Privacy (GDPR)

COMP315 Lectures 2023-03-20

Right to Privacy

No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks. - Art.12 UDHR

There are several reasons to want privacy:

Direct Harm
- Harm to physical goods, possessions and reputation.
Indirect Harm
- Harm that would stop you from doing something you would otherwise.
Someone watching your every move is not a nice feeling.

Privacy Considerations

Sensitivity: All information deserves some protection, but sensitive information deserves more.
A bag search at a nightclub is reasonable but a cavity search is not.
Target Individual: Children and vulnerable people have increase privacy rights. Public people (politicians and celebrities) have reduced rights.
Children have greatly reduced privacy rights with their parents.
Extent of Disclosure: Privacy is harmed more by public disclosure than by one person getting a glimpse.
Justification: Better reasons allow greater invasion of privacy. Consent removes the limitations they allow.

Check the official guide to data protection at https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/.

In the UK and EU, privacy regulation is called the general data protection regulation.
GDPR is complemented in the UK by the data protection act 2018 (DPA)

This provides specific legislations required by the GDPR.
The information commissioner’s office (ICO) enforces the GDPR and DPA.

There is also the ePrivacy Regulation in the EU that regulates cookies and mailing lists.

Personal Data

The GDPR applies to any person or organisation that processes personal data.

Personal Data: Information relating to an identifiable living individual.
Identifiable: Enough to distinguish one person from another.

Only full anonymisation can make something not personal data.

Information is still personal if it can be combined with public domain information to identify a person.

Processing data means doing any of the following:

Viewing
Storing
Modifying/Combining
Deleting
Publishing

Controlling data means deciding how and to what purpose it will be processed. This is where the main responsibility lies, they must pay the data protection fee to the ICO.

Principles

The GDPR is organised around seven principles:

Lawfulness, Fairness & Transparency
Purpose Limitation
Data Minimisation
Accuracy
Storage Limitation
Integrity & Confidentiality (Security)
Accountability.

Lawful Basis

One of the following bases must be chosen before collecting data and may not be chosen later. There are six possible bases:

Consent:
- Must be opt-in.
- Must be granular.
- Must be informed.
- Must be freely given.
- Can be withdrawn.
Consent is a great basis if you can get it.
Contract
- When supplying contracted services.
- To provide services with the intention of entering a contract (supplying a quote).
This is the easiest basis to use in e-commerce.
Legal Obligation
- Tax
- Counter-Terrorism & Security Act
- Court Orders
- Regulations
Vital Interests
- When data processing is required to save a life.
Cannot be used if the data subject is capable of consent. Alternatives must be considered if the subject is not the same person as the individual at risk.
Public Interest
- When acting under official authority.
- Typically government, public organizations or utilities.
Legitimate Interest
- A legal & moral interest.
- Can be commercial or in anyone’s interest.
- Only if the individual’s interests align with the legitimate interest (balance test).
This is a good last resort if the others don’t fit.

In each case, the lawful basis only applies to data processing that is necessary. If a reasonable, less invasive alternative exists, that is not too difficult or expensive, then it should be used instead.

Necessity doesn’t include commercial gains: “You must consent to using your data for advertising or we can’t provide the service.”

Special Category & Criminal Offence Data

The following two data categories require more protection:

Special category data.
Criminal offence data.

Purpose and basis won’t suffice in these cases.

Special Category Data

The following are classed as special category data:

Racial or ethnic origin.
Political opinions.
Religious or philosophical beliefs.
Trade union membership.
Genetics
Biometrics
Health
Sex Life
Sexuality

To process any data of this type, in addition to purpose and lawful basis, you need one of the following conditions:

Consent
- Same condition as the lawful basis.
- Can still be used if a different basis is used for the lawful basis.
Vital Interests
- Only available if the subject is incapable of consent.
You are a trade union, political, religious or philosophical organisation.
- Only applies to members of your organisation.
- Only applies to data that applies to your organisation.
The individual has made this data public.
The data is necessary for a legal defence, or legal proceedings.
Employment, social security and social protection.
- Right to work.
- Health & Safety
- Disability support.
Substantial Public Interest
- There are 23 specific conditions that allow use of this basis.
Not recommended.
Health or social care.
Public Health
Archiving, research and statistics in the public interest.

The last 5 cases require reference to local law (DPA 2018 in the UK).

In all cases, consider whether pseudo-anonymisation is possible.

Criminal Offence Data

This includes data about:

Allegations
Investigations
Legal Proceedings
Convictions
Penalties (Punishments)

Processing criminal offence data is only allowed:

For an official authority.

Only party allowed to hold a comprehensive register of criminal offence data.
One of the following conditions from special category data applies:
1. Employment, social security and social protection.
2. Substantial Public Interest
3. Health or social care.
4. Public Health
5. Archiving, research and statistics in the public interest.