Spring Conference of European Data Protection Authorities (Budapest, May 2016)

Similar documents
Commonwealth Data Forum. Giovanni Buttarelli

Our position. ICDPPC declaration on ethics and data protection in artificial intelligence

COMMISSION OF THE EUROPEAN COMMUNITIES COMMISSION RECOMMENDATION

Computers, Privacy & Data Protection 2015 Data Protection on the Move Brussels, 23 January 2015

UNITED NATIONS EDUCATIONAL, SCIENTIFIC AND CULTURAL ORGANIZATION

ARTICLE 29 Data Protection Working Party

12 April Fifth World Congress for Freedom of Scientific research. Speech by. Giovanni Buttarelli

OECD WORK ON ARTIFICIAL INTELLIGENCE

The importance of maritime research for sustainable competitiveness

What does the revision of the OECD Privacy Guidelines mean for businesses?

Self regulation applied to interactive games : success and challenges

CDT Annual Dinner. Center for Democracy and Technology, Washington. 10 March 2015

The Information Commissioner s response to the Draft AI Ethics Guidelines of the High-Level Expert Group on Artificial Intelligence

clarification to bring legal certainty to these issues have been voiced in various position papers and statements.

Dear Secretary of State Parreira, Dear President Aires-Barros, Dear ALLEA delegates, esteemed faculty of today s workshop,

Technology Platforms: champions to leverage knowledge for growth

COUNCIL OF THE EUROPEAN UNION. Brussels, 9 December 2008 (16.12) (OR. fr) 16767/08 RECH 410 COMPET 550

The EFPIA Perspective on the GDPR. Brendan Barnes, EFPIA 2 nd Nordic Real World Data Conference , Helsinki

IAB Europe Guidance THE DEFINITION OF PERSONAL DATA. IAB Europe GDPR Implementation Working Group WHITE PAPER

ESA. European Seed Association. Community Plant Variety Rights System views of the European seed industry

Conclusions on the future of information and communication technologies research, innovation and infrastructures

)XWXUH FKDOOHQJHV IRU WKH WRXULVP VHFWRU

Pan-Canadian Trust Framework Overview

The General Data Protection Regulation and use of health data: challenges for pharmaceutical regulation

THE FUTURE EUROPEAN INNOVATION COUNCIL A FULLY INTEGRATED APPROACH

Big data: a complex and evolving regulatory framework

IPRs and Public Health: Lessons Learned Current Challenges The Way Forward

Building DIGITAL TRUST People s Plan for Digital: A discussion paper

University-University and University-Industry alliances and networks promoting European integration and growth

Hamburg, 25 March nd International Science 2.0 Conference Keynote. (does not represent an official point of view of the EC)

Public consultation on Europeana

GDPR Awareness. Kevin Styles. Certified Information Privacy Professional - Europe Member of International Association of Privacy professionals

Digital transformation in the Catalan public administrations

OPENING STATEMENT BY THE CHAIR OF THE BOARD OF GOVERNORS

Briefing on the preparations for the Oceans Conference

Public Sector Future Scenarios

Directions in Auditing & Assurance: Challenges and Opportunities Clarified ISAs

POSITION PAPER. GREEN PAPER From Challenges to Opportunities: Towards a Common Strategic Framework for EU Research and Innovation funding

EUROPEAN COMMISSION Directorate-General for Communications Networks, Content and Technology CONCEPT NOTE

UNITED NATIONS OFFICE OF LEGAL AFFAIRS

POSITION OF THE NATIONAL RESEARCH COUNCIL OF ITALY (CNR) ON HORIZON 2020

#Renew2030. Boulevard A Reyers 80 B1030 Brussels Belgium

2017 Report from St. Vincent & the Grenadines. Cultural Diversity 2005 Convention

Section 1: Internet Governance Principles

Please send your responses by to: This consultation closes on Friday, 8 April 2016.

