Save this PDF as:

Size: px
Start display at page:



1 Szpor G., (211). Personal data protection as a condition of development of spatial information system. In: D. Kereković, R. Źróbek (ed.). The Future with GIS. Croatian Information Technology Association GIS Forum, University of Silesia, Zagreb, PERSONAL DATA PROTECTION AS A CONDITION OF DEVELOPMENT OF SPATIAL INFORMATION SYSTEM Grażyna Szpor Cardinal Stefan Wyszyński University in Warsaw Faculty of Law and Administration Wóycickiego 1/3, bl. 17, Warsaw, Poland 1. Introductory remarks Member states of the European Union have become quite advanced in terms of e-services on offer, in particular due to the implementation of the Lisbon Strategy 47. However, the level of actual use made of these e-services is considered unsatisfactory. It has been observed that the development of information systems, and the interoperability of these systems, generate a sense of threat and anxiety related to potential wrongful use of personal data stored within these systems. The resulting mistrust towards e-services discourages a significant proportion of EU citizens from using them, and consequently becomes a barrier to economic development. Public authorities have undertaken numerous measures to ensure adequate protection of EU citizens personal data 48. However, given the extent of globalisation, the effectiveness of these measures under the current legal regime is limited. A need arises to balance the interest of businesses, the public interest and the interest of persons whose data are processed within spatial information systems. The activity of personal data protection authorities in determining the conditions of the national segments of Google Street View provides a good illustration of such a balancing process. Communication of the European Commission 49 heralds a complex reform of personal data protection, including protection with regard to geo-information and geo-location, and outlines the changes to come. The new European strategy strengthens the rights of individuals whose data are processed, thus contributing to an increase in acceptance of e-services. 2. Digitizing services in European Union. Digitizing Public Services in Europe: Putting ambition into action 9th Benchmark Measurement 5 indicates high availiability and sofistication e- services in EU Member States. 47 Europe - An information society for all - Communication on a Commission initiative for the special European Council of Lisbon, 23 and 24 March 2 / COM/99/687 final/ 48 Ochrona danych osobowych. Skuteczność regulacji. Reg. G. Szpor. Municipium. Warszawa Communication from The Commission to the European Parliament, the Council, the Economic and Social Committee and the Committee of the Regions A comprehensive approach on personal data protection in the European Union Brussels, COM(21) 69 final 5 Digitizing Public Services in Europe: Putting ambition into action 9th Benchmark Measurement I December 21 Prepared by Capgemini, IDC, Rand Europe, Sogeti and DTi for: European Commission, Directorate General for Information Society and Media

2 Geo-information is an important component of numerous decision-making processes. Nonetheless, among the 2 types of e-services that the Commission has been monitoring for the last decade, only 2 pertain directly to spatial information: Application for building permission and Environment-related permits. Average sophistication scores by services and levels (s. 62) Level Level 1 Level 2 Level 3 Level 4 Application for building permission Environmentrelated permits Level 5a Level 5b 172

3 Spatial information infrastructure has been developing under the INSPIRE directive that places emphasis on interoperability of the systems. In order for this infrastructure to be used to its full potential, other public e-services that are monitored for the Commission are of importance. This includes, for example: Passports, Submission of data to statistical Office, Car registration, czy Announcement of moving 51 Full Online Availability: FOA 21 BE BG CZ DK DE EE IE EL ES FR IT CY LV LT LU Passports Car registration Announcem ent of moving Submission of data to statistical offices HU MT NL AT PL PT RO SI SK FI SE UK IS NO CH HR TR Threshold Av Benchmarking indicates that the implementation of the Lisbon Strategy has been successful. However, member states are ranked and held accountable by the Commission on the basis of criteria that favour digital administrative procedures over satisfaction of actual broadly diagnosed needs of individual and businesses. This seems to affect adversely the effectiveness of public money investment in the European Union in terms of geographic information systems and the competitiveness of these systems with those offered by American entities. This hypothesis is easily verified by comparing the rates of usage of national geo-portals with those of Google Maps, Google Earth and Google Street View. This in turn impacts the ability of European businesses to create and offer more advanced services. 3. Mistrust towards personal data processing in e-services Implementation of public e-services and the development of e-business (particularly in its trans-border dimension) are perceived as insufficient. This assessment is reflected in the Digital Agenda, one of the 7 fundamental documents of the Europe strategy, as well as in the Communication on Cross- Border Business to Consumer e-commerce in the EU 53 and Eurostat research. The main reasons of the 51 egovernment benchmark report - 21 data COM (29)

