COMPUTERS ON WHEELS WHO OWNS WHICH DATA?

Similar documents
Interest Balancing Test Assessment regarding data processing for the purpose of the exercise of legal claims

closer look at Rights & remedies

(1) General information

16 March Purpose & Introduction

A Legal Overview of the Data Protection Act By: Mrs D. Madhub Data Protection Commissioner

DATA PROCESSING AGREEMENT. (1) You or your organization or entity as The Data Controller ( The Client or The Data Controller ); and

The Transfer of Data Abroad by Private Sector Companies: Data Protection Under the German Federal Data Protection Act

Information leaflet about processing of personal data for Newsletter Recipients (hereinafter Data Subject)

Data Protection in Germany

Privacy International's comments on the Brazil draft law on processing of personal data to protect the personality and dignity of natural persons

General Data Protection Regulation

OTrack Data Processing Terms

PROTECTION OF PERSONAL INFORMATION ACT NO. 4 OF 2013

DocuSign Envelope ID: D3C1EE91-4BC9-4BA9-B2CF-C0DE318DB461

AmCham EU Proposed Amendments on the General Data Protection Regulation

GDPR: Belgium sets up new Data Protection Authority

Data Protection Policy. Malta Gaming Authority

LAW OF THE REPUBLIC OF ARMENIA ON PROTECTION OF PERSONAL DATA CHAPTER 1 GENERAL PROVISIONS

DACS Website Licence Terms and Conditions November 2014

Data Processing Addendum

Privacy policy. 1.1 We are committed to safeguarding the privacy of our website visitors.

South Carolina Department of Motor Vehicles

General Terms & Conditions

Data, Social Media, and Users: Can We All Get Along?

Biometrics from a legal perspective dr. Ronald Leenes

EUROPEAN GENERAL DATA PROTECTION REGULATION CONSEQUENCES FOR DATA-DRIVEN MARKETING

END USER LICENSE AGREEMENT FOR FOUNDRY PRODUCTS VIA ATHERA

Data Processing Agreement

PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING THE LICENSED SOFTWARE.

DACS DIGITAL PLATFORM LICENCE TERMS AND CONDITIONS 2016

End User License Agreement

BASECONE DATA PROCESSING AGREEMENT (BASECONE AS PROCESSOR)

Data Processing Agreement

Data Protection Declaration in accordance with the DSGVO

LFMI MEDIA SERVICES LIMITED T/A RUE POINT MEDIA

ENERCALC Software License Agreement

SUBSIDIARY LEGISLATION DATA PROTECTION (PROCESSING OF PERSONAL DATA IN THE POLICE SECTOR) REGULATIONS

PROJET DE LOI ENTITLED. The Data Protection (Bailiwick of Guernsey) Law, 2017 ARRANGEMENT OF SECTIONS PART I PRELIMINARY

9091/17 VH/np 1 DGD 2C

THE GDPR AND DFIR THE IMPACT OF THE EU GENERAL DATA PROTECTION REGULATION ON DIGITAL FORENSICS AND INCIDENT RESPONSE

THE PERSONAL DATA (PROTECTION) BILL, 2013

DIRECTIVE 95/46/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL. of 24 October 1995

DACS NEWSPAPER/MAGAZINE LICENCE TERMS AND CONDITIONS

Personal Data Protection Act

Law Enforcement processing (Part 3 of the DPA 2018)

Colloquium organized by the Council of State of the Netherlands and ACA-Europe. An exploration of Technology and the Law. The Hague 14 May 2018

Schools Subject Access Request Procedures

LICENSING AGREEMENT UCLA AMERICAN INDIAN STUDIES CENTER. Terms & Conditions

DATA PROTECTION LAWS OF THE WORLD. Colombia vs Germany

PRACTICE DIRECTION [ ] DISCLOSURE PILOT FOR THE BUSINESS AND PROPERTY COURTS

DATA PROTECTION POLICY

Lumiere London Limited Terms & Conditions

THE DATA PROTECTION BILL (No. XIX of 2017) Explanatory Memorandum

3T Software Labs EULA

Certified Translation from German. Licence Agreement. 1. Subject-matter of the Agreement

