digital law and gdpr
TRANSCRIPT
![Page 1: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/1.jpg)
Privacy 2.0JacquesFolonPartnerEdgeConsulting
MaîtredeconférencesUniversitédeLiègeProfesseurICHECProfesseurinvitéUniversitédeLorraine(Metz)VisitingprofessorESCRennesSchoolofBusiness
JacquesFolonPartnerEdgeConsulting
MaîtredeconférencesUniversitédeLiègeProfesseurICHECProfesseurinvitéUniversitédeLorraine(Metz)VisitingprofessorESCRennesSchoolofBusiness
![Page 2: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/2.jpg)
http://www.jerichotechnology.com/wp-content/uploads/2012/05/SocialMediaisChangingtheWorld.jpg
![Page 3: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/3.jpg)
![Page 4: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/4.jpg)
Average number of Facebook « friends » in France: 170
30
![Page 5: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/5.jpg)
privacy ?????
5http://www.fieldhousemedia.net/wp-content/uploads/2013/03/fb-privacy.jpg
![Page 6: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/6.jpg)
6http://1.bp.blogspot.com/-NqwjuQRm3Co/UCauELKozrI/AAAAAAAACuQ/MoBpRZVrZj4/s1600/Party-Raccoon-Get-Friends-Drunk-Upload-Facebook.jpg
![Page 7: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/7.jpg)
The person who took the photo is a real friend
7http://cdn.motinetwork.net/motifake.com/image/demotivational-poster/1202/reality-drunk-reality-fail-drunkchicks-partyfail-demotivational-posters-1330113345.jpg
![Page 8: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/8.jpg)
privacy and graph search ?
![Page 9: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/9.jpg)
9
![Page 10: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/10.jpg)
10
![Page 11: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/11.jpg)
11
![Page 12: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/12.jpg)
12
![Page 13: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/13.jpg)
![Page 14: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/14.jpg)
![Page 15: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/15.jpg)
![Page 16: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/16.jpg)
From Big Brother to Big Other
![Page 17: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/17.jpg)
http://fr.slideshare.net/bodyspacesociety/casilli-privacyehess-2012def
Antonio Casili
• Importance of T&C
• Everybody speaks
• mutual surveillance
• Lateral surveillance
![Page 18: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/18.jpg)
geolocalisation
http://upload.wikimedia.org/wikipedia/commons/thumb/9/99/Geolocalisation_GPS_SAT.png/267px-Geolocalisation_GPS_SAT.png
![Page 19: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/19.jpg)
data collection
19
![Page 20: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/20.jpg)
20
![Page 21: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/21.jpg)
Interactions controlled by citizens in the Information Society
http://ipts.jrc.ec.europa.eu/home/report/english/articles/vol79/ICT1E796.htm
![Page 22: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/22.jpg)
Interactions NOT controlled by citizens in the Information Society
http://ipts.jrc.ec.europa.eu/home/report/english/articles/vol79/ICT1E796.htm
![Page 23: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/23.jpg)
GDPR
![Page 24: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/24.jpg)
![Page 25: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/25.jpg)
![Page 26: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/26.jpg)
![Page 27: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/27.jpg)
![Page 28: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/28.jpg)
![Page 29: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/29.jpg)
![Page 30: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/30.jpg)
![Page 31: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/31.jpg)
May25,2018GDPR!!!
