北郵國院大三電商在讀，隨課程進(jìn)行整理知識點(diǎn)。僅整理PPT中相對重要的知識點(diǎn)，內(nèi)容駁雜并不做期末突擊復(fù)習(xí)用。個人認(rèn)為相對不重要的細(xì)小的知識點(diǎn)不列在其中。如有錯誤請指出。轉(zhuǎn)載請注明出處，祝您學(xué)習(xí)愉快。

編輯軟件為Effie，如需要pdf/docx/effiesheet/markdown格式的文件請私信聯(lián)系或微信聯(lián)系

Week3

什么是隱私privacy

Privacy (noun) a state in which you are not watched or disturbed by others

隱私(名詞)一種你不被別人監(jiān)視或打擾的狀態(tài)

Privacy include

Bodily Privacy 人身隱私

• Protection of physical self 身體自我保護(hù)
  • E.g. Right to refuse medical treatment ? 拒絕醫(yī)療的權(quán)利

Territorial Privacy 領(lǐng)土的隱私

• Protection of our own physical space ? 保護(hù)我們自己的物理空間
  • E.g. Right to control who comes into your home ?控制誰來你家的權(quán)利

Communications Privacy 通信隱私

• Protection of mail/ telephone conversations/ emails/ etc ? 保護(hù)郵件/電話/電子郵件等

Information Privacy 信息隱私

• Protection of personal data 個人資料保護(hù)

How does technology threaten privacy?

Advances in technology 科技上的進(jìn)步

• Surveillance and collection of information 監(jiān)視和收集信息

Databasing 數(shù)據(jù)庫

• Collection, storage, exchange and processing of information about individuals. Profiling! 個人信息收集、存儲、交換和處理。分析

Ecommerce

• more collection and use of information than ever before! 信息的收集和使用比以往任何時候都多

Data Protection in the EU

Two key principles:

1. Article 8, Council of Europe Convention on Human Rights and Fundamental Freedoms: 《歐洲委員會人權(quán)和基本自由公約》第8條:

• Right to respect for private life 尊重私人生活的權(quán)利

2. Internal Market powers: 內(nèi)部市場力量:

• Free flow of information throughout the EU to promote the growth of the Single Market economy 信息在整個歐盟自由流動，促進(jìn)單一市場經(jīng)濟(jì)的增長
  • Threat to Single Market if protection not harmonized 如果保護(hù)不協(xié)調(diào)，對單一市場的威脅

EU Charter of Fundamental Rights and Freedoms ?

Charter is based on CoE’s European Convention on Human Rights (ECHR) (Same restrictions apply as in Aticle 8(2))

憲章以《歐洲人權(quán)公約》(ECHR)為基礎(chǔ)(與第8(2)條相同的限制適用)

• All EU Countries are also members of the CoE 所有歐盟國家也是CoE的成員
• Article 7 ‘Respect for private and family life’ 第七條“尊重私人和家庭生活”
  • Everyone has the right to respect for his or her private and family life, home and communications. 每個人的私人和家庭生活、住宅和通訊都有權(quán)受到尊重。
• Article 8 ‘Protection of personal data’ ? 第8條“個人資料保護(hù)”
  • Everyone has the right to the protection of personal data concerning him or her. ? 人人有權(quán)保護(hù)與他或她有關(guān)的個人資料。
  • Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified. ?此類數(shù)據(jù)必須為特定目的而公平處理，并在相關(guān)人員同意或法律規(guī)定的其他合法基礎(chǔ)上進(jìn)行處理。每個人都有權(quán)查閱被收集的有關(guān)他或她的數(shù)據(jù)，并有權(quán)要求糾正這些數(shù)據(jù)。
  • Compliance with these rules shall be subject to control by an independent authority. 這些規(guī)則的遵守應(yīng)由一個獨(dú)立的當(dāng)局加以監(jiān)督。

EU General Data Protection Regulation（GDPR - EU部分的絕對核心）

• Protection of personal data as a ‘fundamental right’ (Recital 1) 保障個人資料為一項“基本權(quán)利”

• “not an absolute right” - (Recital 4) “不是絕對的權(quán)利”

  • Must be balanced against other rights according to principle of proportionality 必須根據(jù)比例原則與其他權(quán)利相平衡

• Importance of co-operation between EU states in transborder data flows (internal market; also national authorities, e.g. police) (Recital 5) ? 歐盟國家在跨境數(shù)據(jù)流動(內(nèi)部市場;也包括國家當(dāng)局，例如警察)

• Technology (including social networking) has had a huge impact on level of information sharing by individuals (Recital 6) 技術(shù)(包括社交網(wǎng)絡(luò))對個人的信息共享水平產(chǎn)生了巨大的影響

• Need for amore coherent, unified response across EU (Recital 7) 需要在整個歐盟范圍內(nèi)采取一致一致的應(yīng)對措施

?

• Regulation applies directly, BUT MS should also incorporate into national law where appropriate (Recital 8) 法規(guī)直接適用，但在適當(dāng)情況下，MS也應(yīng)納入國家法律

• Importance of harmonisation (Recitals 9-13) ? 協(xié)調(diào)的重要性

• Needs of commercial actors of varying sizes (Recital 13) 不同規(guī)模的商業(yè)參與者的需求

• Protection to apply to information belonging to “natural persons” (Recital 14) 保護(hù)適用于屬于“自然人”的信息

?

• Protection should be technology neutral – includes both manual and automated storage and use (Recital 15) ? 保護(hù)應(yīng)該是技術(shù)中立的-包括手動和自動存儲和使用

• Protections apply to ecommerce as long as individual from whom personal data is collected is in the EU (Recitals 24 & 25) ? 只要被收集個人數(shù)據(jù)的個人在歐盟，這些保護(hù)措施就適用于電子商務(wù)

• Where an EU MS’s laws apply outside the EU, GDPR will also apply (Recital 25) 如果歐盟國家的法律適用于歐盟以外，則GDPR也將適用 ?

• Children merit specific protection (Recital 38) 兒童值得特別保護(hù)

【附GDPR全文鏈接，未覆蓋可自行查漏補(bǔ)缺：REGULATION (EU) 2016/ 679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL - of 27 April 2016 - on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/ 46/ EC (General Data Protection Regulation) (europa.eu)】

在GDPR Art.4 中定義的幾個術(shù)語

Data Subject 數(shù)據(jù)主體

• “An identified or identifiable natural person” “已識別或可識別的自然人”
• “one who can be identified, directly or indirectly” 可以直接或間接辨認(rèn)的人。

Has specific rights under EU DP Law

有歐盟法律規(guī)定的特定權(quán)利

Not limited to EU residents or citizens but any ‘subject’ of personal data within scope of EU DP Law

不限于歐盟居民或公民，而是歐盟數(shù)據(jù)保護(hù)法范圍內(nèi)的任何個人數(shù)據(jù)“主體”

Personal Data 個人數(shù)據(jù)

any information relating to an individual from which that person is identified or identifiable

任何與個人有關(guān)的資料，而該等資料可作為識別或識別該人的依據(jù)

• Unlimited in nature: 本質(zhì)上是無限的:
  • E.g., sound and image data from video surveillance may be personal data, email address 例如，來自視頻監(jiān)控的聲音和圖像數(shù)據(jù)可能是個人數(shù)據(jù)、電子郵件地址
• ‘identifiable’: considering all ways in which the data could reasonably be used “可識別的”:考慮數(shù)據(jù)可以合理使用的所有方式

Protected by the GDPR

• via series of: ?
  • obligations on controllers 控制人的義務(wù)
    • Compliance with data principles as presented ? 遵守所提出的數(shù)據(jù)原則
  • rights accorded to data subjects 給予資料當(dāng)事人的權(quán)利
    • Access, correction, deletion, redress 訪問，更正，刪除，糾正
  • Subject to enforcement by member states and overseen by EU regulator 受成員國執(zhí)行和歐盟監(jiān)管機(jī)構(gòu)監(jiān)督

Sensitive Data

For definition, see Recital 51

【Personal data which are, by their nature, particularly sensitive in relation to fundamental rights and freedoms merit specific protection as the context of their processing could create significant risks to the fundamental rights and freedoms. 就其性質(zhì)而言，對基本權(quán)利和自由特別敏感的個人數(shù)據(jù)值得特別保護(hù)，因為處理這些數(shù)據(jù)的背景可能對基本權(quán)利和自由造成重大風(fēng)險?！?/p>

Data with enhanced obligations and narrower exceptions because processing presents greater risk of harm to data subject because of its nature:

