ENABLING POLICY AND REGULATORY ENVIRONMENTS ITU ASIA-PACIFIC - - PowerPoint PPT Presentation

ENABLING POLICY AND REGULATORY ENVIRONMENTS

ITU ASIA-PACIFIC REGIONAL DEVELOPMENT FORUM 2018 MAY 21-22, BANGKOK Mila Romanoff, Privacy and Legal Specialist, UN Global Pulse, EOSG

VISION: Big Data harnessed responsibly as a public good HOW:

• Privacy Research & Innovation
• Advocacy and Adoption of Responsible

Data Practices

• Operational Privacy and Capacity

Building

UN Global Pulse is an innovation initiative of the Executive Office of the UN Secretary-General

DATA PRIVACY AND ETHICS

• Citizens and Customers

expect privacy protection

• Regional Regulations

affect businesses and globally and impose large fines and costs

• Breach of privacy risks

& loss of trust and reputation

• Digital Transformation

and Era of AI calls for a person and data centric approaches and services

EV EVOLUTION N OF REGIONA NAL PRIVACY LAWS

1980 1995 2005 2010 2014

Council of Europe Convention 108

OECD

EU Directive APEC

African Union Convention on Cyber Security EU GDPR ECOWAS Data Protection Framework 2018 1991 UN Resolution: Guidelines on Handling Computerized Data Files

INTERNATIONAL LAW

• UDHR, ICCPR ( incl. Comment 16)
• UN RESOLUTION 45/95 Guidelines for the Regulation of Computerized Personal Data Files
• ICDPDPC:
• Resolution on International Privacy Standards
• Resolution on Privacy and International Humanitarian Action
• Resolution on Data Protection and International Organizations
• Resolution on Data Protection and Major Natural Disasters
• Convention 108 (mostly European countries)

INTERNATIONAL ORGANIZATIONS GUIDELINES/POLICIES

• UNDG Guidance Note on Big Data for SDGs: Data Privacy, Protection and Ethics
• IOM, WFP, Global Pulse, UNHCR, ILO,OHCHR, ICRC, etc…

DATA PRIVACY & DATA PROTECTION: DEVELOPMENT & HUMANITARIAN CONTEXT

KEY POINTS OF GDPR: ENFORCED AS OF 25 MAY 2018

Consent must be clear and affirmative

• Expanded territorial Scope
• Transfers to a third country/International

Organization ONLY if adequate or Contractual Model Clauses apply

• Data Breach Notifications of 72 hrs
• Any information
• Relating to
• An identified or identifiable
• Natural data

ISO 27001 is the recommended adequate security standard PIA: Privacy Impact Assessment is a requirement for high risk projects Right to be forgotten

SUSTAINABLE DATA ACCESS & ANALYTICS For SDGs: GAPS & CHALLENGES

New Data & Technology

Legal vs Ethical

What is anonymous? What is Personal?

Enforcement cooperation

Practical application for Consent, Data Minimization and Purpose Specification

Regulatory Fragmentation

Globalization & Interconnectivity Social Good Concept

Surveillance vs Social Good Awareness & Data Literacy Stakeholder collaboration & Understanding

E- Commerce Peace and Security

Development and Humanitarian Finance

Health

ICTs

Privacy Protection Public Services Infrastructure

SUSTAINABLE DATA ACCESS & ANALYTICS For SDGs: KEY ELEMENTS & SOLUTIONS

SUSTAINABLE DATA ACCESS & ANALYTICS FOR SDGS: KEY ELEMENTS & SOLUTIONS

REGULATORY COMPLIANCE & ADEQUATE LIABILITY PUBLIC SECTOR ACCOUNTABILITY & COMPLIANCE WITH DATA PRIVACY AND ETHICS INCENTIVES FOR PRIVATE SECTOR & SUSTAINABILITY FOR PUBLIC SECTOR PUBLIC TRUST UNIFIED DATA PRIVACY GUIDELINES ( taking into consideration “society & technology for all approach”) “SAFE” SPACE FRAMEWORK FOR PRIVATE-PUBLIC SECTOR DATA COLLABORATIONS? RISK-UTILITY MANAGEMENT FRAMEWORK ( DATA CLASSIFICATION SCHEME, RISK ASSESSMENT, DE-IDENTIFICATION GUIDELINES?) CAPACITY BUILDING AND TRAINING MULTISTAKEHOLDER ENGAGEMENT INNOVATIVE PRIVACY ENHANCING TECHNOLOGIES & METHODS PRACTICAL SOLUTIONS FOR DECISION MAKERS ON THE GROUND ADAPTATION OF PRIVACY AND ETHICS TO THE NEEDS OF HUMANITARIAN AND DEVELOPMENT ACTION

THANK YOU! dataprivacy@unglobalpulse.org romanoff@unglobalpulse.org

www.unglobalpulse.org/privacy-and-data- protection