COMMISSION RECOMMENDATION. of on access to and preservation of scientific information. {SWD(2012) 221 final} {SWD(2012) 222 final}

Standardization and Innovation Management

Outdoing Huxley: Forging a high level of data protection for Europe in the brave new digital world

Statement by Ms. Shamika N. Sirimanne Director Division on Technology and Logistics and Head CSTD Secretariat

TechAmerica Europe comments for DAPIX on Pseudonymous Data and Profiling as per 19/12/2013 paper on Specific Issues of Chapters I-IV

Outline. IPTS and the Information Society Unit IPTS Research Agenda on ICT for Governance

Brief to the. Senate Standing Committee on Social Affairs, Science and Technology. Dr. Eliot A. Phillipson President and CEO

Dr Nicholas J. Gervassis University of Plymouth THE EMERGING UK DATA PROTECTION FRAMEWORK AND BEYOND

Lecture 7 Ethics, Privacy, and Politics in the Age of Data

Advances and Perspectives in Health Information Standards

Council of the European Union Brussels, 10 November 2016 (OR. en)

First Stakeholders General Assembly of the Fuel Cells and Hydrogen Joint Undertaking

WORKSHOP ON BASIC RESEARCH: POLICY RELEVANT DEFINITIONS AND MEASUREMENT ISSUES PAPER. Holmenkollen Park Hotel, Oslo, Norway October 2001

Robert Bond Partner, Commercial/IP/IT

ACCESS TO FINANCING FOR SMEs Problems and Challenges. Prof. dr Dejan Erić Belgrade Banking Academy Member of the ERENET Network 2005.

Artificial Intelligence and Society: the Challenges Ahead Yuko Harayama Executive Member Council for Science, Technology and Innovation (CSTI)

Enabling ICT for. development

Technology and Innovation in the NHS Scottish Health Innovations Ltd

Big Data & AI Governance: The Laws and Ethics

Conclusions concerning various issues related to the development of the European Research Area

GENERAL PRINCIPLES OF INTERNET GOVERNANCE

ICO submission to the inquiry of the House of Lords Select Committee on Communications - The Internet : To Regulate or not to Regulate?

Draft Recommendation concerning the Protection and Promotion of Museums, their Diversity and their Role in Society

Towards a Magna Carta for Data

The meeting was chaired by Mr. Sándor ERDŐ, representative of the Hungarian Presidency of the EU.

Public Hearing on the use of security scanners at EU airports. European Economic and Social Committee. Brussels, 11 January 2011

DATA COLLECTION AND SOCIAL MEDIA INNOVATION OR CHALLENGE FOR HUMANITARIAN AID? EVENT REPORT. 15 May :00-21:00

Copyright: Conference website: Date deposited:

Principles and Rules for Processing Personal Data

Building an enterprise-centred innovation system

10246/10 EV/ek 1 DG C II

8365/18 CF/nj 1 DG G 3 C

Address by the President of the General Conference Dr Davidson L. HEPBURN

Enforcement of Intellectual Property Rights Frequently Asked Questions

the Companies and Intellectual Property Commission of South Africa (CIPC)

Towards the Ninth European Framework Programme for Research and Innovation. Position Paper from the Norwegian Universities

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 16 thereof,

Media Literacy Expert Group Draft 2006

TRADUCTION DE COURTOISIE. Declaration of the European ministers of culture TO REVIVE EUROPE THROUGH CULTURE

Table Of Content. Stichting Health Action International... 2 Summary... 3 Coordinator, Leader contact and partners... 6 Outputs...

Global Standards Symposium. Security, privacy and trust in standardisation. ICDPPC Chair John Edwards. 24 October 2016

Excellency s, ladies and gentlemen. I am glad to have the opportunity to address you today, if only via video.

Adopting Standards For a Changing Health Environment

"The future of Social Sciences and Humanities in Horizon 2020"

ENABLERS FOR DIGITAL GOVERNMENT: A DATA DRIVEN PUBLIC SECTOR

Roadmap towards a European culture strategy for the digital age

National approach to artificial intelligence

Framework Programme 7

Running head: ETHICS, TECHNOLOGY, SUSTAINABILITY AND SOCIAL ISSUES 1. Ethics, Technology, Sustainability and Social Issues in Business.