由于處理數(shù)據(jù)主體的性質(zhì)，其損害風(fēng)險更大，因此義務(wù)更強(qiáng)，例外范圍更窄的數(shù)據(jù):

• Health and medical data (‘data concerning health’ defined in Article 4)
• Race/ethnicity 種族與族群
• Gender
• Union/trade membership
• Religious or philosophical belief 宗教或哲學(xué)信仰
• Sexual orientation, practices 性取向、性行為
• Political affiliation 政治立場
• Criminal history (special category) 犯罪記錄
• Genetic Data (Defined in Article 4) 遺傳學(xué)數(shù)據(jù)
• Biometric Data (Defined in Article 4) 生物識別數(shù)據(jù)

GDPR Article 9 prohibits the processing of sensitive data

• Exception:
  • Explicit consent unless MS/EU law does not allow consent ? 明確同意，除非MS/EU法律不允許同意
  • Narrow exceptions 狹窄的例外

Consent 同意

• Explicit (cannot be implied) 必須明確同意(不能暗示)

Necessary to:

• More limited circumstances 更有限的情況
• Carry out obligations and specific rights of the controller authorized under national employment law that provides for adequate safeguards. ?履行提供充分保障的國家就業(yè)法授權(quán)的控制者的義務(wù)和具體權(quán)利。
• Protect the vital interests of the data subject or another person where data subject legally or physically incapable of giving consent. 在數(shù)據(jù)主體在法律上或身體上沒有能力給予同意的情況下，保護(hù)數(shù)據(jù)主體或其他人的重大利益。
  • Very serious health or safety threats 非常嚴(yán)重的健康或安全威脅
• Legitimate activities by a foundation, association or any other non-profit-seeking body with a political, philosophical, religious or trade union aim and with sufficient protections. ? 基金會、協(xié)會或任何其他以政治、哲學(xué)、宗教或工會為目的的非營利性機(jī)構(gòu)的合法活動，并有充分的保護(hù)。
• To the establishment, exercise or defence of a legal claim. 辯護(hù):對法律要求的確立、行使或辯護(hù)

Processing 處理

Any operation or set of operations, e.g.,

• collecting personal data
• using personal data
• mining, matching personal data
• storing personal data
• sharing personal data
• transferring personal data

Exemptions 豁免

GDPR Article 2.

Include:

• Activities which fall outside scope of EU law 不屬于歐盟法律范圍的活動
• Prevention/detection/prosecution/punishment of crimes 預(yù)防/偵查/起訴/懲治犯罪
• Processing for reasons ofnational security (Recital 16) 因國家安全原因處理
• Processing re EU’s common foreign and security policy (Recital 16) 加工是歐盟共同的外交和安全政策
• Purely personal or household activites, e.g.“correspondence and theholding ofaddresses, or social networking and online activityundertaken within the context of such activities.’’ (but facilitatorse.g. social networks NOT exempt when process this information)(Recital 18) See also Lindqvist case. 純粹的個人或家庭活動，例如“通信和持有地址，或在此類活動背景下進(jìn)行的社交網(wǎng)絡(luò)和在線活動”。而是促進(jìn)者。在處理這些信息時，社交網(wǎng)絡(luò)也不例外)
• Dead people (left up to Member States) (Recital 27) 死人(由會員國決定)
• Fully anonymised data (Article 11) 完全匿名的數(shù)據(jù)
• Statistical / historic /scientific research 統(tǒng)計/歷史/科學(xué)研究

Controller

Party or parties who determine the nature and means of processing. Can be:

決定處理性質(zhì)和方式的一方或多方。

• Public or private
• Natural or legal persons 自然人或法人

GDPR: Article 3

• Rules apply to processing by controller or processor established in the EU, even if processing takes place outside EU 規(guī)則適用于在歐盟設(shè)立的控制者或處理者的處理，即使處理發(fā)生在歐盟以外
• Processing by controller or processor not established in EU if: ? 由不在歐盟設(shè)立的控制者或處理者進(jìn)行處理，如果:
  • Offers goods or services to data subjects based in EU 為歐盟的數(shù)據(jù)主體提供商品或服務(wù)
    • No requirement that this is in exchange for payment ? 沒有要求這是支付的交換條件
  • Monitoring data subject behaviour within EU 監(jiān)控歐盟內(nèi)部數(shù)據(jù)主體的行為
• Anywhere not in the EU that Member State law applies via public international law 成員國法律通過國際公法適用于歐盟以外的任何地方

Obligations of Controllers

See Chapter IV of the GDPR.

Obligations include:

• Not to collect or process personal data unless legitimate basis 除非有合法依據(jù)，否則不得收集或處理個人資料
• Compliance with processing principles 符合處理原則
• Ensure confidentiality and security of personal data 確保個人資料的機(jī)密性和安全性
  • Use of “appropriate technical and organisational measures” 使用“適當(dāng)?shù)募夹g(shù)和組織措施”
  • Privacy by design 隱私設(shè)計
  • Notification of any breach 任何違約通知
• Keep adequate records of processing 保存足夠的加工記錄
• Not transfer data to 3rd country unless ‘a(chǎn)dequate’ protection 除非有足夠的保護(hù)，否則不要將數(shù)據(jù)轉(zhuǎn)移到第三國
• Co-operation with supervisory authority ?與監(jiān)管機(jī)構(gòu)合作
  • including notification of any breach 包括任何違約的通知
• Conduct Impact Assessments where necessary 必要時進(jìn)行影響評估
• Follow approved relevant industry codes of conduct where applicable 在適用的情況下遵循相關(guān)的行業(yè)行為準(zhǔn)則

【個人感覺最重要的是第一個和第三個】

Data Processor

One who processes data pursuant to the instructions of a controller

根據(jù)控制人的指令處理數(shù)據(jù)的人

• Must meet EU Law’s security requirements 必須符合歐盟法律的安全要求
• Must have contract with controller 必須與控制人簽訂合同
• Must process according to controller’s instructions 必須按照控制人的指示處理

Controller is responsible for compliance 控制人負(fù)責(zé)遵從性

Can be both processor and controller 可以同時是處理人和控制人

• E.g., uses data further beyond controller’s instructions 使用超出控制人指令的數(shù)據(jù)

Legitimate Basis for Data Processing 數(shù)據(jù)處理的合法依據(jù)

Consent – Article 6 (see also Recital 32)

• “clear, affirmative act” [affirmative = opt in] – controller must be able to evidence consent given “明確的，肯定的行為”——控制者必須能夠提供同意的證據(jù)

  • 

• Unambiguous, freely given and informed; data subject has right to withdraw consent at any time 明確的，自由給出的和知情的;數(shù)據(jù)主體有權(quán)隨時撤回同意

• Written, electronic, oral… 書面、電子、口頭……

• E.g.s – website tick box, browser settings 例如:網(wǎng)站復(fù)選框、瀏覽器設(shè)置

• Opt-out is insufficient 選擇退出是不夠的

• Correlation with ‘fair’ 與“公平”的相關(guān)性

• Employees?

OR

Necessary – Article 6

• To comply with obligation 履行義務(wù)
  • performance of contract with data subject 履行與資料當(dāng)事人訂立的合約
  • of law on the controller 關(guān)于控制器的法律
• To protect vital interests of data subject 保障資料當(dāng)事人的切身利益
• Necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller 為履行為公眾利益而執(zhí)行的任務(wù)或行使賦予管理人的官方權(quán)力所必需的
• To protect legitimate interests of controller or 3rd party to whom data disclosed unless fundamental rights override 保護(hù)數(shù)據(jù)披露的控制者或第三方的合法利益，除非基本權(quán)利優(yōu)先

GDPR Article 21

• Right to object to processing of personal data where: 在下列情況下反對處理個人資料的權(quán)利:
  • Processing in the public interest or exercise of lawful authority 為公共利益或行使合法權(quán)力而處理
  • Necessary for the purposes of legitimate interests of a third party 為了第三方的合法利益所必需的
  • Controller can only continue to process where candemonstrate an overriding case (test of proportionality) 控制者只有在能夠證明有壓倒性的情況下才能繼續(xù)處理(比例性測試)
• Data subject to be informed of this right “at the latest” at time of firm communication with data subject 數(shù)據(jù)主體“最遲”在與數(shù)據(jù)主體確定通信時被告知此權(quán)利

Consent: Children

GDPR Article 8:

