Database Reference
In-Depth Information
one of the most commonly suggested solutions for such problems is the use of so
called privacy enhancing technologies.
(1) Firstly, the Data Protection Directive holds that the controller must implement
appropriate technical and organizational measures to protect personal data against
accidental or unlawful destruction or accidental loss, alteration, unauthorized dis-
closure or access, in particular where the processing involves the transmission of
data over a network, and against all other unlawful forms of processing.
20
Thus,
privacy enhancing technologies may be used to minimize the risk of data security
breaches by controlling the access to the data, for example through the use of
passwords, by encrypting the data and by protecting databases against cyber-
attacks. This way, the risk of privacy violations is minimized.
(2) Secondly, both the danger and the scale of the possible damage are minimized
through the use of so called data minimization techniques. Concepts such as pri-
vacy by design and privacy preserving data mining are closely aligned to this ap-
proach. (2a) The Data Protection Directive holds that personal data may only be
processed where they are adequate, relevant and not excessive in relation to the
specific purpose for which they are collected.
21
Thus the data controller must spec-
ify a specific goal for data processing and the data used should be necessary and
proportional in relation to satisfying this objective.
(2b) Another data minimization principle contained in the directive refers to the
length of time in which the gathered data may be kept. The directive holds that
personal data may be kept in a form which permits identification of data subjects
for no longer than is necessary for the specific purpose for which the data were
collected.
22
For example, there has been some controversy surrounding Google
Street View. Google gathers photographs with cars and people on it. It blurs the
faces and the license plates before publishing them on the website. This process
takes Google up to a year, but the members of the leading advisory organ of the
European Union with regard to data protection (the Article 29 Working Party)
have asked Google to limit the period it keeps the non-blurred photographs to six
months, since they feel that the period Google maintains is excessive.
23
(2c) A final data minimization principle embedded in the directive refers to the
way in which the data are kept. The principles of the directive do not apply on da-
ta rendered anonymous in such a way that the data subject is no longer identifia-
ble. To determine whether a person is identifiable or not, account should be taken
of all the means likely reasonably to be used either by the data controller or by any
other person to identify the data subject.
24
Thus, anonymous data often refers to
data originally able to identify a person, but being stripped of all identifiers, no
longer do so. Whether data are able to identify a person must be assessed on a case
by case basis. The Article 29 Working Party holds that such assessment '[] should
be carried out with particular reference to the extent that the means are likely
20
Article 17 DPD.
21
Article 6.1(c) DPD.
22
Article 6.1(d) DPD.
23
<http://www.edri.org/edrigram/number8.5/article-29-wp-google-street-view>.
24
Recital 26 DPD.
Search WWH ::
Custom Search