4 status quo have been identified as: missing perception of need for such services, low level of IT knowledge, financial reasons, and mistrust towards new solutions. Results of Eurobarometer research on attitudes to data protection and electronic identity in the EU 54, published by the Commission in June 211, also indicate that acceptance of the Internet is limited. The reader may recall that 66% of European interviewees use the Internet, 39% shop online, 34% use social networking sites (p.39). Internet users were asked which activities they undertook on the Internet: 6% purchase goods or services online, 52% use a social networking site (p. 8). 55 Those interviewees who had always or sometimes experienced unnecessary disclosure of personal information when obtaining access to or using an online service were then asked how concerned they were about such cases. 72% of these respondents were very or fairly concerned (p. 54). About 7% of the Europeans interviewed trust national public authorities, 55% European institutions, 62% banks and financial institutions. Only the little part of the Europeans trust shops and department stores (39%); phone companies, mobile phone companies and Internet service providers (32%); and Internet companies (22%) (p. 138). The ranking of respondents risk perceptions is the same for social networking or sharing sites as for shopping online, with the exception of being the victim of fraud: this item is the second most important risk associated with social networking but the most important risk in the case of shopping online (41% versus 55%). Around 44% respondents, for both social networking and shopping, mention your information being used without your knowledge (p. 56). Respondents who use the Internet were asked whether they usually read privacy statements on the Internet. 58% respondents say they do, 34% say that they read and understand them, 24% that they read them but do not fully understand them, 25% say they do not read them, 8% ignore privacy statements, and 5% say they do not know where to find them (p. 112). Approximately 42% European Internet users apply tools and strategies to limit spam and 22% of the Internet users change the security settings of their browser to increase privacy (p. 16). A majority feel they have some control (78%). Of the interviewees who feel in control, two-thirds feel they have only partial control (p. 127), 75% of Internet users want to delete this information whenever they decide to do so (p. 158) and 74% say their approval should be required in all cases (p. 148) To protect their identity in daily life, a majority (62%) of Europeans give the minimum required information (p. 1). 174

5 About 9% of the Europeans surveyed (9%) think it is important for them to have the same rights and protection over their personal information, regardless of the EU country in which it is collected and processed (p. 181). 4. Control of data protection in global geographic information systems The Internet makes it much easier for data controllers established outside the EU to provide services from a distance and to process personal data in the online environment. It is often difficult to determine the location of personal data and of equipment used at any given time. The fact that the processing is carried out by a data controller established in a third country should not deprive individuals of the protection to which they are entitled under the EU Charter of Fundamental Rights and EU data protection legislation. One of the means of enabling the transfer of personal data outside the EU and the EU area is the socalled adequacy assessment. Currently, the adequacy of a third country, whether a third country ensures a level of protection that the EU considers as adequate may be determined by the Commission and by MS. The effect of a Commission adequacy finding is that personal data can freely flow from the 27 EU Member States and the three EEA member countries to that third country without any further safeguard being necessary. In some Member States adequacy is assessed in the first instance by the data controller which itself transfers personal data to a third country, sometimes under the ex-post supervision of the data protection supervisory authority. This situation may lead to different approaches to assessing the level of adequacy of third countries, or international organisations, and involves the risk that the level of protection of data subjects provided for in a third country is judged differently from one Member State to another. The American corporation Google Inc. has implemented and started offering in many countries worldwide a service called Google Street View. The service provides a possibility, free of charge, to see the actual image of specific places, namely buildings and streets, together with vehicle and pedestrian traffic. The service is tied in with Google Maps and Google Earth, both offering access to two-dimensional maps and satellite photographs. According to the corporation that offers the service, Google Street View may be useful in promoting tourism, in pinpointing shopping or meeting locations, as well as in supporting prospective tenants and homebuyers in property-related searches. The panoramic photographs that Google Street View uses are taken by a number of cameras mounted on the roofs of vehicles that drive in regular street traffic. The images are first stored onboard of these vehicles, and subsequently sent to Google Inc. headquarters in the USA, where image selection and technical processing occurs. In the processing, the faces of individuals and licence plates of vehicles are blurred out (pixelated). In some countries, such as Canada, France and Germany, public authorities have set specific requirements that Google Inc. has agreed to comply with. The German legal doctrine has agreed to the following with regard to the creation and distribution of images in Google Street View. Firstly, is falls under German law. Secondly, it cannot use the media privilege, since its aim is a neutral reflection of reality, rather than a selection of information for media and journalistic purposes. Thirdly, Google Street View makes use of personal data, i.e. images of individuals and items that can be connected to individuals. Overall, it is accepted in German doctrine that all data would qualify as personal data (through the property right link) if any indirect link to an individual were sufficient to classify it as such. Therefore, certain limitations have been proposed, namely to only classify as personal data the data that characterises the given item in connection with a person, e.g. carrying information on the location, type of building and regulations pertaining to use of buildings. In contrast, soil samples, building statistics or layout of wires and installations would fall outside of these limitations. German Federal Constitutional Court ruled that privacy of space protects what is invisible to the public eye, and that aerial images are subject to protection regulations if a description of the road and data on identity of inhabitants are accessible in addition to the images. 56 With regard to implementation of Google Street View in Germany, Indra Spieker claimed that the interest of individuals whose data are being processed clearly outweighs the interest of these data s 56 I. Spieker gen. Dohmann, Prywatny pomiar świata jako problem ochrony danych osobowych. O obchodzeniu się z informacją przestrzenną na przykładzie Gogle Street View. [In:] Internet. Protection of freedom, property and security. Ed. G. Szpor. Warszawa 211, p

6 administrator. For this reason, panoramic images are to be capped at 2 meters high and are to contain no faces or licence plates. Furthermore, the images are to contain small buildings only in the case if these buildings, due to their location, are often observed anyway, and to contain images of larger multi-family buildings only if they are not, by any special characteristics, distinguishable from others in the street. The special requirements for Germany that Google Inc. has accepted include an obligation on the part of the corporation to offer procedures for lodging an objection and for demanding that a building be removed from the images, or for a building to be made unrecognizable. Moreover, unprocessed data with faces, licence plates and buildings with regard to which objections have been lodged are to be deleted as soon as possible. Compliance with this requirements remains however beyond outside control. It is the intention of Google Inc. to make accessible online, before Euro 212, panoramic images of streets of Poland s biggest cities in which the championship games are to be held: Warsaw, Gdansk, Krakow, Poznan and Wroclaw. The Polish Inspector General for the Protection of Personal Data (Generalny Inspektor Ochrony Danych Osobowych GIODO) has taken steps to ensure that this service does not infringe upon the right to privacy and personal data protection. Before the commencement of work on the project, Google Poland Sp. z o.o. (the local subsidiary of Google Inc.) submitted to GIODO plans pertaining to the extension of online maps of Poland by means of the Google Street View function. After two months of consultations and analyses, GIODO has established the ground rules for the project. In line with GIODO s instructions, the corporation has agreed to notify the public of the photographs being taken in a manner that allows everyone to exercise the right to protect their privacy; the information must therefore be given with due notice. Faces of individuals and licence plates of vehicles are to be blurred out before the images are published online. Moreover, GIODO requires that the images be taken from no more than 3 meters above street level. The imagetaking vehicles must be clearly marked, to enable passer-bys to recognize them easily. Inspectors from the Bureau of GIODO tested in May 211 whether the above conditions were being met and whether the data processing was carried out in accordance with the provisions of the Act on the Protection of Personal Data (and also in accordance with the regulation of Minister of Internal Affairs and Administration of 29 April 24 on documentation of personal data processing and on technical and organisational requirements for devices and information systems for personal data processing). The inspectors investigated the types of data collected during the production of photographic images. They also checked whether the Google Street View vehicles collected data on the internal structure of buildings and on wireless networks in the buildings. The inspection revealed a number of problems, most of them formal in nature. Firstly, contrary to the requirements of the Act on the Protection of Personal Data, the corporation failed to appoint an administrator of information security, who would supervise compliance with the regulations pertaining to proper protection of personal data. Secondly, the drivers of Google s vehicles that carried the cameras for Google Street View image collection were not holders of authorisation for personal data processing, again contrary to legal regulations. Such authorisation is necessary for the drivers because they have access to the full data collected in the process: they see a control image, consisting of 15 component images, with resolution that allows them to evaluate the quality and adequacy of images taken. Moreover, they are responsible for the safety of the hard disks on which the images are stored. GIODO decided that the drivers participate in personal data processing. Consequently, the administrator of the data is obliged to equip them with authorisation to process the data, and to enter the drivers into the obligatory register of persons authorised to carry out personal data processing. Moreover, the inspectors discovered that the corporation had a security policy in place, as well as an instruction on the management of the IT system that processes personal data. However, these documents did not contain a list of buildings, premises or parts of premises where the data processing takes place. They also did not specify how the data are transferred between the various systems. Measures introduced by the member states, such as the ones presented above, must be appreciated. However, it must also ne noted that their effectiveness is limited. Data processing is globalised and calls for the development of universal principles for the protection of individuals with regard to the processing of personal data. 176