• Information Society Services Offered Directly to Children (e.g. social media) 直接為兒童提供的資訊社會服務(wù)(例如社交媒體)
• Child’s consent lawful from 16. 兒童同意從16歲起合法。
  • Children under 16 – must be confirmed by “holder of parental consent” 16歲以下兒童-必須由“家長同意持有人”確認(rèn)
    • Controller must take reasonable steps to ensure this 控制者必須采取合理的措施來確保這一點(diǎn)
  • Member States permitted to have lower age in national law, subject to minimum of 13 國家法律允許年齡較低的會員國，但不超過13歲
• No effect on general laws re contract validity 不影響合同效力的一般法律

Compliance with Principles

GDPR Article 5: Principles relating to processing of personal data

GDPR第5條:個人數(shù)據(jù)處理的原則

• Lawfulness, Fairness & Transparency 合法、公平、透明
  • Controller must be able to demonstrate compliance (‘Accountability’) 控制者必須能夠證明合規(guī)(“問責(zé)制”)
• Purpose Limitation 目的限制
• Data Minimisation 數(shù)據(jù)最小化
• Accuracy 準(zhǔn)確性
• Storage Limitation 限量設(shè)定
• Integrity and Confidentiality 數(shù)據(jù)完整性和隱私保護(hù)

Lawfulness, Fairness & Transparency

Fairness: determined with regard to the circumstances

公平:根據(jù)情況而定

Transparency about processing:

處理的透明度:

• Who, what, where, why processed, how long will be stored, source of data (if not data subject) consequences, including also: 誰、什么、在哪里、為什么處理、將存儲多長時間、數(shù)據(jù)來源(如果不是數(shù)據(jù)主體)后果，還包括:
  • Absence of any adequacy findings for 3rd countries and means of adequacy safeguards (includes how to get a copy) 缺乏針對第三國的任何充分性調(diào)查結(jié)果和充分性保障手段(包括如何獲得副本)
  • Right to complain to supervisory authority 向監(jiān)管機(jī)構(gòu)投訴的權(quán)利
  • Identity of company data protection officer (if there is one) 公司資料保障主任的身份(如有)
  • Whether such disclosure is statutory (legislation) or by contract (terms of agreement with data subject) 該等披露是法定(法例)或透過合約(與資料當(dāng)事人的協(xié)議條款)
  • Whether any automated decision making will take place –and if so, implications of same for data subject 是否會進(jìn)行自動化決策，如果是，對數(shù)據(jù)主體的影響
  • Right to withdraw consent & right to data portability made clear 撤銷同意的權(quán)利和數(shù)據(jù)可移植性的權(quán)利明確

Lawfully

Corresponds to legitimate processing

對應(yīng)于合法處理

Consent

• Nature
  • ‘freely given, specific and informed’ “自由給出，具體和知情”
  • Clear ‘opt in’ 清晰的“選擇性加入”
  • “Ambiguous” –v- explicit 模棱兩可的 v 清楚明白的

Lawfully Processed 依法處理

Obligation for certain data 對某些資料的義務(wù)

• Sensitive data only on explicit consent or more compelling alternative grounds (e.g. matter of life and death!) 只有在明確同意或更令人信服的其他理由(例如生死攸關(guān)!)的情況下才提供敏感數(shù)據(jù)。

Timing

• Provided at or prior to processing – see Recital 61 加工時或加工前提供的
• unless data subject already has this information – see Recital 62 除非數(shù)據(jù)主體已經(jīng)有了這些信息
• “Within a reasonable period” if from 3rd party- see Recital 61 如果來自第三方，“在合理期限內(nèi)”

Other lawful basis:

• Necessity

Processing Without Consent: Safeguards 未經(jīng)同意的處理:保障措施

Article 6: Where processing PD for further purpose without consent, Controller must take into account:

第6條:如果未經(jīng)同意將個人數(shù)據(jù)用于其他目的，控制者必須考慮:

• any link between the purposes for which collected and intended further use 收集目的與預(yù)期進(jìn)一步使用目的之間的任何聯(lián)系
• the context in which the personal data have been collected 收集個人資料的背景
  • Esp. the relationship between data subjects and the controller 特別是數(shù)據(jù)主體與控制器之間的關(guān)系

the nature of the personal data

個人資料的性質(zhì)

• Sensitive personal data involved? 涉及敏感的個人資料?
• Personal data relating to criminal convictions? 與刑事定罪有關(guān)的個人資料?

Possible consequences for data subjects

對資料當(dāng)事人可能造成的后果

Existence of appropriate safeguards 是否有適當(dāng)?shù)谋Ｕ洗胧?/p>

• E.g. encryption or pseudonymisation 例如加密或假名化

Further Data Subject Rights

沒詳細(xì)講，這里我們也略過

Storage Limitation

GDPR Article 25: “Data protection by design and default”

GDPR第25條:“設(shè)計和默認(rèn)的數(shù)據(jù)保護(hù)”

• Appropriate technical and organizational measures for security/integrity of data 適當(dāng)?shù)募夹g(shù)和組織措施，以確保數(shù)據(jù)的安全性/完整性
• Only personal data necessary for each activity is processed 只處理每項活動所需的個人資料
• 

GDPR Article 32: “Security of Processing” GDPR第32條:“處理的安全性”

• “appropriate technical and organisational measures to ensure a level of security appropriate to the risk” “適當(dāng)?shù)募夹g(shù)和組織措施，以確保與風(fēng)險相適應(yīng)的安全水平”
  • E.g. encryption; regular testing and updating 如加密;定期測試和更新
• Sliding Scale 滑動比例
  • Nature of data, processing, costs, ‘state of the art’, what is customary, etc. 數(shù)據(jù)的性質(zhì)、處理、成本、“技術(shù)水平”、習(xí)慣等等。
• Must include in contracts with processors 必須包含在與處理人的合同中
• 

Duty to notify unaddressed risks of breach of security and possible remedies - “without undue delay”

有責(zé)任通知未解決的違反安全的風(fēng)險和可能的補(bǔ)救措施-“不無故拖延”

• To Supervisory Authority – Article 33 對監(jiān)管機(jī)構(gòu)

  • 

• To Data Subjects affected or potentially affected by breach - Article 34 對受違規(guī)影響或可能受違規(guī)影響的數(shù)據(jù)主體

  • 

Other Duties

Supervisory authority under GDPR

GDPR下的監(jiān)管機(jī)構(gòu)

• Article 51

  • Each member state to appoint national DP authority 各成員國指定國家DP權(quán)力機(jī)構(gòu)
  • Operation: independent of national government 運(yùn)作:獨(dú)立于國家政府

• Tasks - Article 57

  • Monitor & enforce GDPR, advise national legislatures, educate the public, investigate complaints… 監(jiān)督和執(zhí)行GDPR，為國家立法機(jī)構(gòu)提供建議，教育公眾，調(diào)查投訴……

• Powers – Article 58

• Activity Reports – Article 59

Data Transfers 數(shù)據(jù)傳輸【重點(diǎn)】

Data transfers within EU:

• Subject to GDPR (See Article 44)

  • 

  • (And any relevant national provisions & exemptions)

Data Transfers outside the EU

Article 45-50 GDPR

• Transfer from EU to third countries (or from one third country to another) only where: 只有在下列情況下才從歐盟轉(zhuǎn)移到第三國(或從一個第三國轉(zhuǎn)移到另一個第三國):
  • “Adequate protection” for data is available 對數(shù)據(jù)有“充分的保護(hù)”
    • Third country’s law 第三國法律
    • alternative mechanism if Controller/Processor has provided “appropriate safeguards” (e.g. approved code of conduct) 如果控制者/處理者提供了“適當(dāng)?shù)谋Ｕ洗胧?例如，批準(zhǔn)的行為準(zhǔn)則)，則替代機(jī)制
    • Foreign Court orders – but only if based on international law recognised by EU 外國法院的命令——但前提是基于歐盟承認(rèn)的國際法
  • Very limited derogations from adequacy requirement 對充分性要求的非常有限的減損
    • E.g. explicit consent, necessity. 例如明確同意，必要性。
  • NOTE: simply uploading to a website is not an international transfer – material is located where hosting server is located. 注意:簡單地上傳到一個網(wǎng)站不是國際傳輸-材料位于主機(jī)服務(wù)器所在的位置。

Transfers of Data Outside the EU

Commerce: increasingly international

商業(yè):日益國際化

• Transfers of huge quantities of personal data 大量個人數(shù)據(jù)的傳輸
  • Customers
  • Employees / staff
• Transfers between and among units of the same corporate enterprise located in different countries 同一法人企業(yè)位于不同國家的單位之間的轉(zhuǎn)移
  • Several MNCs headquartered in the US 幾家跨國公司的總部設(shè)在美國
• Globalisation of trade 貿(mào)易全球化
  • Why process personal data overseas? 為何在海外處理個人資料?
  • Cost & efficiency 成本和效率
• So how is data transferred outside the EU under the General Data Protection Regulation? 那么，根據(jù)《通用數(shù)據(jù)保護(hù)條例》，數(shù)據(jù)是如何轉(zhuǎn)移到歐盟以外的?
  • Adequate protection of personal data 充分保障個人資料

Purpose of DP laws defeated if data sent where no protection

如果數(shù)據(jù)發(fā)送到?jīng)]有保護(hù)的地方，DP法律的目的就會失敗

GDPR Article 45

• “A transfer of personal data to a third country or an international organisation may take place where the Commission has decided that [it] ensures an adequate level of protection.” “將個人數(shù)據(jù)轉(zhuǎn)移到第三國或國際組織可能發(fā)生在歐盟委員會認(rèn)為(它)確保了足夠保護(hù)水平的地方。”
• Where Commission has made an adequacy ruling, no specific authorisation for transfer required 如委員會已作出充分性裁定，是否無須特別授權(quán)轉(zhuǎn)讓
• Note: Lindqvist ruling of the CJEU that uploading to a website is not such a transfer still valid 注意:CJEU的Lindqvist裁決，上傳到網(wǎng)站不是這種轉(zhuǎn)移仍然有效

Alternatives routes to adequacy (other than in national law) set out in Article 46. Must provide: ?

第46條規(guī)定的充分性的替代途徑(國內(nèi)法以外)。必須提供:

• “appropriate safeguards” ?“適當(dāng)?shù)谋Ｕ稀?/li>
• Enforceable data subject rights available ? 可執(zhí)行的數(shù)據(jù)主體權(quán)利可用
• Effective legal remedies for data subjects available 數(shù)據(jù)主體可獲得有效的法律救濟(jì)

【如果沒有根據(jù)第45（3）條而做出的決定，控制者或處理者只有提供適當(dāng)?shù)谋Ｕ洗胧?，以及為?shù)據(jù)主體提供可執(zhí)行的權(quán)利與有效的法律救濟(jì)措施，才能將個人數(shù)據(jù)轉(zhuǎn)移到第三國或一個國際組織。】

Derogations 廢除例外

Article 49: exceptions to the ‘a(chǎn)dequate protection’ requirement

第49條:“充分保護(hù)”要求的例外情況

• Explicit consent of data subject to transfer 明確同意資料轉(zhuǎn)移
  • Must be informed of possible risks due to absence of appropriate safeguards’ + adequate protection 必須被告知由于缺乏適當(dāng)?shù)谋Ｕ洗胧?充分保護(hù)而可能存在的風(fēng)險。

Disadvantages:

• Do individuals really pay attention to warnings? 個人真的會注意警告嗎?
• Disputable value in employment relationships – consent not given ‘freely’ 雇傭關(guān)系中有爭議的價值-并非“自由”給予同意
• What about individuals who do not provide consent, others do, how is data to be segregated? 那些不同意而其他人同意的人怎么辦，數(shù)據(jù)如何被隔離?

Article 49: exceptions to the ‘a(chǎn)dequate protection’ requirement : NECESSITY

第49條:“充分保護(hù)”要求的例外情況:必要性

• The transfer is necessary or legally required on important public interest grounds (A49(1)(d)) 第49條:“充分保護(hù)”要求的例外情況:必要性
  • For example, the prevention of crime or the fight against terrorism 例如，預(yù)防犯罪或打擊恐怖主義
  • Exchange of PNR data between EU member states and US, Canada and Australia 歐盟成員國與美國、加拿大和澳大利亞交換PNR數(shù)據(jù)
• the transfer is necessary or legally required for the establishment, exercise or defence of legal claims (A49(1)(e)) 轉(zhuǎn)讓是設(shè)立、行使或辯護(hù)法定權(quán)利要求的必要或法律要求
  • Includes obtaining legal advice or otherwise for establishing, exercising or defending legal rights 包括獲取法律意見或以其他方式建立、行使或捍衛(wèi)合法權(quán)利
  • The legal proceedings do not necessarily have to involve the data controller or the data subject. 法律程序不一定要涉及數(shù)據(jù)控制者或數(shù)據(jù)主體。
• The transfer is necessary in order to protect the vital interests of the data subject (A49(1)(f)) 為了保護(hù)資料當(dāng)事人的切身利益，轉(zhuǎn)移是必要的
  • “data subject is physically or legally incapable of giving consent” “資料當(dāng)事人在身體上或法律上沒有能力給予同意”
  • Must be a life-or-death situation! 一定是生死攸關(guān)的情況!
  • For example, example the transfer of medical records where an individual has been in a serious accident abroad 例如，當(dāng)個人在國外發(fā)生嚴(yán)重事故時，醫(yī)療記錄的轉(zhuǎn)移
• Transfer is made from a register which according to EU/MS law (Article 49(1)(g)) is: 根據(jù)歐盟/歐盟法律(第49(1)(g)條)，從登記冊進(jìn)行轉(zhuǎn)移:
  • intended to provide information to the public 旨在向公眾提供信息
  • available to general public or “any person who can demonstrate a legitimate interest” 公眾或“任何能證明其合法利益的人”均可獲得
  • Subject to conditions in EU/MS law 根據(jù)歐盟/美國法律的條件
• Transfer necessary for performance of contract 履行合同所必需的轉(zhuǎn)讓
  • between data controller and data subject (Article 49(1)(b)) 在數(shù)據(jù)控制人和數(shù)據(jù)主體之間
  • or
  • Between controller and another natural or legal person in the interests of the data subject (Article 49(1)?) 在控制者和代表數(shù)據(jù)主體利益的另一個自然人或法人之間

關(guān)于necessary的例子

1. A French company uses a call centre located in India for customer enquiries?

• 不是necessary的。因為可以不傳到India去處理

2. Chinese airline transfers the reservation details of a UK passenger to its main reservation computer in China?

• 不是necessary的。因為傳輸是必要的，但是這個computer可以不設(shè)在歐盟之外的地方

3. A German travel agent confirms the booking of a German tourist to a hotel in Namibia?

• 是necessary的，因為預(yù)定的信息必須傳到Namibia才可以讓那邊的hotel知道

General Adequacy Criteria 一般充分性準(zhǔn)則

Commission adequacy decisions (including legacy decisions) to be be reviewed at least every four years § Adequacy decisions may be repealed, amended, suspended

委員會充分性決定(包括遺留決定)至少每四年審查一次。充分性決定可以被廢除、修改、暫停

What is ‘a(chǎn)dequate’ protection?

• Aim: EU citizens should have same protection when data transferred out of EU 目的:歐盟公民在數(shù)據(jù)轉(zhuǎn)移出歐盟時應(yīng)享有同樣的保護(hù)

All circumstances concerning data transfer considered (Article 45(2)):

所有與數(shù)據(jù)傳輸有關(guān)的情況(第45(2)條):

(a) Rule of law, respect for human rights & fundamental freedoms, relevant law in third country, professional rules & security measures (including rules for onward transfer of data to another third country / international organisation), case-law, effective and enforceable subject rights & legal remedies

法治、尊重人權(quán)和基本自由、第三國相關(guān)法律、專業(yè)規(guī)則和安全措施(包括將數(shù)據(jù)轉(zhuǎn)移到另一個第三國/國際組織的規(guī)則)、判例法、有效和可執(zhí)行的主體權(quán)利和法律補(bǔ)救措施

(b) Are there any supervisory authorities who can ensure protections are enforced?

是否有任何監(jiān)管機(jī)構(gòu)可以確保保護(hù)措施得到執(zhí)行?

? Has the third country committed to any legally binding international rules on protecting personal data?

第三國是否承諾遵守任何具有法律約束力的保護(hù)個人資料的國際規(guī)則?

Nature of the Data

Commission will require higher standards for transferring sensitive personal data to a third country (i.e. one outside the EU)

歐盟委員會將對將敏感個人資料轉(zhuǎn)移至第三國(即歐盟以外的國家)提出更高的標(biāo)準(zhǔn)

• For example, health data.

Transfer of data that poses little risk to the rights and freedoms of individuals, does not usually require the same level of protection

對個人權(quán)利和自由構(gòu)成很小風(fēng)險的數(shù)據(jù)傳輸通常不需要同樣程度的保護(hù)

• For example, transfer of a list of internal telephone extensions to overseas subsidiaries of a multinational company 例如，向跨國公司的海外子公司轉(zhuǎn)讓內(nèi)部電話分機(jī)號碼清單

Purpose and duration 目的和期限

Data controller must take into account the purposes for which the data is transferred

數(shù)據(jù)控制者必須考慮數(shù)據(jù)傳輸?shù)哪康?/p>

• some purposes will carry a lesser risk to the rights of data subjects than others 某些用途對資料當(dāng)事人權(quán)利的風(fēng)險較其他用途小

Data exporters must ensure that:

數(shù)據(jù)導(dǎo)出者必須確保:

• processing time in the third country is kept to a minimum; and 第三國的處理時間被保持在最低限度
• data is deleted by the data importer as soon as it is no longer required for the intended purpose 一旦預(yù)期目的不再需要數(shù)據(jù)，數(shù)據(jù)導(dǎo)入器就會刪除數(shù)據(jù)

Remember, Data Controllers will be held accountable for actions of processors in third countries!

請記住，數(shù)據(jù)控制者將對第三國處理者的行為負(fù)責(zé)！

不需要監(jiān)管批準(zhǔn)的"Appropriate Safuguard"的幾種情況

“Appropriate safeguards” which do not require approval by supervisory authority:

不需要監(jiān)管機(jī)構(gòu)批準(zhǔn)的“適當(dāng)保障措施”:

• Legally binding and enforceable instruments between public bodies / authorities (Treaties) 公共機(jī)構(gòu)/當(dāng)局之間具有法律約束力和可執(zhí)行性的文書(條約)

• Binding Corporate Rules (A47) 約束公司規(guī)則【后面會稍微詳細(xì)的說一點(diǎn)這個】

  • 

• European Commission’s standard contractual clauses 歐盟委員會的標(biāo)準(zhǔn)合同條款

• Standard contractual clauses adopted by national DPA and approved by Commission 國家DPA采用并經(jīng)委員會批準(zhǔn)的標(biāo)準(zhǔn)合同條款

• Approved Code of Conduct (A40) 認(rèn)可的行為準(zhǔn)則

• Approved certification mechanism (A42) 認(rèn)可的認(rèn)證機(jī)制

需要監(jiān)管批準(zhǔn)的"Appropriate Safuguard"的幾種情況

“Appropriate safeguards” which do require approval by supervisory authority:

需要監(jiān)管機(jī)構(gòu)批準(zhǔn)的“適當(dāng)保障措施”:

• Contractual arrangements between party in EU (Controller or Processor) and party in third country (controller/processor/recipient) or international organisation 歐盟一方(控制者或處理者)與第三國一方(控制者/處理者/接收者)或國際組織之間的合同安排
• Provisions inserted in administrative arrangements between public authorities or bodies which include enforceable and effective data subject rights 在公共當(dāng)局或機(jī)構(gòu)之間的行政安排中插入的條款，包括可執(zhí)行的和有效的數(shù)據(jù)主體權(quán)利

Certification - GDPR A42

National authorities & European Commission to encourage EU “data protection mechanisms…seals and marks”

各國政府和歐盟委員會鼓勵歐盟“數(shù)據(jù)保護(hù)機(jī)制……印章和標(biāo)志”

• Certifying that specific data controllers in third countries provide EU-level of protection (see US Privacy Shield) 證明第三國的特定數(shù)據(jù)控制者提供歐盟級別的保護(hù)(參見美國隱私盾)
• Certification must be voluntary and transparent 認(rèn)證必須是自愿和透明的
• Must be monitored; can be withdrawn for non-compliance 必須被監(jiān)控;是否可以因違規(guī)而撤銷
• Certification bodies and processes must be properly approved GDPR A43 認(rèn)證機(jī)構(gòu)和流程必須符合GDPR A43的要求

Privacy Shield

單向的，EU→US

Privacy Shield Principles:

• Notice 注意
• Choice 選擇
• Accountability for Onward Transfers 繼續(xù)轉(zhuǎn)移的問責(zé)制
• Security 安全
• Data Integrity and Purpose Limitation 數(shù)據(jù)完整性和目的限制
• Access 入口
• Recourse, Enforcement and Liability 追索權(quán)、執(zhí)行和責(zé)任

隱私盾總體表現(xiàn)很好，但仍有需要改進(jìn)的地方（答題可以用，反正就是可以完善，具體怎么完善感覺沒啥用）

Key implications of the Privacy Shield 隱私盾的主要影響

Exposure to civil & criminal proceedings in US

在美國面臨民事和刑事訴訟

Public statement of commitment may highlight local differences

公開承諾可能會突出地方差異

Only available to organisations regulated by the Department of Commerce or the Department of Transport

僅適用于由商務(wù)部或運(yùn)輸部監(jiān)管的組織

Only covers transfers to the US and only from Europe

只涵蓋向美國和歐洲的轉(zhuǎn)賬

How robust is the Privacy Shield? 隱私盾有多強(qiáng)大?

• Vulnerable to attack on similar grounds to Safe Harbor 易受攻擊的理由與安全港相似

Other forms of adequate safeguards

Binding Corporate Rules (BCR) (GDPR A47)

具有約束力的公司規(guī)則(BCR)

EU Model Clauses [Standard Contractual Clauses SCC)] (GDPR A93)

歐盟示范條款〔標(biāo)準(zhǔn)合約條款〕

Standard contractual clauses adopted by national DPA and approved by Commission (A93)

國家DPA采用并經(jīng)委員會批準(zhǔn)的標(biāo)準(zhǔn)合同條款

Approved Code of Conduct (A40)

認(rèn)可的行為準(zhǔn)則

Approved certification mechanism (A42)

認(rèn)可的認(rèn)證機(jī)制

Binding Corporate Rules

有約束力的公司規(guī)則是歐盟數(shù)據(jù)保護(hù)監(jiān)管部門第29條工作組在2003年提出來的，主要是規(guī)范分支機(jī)構(gòu)位于不同國家的跨國企業(yè)內(nèi)部的跨境數(shù)據(jù)流動。

有約束力的公司規(guī)則需要得到負(fù)責(zé)處理個人數(shù)據(jù)的分支機(jī)構(gòu)所在國家數(shù)據(jù)保護(hù)監(jiān)管部門的批準(zhǔn)。簽訂約束性企業(yè)規(guī)則的好處，在于為跨國企業(yè)集團(tuán)制定了統(tǒng)一的數(shù)據(jù)保護(hù)政策框架，有助于通過合同、政策和紀(jì)律等手段統(tǒng)一協(xié)調(diào)跨國企業(yè)集團(tuán)內(nèi)部個人數(shù)據(jù)保護(hù)的實(shí)務(wù)操作。

【來源：有約束力的公司規(guī)則_百度百科 (baidu.com)】

Facilitate TBDF within particular corporate groups – saves paperwork

促進(jìn)特定公司集團(tuán)內(nèi)部的TBDF -節(jié)省文書工作

Article 47 GDPR sets out requirements

GDPR第47條規(guī)定了要求

• 

• 又臭又長，沒啥大用

National DPAs / European Commission to approve

國家dpa /歐盟委員會批準(zhǔn)

Code of Conduct drafted – containing privacy policy of the entire enterprise

行為準(zhǔn)則起草——包含整個企業(yè)的隱私政策

• Each entity included in the enterprise subscribes 企業(yè)中包含的每個實(shí)體都訂閱
• Enables data subjects to enforce code against the enterprise 使數(shù)據(jù)主體能夠針對企業(yè)強(qiáng)制執(zhí)行準(zhǔn)則

Supervisory Authorities (National DPAs) to ensure consistency of applying the rules

監(jiān)管機(jī)構(gòu)(國家dpa)確保適用規(guī)則的一致性

• Pre-GDPR approvals still valid, though can be reviewed GDPR之前的批準(zhǔn)仍然有效，但可以進(jìn)行審查

Standard Contractual Clauses (SCCs) 標(biāo)準(zhǔn)合約條款(SCCs)

European Commission or National DPA (e.g. UK ICO) can adopt standard clauses

歐盟委員會或國家DPA(如英國ICO)可以采用標(biāo)準(zhǔn)條款

• Businesses can use these without approval 企業(yè)可以在未經(jīng)批準(zhǔn)的情況下使用這些工具

or

Companies can come up with their own and seek Commission / DPA approval

公司可以提出自己的方案，并尋求歐盟委員會/ DPA的批準(zhǔn)

Standard Contractual Clauses: The 2010 Version（最新版）

February 2010: European Commission adopts revised “controller-to-processor” SCCs.

2010年2月:歐盟委員會采用修訂的“控制者到處理者”SCCs。

• takes account of the expansion of processing activities outsourced by EU businesses to companies in third countries 考慮到歐盟企業(yè)外包給第三國公司的加工活動的擴(kuò)大
• includes specific provisions allowing the outsourcing by the data processor of its processing activities to other sub- processors 包括允許數(shù)據(jù)處理者將其處理活動外包給其他子處理者的具體規(guī)定

Codes of Conduct - GDPR A40 行為準(zhǔn)則

National Supervisory Authorities & EC to encourage creation of codes of conduct “for various processing sectors”

國家監(jiān)管機(jī)構(gòu)和歐共體鼓勵為“各種加工部門”制定行為準(zhǔn)則

• Types of information, business, needs of particular business sector 信息類型，業(yè)務(wù)，特定業(yè)務(wù)部門的需求

“Associations and other bodies representing categories of controllers or processors may prepare codes of conduct…”

“代表控制者或處理者類別的協(xié)會和其他機(jī)構(gòu)可以制定行為準(zhǔn)則……”

• Codes to be approved by national DPAs (Supervisory authorities) or European Commission 由國家dpa(監(jiān)管機(jī)構(gòu))或歐盟委員會批準(zhǔn)的準(zhǔn)則

Codes not themselves binding law, (though help to obey the law),

準(zhǔn)則本身并不具有法律約束力(雖然有助于遵守法律)，

BUT

• If made binding by legal instrument (e.g. by contract) on party in third country, can provide “appropriate safeguards” 如果通過法律文書(例如通過合同)對第三方具有約束力，可以提供“適當(dāng)?shù)谋Ｕ稀薄?/li>
• Day to day monitoring of approved codes can be by accredited body – GDPR A41 經(jīng)認(rèn)可的機(jī)構(gòu)GDPR A41可以對批準(zhǔn)的準(zhǔn)則進(jìn)行日常監(jiān)控

Online Service Providers

Internet “actors”: Internet Access Provider :

互聯(lián)網(wǎng)“參與者”:互聯(lián)網(wǎng)接入提供商;

• deal with internet access only 只處理互聯(lián)網(wǎng)訪問
• Individual has to subscribe 個人必須訂閱
• Providing personal data 提供個人資料
• IAP: log the date, time, duration, IP address IAP:記錄日期，時間，持續(xù)時間，IP地址
  • Q: Is the above information “personal data”? 上述資料是否屬“個人資料”?
  • A: YES, if possible to link the logbook to the IP address of a user 是，如果可能，將日志鏈接到用戶的IP地址

Internet “actors”: Internet Service Providers (ISPs) 互聯(lián)網(wǎng)服務(wù)供應(yīng)商

• Provide services to individuals and companies on the web 在網(wǎng)絡(luò)上為個人和公司提供服務(wù)
  • Webhosting, newsgroup access, FTP access, email 網(wǎng)站托管，新聞組訪問，F(xiàn)TP訪問，電子郵件
• Own/ hire a permanent TCP/IP connection, use servers permanently connected to the Internet 擁有/租用一個永久的TCP/IP連接，使用永久連接到Internet的服務(wù)器
• Servers equipped with protocols: gather personal data 配備協(xié)議的服務(wù)器:收集個人數(shù)據(jù)
• http servers: logbook or logfile created systematically: may contain all or some data present in the http request header (browser chattering) and the IP address 系統(tǒng)創(chuàng)建的日志或日志文件可能包含http請求頭(瀏覽器抖動)和IP地址中存在的全部或部分?jǐn)?shù)據(jù)
  • Is this personal data?
  • YES, according to some, NO, according to others 一些人認(rèn)為是，另一些人認(rèn)為不是

[Note: IAPs frequently provide ISP services – ISP used as a combined term]

[注:IAPs通常提供ISP服務(wù)- ISP用作組合術(shù)語]

Internet “actors”: Information Society Service Providers 信息社會服務(wù)提供者

• Provide online services, sell or advertise their goods or services online (retailers, UGC platforms, social media sites etc.) 提供在線服務(wù)，在網(wǎng)上銷售或宣傳他們的商品或服務(wù)(零售商，UGC平臺，社交媒體網(wǎng)站等)
• Collect personal data from users/customers 收集用戶/客戶的個人資料
  • For the performance of a contract with the user (e.g. delivery of goods ordered online, payment etc.) 用于履行與用戶的合同(例如，交付在線訂購的商品，付款等)
  • During the registration process 在注冊過程中
  • While the user uses the service 當(dāng)用戶使用服務(wù)時

Collection of information online

Information collection from individuals, natural persons, consumers

收集個人、自然人、消費(fèi)者的信息

• Visibly: Often with consumer’s knowledge or consent 可見的:通常在消費(fèi)者知情或同意的情況下
  • E.g. personal information provided to online retailers, as part of online competitions or in exchange for free use of online service 例如，提供給在線零售商的個人信息，作為在線競爭的一部分或作為免費(fèi)使用在線服務(wù)的交換
  • However, subsequent use may not be transparent 然而，隨后的使用可能不透明
• Invisibly: often without user’s knowledge or consent 無形的:通常在用戶不知情或不同意的情況下
  • E.g. TCP/IP tracking, browser chattering, invisible hyperlinks, cookies and other web tracking devices, traffic data, clickstream data 例如TCP/IP跟蹤，瀏覽器抖動，不可見的超鏈接，cookie和其他網(wǎng)絡(luò)跟蹤設(shè)備，流量數(shù)據(jù)，點(diǎn)擊流數(shù)據(jù)
  • However, users may have given “implied” consent 然而，用戶可能已經(jīng)“暗示”同意

Privacy Risks

Privacy Risks: TCP/IP:

• Route: dynamic: speed – connection between 2 towns in the same EU country may be routed through a non EU country, which may not have adequate level of protection 路線:動態(tài):速度-在同一個歐盟國家的兩個城鎮(zhèn)之間的連接可能會通過非歐盟國家路由，這可能沒有足夠的保護(hù)水平
• DNS Server: translation of numeric IP address and domain name. DNS server can keep trace of all the names of the internet servers the user has tried to contact DNS服務(wù)器:數(shù)字IP地址和域名的轉(zhuǎn)換。DNS服務(wù)器可以跟蹤用戶試圖聯(lián)系的所有互聯(lián)網(wǎng)服務(wù)器的名稱
• Ping command: enable anyone on the internet to know if a particular computer is turned on and connected Ping命令:使互聯(lián)網(wǎng)上的任何人都能知道一臺特定的計算機(jī)是否打開并連接

HTTP privacy risks

• browser chattering 瀏覽器抖動
• Invisible hyperlinks 看不見的超鏈接

Privacy Risks: Cookies

Cookies可能通過Invisible hyperlinks來set，最新的叫Flash cookies，無法通過changing browser settings來刪除

Privacy Risk: Traffic data 流量數(shù)據(jù)

Any data that identifies the person transmitting the communication, the person to whom it is transmitted and the circumstances under which it is transmitted

識別傳送該通訊的人、接收該通訊的人及傳送該通訊的情況的任何資料

Can be used to build up a picture of the user, who he talks to, his interests etc.

可以用來建立一個用戶的畫像，他與誰交談，他的興趣等。

E.g. e-mail, mobile phone call

Privacy Risk: Clickstream data 點(diǎn)擊流數(shù)據(jù)

Clickstream: route that a visitor chooses when clicking or navigating through a site 點(diǎn)擊流:訪問者在點(diǎn)擊或瀏覽網(wǎng)站時選擇的路徑

• A list of all the pages viewed by a visitor, in the order viewed ‘succession of mouse clicks’ 訪問者瀏覽過的所有頁面的列表，按“鼠標(biāo)點(diǎn)擊的先后順序”排列。
• Shows when and where a person came into a site, all the pages viewed, time spent on the page, when and where visitor left 顯示用戶何時何地進(jìn)入網(wǎng)站，瀏覽過的所有頁面，在頁面上花費(fèi)的時間，以及訪問者何時何地離開
• When aggregated, tell how long people spend on the site, how often they return, pages most frequently viewed 當(dāng)聚合時，告訴人們在網(wǎng)站上花費(fèi)了多長時間，他們返回的頻率，最常被瀏覽的頁面
• If a visitor has entered their email address at any point, email address stored with the visitor’s clickstream data - ‘tagging’ 如果訪問者在任何時候輸入了他們的電子郵件地址，電子郵件地址存儲與訪問者的點(diǎn)擊流數(shù)據(jù)- ‘標(biāo)簽’
• Direct connection established, e.g. Amazon.com 建立直接連接，例如Amazon.com

Privacy Risk: Online Services

用戶在使用Online Services（OS）的時候會提供大量的個人數(shù)據(jù)，OS會利用這些數(shù)據(jù)為自己服務(wù)或者進(jìn)行商業(yè)營銷，但這些數(shù)據(jù)的使用Usually with user consent——但是這個同意通常是通過privacy policies進(jìn)行的，這些協(xié)議通常冗長難懂沒人看，且無法協(xié)商（同意就用不同意就不用）

Online Profiling 在線資料收集與分析研究

Combination of visible and invisible collection of personal data online can lead to invisible profiling of every individual internet user!