(Acts whose publication is obligatory) of 9 March 2005

An Introdcution to Horizon 2020

Responsible AI & National AI Strategies

Standing Committee on the Law of Patents Twenty-Sixth Session

Challenges and Opportunities

Digital Identity Innovation Canada s Opportunity to Lead the World. Digital ID and Authentication Council of Canada Pre-Budget Submission

Transcription:

Spring Conference of European Data Protection Authorities (Budapest, 26-27 May 2016) Giuseppe Busia Secretary General Italian Data Protection Authority Garante per la protezione dei dati personali Introductory remarks Ladies and Gentlemen, It is both a great pleasure and a privilege for me to be here today and take the floor on behalf of the Article 29 Working Party, its Chairwoman, Isabelle Falque-Pierrotin, and its Vicechairs, Antonello Soro and Ventsislav Karadjov. First of all, I want to express my great thanks and congratulations to Attila Peterfalvi and to all the Colleagues of the Hungarian National Authority for Data Protection and Freedom of Information for the splendid organization of this Conference. Today, the Data Protection Authorities from Member States of the EU and of the Council of Europe are going -as usual in the Spring time- to discuss crucial matters of common interest and to exchange information and experiences on different topics. As we well know, among the different topics we are used to dealing with, this year there is THE topic: the EU Data Protection Regulation (GDPR), finally published at the beginning of this month, together with a new directive on the processing of personal data for law enforcement purposes. But this is not enough: there is also the upcoming revised Convention 108/81, which has also to be revised because, like the 1995 Directive on data protection, it was considered in need of modernisation. We can say that these three legal instruments will make up the real Data Protection Package, which is expected to ensure a future-proof legal framework capable to keep in touch with new technology and a globalised world. This is why the WP29 decided to devote a large part of its work to this issue and for this reason adopted an Action Plan for 2016 focused on the new legal framework, in order to facilitate -for the benefit of all the stakeholders- the implementation of this new Package. 1

We are beginning to experiment on the new European Data Protection Board, where the DPAs will operate; within this framework, the WP started working via a shared building area, in which each DPA is doing its part and its best to be ready for day one, i.e. when the Regulation comes fully into force. We are fully engaged to achieve both efficiency and operability. A Forward-Looking Regulation, a Good Regulation Which are the main challenges -or some of them- we will have to face in this context? Let me then focus on the new EU data protection Regulation. As we well know, a Regulation has two main characteristics: direct applicability and, partly for this reason, capability to create a truly unified rule in Europe. Having regard to the former element, the new rules would be ready to be applicable - theoretically. As we know, in fact, there are many provisions of the Regulation that require Member States and DPAs to make clarifications, adaptations, and additions before being implemented, and this is what DPAs are already doing and what they are required to do in the coming months. Can this element the need for implementing steps- be considered as a limit of the new Regulation? Probably this is not the case. The need to specify, somehow to complete and fully implement the GDPR is a value as well as the only way to allow a rule on data protection to keep itself updated according to the continuous development of technology and reality. This, of course, is both an opportunity and a challenge, especially for the DPAs Global Regulation through the European and Transatlantic Regulation As I said, the second main feature of the Regulation is its capability to create a truly unified rule across Europe. And of course, we know and recognize the great importance of this improvement compared to a Directive, the 95/46/EC. 2

Thus, the new Regulation will enable us to have a truly unified data protection law in Europe. Is a European law sufficient, or do we need more? In many cases let us think about the right to be forgotten on the webwe know that, to be effective, to really protect the fundamental rights of our citizens, we would need global rules or, at least, global principles. In this regard, the good news is that sometimes, despite the regional applicability of the European rules, those rules can play a role also by influencing juridical regimes of other countries - both because of the new regime of applicability to all the entities that use data coming from Europe and, more importantly, because of the natural attitude of some rules to expand their effects outside their boundaries, especially when they regulate the processing of data on the web. For that reason, we have a big responsibility, which in some ways goes beyond what may appear on the surface of things. This is also why we were very careful and firm in examining the new Privacy Shield regarding the transfer of data to the US. As we know that our rules will become a global standard in many cases, we (but we are convinced that the US have the same interest) have to build them up in a way that they can be strong enough to protect individuals also in other countries that have less democratic traditions than the EU, the Council of Europe and the US. Somehow one might say we will have to act locally, to regulate globally. A New Landscape: Machine Learning and Data-Drinking World The legal instruments I recalled will have to be applied in a landscape that is also new. Big Data and Artificial intelligence are changing our relationship to our personal data. It used to be a question of the data we gave to controllers. But now, companies have data about us we never had, as data subjects, and which probably we do not know anything about. Of course, the Regulation is based on the traditional basic principles But we know we have to apply them to a new reality. Let me give only two examples of the elements of this new landscape. The principle of minimization -opportunely reaffirmed in the new legal framework- has to be adapted to the seemingly opposite logic of the new technologies that need a growing amount of personal data also to develop 3

and offer advanced social services to people. And this is so not only for marketing purposes: for instance, to improve cancer treatment it is necessary to collect more data from different patients and from different sources on patients experience. The more data is collected, the more one can hope to find the right treatment for the person concerned and for other people. Thus, in as growing number of cases, these technologies need personal data to work better: we can say that they drink data, and personal data is becoming day by day the new gasoline to provide services and products to individuals. I will quote a second example: we know that there are many risks when a decision taken on the basis of the automated processing of data affects an individual. But nowadays, Artificial Intelligence, using machine learning, is able to offer sophisticated services - including highly helpful ones as I recalled with regard to the health sector - based on in-depth profiling, and an increasing number of decisions -previously made by humans- are now made, in practice, by algorithms or anyhow with a growing contribution from algorithms. This applies to the decision to admit a student to an university, to engage somebody for a job, to lend money, to find a better health treatment, and so on. In any case, we cannot accept the argument that data protection principles are not fit for the purpose in the context of a data-drinking and algorithm-driven economy. Those principles should not be seen as a barrier to progress, but as the framework to promote privacy rights and a stimulus to develop innovative approaches to informing and engaging the public. And, they should also be regarded as an element to be valued by European companies, as a competitive asset in offering better services to their customers and users. All these elements -if I may say that- show that there is a growing responsibility placed now on the shoulders of DPAs and of all the stakeholders, who will be also directly involved mainly through the accountability principle. Unprecedented Problems, Unprecedented Tools The landscape described above is also dynamic, it changes every day and generates unprecedented problems, which require unprecedented tools. In this new world, the real engine of the whole system is no longer the individual personal data, but the profile, the particular combination of data that is used to offer personalized services and products. 4

However, we know that, according to the GDPR and the Directive, profiling is subject to the rules governing the processing of personal data. Therefore we must balance two opposite sides of the same coin: the protection and development of human well-being. For this reason, maybe our efforts should focus on enlarging our perspective, looking beyond, and shifting more than in the past- our attention from the individual data to the profile. The new legal framework can help us in this task, offering some significant options: let me highlight three of these tools: 1) The GDPR can enable us to provide more transparency to the data subject: indeed it sets a higher standard of transparency than Directive 95/46/EC, by adding a number of new fields of information that must be provided in all information notices, including (Article 12) the rights available to data subjects and modalities for facilitating the exercise of said rights, and information on data transfers. And, which is important, there is also the obligation to clarify the logic of the processing. And this requires us to make additional efforts to ensure that the person concerned is really aware of the logic used to build up the profile and maybe of the functioning of the algorithms used. In this regard, let me also recall that the modernised Convention 108 also provides for the right to obtain knowledge of the reasoning underlying data processing in particular if the results of this processing impact the individual. 2) The GDPR also reinforced the right to access and rectification: one way to counterbalance the tyranny of algorithms may consist in giving individuals the right to rectify the sources of the information that is fed into the big data analytics. Maybe this is nothing new, but the Regulation, for instance, clarifies that rectification may take place by adding a notice or statement to the original information in the context of search engine results or profiling, this might be very important. The source is left unchanged, but a caveat is added to its use. 3) The creation of the new, powerful right to data portability aims to increase user s choice of online services. The GDPR gives data subjects the right to receive the personal data concerning them and have such data transferred to a different controller. 5

For this reason, one issue to take on board is that this right might encompass not only the data, but also the profiles, the true essence of today's identity. Thus, also regarding these tools, we should develop a broader approach, taking account of the bigger picture, knowing that today more than in the past the data protection principles have to be tested also against ethical, political, and social issues. Modernizing the Spring Conference Before concluding, let me pose a final question about our activities in thesedays: Is it possible to think of some kind of modernization of the Spring Conference in this modernized framework of legal instruments and technology? Maybe yes: we have also to reconsider our approach to these forums, we have to be creative and to think out of the box. Indeed, the way in which the Spring Conference is different from other data protection forums should be valued, beginning from its varied and broader participation. Here, we can profit from the possibility to develop a reasoning in depth, also because we have more time at our disposal, and from a more relaxed atmosphere, without the constraints one sometimes encounters when discussing issues in other forums. And we all can understand the importance of such elements especially in these times of transition and transformation. I am sure this is the spirit in which this Conference was organized, and today we are going to make the first step towards a possible modernization also of the Spring Conference s role within the framework described above. Many thanks again to our Hungarian Colleagues, and many thanks to all of you for listening. 6

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback