Personvern og elektronisk billettering advokat Eva I. E. Jarbekk
Temaer Litt om hva personvern er og om reglene Litt om Ruter Litt om veien videre
Bakgrunn Eva Jarbekk Advokat og partner i Brækhus Dege Advokatfirma DA, ca 85 medarbeidere Partner i FAKTUM AS tverrfaglig informasjonssikkerhet og personvern, gransking Leder av personvernnemnda 2009-2013 Leder advokatforeningens lovutvalg for ikt- og personvern Arbeider med IT-juss og anskaffelser, personvern og granskninger
Personvern All informasjon som direkte eller indirekte kan knyttes til et individ omfattes av personopplysningsloven Prinsipp: vi skal ha kontroll over info om oss selv: skal ikke utleveres andre skal ikke brukes til nye formål
Om personvern Nedre grense for hva som er personopplysning? Papirkort på lomma til arrestert person Data i valideringsterminal som sendes til sentral Må disse behandles på samme måte som info om avreisetid/sted?
Om personvern Anonyme opplysninger Ikke omfattet av pol Pseudonymiserte opplysninger Avidentifiserte opplysninger
Om personvern Bevegelsesdata er følsomme opplysninger EMK art 8 oppgir bevegelsesfrihet spesielt Har stor konsekvens om det kommer på avveie Enkelte grupper er mer sårbare enn andre
Directive 2010/40/EU of the European Parliament and of the Council of 7 July 2010 on the framework for the deployment of Intelligent Transport Systems in the field of road transport and for interfaces with other modes of transport Text with EEA relevance Frist for gjennomføring av direktivet i nasjonal rett er 27. februar 2012
Personverntrussel PVT = Forbindelse x mengde x tid
Article 10 Rules on privacy, security and re-use of information 1. Member States shall ensure that the processing of personal data in the context of the operation of ITS applications and services is carried out in accordance with Union rules protecting fundamental rights and freedoms of individuals, in particular Directive 95/46/EC and Directive 2002/58/EC. 2. In particular, Member States shall ensure that personal data are protected against misuse, including unlawful access, alteration or loss. 3. Without prejudice to paragraph 1, in order to ensure privacy, the use of anonymous data shall be encouraged, where appropriate, for the performance of the ITS applications and services. Without prejudice to Directive 95/46/EC personal data shall only be processed insofar as such processing is necessary for the performance of ITS applications and services. 4. With regard to the application of Directive 95/46/EC and in particular where special categories of personal data are involved, Member States shall also ensure that the provisions on consent to the processing of such personal data are respected. 5. Directive 2003/98/EC shall apply.
Betraktninger - direktiv 12) The deployment and use of ITS applications and services will entail the processing of personal data. Such processing should be carried out in accordance with Union law, as set out, in particular, in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data [3] and in Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector [4], inter alia, the principles of purpose limitation and data minimisation should be applied to ITS applications. (13) Anonymisation as one of the principles of enhancing individuals' privacy should be encouraged. As far as data protection and privacy related issues in the field of ITS applications and services deployment are concerned, the Commission should, as appropriate, further consult the European Data Protection Supervisor and request an opinion of the Working Party on the Protection of Individuals with regard to the Processing of Personal Data established by Article 29 of Directive 95/46/EC.
Artikkel 29 gruppen Smart cards contain a chip to store information, including personal information (which may include a chip identifier, the number of the user s subscription contract as well as time, date and code number of the card validation device); in some cases they operate via RFID/Near Field Communication (NFC) technology. The use of such cards therefore entails the processing of several items of directly and/or indirectly identifiable personal information : at the time the cards are issued to users; each time the cards are used, thanks to the identifiers that are associated with every subscriber and collected by the validation devices to be subsequently stored (possibly in real time) in the databases of transport companies. Special attention should be paid in this context to the information related to the so-called validation data, whose processing in particular the storage of the time and place of validation allows tracking the individual users movements and whereabouts.
Artikkel 29 gruppen Data Minimization and Retention Period As regards, in particular, processing of the data concerning users movements, the information systems of transport companies should be designed and implemented by prioritizing the use of anonymous data. If (directly or indirectly) identifiable information is used, this information should be stored for the shortest possible period (and erased automatically thereafter), and account should be taken of the lawful purposes to be achieved via the processing as a rule, the information in question should not be retained for longer than a few days after being stored.
Andre regler Pol: lagring så lenge nødvendig ifht relevans for opprinnelig formål Hva er relevant? Frakte person fra A til B? Skreddersøm? Avregning, interoperabilitet?
Andre regler HB206: tolkningsargument i pol, neppe lex specialis Arbeid for VD: skille anonyme og personifiserte billetter Hvor lenge skal personifiserte lagres?
Ruter-saken Ordinært tilsyn av øyeblikksbilde ble foretatt konsekvenser er store 1. Lagre info 30 dager etter utløpt gyldighetstid 2. Ikke lagre etterfølgende opplysninger ikke samle dem inn - slette eksisterende Hva betyr det i praksis? DTs holdning har konsekvens for hele bransjen både oppdragsgivere og leverandører som skal levere systemer
Ruter-saken DT foretar vurderinger på bakgrunn av tilsyns-tidspunktet tar i liten grad inn over seg endringer: f eks anonyme billetter og andre billettyper spiller liten rolle i vurderingene av hva som er saklig, nødvendig og relevant å lagre Dette blir lite hensiktsmessig ifht vidtrekkende virkninger Tilsynsfunksjonen kan suppleres vært erstattet av en rådgiverrolle- HB206 - bransjestandard
Veien videre DT har ingen formell rolle i HB206 DT har rolle i bransjestandard Sentrale temaer Anonymitet - som default? Hvor lenge for de som samtykker til lagring? Analogi til bomringen? Forståelse for avregning