Prof. Avv. Giusella Finocchiaro University of Bologna
Studio Legale Finocchiaro
www.studiolegalefinocchiaro.it www.blogstudiolegalefinocchiaro.it
Identity management, privacy and personal data protection
Studio Legale Finocchiaro
Identity management and personal data
• Personal data collected during the identification and authentication processes
• Storage of such personal data
Charter of fundamental rights in the European Union
• Right to be left alone (art. 7)
• Right to control on personal data (art. 8)
Studio Legale Finocchiaro
The European general data protection Regulation (1/2)
• Regulation on the protection of individuals with regard to the processing of personal data and on
the free movement of such data
Studio Legale Finocchiaro
The European general data protection Regulation (2/2)
• Proposal presented by the European Commission on 25 January 2012
• Council adopted the position on the European Regulation on 8 April 2016 (first reading)
• European Parliament approved the Council position with no amendments on 14 April 2016 (second reading)
• Will enter into force in 2018
Studio Legale Finocchiaro
The impact on the current legal scenario
• Directive 95/46/EC on the processing of personal data of 24 October 1995 will be repealed
• From a Directive to a Regulation
Studio Legale Finocchiaro
The European Regulation Fundamental principles (1/2)
• Personal data collected for specified, explicit and legitimate purposes
• not further processing in a manner that is incompatible with those purposes
Studio Legale Finocchiaro
The European Regulation Fundamental principles (2/2)
• Information to the data subject
• Consent of the data subject
• Public Administration processes personal data for purposes connected to the performance of its tasks
Studio Legale Finocchiaro
The European Regulation Security measures
• Processing and storage security measures provided for
• Notification of a personal data breach to the supervisory authority and to the data subject
Studio Legale Finocchiaro
The European Court of Justice’s decisions
Studio Legale Finocchiaro
Google Spain (1/2)
• Google Spain SL and Google Inc. v Agencia Española de Protección de Datos (AEPD) and Mario Costeja González (Case C-131/12)
Studio Legale Finocchiaro
Google Spain (2/2)
• European law is applicable to the service provider
• Data subject can take legal actions against the service provider
• Obligation to remove from the list of results displayed following a search made on the basis of a person’s name links to web pages published by third parties
Studio Legale Finocchiaro
Facebook (1/2)
• Maximillian Schrems v Data Protection Commissioner (Case C-362/14)
Studio Legale Finocchiaro
Facebook (2/2)
• European law is applicable to European subjects’ personal data
• Article 3 of the European general data protection Regulation drafted according to this principle
Studio Legale Finocchiaro
Policy implications
• Invalidation of the Safe Harbor
• Transmission of data: consent or pre-approved rules
• U.S.A.- Europe Privacy shield currently under negotiation
Studio Legale Finocchiaro
Economic value of personal data
• Big data
• “Anonymisation” processes
Studio Legale Finocchiaro
Personal data protection and open issues
• What is anonymous under European general data protection Regulation?
• Information that does not relate to
• identified or identifiable natural person or
• personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable
Studio Legale Finocchiaro
The end
www.studiolegalefinocchiaro.it www.blogstudiolegalefinocchiaro.it