• Aucun résultat trouvé

An overview of the limitations to the dissemination of data

N/A
N/A
Info
Télécharger
Protected

Academic year: 2021

Partager "An overview of the limitations to the dissemination of data"

Copied!
44
0
0

Chargement.... (Voir le texte intégral maintenant)

Texte intégral

(1)

An overview of the limitations to the dissemination of data

Budapest, June 3, 2015 Cesare Bartolini

Interdisciplinary Centre for Security, Reliability and Trust (SnT) University of Luxembourg

(2)

Outline

1 Basic concepts

2 National security

3 Trade secrets

4 Copyright

5 Personal data

6 Contracts

Cesare Bartolini (SnT) An overview of the limitations to the dissemination of dataBudapest, June 3, 2015 1 / 35

(3)

Outline

1 Basic concepts

2 National security

3 Trade secrets

4 Copyright

5 Personal data

6 Contracts

(4)

Data as an asset

Data are a recently-born, very profitable business.

Why?

I Fast collection (data mining, spidering. . . )

I Cheap to maintain (fast obsolescence)

I Easy to transfer (Internet)

I Many different functions (process optimization, profiling, marketing, security. . . )

But other interests are involved!

Cesare Bartolini (SnT) An overview of the limitations to the dissemination of dataBudapest, June 3, 2015 3 / 35

(5)

Data as an asset

Data are a recently-born, very profitable business.

Why?

I Fast collection (data mining, spidering. . . )

I Cheap to maintain (fast obsolescence)

I Easy to transfer (Internet)

I Many different functions (process optimization, profiling, marketing, security. . . )

But other interests are involved!

(6)

Limitations to data circulation

Figure: Regimes regulating data transfers.

Cesare Bartolini (SnT) An overview of the limitations to the dissemination of dataBudapest, June 3, 2015 4 / 35

(7)

Outline

1 Basic concepts

2 National security

3 Trade secrets

4 Copyright

5 Personal data

6 Contracts

(8)

National security

I Very strict rules on weapon trading

I Applies to weapons but also to related data, including software

I In the US:

I Arms Export Control Act (AECA)

I International Traffic in Arms Regulations (ITAR)

I In Europe:

I Not under traditional EU competence

I European Union Code of Conduct on arms exports

I Council Common Position 2008/944/CFSP defining common rules governing control of exports of military technology and equipment

I EU Regulation 1334/2000 setting up a Community regime for the control of exports of dual-use [civil and military] items and technology (many amendments)

Cesare Bartolini (SnT) An overview of the limitations to the dissemination of dataBudapest, June 3, 2015 6 / 35

(9)

How the provisions work

US

I Only US citizens or greencards are allowed to even see ITAR classifieds, unless authorized

I Penalties include fines and imprisonment EU

I Arms: authorization granted by Member States

I Dual-use items: export licenses grantedby the EC for certain destinations, or by Member Statesfor all others (Article 6 of the Regulation)

I Penalties setby Member States

In brief: the Regulation allows for a general Community authorization

(10)

Does it matter to me?

Probably not, unless you trade in weapons or are sharing data that are related to weapon development.

Most importantly, if these laws apply to you, you know it.

Cesare Bartolini (SnT) An overview of the limitations to the dissemination of dataBudapest, June 3, 2015 8 / 35

(11)

Outline

1 Basic concepts

2 National security

3 Trade secrets

4 Copyright

5 Personal data

6 Contracts

(12)

Industrial property

Trade secrets are protected under several perspectives:

I patents

I trade marks

I designs

I industrial models

I trade secrets

Cesare Bartolini (SnT) An overview of the limitations to the dissemination of dataBudapest, June 3, 2015 10 / 35

(13)

Rules

I Conventions, treaties, Directives covering patents, trade marks, designs and models

I Some US federal acts protect trade secrets

I US: Uniform Trade Secrets Act (UTSA) (model legislation, States can implement)

I No EU law protects trade secret

I Several Member State laws

I Directive proposal started in November 2013

(14)

Trade secret principles

I The protected content must be secret(i.e., not available to the general public)

I Protectedas long as it is not common knowledge

I Reverse engineering of publicly-available products is allowed

I Consent of the trade secret holder allows disclosure It is a directive. Don’t expect a law anytime soon.

Cesare Bartolini (SnT) An overview of the limitations to the dissemination of dataBudapest, June 3, 2015 12 / 35

(15)

Does it matter to me?

Probably not, unless some of your data were collected by companies who own them as trade secrets.

In that case you need to acquire the owner’s consent.

(16)

Outline

1 Basic concepts

2 National security

3 Trade secrets

4 Copyright

5 Personal data

6 Contracts

Cesare Bartolini (SnT) An overview of the limitations to the dissemination of dataBudapest, June 3, 2015 14 / 35

(17)

Two opposite approaches

EU and basically all except US

I Author’s rights

I Limitation to usage of protected content

I A set of independent, autonomous rights

I Authors transfer specific rights, some are not tradable

US

I Copyright

I Fair use and protection of publisher’s rights

I Copyright is basically a unitary concept

I The author transfers copyright

But things have changed recently. Now the US recognize a minimal author’s protection.

(18)

Two opposite approaches

EU and basically all except US

I Author’s rights

I Limitation to usage of protected content

I A set of independent, autonomous rights

I Authors transfer specific rights, some are not tradable

US

I Copyright

I Fair use and protection of publisher’s rights

I Copyright is basically a unitary concept

I The author transfers copyright

But things have changed recently. Now the US recognize a minimal author’s protection.

Cesare Bartolini (SnT) An overview of the limitations to the dissemination of dataBudapest, June 3, 2015 15 / 35

(19)

Legal context

I Berne Convention for the Protection of Literary and Artistic Works (1886)

I The Agreement on Trade Related Aspects of Intellectual Property Rights (TRIPs) (1994) for software and databases

I National laws (compliant with Berne)

I US: Digital Millennium Copyright Act (DMCA)

I EU: Directive 96/9/EC on the legal protection of databases

(20)

EU author’s rights principles

I Moral rights vs. economic rights

I Not a single right but an unlimited set of separate rights

I Economic rights can be individually transferred

I Connected rights: when something cannot afford copyright protection (e.g., performers’ rights, photos, critics. . . )

I Sometimes the law does not allow to hinder distribution (more later)

I Special rules for collective works anddatabases

In general, the author’s consent allows distribution.

Cesare Bartolini (SnT) An overview of the limitations to the dissemination of dataBudapest, June 3, 2015 17 / 35

(21)

EU author’s rights principles

I Moral rights vs. economic rights

I Not a single right but an unlimited set of separate rights

I Economic rights can be individually transferred

I Connected rights: when something cannot afford copyright protection (e.g., performers’ rights, photos, critics. . . )

I Sometimes the law does not allow to hinder distribution (more later)

I Special rules for collective works anddatabases In general, the author’s consent allows distribution.

(22)

Databases

I Protection for the database and not the content

I Only if the database has creativity

I Does not apply to data for which the content imposes the structure Article 5(a) of Directive 96/9/EC

[. . . ] the author of a database shall have the exclusive right to carry out or to authorize [. . . ] reproduction by any means and in any form, in whole or in part.

Article 6.2(b) of Directive 96/9/EC

[. . . ] the author of a database shall have the exclusive right to carry out or to authorize [. . . ] reproduction by any means and in any form, in whole or in part.

Member States shall have the option of providing for limitations on the rights set out in Article 5 [. . . ] for the sole purpose of [. . . ] scientific research, as long as the source is indicated [. . . ].

Cesare Bartolini (SnT) An overview of the limitations to the dissemination of dataBudapest, June 3, 2015 18 / 35

(23)

Does it matter to me?

Collected data are not subject to this protection, but their aggregation and organization (i.e., the database) is.

If the supplier of the data collected them in a non-obvious way, then it would be advisable to obtain the copyright holder’s consent.

