Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Defines personal data very broadly … when someone is able to link the information to a person
even if the organization holding the data can't make this link.
Impacts of GDPR
Reorients data protection as a fundamental right
Human centered
The processing of personal data should be designed to serve mankind
Individual control
Natural persons should have control over there personal data.
The data doesn’t primarily serve business needs , just based to protect individual.
Safe Harbour
Allow data transfer to those companies that agreed to adhere to fair information
practices
Was declared invalid by the EU of Justice in 2015 because of concerns over NSA
collection of data of EU citizens via social media companies who had custody of that
data
Replaced with the EU-US Privacy Shield program:
Limited access by US Gov authorities - tries to limit mass surveillance
Companies can self-register as meeting the GDPR requirements
Annual review mechanism
But still has concerns relating to
Deletion of data,
Collection of massive amounts of data,
Clarification of a new Ombudsperson mechanism
Us is making the issues work with GDPR using FTC
FTC - Federal Trade Commission
Is the primary enforcer of consumer protection, in which privacy is becoming more and
more important
In US a company doesn’t have to have or disclose a privacy policy, but the FTC's position
is that if a company provides a privacy policy, it must comply with it.
FTC regards it as a violation of the Act for a company to retroactively change its privacy
policy without providing data subjects an opportunity to opt out of the new privacy
practice
FTC does attempt to pursue privacy issues
Summary
EU setting agenda through GDPR (for general data collection and processing) and ePrivacy (for
communications data) regulations
US - no general privacy legal framework, many sectoral laws, general impression that industry
efforts to address privacy through self-regulation have been too slow, and have failed to
provide adequate and meaningful protection
But FT is reasonably activist and has more powers than Privacy Commissioners in Canada to
impose paneities
In Canada future updates likely coming (to bring into alignment with EU)