Yesterday, the seventh National Data Protection Conference run by the Irish Computer Society in collaboration with the Association of Data Protection Officers was held in Dublin Castle. The conference was chaired by Adrian Weckler, the tech editor of the Irish Independent. There were various speakers throughout the day including Christoph Klug the chairman of CEDPO, Claire Morrissey a partner in A&L Goodbody, John Barron, CIO of the revenue commissioners, David Hickey the CIO of Thorntons Group, Dara Murphy TD whose portfolio includes data protection, Max Schrems who is the founder of Europe v Facebook and Ronan Murphy the CEO of Smarttech.
Christoph Klug spoke about the need for an EU standard for the training of DPO’s (Data Protection Officers). As new rules are coming into place regarding Data Protection Officers there needs to be an EU consensus on the standards required for DPO’s so that we are all singing off the same hymn sheet.
Claire Morrissey gave us her 9 Hot Spot predictions for 2015 and they included:
Google v Spain and the right to be forgotten where Mario Costeja González had sued Google in Spain to stop newspaper articles mentioning him appearing in Google when his name was searched. This resulted in Google removing certain links to any individual if they filled in the required Google request form, and it’s worth noting that the links are only removed from a Google search in the individual’s country.
The future of Safe Harbor which is a streamlined process for US companies to comply with the EU Directive 95/46/EC on the protection of personal data. It also stops European firms from transferring personal data to overseas jurisdictions with weaker privacy laws, unless the foreign recipients have voluntarily agreed to meet EU standards under the Directive’s Safe Harbor Principles.
Cyber Security will also be in the news again this year after the various hacks and thefts that happened last year. Will there be a new iCloud, or Sony Pictures type security breach this year?
What is personal data? As various governments and their security agencies try and redefine what data they are allowed to examine and keep, personal data will be redefined. What we see as personal data will not be seen as personal data by others.
John Barron from the Revenue Commissioners gave us his insights into data sharing in the public sector. This was big news last year after Irish Water said they needed our PPS numbers and then later said they were not required.
David Hickey from the Thorntons Group gave us tips on how to survive a data protection audit. Most of his tips were pretty obvious and included all workers leaving a clean desk, making sure that all paper files were stored away and turning off any computers used before they went home.
Dara Murphy TD who is also our data protection minister stated that individuals need to have more control over their own data whilst also having trust and confidence in the digital environment strengthened. He said “As individuals and users, we must educate ourselves on the implications of sharing more and more of our personal data online. We must look to increase individuals’ control over their own personal data.Government has placed data protection policy firmly on the political agenda. Importantly, new EU rules, once agreed, will update our laws for the digital era. Private and public sector organisations will need to prepare for these changes.”
Max Schrems who was speaking after lunch was not impressed by minister Dara Murphy as you can see in 2 of his tweets below.
Mr Schrems whose Europe v Facebook, group deals with the alleged transfer of personal data from Facebook to the US National Security Agency as part of their Prism programme, gave an eye opening presentation and it was easy to see why most of the delegates wanted to hear and see him. He said “We’re happily talking about privacy and data protection but very little happens in reality so we do see that the laws are not properly enforced in most of the European countries. A lot of things just look very reasonable but if you then look into the back end of what’s happening with the data you see there’s a totally different picture and that’s the part that the general public usually doesn’t see.”
He also mentioned how analysis of Shadow Profiles which Facebook had been able to build up based on the information he provided, allowed someone to establish his sexual orientation based on his circle of friends. This was information he had never given to Facebook and is something that should have our shoulders shuddering. He also revealed that poke requests on Facebook which can be seven years old are kept just in case they may be needed in a court case.
In what can only be described as something you would see in an episode of Father Ted, he mentioned dealing with the Data Protection Commissioners whose office is based in Portarlington in a building that they share with a Centra shop. When a German TV station were making a documentary on him they refused at first to use the photograph shown below as it portrayed the Irish Data Protection Commissioners in a bad light.
They changed their mind when they saw how former commissioner Billy Hawkes’s refused to investigate Facebook’s alleged handing over of data on European citizens to US intelligence services under the Prism programme and how they stopped any correspondence with Mr Schrems. This resulted in Mr Schrems taking judicial review proceedings last year against the Data Protection Commissioner in Ireland over Billy Hawke’s refusal. It’s hard to comprehend why the Irish Data Commissioners office is in Portarlington when most of the companies they are dealing with are based in Dublin. It’s like an FBI officer being demoted and sent to their Alaska Office.
Ronan Murphy from Smarttech who was the last main speaker regaled us with a few Cybersecurity stories and facts. He mentioned SSL was hacked twice last year and how Shellshock impacted on the open source community. Some of the facts that he mentioned were real eyeopeners and made you stop and think. Over the next hour four thousand unique pieces of malware will be created. During the twenty minutes of his presentation $15M will be stolen. Everyday two hundred and fifty billion emails are sent and two hundred billion of these emails will be spam.
Adrian Weckler from the Irish Independent who chaired the event also lead the panel discussions and the Q&A’s with all the speakers.
Fintan Swanton who is also the president of the Association of Data Protection Officers (ADPO) and ex-president of the Irish Computer Society delivered the closing address. He revealed some exciting news about ECDL. The ECDL Foundation has officially endorsed an ICS Skills-developed Data Protection Essentials module for delivery as part of ECDL certification in Ireland and to celebrate this milestone, ICS Skills is offering the e-learning version of the module free of charge to 1 million Irish ECDL students present and past until 2017.