(24)

Outline

1 Basic concepts

2 National security

3 Trade secrets

4 Copyright

5 Personal data

6 Contracts

Cesare Bartolini (SnT) An overview of the limitations to the dissemination of dataBudapest, June 3, 2015 20 / 35

(25)

Legislation

EU

I Directive 95/46/EC

I Directive 2002/58/EC

I All Member States have enacted these

I Directive 2006/24/EC (Data Retention Directive) is now invalid

I Ongoing reform US

I No general law, some sectorial provisions (especially in finance)

(26)

Basic principles

I Data controller, data processor, data subject

I Consent

I Existence of a Data Protection Authority (DPA)

I Sensitive data

I Purpose limitation

Valid in EU and almost all the world (except US)

Cesare Bartolini (SnT) An overview of the limitations to the dissemination of dataBudapest, June 3, 2015 22 / 35

(27)

Basic principles

I Data controller, data processor, data subject

I Consent

I Existence of a DPA

I Sensitive data

I Purpose limitation

Valid in EU and almost all the world (except US)

(28)

Processing for research

I Processing only allowed for the consented purpose

I Transfer to a new controller might violate that purpose

I Article 6.1(b) of the Data Protection Directive (DPD): processing for scientific purposes is allowed if the Member State provides appropriate safeguards

I Article 13 of the DPD: Member States may introduce further exemptions for scientific research

I Proportionality and anonymization

Cesare Bartolini (SnT) An overview of the limitations to the dissemination of dataBudapest, June 3, 2015 23 / 35

(29)

Location data

Two possible conditions to process location data:

1. Ok if anonymous data are used 2. If data are not anonymous, then

I consent (withdrawable)

I necessary duration

I inform about the type of data and the purpose

I possibility to refuse processing for single connections

(30)

Cross-border transfers

I No provisions to and from Member States

I Transfer allowed where the DPD is in force

I The only rules are those above

I Transfer to/from EU institutions: Regulation 45/2001

Cesare Bartolini (SnT) An overview of the limitations to the dissemination of dataBudapest, June 3, 2015 25 / 35

(31)

Non-EU transfers

I Adequate level of protection

I Decisions by the Commission

I http://ec.europa.eu/justice/data-protection/document/

international-transfers/adequacy/index_en.htm

(32)

No adequate level

How to transfer lawfully?

1. Consent or contractual requirement 2. Member State (DPA) decision

I Controller must ensure adequate level through standard clauses/contracts (available online)

I Controller must ensure adequate level through non-standard clauses/contracts (approved by the DPA)

I Authorization by the DPA

Cesare Bartolini (SnT) An overview of the limitations to the dissemination of dataBudapest, June 3, 2015 27 / 35

(33)

How data protection is changing

I The context is very different from 1995

I Marketing through opt-out approaches

I Social networks

I Blurred separation between data controller and data subject

I “Bounces”

I There is the need for a reform

(34)

The reform

I Reform ongoing since 2011

I The bulk is the General Data Protection Regulation (GDPR)

I Uniform legislation, directly applicable in Member States

I Entry into force: no sooner than 2018

I Main changes

I Centered more on the data subject andwithdrawableconsent

I Privacy by design and by default (incl. security)

I High fines (might be 2-5% of the annual turnover)

I Research: principle of necessity (anonymization and separation), or consent

I Data transfer is essentially the same

Cesare Bartolini (SnT) An overview of the limitations to the dissemination of dataBudapest, June 3, 2015 29 / 35

(35)

Does it matter to me?

Almost certainly.

In general, anonymized data between EU/trusted States allow sharing data for research.

(36)

Outline

1 Basic concepts

2 National security

3 Trade secrets

4 Copyright

5 Personal data

6 Contracts

Cesare Bartolini (SnT) An overview of the limitations to the dissemination of dataBudapest, June 3, 2015 31 / 35

(37)

License agreements

I Services that provide access to data

I Data can be distributed depending if the license agreement allows it

I Sublicensing

I Beware of exclusivity

I Derived data (copyright, anyone?)

But. . .

Often, license agreements contain clauses that are illegal:

I Too permissive (allow to share data that you shouldn’t)

I Too restrictive (illegitimately prohibit to share data over which they have no right)

(38)

License agreements

I Services that provide access to data

I Data can be distributed depending if the license agreement allows it

I Sublicensing

I Beware of exclusivity

I Derived data (copyright, anyone?) But. . .

Often, license agreements contain clauses that are illegal:

I Too permissive (allow to share data that you shouldn’t)

I Too restrictive (illegitimately prohibit to share data over which they have no right)

Cesare Bartolini (SnT) An overview of the limitations to the dissemination of dataBudapest, June 3, 2015 32 / 35

(39)

How social networks work

Traditional website

I The site owner is the data controller (subject to rules)

I The controller is liable in case of breaches Social network

I Users post personal data about other users

I Who is the data controller?

I Who is liable, the user or the social network?

Answer The other one.

(40)

How social networks work

Traditional website

I The site owner is the data controller (subject to rules)

I The controller is liable in case of breaches Social network

I Users post personal data about other users

I Who is the data controller?

I Who is liable, the user or the social network?

Answer The other one.

Cesare Bartolini (SnT) An overview of the limitations to the dissemination of dataBudapest, June 3, 2015 33 / 35

(41)

So?

I Data protection uses old topics (i.e., data controller vs. data subject)

I Data subject has the right to object or to rectification

I DPAs cannot operate on users

I Users are liable, but at theremedieslevel

I Major hassle for the platform as well

This is a major flaw in data protection rules.

(42)

So?

I Data protection uses old topics (i.e., data controller vs. data subject)

I Data subject has the right to object or to rectification

I DPAs cannot operate on users

I Users are liable, but at theremedieslevel

I Major hassle for the platform as well This is a major flaw in data protection rules.

Cesare Bartolini (SnT) An overview of the limitations to the dissemination of dataBudapest, June 3, 2015 34 / 35

(43)

Copyrighted material concerning social networks

I Long debate over who the owner is

I Check the license agreement

I But it might contain an invalid clause

I In general, the material belongs to the author

Bouncing

I Am I allowed to repost a copyrighted material from a social network?

I This actually depends on the license agreement (and it’s valid)

I E.g., material can be reposted from Facebook (recent debate), but the only owner is the author

(44)

Copyrighted material concerning social networks

I Long debate over who the owner is

I Check the license agreement

I But it might contain an invalid clause

I In general, the material belongs to the author Bouncing

I Am I allowed to repost a copyrighted material from a social network?

I This actually depends on the license agreement (and it’s valid)

I E.g., material can be reposted from Facebook (recent debate), but the only owner is the author

Cesare Bartolini (SnT) An overview of the limitations to the dissemination of dataBudapest, June 3, 2015 35 / 35

Références

Télécharger maintenant ( PDF - 44 Page - 233.62 KB )

Documents relatifs

An Overview of the Linked Data AppStore

In the current design, the platform offers six different types of basic data operations for which Web APIs have been designed: DB-RDFization (for mapping data from re- lational

An Overview of End-to-End Entity Resolution for Big Data

Table 1 organizes the main schema-agnostic Blocking methods in a two-dimensional taxonomy 315 that is formed by two criteria: (i) Indexing Function Definition, which determines

An overview of the multidatabase system MRDSM

L’archive ouverte pluridisciplinaire HAL, est destinée au dépôt et à la diffusion de documents scientifiques de niveau recherche, publiés ou non, émanant des

An overview of the HIBISCUS campaign

Within this context, the objectives of HIBISCUS were to provide a set of new observational data on meteorology, trac- ers of horizontal and vertical transport, water vapour, clouds,

Limitations to the equi-distribution of primes III

Buchstab: On an asymptotic estimate of the number of numbers of an arithmetic progression which are not divisible by relatively small prime numbers, Mat. Granville:

An interactive web application for the dissemination of human systems immunology data

The datasets cover a broad swath of human immu- nology studies, and encompass many cell populations, tissues, diseases, and study types as illustrated by a graphical representation

Comparative Biology of the Resistance to Vitamin K Antagonists: An Overview of the Resistance Mechanisms

Multiple genetic alterations in vitamin K epoxide reductase complex subunit 1 gene (VKORC1) can explain the high dose requirement during oral anticoagulation in humans. A new

An overview of the history of Ireland

Peut faire un exposé sur un thème familier ou dans sa spécialité en mettant en relief les points qui lui semblent essentiels, quand il/elle peut se préparer.