TELeurope: Data privacy laws in the EU

dataTEL - EATEL SIG on Data-driven Research and Learning Analytics

In the educational world, only very limited datasets are publicly available and no agreed quality standards exist on the personalization of learning. The SIG dataTEL aims to address these issues by advancing data driven research to gain verifiable and valid results and to develop a body of knowledge about the personalization of learning.

Subscribe to feed

Share |

Add RSS Feed

Discussions > Data privacy laws in the EU

Data privacy laws in the EU

Riina Vuorikari

Riina Vuorikari
603 days ago

I'm trying to gather some information here about the data privacy legistlation to support our discussion on the privacy issues dealing with datasets.

What's importat is that there is a EU directive

All EU member states adopted legislation pursuant this directive or adapted their existing laws. Each country also has its own supervisory authority to monitor the level of protection.[citation needed]

Here is from wikipedia http://en.wikipedia.org/wiki/Information_privacy#Europe

The directive contains a number of key principles with which member states must comply. Anyone processing personal data must comply with the eight enforceable principles of good practice.[8] They state that the data must be:

Fairly and lawfully processed.
Processed for limited purposes.
Adequate, relevant and not excessive.
Accurate.
Kept no longer than necessary.
Processed in accordance with the data subject's rights.
Secure.
Transferred only to countries with adequate protection.

Personal data covers both facts and opinions about the individual[citation needed]. It also includes information regarding the intentions of the data controller towards the individual, although in some limited circumstances exemptions will apply. With processing, the definition is far wider than before. For example, it incorporates the concepts of "obtaining", "holding" and "disclosing"[citation needed].

Riina Vuorikari

Riina Vuorikari
527 days ago

A brief update on the EU Data Protection and Privacy Conference that took place here in Brussels in late Oct 2010.

1/ Basic message is that the Commission is working on a new directive on data privacy & protection which will be out in 5 years or so.

Key points (by Commissionaire Reding):

individuals' need to be able to maintain control over their data and have a "right to be forgotten"
enhance the Single Market dimension
Companies that are in control of personal data will need to better assume their responsibilities by putting in place effective data protection mechanisms
the role of national data protection authorities should be considerably strengthened.

=> need for harmonisation and approximation of data protection rules

2/ An interesting paper, but not much discussed in the panel: Schwartz, M. P. (2010). Data Protection Law and the ethical use of analytics. The Centre for Information Policy Leadership, Hunton & Williams LLP.

The term"analytics" refers to the use of information technology to harness statistics, algorithms, and other tools of mathematics to improve decision-making. A wide variety of organizations use analytics to convert data to actionable knowledge. Analytics represent a change from the longstanding approaches to management that often rely on instinct and largely are unsupported and undocumented. Analytics permit corporate decision-making to be driven, assessed and tested by the use of data.

3/ Interesting Session 4: Defining the boundaries when should data be classed as "personal"?

Unfortunately the discussion was rather wide and unfocused. The chair was very knowledgeable (his consultancy has produced the white paper). You can download the audio from here (I'm not sure how long it will be there)

Maybe you will be interested in the presy from Yahoo! and their new service:

Hendrik Drachsler

Hendrik Drachsler
485 days ago

Hi there,

I just came along an interessting research project called X-pire! It is about data degradation and adds a exiration date to any digital information.

X-pire! encodes images and links them with an expiration date. These encoded images can be uploaded online, in particular in social networks like Facebook, wer-kennt-wen and Flickr. Once they have reached the expiration date, it is no longer possible to view them; the images have then expired. Although the main area of application of the electronic expiration date is the protection of images, the basic concept of X-pire! is equally suitable for the expiration of other data e.g. blogs, whole websites, e-mails and videos. Below we describe how X-pire! works using specific application examples.

X-pire! was founded by a Michael Backes Professor for Information Security and Cryptography at Saarland University in Germany:

Deatails about the application can be found here:

A video tutorial about the usage of X-pire! can be found here.

What X-pire! can do and what not you can find here.

Log in

Log in using OpenID

Not a member yet? Join today!

Data privacy laws in the EU

Riina Vuorikari

Riina Vuorikari

Hendrik Drachsler