![Page 32: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/32.jpg)
32
A.CONTEXT B.SOME DEFINITIONS C.THE 12 PRINCIPLES D.GDPR CONSEQUENCES E.METHODOLOGY
![Page 33: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/33.jpg)
A : CONTEXTE
33
![Page 34: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/34.jpg)
IN 3 WORDS
34
• GDPR IS A "REGULATION" >< "DIRECTIVE"
• WORLDWIDE INFLUENCE • CONSEQUENCES FOR COMPANIES
AND PUBLIC SECTOR
![Page 35: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/35.jpg)
35
MAY 2018
ENTRY INTO FORCE MAY 25,2018 DISCUSSED SINCE 2014 VOTED IN 2016
RISKS PENALTIES 4% ANNUAL TO 20 M € COMPENSATION IN COURT REPUTATION
IMPACT CONTRACT PROCESSES MARKETING ORGANISATION
![Page 36: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/36.jpg)
B : SOME DEFINITIONS…
36
![Page 37: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/37.jpg)
PERSONAL DATA
37
‘personal data’ means any information relating to an identified or identifiable natural person (‘data
subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by
reference to an identifier such as a name, an identification number, location data, an online
identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic,
cultural or social identity of that natural person;
![Page 38: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/38.jpg)
PROCESSING
38
‘processing’ means any operation or set of operations which is performed on personal data or
on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or
alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction,
erasure or destruction;
![Page 39: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/39.jpg)
CONTROLLER
39
controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and
means of the processing of personal data; where the purposes and means of such processing are
determined by Union or Member State law, the controller or the specific criteria for its nomination
may be provided for by Union or Member State law;
![Page 40: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/40.jpg)
processor or sub-contractor
40
processor means a natural or legal person, public authority, agency or other body which processes personal data on
behalf of the controller
![Page 41: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/41.jpg)
Sub-contractor
129
The Member States shall provide that the controller must, where processing is carried out on his behalf, choose a processor providing sufficient guarantees in respect of the technical security measures and organizational measures governing the processing to be carried out, and must ensure compliance with those measures
![Page 42: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/42.jpg)
42
The carrying out of processing by way of a processor must be governed by a contract or legal act binding the processor to the controller and stipulating in particular that: - the processor shall act only on instructions from the controller, - the obligations as defined by the law of the Member State in which the processor is established, shall also be incumbent on the processor
![Page 43: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/43.jpg)
data breach
43
personal data breach’ means a breach of security leading to the accidental or
unlawful destruction, loss, alteration, unauthorised disclosure of, or access to,
personal data transmitted, stored or otherwise processed
![Page 44: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/44.jpg)
C : 12 MAIN PRINCIPLES OF GDPR
44
1. Accountability2. Consumer/citizenrights3. Privacybydesign4. Informationsecurity5. Databreach6. Penalties7. identityaccessmanagement8. lawfulnessforprocessing9. Register10.RiskanalysisandPIA11.Training12.Dataprivacyofficer
![Page 45: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/45.jpg)
1/ ACCOUNTABILITY
45
![Page 46: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/46.jpg)
2/ Consumer/citizen's right
46
TRANSPARENCY SENSITIVE INFORMATIONS INFORMATION COLLECTED RIGHT OF ACCESS RIGHT TO RECTIFICATION RIGHT TO ERASE RIGHT OF PROCESSING LIMITATION PORTABILITY RIGHT OF OPPOSITION TO PROFILING
![Page 47: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/47.jpg)
3/ PRIVACY BY DESIGN
47
![Page 48: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/48.jpg)
4/INFORMATION SECURITY
48
![Page 49: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/49.jpg)
5/ DATA BREACH
49
![Page 50: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/50.jpg)
6/ PENALTIES
50
![Page 51: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/51.jpg)
7/ IDENTITY ACCESS MANAGEMENT
51
![Page 52: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/52.jpg)
8/ LAWFULNESS OF PROCESSING
52
CONSENT MUST BE EXPLICIT
![Page 53: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/53.jpg)
53
'the data subject's consent' shall mean any freely given specific and informed indication of his
wishes by which the data subject signifies his agreement to
personal data relating to him being processed
![Page 54: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/54.jpg)
54
![Page 55: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/55.jpg)
OPT IN
![Page 56: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/56.jpg)
56
Member States shall provide that personal data must be: (a) processed fairly and lawfully; (b) collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes. Further processing of data for historical, statistical or scientific purposes shall not be considered as incompatible provided that Member States provide appropriate safeguards; (c) adequate, relevant and not excessive in relation to the purposes for which they are collected and/or further processed; (d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that data which are inaccurate or incomplete, having regard to the purposes for which they were collected or for which they are further processed, are erased or rectified; (e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data were collected or for which they are further processed. Member States shall lay down appropriate safeguards for personal data stored for longer periods for historical, statistical or scientific use.
![Page 57: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/57.jpg)
57
Member States shall provide that personal data may be processed only if: (a) the data subject has unambiguously given his consent; or (b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; or (c) processing is necessary for compliance with a legal obligation to which the controller is subject; or (d) processing is necessary in order to protect the vital interests of the data subject; or (e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or in a third party to whom the data are disclosed
![Page 58: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/58.jpg)
58
Member States shall prohibit the processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of data concerning health or sex life
![Page 59: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/59.jpg)
125
Member States shall provide that the controller or his representative must provide a data subject from whom data relating to himself are collected with at least the following information, except where he already has it: (a) the identity of the controller and of his representative, if any; (b) the purposes of the processing for which the data are intended; (c) any further information such as - the recipients or categories of recipients of the data, - whether replies to the questions are obligatory or voluntary, as well as the possible consequences of failure to reply, - the existence of the right of access to and the right to rectify the data concerning him in so far as such further information is necessary, having regard to the specific circumstances in which the data are collected, to guarantee fair processing in respect of the data subject
![Page 60: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/60.jpg)
9/ RECORD OF PROCESSING ACTIVITIES
60
RECORD
![Page 61: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/61.jpg)
10/ RISK ANALYSIS AND PIA
61
![Page 62: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/62.jpg)
11/ TRAINING
62
![Page 63: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/63.jpg)
12/ DATA PRIVACY OFFICER
63
![Page 64: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/64.jpg)
D : CONSEQUENCES
64
![Page 65: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/65.jpg)
E : METHODOLOGY
65
![Page 66: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/66.jpg)
METHODOLOGY
66
1. PRELIMINARY AUDIT
2. RISK ANALYSIS
3. LIST OF SERVICES
4. RECORD OF PROCESSING ACTIVITIES
5. ACTION PLAN
6. SERACH FOR COMPLIANCE
7. SOLUTION FOR NON COMPLIANCE
8. CONTINUOUS PROCESSES
9. TRAINING
Préparation
Implémentation
Pérennisation
![Page 67: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/67.jpg)
Coockies
![Page 68: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/68.jpg)
international transfer
![Page 69: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/69.jpg)
Sub contractor
![Page 70: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/70.jpg)
INTERNAL TRAININGS
![Page 71: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/71.jpg)
SECURITY
SOURCE DE L’IMAGE: http://www.techzim.co.zw/2010/05/why-organisations-should-worry-about-security-2/
![Page 72: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/72.jpg)
Source : https://www.britestream.com/difference.html.
![Page 73: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/73.jpg)
Everything must be transparent
![Page 74: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/74.jpg)
![Page 75: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/75.jpg)
Article 16 Confidentiality of processing Any person acting under the authority of the controller or of the processor, including the processor himself, who has access to personal data must not process them except on instructions from the controller, unless he is required to do so by law
![Page 76: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/76.jpg)
Member States shall provide that the controller must implement appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing. Having regard to the state of the art and the cost of their implementation, such measures shall ensure a level of security appropriate to the risks represented by the processing and the nature of the data to be protected.
![Page 77: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/77.jpg)
86
SECURITY IS A LEGAL OBLIGATION
![Page 78: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/78.jpg)
What your boss thinks...
![Page 79: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/79.jpg)
Employees share (too) many information and also with third parties
![Page 80: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/80.jpg)
![Page 81: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/81.jpg)
Where do one steal data?
•Banks•Hospitals•Ministries•Police•Newspapers•Telecoms•...
Which devices are stolen?
•USB •Laptops•Hard disks•Papers•Binders•Cars
![Page 82: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/82.jpg)
63
RESTITUTIONS
![Page 83: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/83.jpg)
![Page 84: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/84.jpg)
84
![Page 85: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/85.jpg)
![Page 86: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/86.jpg)
154Source de l’image : http://ediscoverytimes.com/?p=46
![Page 87: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/87.jpg)
![Page 88: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/88.jpg)
![Page 89: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/89.jpg)
48
![Page 90: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/90.jpg)
4
By giving people the power to share, we're making the world more transparent.
The question isn't, 'What do we want to know about people?', It's, 'What do
people want to tell about themselves?'Data privacy is outdated !
Mark Zuckerberg
If you have something that you don’t want anyone to know, maybe you shouldn’t be
doing it in the first place.