在線收集可見和不可見的個人數(shù)據(jù)可以導(dǎo)致每個互聯(lián)網(wǎng)用戶的隱形分析!

Useful for direct marketing and targeted sales activity (including individual pricing)

用于直接營銷和目標(biāo)銷售活動(包括個人定價)

• Direct marketing:
  • Direct marketing companies: finance many search engines and “free-to-access” online services 直銷公司:為許多搜索引擎和“免費(fèi)”在線服務(wù)提供資金
  • Common websites: put an invisible hyperlink to cyber marketing companies on their webpages, instructing browsers to open an independent connection with the cyber marketing company’s http server 常見的網(wǎng)站:在網(wǎng)頁上放一個指向網(wǎng)絡(luò)營銷公司的隱形超鏈接，指示瀏覽器與網(wǎng)絡(luò)營銷公司的http服務(wù)器打開一個獨(dú)立的連接
    • All data collected: used, traded, etc to build consumer profiles 收集的所有數(shù)據(jù):使用、交易等，以建立消費(fèi)者檔案
    • Allows targeting of advertisements based on user behaviour and preferences 允許基于用戶行為和偏好的廣告定位

Also creates pools of personal data which may then be accessed by third parties (e.g. governments) for unrelated purposes

還創(chuàng)建了個人數(shù)據(jù)池，這些數(shù)據(jù)可能會被第三方(例如政府)出于不相關(guān)的目的訪問

• E.g. Cambridge Analytica
  • Accessed “far more than” 87 millions Facebook users’ data 訪問了“遠(yuǎn)遠(yuǎn)超過”8700萬Facebook用戶的數(shù)據(jù)
  • Changed outcome of US Presidential Election / UK Brexit vote? 美國總統(tǒng)大選或英國脫歐公投結(jié)果改變?

Possible protection:

• Anonymisation (identities are disguised: personal data is collected, but identity is disguised. Useful for statistical purposes and for research) 匿名化(偽裝身份:收集個人數(shù)據(jù)，但偽裝身份。對統(tǒng)計和研究有用)
• Pseudonymisation (through use of “username” or avatar. Will usually be traceable) 假名化(通過使用“用戶名”或虛擬形象)。通常是可追溯的)

Anonymised/pseudonymised data 匿名/去個性化 數(shù)據(jù)

Anonymising data: challenging task

匿名數(shù)據(jù):具有挑戰(zhàn)性的任務(wù)

• Sophisticated data analysis, data mining techniques on ‘a(chǎn)nonymised’ data may eventually ‘reverse engineered’ or lead ‘directly or indirectly’ to a specific individual (see search engine data) 對“匿名”數(shù)據(jù)的復(fù)雜數(shù)據(jù)分析和數(shù)據(jù)挖掘技術(shù)最終可能會“逆向工程”或“直接或間接”指向特定的個人(參見搜索引擎數(shù)據(jù))。
  • If so, it becomes personal data 如果是這樣，它就成為個人數(shù)據(jù)

“Identified tracking” no longer necessary

不再需要“識別跟蹤”

• Online advertisers no longer need to know the identity of the potential customer, only what he/she can afford to buy and what they are interested in 網(wǎng)絡(luò)廣告商不再需要知道潛在客戶的身份，只需要知道他/她能買得起什么，以及他們對什么感興趣
  • Data protection laws do not directly protect against predatory or manipulative marketing and sales activity 數(shù)據(jù)保護(hù)法并不直接防止掠奪性或操縱性的營銷和銷售活動
    • Targeted advertising 定向廣告

The Impact of Search Engines

Identify users through 通過以下方式識別用戶

• log files
• IP addresses
• web cookies

Collect and store

• keywords and search terms
• user choices

Privacy & Online Data Collection

Privacy in eCommunications 通信中的隱私

• General legal framework 一般法律框架
• How is the use of cookies and spyware regulated? 如何監(jiān)管cookie和間諜軟件的使用?
• Traffic data 流量數(shù)據(jù)

Direct Marketing and Spam E-mail 直接營銷和垃圾郵件

• Unsolicited communications 主動溝通
• E-mail harvesting 電子郵件搜集
• Traffic data 流量數(shù)據(jù)

Regulation of search engines 規(guī)管搜尋引擎

Processing of IP addresses IP地址處理

Direct marketing & Spam Email - 主要是對垃圾郵件的管控 - ePrivacy Directive

What is Spam? 什么是垃圾郵件?

• Unsolicited e-mail 未經(jīng)請求的電子郵件
• E-mail is widely defined: text/SMS, voice, sound, image messages sent over a public communications network 電子郵件被廣泛定義為:通過公共通信網(wǎng)絡(luò)發(fā)送的文本/SMS、語音、聲音、圖像信息

ePrivacy Directive 2002 電子隱私指令

• Art. 13: Unsolicited e-mail is prohibited unless: 第13條:禁止未經(jīng)請求的電子郵件，除非:
  • recipient ‘opts-in’, i.e. gives prior consent before being sent unsolicited email, (also faxes and calls by automated calling systems) 收件人“選擇加入”，即在收到未經(jīng)請求的電子郵件(也包括傳真和自動呼叫系統(tǒng)的電話)之前給予事先同意。

Limited exception (“soft opt-out”) 有限例外(“軟選擇性退出”)

• Merchants can use e-mail addresses if they were collected from customers in the course of a sale to market similar products/ services to those customers without customer’s prior consent 商戶可以使用在銷售過程中收集到的電子郵件地址，在沒有客戶事先同意的情況下向這些客戶推銷類似的產(chǎn)品/服務(wù)
• But: customer can opt-out i.e. ‘refuse’ receiving such direct marketing solicitations 但是，客戶可以選擇退出，即“拒絕”接收此類直接營銷請求

ePrivacy Directive對垃圾郵件的具體要求 - 很嚴(yán)格！

Consent:

• As defined by EU DPD, now GDPR 由歐盟DPD，現(xiàn)在的GDPR定義
  • Freely given, specific and informed indication of wishes 自由地、具體地、知情地表示愿望
    • Asking, by a general email sent to recipients, consent to receive marketing e-mails – not legitimate, explicit and specific 通過發(fā)送給收件人的普通電子郵件，要求他們同意接收營銷電子郵件——不合法、不明確、不具體
    • Purposes must be specified 必須指明用途
  • Any appropriate method enabling above – such as ticking a box when visiting an internet website 任何適當(dāng)?shù)姆椒▽?shí)現(xiàn)上述-例如在訪問互聯(lián)網(wǎng)網(wǎng)站時勾選一個方框
• Implied consent to receive such mails not compatible with above – pre ticked box not acceptable 不接受與上述復(fù)選框不兼容的默示同意接收此類郵件
• Consent to pass on the personal data to third parties must be obtained where applicable 在適用的情況下，必須取得將個人資料傳遞給第三方的同意
• Information about data controller identity must be provided at time of collection 必須在收集時提供有關(guān)數(shù)據(jù)控制器身份的信息
• Other requirements of the GDPR GDPR的其他要求

Article 29 Working Party on ePrivacy Directive (WP90 Interpretation)