ABC-CLIO Database License Agreement

GGGI WEBSITE. Access and Use

DATA SHARING AGREEMENT

The Business Network: Terms of Use

General Contractual Terms and Conditions for the Sale of Standard Software of the company Engelmann Sensor GmbH

Terms of Use. 1. Right to Use and Access SaaS Applications

AGREEMENT FOR KIB KENANGA AGENCY NETWORK SERVICE

CoreLogic Matrix Terms of Use & Privacy Policy

6153/1/18 REV 1 VH/np 1 DGD2

XIX Case Handling Workshop in Prague March 2009

Published in terms of Section 51of the Promotion of Access to Information Act, 2 of 2000

Software Licensing Agreement (Loan)

Small Business Knowledge Center Terms and Conditions

End User License Agreement

UPS Shopping Companion TM Agreement

TERMS OF USE Intellectual Property Copyright Policy

IF YOU DO NOT AGREE TO THESE TERMS, DO NOT DOWNLOAD, INSTALL OR USE BSC.

Terms of Use Coach Me

University of Wollongong

Terms and Conditions. is a Property Management Site.

How we use Personal Information

Terms and Conditions of Use Your use of this website and its content constitutes your agreement to be bound by these terms and conditions of use.

Last revised: 6 April 2018 By using the Agile Manager Website, you are agreeing to these Terms of Use.

IMPORTANT READ CAREFULLY BEFORE INSTALLING OR USING THIS PRODUCT

Website Terms of Use

Pedestal Search Terms and Conditions of Service:

ARTICLE 29 DATA PROTECTION WORKING PARTY. Article 29 Working Party Guidelines on consent under Regulation 2016/679

10 October 2018 Without prejudice

CHAPTER 308B ELECTRONIC TRANSACTIONS

PRIVACY POLICY. 1. OVERVIEW MEGT is committed to protecting privacy and will manage personal information in an open and transparent way.

Terms and Conditions

END-USER SOFTWARE LICENSE AGREEMENT

NETDUMA LIMITED NETDUMA ROUTER AND SOFTWARE END USER LICENCE AGREEMENT

Website Terms of Use

PART OF THE QUINTESSENTIALLY GROUP

Terms and Conditions

Terms of Business

The Freedom of Information and Protection of Privacy Act

TERMS AND CONDITIONS OF USE OF THE ELECTRONIC EXCHANGE SYSTEM. external experts in the context of EU funding programmes.

Terms and Conditions

- 1 - End-User License Agreement

AVIS RENT A CAR AVIS APPS TERMS OF USE

Software Licence Terms

ORDER FORM CUSTOMER TERMS OF SERVICE

AeroScout App End User License Agreement

Transcription:

Ve COMPUTERS ON WHEELS WHO OWNS WHICH DATA? Prof. Niko Härting Berlin, January, 19th, 2017

3 Connected Cars

5 DATA OWNERSHIP PRESENT HURDLES Ownership: Data on a hard disk is owned by the owener of the hard disk But ownership of hard disk does not protect against copying Copyright protects software and databases. It does not, however protect (raw) data and/or information. Data can be protected as (part of) trade secret. This does, however, not mean ownership of data. Criminal law (sect. 303 a German Penal Code) protects data against manipulation and involuntary loss. But is it upto criminal law to define who owns data?

6 DATA OWNERSHIP FUTURE OBSTACLES Ownership: Data only becomes valuable when data becomes information. But do we want new exlusive rights on information? Most data is, at least potentially, personal. And the owner of data can but does not need to be identical with the data subject. What is ownership of data worth when data protection law applies? Ownership of data provides an incentive to monetarize data. The exact opposite is the case in data protection law (principle of data minimisation ). And do we want citizens on small incomes to have an incentive to sell their data?