Eric Schmidt
![Page 91: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/91.jpg)
PRIVACY VS SOCIAL NETWORKS
https://encrypted-tbn2.gstatic.com/images?q=tbn:ANd9GcQgeY4ij8U4o1eCuVJ8Hh3NlI3RAgL9LjongyCJFshI5nLRZQZ5Bg
![Page 92: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/92.jpg)
10
![Page 93: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/93.jpg)
![Page 94: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/94.jpg)
![Page 95: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/95.jpg)
![Page 96: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/96.jpg)
11
Privacy statement confusion
• 53% of consumers consider that a privacy statement means that data will never be sell or give
• 43% only have read a privacy statement
• 45% only use different email addresses
• 33% changed passwords regularly
• 71% decide not to register or purchase due to a request of unneeded information
• 41% provide fake info
112Source: TRUSTe survey
![Page 97: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/97.jpg)
http://www.psl.cs.columbia.edu/classes/cs6125-s11/presentations/2011/Presentation_Joyce_Chen.ppthy don’t we read privacy policies
![Page 98: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/98.jpg)
http://www.psl.cs.columbia.edu/classes/cs6125-s11/presentations/2011/Presentation_Joyce_Chen.ppthy don’t we read privacy policies
![Page 99: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/99.jpg)
![Page 100: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/100.jpg)
100SOURCE: http://mattmckeon.com/facebook-privacy/
![Page 101: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/101.jpg)
101
![Page 102: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/102.jpg)
102
![Page 103: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/103.jpg)
103
![Page 104: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/104.jpg)
104
![Page 105: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/105.jpg)
105
![Page 106: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/106.jpg)
106
![Page 107: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/107.jpg)
107http://e1evation.com/2010/05/06/growth-of-facebook-privacy-events/
![Page 108: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/108.jpg)
108
http://blogs.iq.harvard.edu/netgov/2010/05/facebook_privacy_policy.html
![Page 109: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/109.jpg)
![Page 110: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/110.jpg)
DATA PRIVACY & THE EMPLOYER
45http://i.telegraph.co.uk/multimedia/archive/02183/computer-cctv_2183286b.jpg
![Page 111: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/111.jpg)
SO CALLED HIDDEN COSTS
46http://www.theatlantic.com/technology/archive/2011/09/estimating-the-damage-to-the-us-economy-caused-by-angry-birds/244972/
![Page 112: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/112.jpg)
E-recruitment
74http://altaide.typepad.com/.a/6a00d83451e4be69e2015393d67f60970b-500wi
![Page 113: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/113.jpg)
IAM
![Page 114: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/114.jpg)
RISKS
SOURCE DE L’IMAGE : http://www.tunisie-news.com/artpublic/auteurs/auteur_4_jaouanebrahim.html
![Page 115: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/115.jpg)
Source: The Risks of Social Networking IT Security Roundtable Harvard TownsendChief Information Security Officer Kansas State University
![Page 116: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/116.jpg)
The new head of MI6 has been left exposed by a major personal security breach after his wife published intimate photographs and family details on the Facebook website.
Sir John Sawers is due to take over as chief of the Secret Intelligence Service in November, putting him in charge of all Britain's spying operations abroad.
But his wife's entries on the social networking site have exposed potentially compromising details about where they live and work, who their friends are and where they spend their holidays.
http://www.dailymail.co.uk
![Page 117: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/117.jpg)
Social Media Spam
Compromised Facebook account. Victim is now promoting a shady pharmaceutical
Source: Social Media: Manage the Security to Manage Your Experience; Ross C. Hughes, U.S. Department of Education
![Page 118: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/118.jpg)
Social Media Phishing
To: T V V I T T E R.com
Now they will have your username and password
Source: Social Media: Manage the Security to Manage Your Experience; Ross C. Hughes, U.S. Department of Education
![Page 119: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/119.jpg)
Social Media Malware
Clicking on the links takes you to sites that will infect your computer with malware
Source: Social Media: Manage the Security to Manage Your Experience; Ross C. Hughes, U.S. Department of Education
![Page 120: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/120.jpg)
Phishing
Sources/ Luc Pooters, Triforensic, 2011
![Page 121: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/121.jpg)
DATA THEFT
![Page 122: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/122.jpg)
Social engineering
Sources/ Luc Pooters, Triforensic, 2011
![Page 123: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/123.jpg)
Take my stuff, please!
Source: The Risks of Social Networking IT Security Roundtable Harvard TownsendChief Information Security Officer Kansas State University
![Page 124: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/124.jpg)
3rd Party Applications
•Games,quizzes,cutesiestuff•UntestedbyFacebook–anyonecanwriteone•NoTermsandCondiVons–youeitheralloworyoudon’t•InstallaVongivesthedevelopersrightstolookatyourprofileandoverridesyourprivacyseYngs!
Source: The Risks of Social Networking IT Security Roundtable Harvard TownsendChief Information Security Officer Kansas State University
![Page 125: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/125.jpg)
Right to be forgotten
• On 13.05.2014 the European Union Court of Justice backed a ruling called “the right to be forgotten,” which allows individuals to control their data and ask search engines, such as Google, to remove inadequate personal results from the Internet.
• However, the decision cannot be interpreted as a “victory” for the protection of the personal data of Europeans, according to privacy experts.
![Page 126: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/126.jpg)
• In 2010 a Spanish citizen lodged a complaint against a Spanish newspaper with the national Data Protection Agency and against Google Spain and Google Inc.
• The citizen complained that an auction notice of his repossessed home on Google’s search results infringed his privacy rights because the proceedings concerning him had been fully resolved for a number of years and hence the reference to these was entirely irrelevant.
• He requested, first, that the newspaper be required either to remove or alter the pages in question so that the personal data relating to him no longer appeared;
• and second, that Google Spain or Google Inc. be required to remove the personal data
![Page 127: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/127.jpg)
• In its ruling of 13 May 2014 the EU Court said :
• a)On the territoriality of EU rules: Even if the physical server of a company processing data islocated outside Europe, EU rules apply to search engine operators if they have a branch or a sub sidiary in a Member State which promotes the selling of advertising space offered by the search engine;
• b)On the applicability of EU data protection rules to a search engine : Search engines are controllers of personal data. Google can therefore not escape its responsibilities before European lawwhen handling personal data by saying it is a search engine. EU data protection law applies and so does the right to be forgotten.
• c) On the “Right to be Forgotten” : Individuals have the right - under certain conditions - to ask search engines to remove links with personal information about them. This applies where the information is inaccurate, inadequate, irrelevant or excessive for the purposes of the data
![Page 128: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/128.jpg)
• At the same time, the Court explicitly clarified that the right to be forgotten is not absolute but will always need to be balanced against other fundamental rights, such as the freedom of expression and of the media
![Page 129: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/129.jpg)
• Right to erasure (future rules?)
• 1. The data subject shall have the right to obtain from the controller the erasure of personal data relating to them and the abstention from further dissemination of such data, and to obtain from third parties the erasure of any links to, or copy or replication of that data, where one of the following grounds applies:
• (a) the data are no longer necessary in relation to the purposes for which they were collected or otherwise processed
• (b) the data subject withdraws consent on which the processing is based according
• (c) when the storage period consented to has expired and where there is no other legal ground for the processing of the data
![Page 130: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/130.jpg)
New EU Regulation• right to be forgotten
• no more notification to data privacy authorities
• data privacy officer
• up to 2% turnover penalty
• information of data theft
![Page 131: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/131.jpg)
Control by the employer
161SOURCE DE L’IMAGE: http://blog.loadingdata.nl/2011/05/chinese-privacy-protection-to-top-american/
![Page 132: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/132.jpg)
what your boss thinks
![Page 133: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/133.jpg)
BUT…
![Page 134: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/134.jpg)
May the employer control everything?
![Page 135: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/135.jpg)
Who controls what?
![Page 136: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/136.jpg)
Could my employer open my emails?
169
![Page 137: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/137.jpg)
137
CODE OF CONDUCTS
![Page 138: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/138.jpg)
![Page 139: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/139.jpg)
![Page 140: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/140.jpg)
![Page 141: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/141.jpg)
TELEWORKING
![Page 142: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/142.jpg)
Employer’s control
177http://fr.slideshare.net/olivier/identitenumeriquereseauxsociaux
![Page 143: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/143.jpg)
Big data
182
![Page 144: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/144.jpg)
SOLOMO
184http://www.youngplanneur.fr/wp-content/uploads/2011/06/companies-innovating.jpg
![Page 145: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/145.jpg)
Biometry
186
![Page 146: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/146.jpg)
facial recognition
187
![Page 147: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/147.jpg)
RFID & internet of things
188http://www.ibmbigdatahub.com/sites/default/files/public_images/IoT.jpg
![Page 148: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/148.jpg)
SECURITY ???
![Page 149: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/149.jpg)
87
“It is not the strongest of the species that survives, nor the most intelligent that survives. It is the one that is the most adaptable to change.”
C. Darwin
![Page 150: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/150.jpg)
![Page 151: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/151.jpg)
ANY QUESTIONS ?
![Page 152: Digital law and GDPR](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a647e9e7f8b9a27568b51c5/html5/thumbnails/152.jpg)