7 4. A comprehensive approach on personal data protection in the European Union Communication from The Commission to the European Parliament, the Council, the Economic and Social Committee and the Committee of the Regions A comprehensive approach on personal data protection in the European Union, 57 speaks about milestones in the history of the protection of personal data in the EU, 58 and about new challenges for the protection of personal data, which bring rapid technological developments and globalization. 59 The ways of collecting personal data have become increasingly elaborated and less easily detectable. For example, the growing use of procedures allowing automatic data collection, such as electronic transport ticketing, road toll collecting, or of geo-location devices make it easier to determine the location of individuals simply because they use a mobile device. In the Communication lay down the Commission's approach for modernizing the EU legal system for the protection of personal data in all areas of the Union s activities. Key objectives of the comprehensive approach on data protection are: 2.1. Strengthening individuals' rights Ensuring appropriate protection for individuals in all circumstances Increasing transparency for data subjects Enhancing control over one's own data Raising awareness Ensuring informed and free consent Protecting sensitive data Making remedies and sanctions more effective 2.2. Enhancing the internal market dimension Increasing legal certainty and providing a level playing field for data controllers Reducing the administrative burden Clarifying the rules on applicable law and Member States' responsibility Enhancing data controllers' responsibility Encouraging self-regulatory initiatives and exploring EU certification schemes 2.3. Revising the data protection rules in the area of police and judicial cooperation in criminal matters 2.4. The global dimension of data protection Clarifying and simplifying the rules for international data transfers Promoting universal principles 2.5. A stronger institutional arrangement for better enforcement of data protection rules The reform employs a complex approach, expressed e.g. in the fact that emphasis is put on personal data processing rather than its protection. Regulation of personal data processing on the Internet is 57 Brussels, COM(21) 69 final 58 The 1995 Data Protection Directive enshrines two of the oldest and equally important ambitions of the European integration process: the protection of fundamental rights and freedoms of individuals and in particular the fundamental right to data protection, on the one hand, and the achievement of the internal market the free flow of personal data in this case on the other. 59 Today technology allows individuals to share information about their behaviour and preferences easily and make it publicly and globally available on an unprecedented scale. Social networking sites, with hundreds of millions of members spread across the globe, Cloud computing (Internet-based computing whereby software, shared resources and information are on remote servers in the cloud ) may involve the loss of individuals' control over their potentially sensitive information when they store their data with programs hosted on someone else's hardware, the use of sophisticated tools allows economic operators to better target individuals thanks to the monitoring of their behaviour, the public authorities use more personal data for various purposes, as part of their e-government applications 6 The Commission will examine how to revise and clarify the existing provisions on applicable law, including the current determining criteria, in order to improve legal certainty, clarify Member States' responsibility for applying data protection rules and ultimately provide for the same degree of protection of EU data subjects, regardless of the geographic location of the data controller. 61 One of the means of enabling the transfer of personal data outside the EU and the EEA area is the so-called adequacy assessment. The exact requirements for recognition of adequacy by the Commission are currently not specified in satisfactory detail in the Data Protection Directive. In addition, the Framework Decision does not provide for such a decision by the Commission 177

8 currently becoming the main point of focus. It reduces the potential for negative outcomes for the individuals whose data are processed so as to keep the risks at a minimal level, where they no longer discourage e-inclusion and where they promote e-business solutions. European Commission has declared that drafts of specific pertinent regulations will become available before the end of 211. In conclusion, when outlining the way forward it is noted that: At the end of the reform process, Europe's data protection rules should continue to guarantee a high level of protection and provide legal certainty to individuals, public administrations and businesses in the internal market alike for several generations. No matter how complex the situation or how sophisticated the technology, clarity must exist on the applicable rules and standards that national authorities have to enforce and that businesses and technology developers must comply with. Individuals should also have clarity about the rights they enjoy. This pertains fully and completely also to personal data processed within spatial information systems. 178