• Direct Marketing: 直接營銷（一種營銷策略，通過直接與潛在客戶進(jìn)行溝通，以提高產(chǎn)品或服務(wù)的銷售。通常包括郵件、電話、短信和電子郵件等方式。）
  • no definition in the directives 指令中沒有定義
  • Any form of sales promotion, including fund raising by charities and political organizations 任何形式的促銷活動，包括慈善機(jī)構(gòu)和政治組織的籌款活動
  • Broad definition adopted by the Federation of European Direct Marketing Code of Practice 寬泛的定義，由歐洲直銷聯(lián)合會的業(yè)務(wù)守則采用
    • “The communication by whatever means (including but not limited to mail, fax, telephone, on-line services etc…) of any advertising or marketing material, which is carried out by the Direct Marketer itself or on its behalf and which is directed to particular individuals. “直銷人以任何方式(包括但不限于郵件、傳真、電話、在線服務(wù)等)向特定個人發(fā)送任何廣告或營銷材料。
• Definition of email:
  • ‘electronic mail’ means any text, voice, sound or image message sent over a public co-mmunications network which, can be stored in the network or in the recipient’s terminal equipment until it is collected by the recipient (including SMTP based mail, SMS, MMS, messages on answering machines, voice mail service systems including on mobile services, ‘net send’ communications addressed directly to an IP address…) “電子郵件”是指通過公共通信網(wǎng)絡(luò)發(fā)送的任何文本、語音、聲音或圖像信息，這些信息可以存儲在網(wǎng)絡(luò)中或收件人的終端設(shè)備中，直到收件人收集為止(包括基于SMTP的郵件、短信、彩信、答錄機(jī)上的信息、語音郵件服務(wù)系統(tǒng)(包括移動服務(wù))、直接向IP地址發(fā)送的“網(wǎng)絡(luò)發(fā)送”通信……)。

ePrivacy Directive - Prior Consent: OPT IN 事先同意 - 選擇加入

Purposes to be specified

用途需要指明

Consent to pass on the PI to third parties to be asked where applicable

同意將個人信息傳遞給第三方(如適用)

Information, at time of collection: data controller identity (see also Ecommerce Directive Article 6; note new article 13(4) inserted by ePrivacy Amendment Directive 2009)

收集時的信息:數(shù)據(jù)控制者身份(另見電子商務(wù)指令第6條;(注2009年電子私隱修訂指令新增的第13(4)條)

Other requirements of the GDPR

• Especially GDPR A 21(2) – data subject has right to object at any time to processing of their personal data for marketing purposes 特別是GDPR A 21(2) -數(shù)據(jù)主體有權(quán)隨時反對出于營銷目的處理其個人數(shù)據(jù)
• Where Data subject objects, processing must cease 當(dāng)數(shù)據(jù)主體反對時，處理必須停止

Email Harvesting

ePrivacy Directive

• Automatic collection of PI on public internet places, e.g web, chat rooms, etc 自動收集PI在公共互聯(lián)網(wǎng)場所，如網(wǎng)頁，聊天室等
• UNLAWFUL
• GDPR Article 22: “data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.” e.g. online credit card checks? GDPR第22條:“數(shù)據(jù)主體有權(quán)不受完全基于自動處理的決定的約束，包括分析，這對他或她產(chǎn)生了法律影響，或者同樣對他或她產(chǎn)生了重大影響?！薄氨热缇W(wǎng)上信用卡查詢?”
• BUT – certain exemptions can be inserted by national law, e.g. to monitor for tax evasion or fraud 但是-某些豁免可以由國家法律插入，例如監(jiān)測逃稅或欺詐行為
  • See also Recitals 71 & 72

The Regulation of Search Engines

No specific regulation in ePrivacy Directive

在電子隱私指令中沒有具體的規(guī)定

Unclear if information collected by search engines is personal data 不清楚搜索引擎收集的信息是否屬于個人數(shù)據(jù)

• Search engines do not, as a rule, have information about the searcher’s identity (vanity searches? Combined services?) 搜索引擎通常沒有關(guān)于搜索者身份的信息(虛榮搜索? - 查了一下，虛榮搜索的意思大概就是你搜你自己的名字 - 綜合服務(wù)?)
• But: searcher’s identity may be “reverse engineered” from search terms 但是，搜索者的身份可能是從搜索詞中“反向工程”出來的
• See GDPR Recital 26: test for identifiability includes: 參見GDPR序言26:可識別性測試包括:
  • “all the means likely to be used” to identify “可能使用的所有手段”來識別

EU WP 136

• The Working Party noted in its WP 136 that:
  • “… unless the Internet Service Provider is in a position to distinguish with absolute certainty that the data correspond to users that cannot be identified, it will have to treat all IP information as personal data, to be on the safe side”, “…除非互聯(lián)網(wǎng)服務(wù)提供商能夠絕對確定該等資料與無法識別的用戶相對應(yīng)，否則為安全起見，它必須將所有知識產(chǎn)權(quán)資料視為個人資料”;

Processing of IP Addresses

When is an IP address personal data?

• Personal data includes all data relating to an identified or identifiable personal 個人資料包括與已識別或可識別個人有關(guān)的所有資料
• An identifiable person is one who can be identified, directly or indirectly, from information held by the person in possession of the IP address or that person and another person 可識別的人是指可以直接或間接地從擁有IP地址的人或該個人和另一個人持有的信息中識別出來的人
  • Example:
    • Directly identifiable: by ISP 直接識別:通過ISP
• Indirectly identifiable: A person collecting the IP address online and the ISP 間接識別:在線收集IP地址的人和ISP
• GDPR Recital 26: test for identifiability includes: GDPR序言26:可識別性測試包括:
  • “all the means likely to be used” to identify “可能使用的所有手段”來識別

The Right to be Forgotten

Vast quantities of personal information online

網(wǎng)上有大量的個人信息

• Why might want information deleted? 為什么可能希望刪除信息?
  • Inaccurate or false – possibly defamation? 不準(zhǔn)確或虛假——可能是誹謗?
  • Invades privacy – issue of past criminal records? 侵犯隱私——過去犯罪記錄的問題?

GDPR Article 17

• Data subject has a right to deletion of information “without undue delay” if one of these applies: 如下列情況之一適用，資料當(dāng)事人有權(quán)“不經(jīng)不當(dāng)延誤”刪除資料:
  • No longer necessary for purposes collected 不再需要用于收集目的
  • No longer wants data there, and no other legal grounds for processing 不再需要數(shù)據(jù)，也沒有其他處理的法律依據(jù)
  • Objects to processing under A21, and no overriding grounds 反對根據(jù)A21進(jìn)行處理，且無凌駕理由
  • Data has been unlawfully processed 數(shù)據(jù)被非法處理
  • If published or otherwise shared, Controller must take reasonable steps to advise others to delete. 如已發(fā)布或以其他方式共享，控制人必須采取合理步驟建議他人刪除。
• Exceptions:
• Where processing is necessary for:
  • “exercising the right of freedom of expression and information” “行使言論及資訊自由權(quán)”
  • Compliance with legal obligations on Controller 遵守控制人的法律義務(wù)
  • Performance of tasks carried out in public interest or exercise of official authority 為公共利益或行使官方權(quán)力而執(zhí)行的任務(wù)
  • Public interest in areas of public health (link A9 GDPR) 公共衛(wèi)生領(lǐng)域的公共利益(鏈接A9 GDPR)
  • Archives that are in the public interest, scientific or historical research or statistical research where deletion would “render impossible or seriously impair” aims of research (subject A89) 有關(guān)公眾利益、科學(xué)或歷史研究或統(tǒng)計研究的檔案，若刪除會“不可能或嚴(yán)重?fù)p害”研究目的(主題A89)
  • “establishment, exercise, or defence of legal claims” 法律要求的確立、行使或辯護(hù)。

Data Portability 數(shù)據(jù)可移植性

Today: common to change service providers regularly 今天:定期更換服務(wù)提供商是很常見的

• Mobile telephones, Netflix/ Amazon Prime, changing social networks, utility providers, banks, credit cards… 移動電話、Netflix/ Amazon Prime、不斷變化的社交網(wǎng)絡(luò)、公用事業(yè)提供商、銀行、信用卡……

Article 20 – right to data portability 第20條-資料可攜權(quán)文章來源地址http://www.zghlxwxcb.cn/news/detail-668472.html

• “in a structured, commonly used and machine-readable format” “以結(jié)構(gòu)化、常用和機(jī)器可讀的格式”
• Available where:
  • Processing based on consent 基于同意的處理
  • Processing carried out by automated means 通過自動化手段進(jìn)行的處理
• Controller must then delete (link A17) 然后控制者必須刪除(鏈接A17)
• Where feasible, Controller to forward directly to new controller 在可行的情況下，控制者直接轉(zhuǎn)發(fā)到新的控制者

到了這里，關(guān)于【北郵國院大三下】Cybersecurity Law 網(wǎng)絡(luò)安全法 Week3的文章就介紹完了。如果您還想了解更多內(nèi)容，請在右上角搜索TOY模板網(wǎng)以前的文章或繼續(xù)瀏覽下面的相關(guān)文章，希望大家以后多多支持TOY模板網(wǎng)！