate)
    (The Personal Data Act)
    (Regulations on the processing of personal data)

To top