7 Privacy (GDPR) will kill ownership.

10 DATA PROTECTION: WHEN IS DATA PERSONAL? Art. 4 No. 1 GDPR personal data means any information relating to an identified or identifiable natural person ( data subject ); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person

11 Germans like to share

15 Data required

16 NECESSARY DATA Where is the car? Location data How long was the trip? Exact start time Exact end time

The processing of data is verboten 17

18 BUNDESDATENSCHUTZGESETZ Section 4 Admissibility of data collection, processing and use (1) The collection, processing and use of personal data shall be admissible only if permitted or prescribed by this Act or any other legal provision or if the data subject has consented.

19 DATA PROTECTION LAW: THE BASICS Location data and usage data is personal identifiable information (PII). Processing of PII is not allowed unless explicitly covered by consent or some statutory exception. Consent is only valid when voluntary and informed.

Consent? 20

21 BDSG ON CONSENT Section 4a Consent (1) Consent shall be effective only when based on the data subject's free decision. Data subjects shall be informed of the purpose of collection, processing or use and, in so far as the circumstances of the individual case dictate or upon request, of the consequences of withholding consent. Consent shall be given in writing unless special circumstances warrant any other form. If consent is to be given together with other written declarations, it shall be made distinguishable in its appearance.

22 CONSENT VIA TOUCHSCREEN Consent would normally require a written document. Is consent still voluntary when the user has already buckled up? How can you make sure the user is informed when his foot is already on the clutch?

GDPR: any hope? 23

24 GDPR: CONSENT REQUIREMENTS Consent does not need to be in writing. It only needs to be unambiguous. Consent still needs to be both informed and voluntary. Contractual consent is as a rule invalid when consent covers data not necessary for carrying out the contract. Consent is invalid when there is a clear imbalance between controller and data subject.

Contract? 25

26 BUNDESDATENSCHUTZGESETZ Section 28 Collection and storage of data for own commercial purposes (1) The collection, storage, modification or transfer of personal data or their use as a means of fulfilling one s own business purposes shall be admissible 1. when needed to create, carry out or terminate a legal obligation or quasi-legal obligation with the data subject, 2. in so far as this is necessary to safeguard justified interests of the controller of the filing system and there is no reason to assume that the data subject has an overriding legitimate interest in his data being excluded from processing or use, 3. if the data are generally accessible or the controller of the filing system would be entitled to publish them, unless the data subject's legitimate interest in his data being excluded from processing or use clearly outweighs the justified interest of the controller of the filing system.

GDPR: any hope? 27

28 GDPR: CONTRACTS PROVISION Article 6 Lawfulness of processing 1. Processing of personal data shall be lawful only if and to the extent that at least one of the following applies: (b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract

29 USAGE DATA Start time and end time necessary for calculating the price. Storage time: deletion necessary as soon as (irrevocable) payment has been made.

Legitmate interest? 30

31 BUNDESDATENSCHUTZGESETZ Section 28 Collection and storage of data for own commercial purposes (1) The collection, storage, modification or transfer of personal data or their use as a means of fulfilling one s own business purposes shall be admissible 1. when needed to create, carry out or terminate a legal obligation or quasi-legal obligation with the data subject, 2. in so far as this is necessary to safeguard justified interests of the controller of the filing system and there is no reason to assume that the data subject has an overriding legitimate interest in his data being excluded from processing or use, 3. if the data are generally accessible or the controller of the filing system would be entitled to publish them, unless the data subject's legitimate interest in his data being excluded from processing or use clearly outweighs the justified interest of the controller of the filing system.

32 LOCATION DATA Location data only partially needed for showing available cars on app. Establishment or defence of legal claims in case of accidents or damage to the car. Storage allowed for only 7 days (unless there actual was an accident or damage).

GDPR? 33

34 GDPR: LEGITIMATE INTERESTS AND PROFILING Art. 4 No. 4: profiling' means any form of automated processing of personal data consisting of using those data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements; Art. 6 (f): legitimate interests: necessary? Art. 20 (1): The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to the processing of personal data concerning him or her which is based on points (e) or (f) of Article 6(1), including profiling based on these provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

36 Prof. Niko Härting twitter.com/nhaerting HÄRTING Rechtsanwälte Chausseestraße 13, 10115 Berlin Tel. +49 30 28 30 57 40 Fax. +49 30 28 30 57 44 www.haerting.de

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback