Data protection legislation: A very hungry caterpillar. The case of mapping data in the European Union

Government Information Quarterly

Volumn 33, Issue 2, 2016, Pages 338-345

  van Loenen, Bastiaan ^a   Kulk, Stefan ^b   Ploeger, Hendrik ^a,c  

^a Delft University of Technology   (Netherlands)

^b UTRECHT UNIVERSITY   (Netherlands)

^c VU UNIVERSITY AMSTERDAM   (Netherlands)

Author keywords

Data protection; European Union; Mapping data; Open data; PII2.0; Privacy

Indexed keywords

EID: 84973332979     PISSN: 0740624X     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.giq.2016.04.002     Document Type: Article

References (78)

1. Article 29 Working Party Working document on privacy on the Internet - An integrated EU approach to on-line data protection, WP 37 2000.
2. Article 29 Working Party Working document on data protection issues related to RFID technology, WP105 2005.
3. Article 29 Working Party Opinion 4/2007 on the concept of personal data, WP 136 2007.
4. Article 29 Working Party Opinion 12/2011 on smart metering, WP 183 2011.
5. Article 29 Working Party Opinion 03/2013 on purpose limitation, WP 203 2013.
6. Article 29 Working Party Opinion 06/2013 on open data and public sector information ('PSI') reuse, WP207 2013.
7. Barbaro, M., & Zeller, T. (2006). A Face Is Exposed for AOL Searcher No. 4417749. The New York Times.
8. Berlee A. Meer aandacht voor privacy in de openbare registers? Nederlands Juristenblad 2015/1091 2015.
9. Cabinet Office Policy paper: G8 open data charter and technical annex. 18 June 2013 2013.
10. Cavoukian A., Castro D. Big data and innovation, setting the record straight: De-identification does work Retrieved from:. http://www2.itif.org/2014-big-data-deidentification.pdf.
11. CBPL (Commissie voor de bescherming van de persoonlijke levenssfeer (Flemish Data Protection Agency)) Adviesaanvraag inzake het gebruik van satellietbeelden bij de opsporing en de vaststelling van bouwovertredingen, Advies nr. 26/2006 2006.
12. CBPL (Commissie voor de bescherming van de persoonlijke levenssfeer (Flemish Data Protection Agency)) Bijhouden van gemeentelijke registers van onbebouwde percelen waarvan sprake in artikel 62 van het Vlaams Decreet van 18 mei 1999 houdende de organisatie van de ruimtelijke ordening en hun bekendmaking op het internet via het toekomstig loket, Advies Nr 40/2006 2006.
13. CBPL (Commissie voor de bescherming van de persoonlijke levenssfeer (Flemish Data Protection Agency)) Advies nr. 32/2008 van 24 september 2008 inzake het voorontwerp van decreet betreffende de Geografische Data-Infrastructuur Vlaanderen (A/2008/032) 2008.
14. CBPL (Commissie voor de bescherming van de persoonlijke levenssfeer (Flemish Data Protection Agency)) Aanbeveling uit eigen beweging inzake Mobile Mapping (CO-AR-2010-007), Aanbeveling nr 05/2010 2010.
15. Cuijpers C., Marcelis P. Oprekking van het concept persoonsgegevens beperking privacybescherming?. Computerrecht 2012, 6(November):397-409.
16. De Hert P., Papakonstantinoua V. The proposed data protection regulation replacing Directive 95/46/EC: A sound system for the protection of individuals. Computer Law & Security Review 2012, 28(2):130-142.
17. Dekkers M., Polman F., te Velde R., de Vries M. Measuring European public sector information resource. Final report of study on exploitation of public sector information - Benchmarking of EU framework conditions 2006.
18. Deutscher Bundestag Beschlussempfehlung und Bericht des Ausschusses fur Umwelt, Naturschutz und Reaktorsicherheit, Entwurf eines Gesetzes uber den Zugang zu digitalen Geodaten (geodatenzugangsgesetz-GeoZG), Drucksachen 16/10892 2008.
19. Dos Santos C., Bassi E., De Terwagne C., Salmeron M.Fernadez, Tepina P., van der Sloot B. LAPSI policy recommendation No. 4. Privacy and personal data protection, LAPSI Working Group 2 privacy aspects of PSI http://www.lapsi-project.eu/lapsifiles/lapsi_privacy_policy.pdf.
20. Dutch Government Explanatory memorandum Data Protection Act (Memorie van Toelichting bij de Wet bescherming persoonsgegevens), Kamerstukken II 1997-98, 25892, Nr. 3 1998.
21. Dutch Government Regels inzake de bescherming van persoonsgegevens (Wet bescherming persoonsgegevens). Kamerstukken 25892 Nr. 6 1998.
22. Dutch Government Regels inzake de bescherming van persoonsgegevens (Wet bescherming persoonsgegevens). Kamerstukken 25892 Nr. 9 1999.
23. Dutch Government Regels inzake de bescherming van persoonsgegevens (Wet bescherming persoonsgegevens). Kamerstukken 25892 Nr. 13 1999.
24. Dutch Government Regels inzake de bescherming van persoonsgegevens (Wet bescherming persoonsgegevens) MEMORIE VAN ANTWOORD, Eerste Kamer vergaderjaar 1999-2000, 25 892, nr. 92c 2000.
25. Dutch Government Explanatory memorandum Building and Addresses Registration Act (Memorie van Toelichting bij de Wet BAG), Kamerstukken II 2006/07, 30 968, nr. 3 2006.
26. EDPS (European Data Protection Supervisor) Opinion of the European Data Protection Supervisor on the 'Open-Data Package' of the European Commission including a proposal for a directive amending Directive 2003/98/EC on re-use of public sector information (PSI), a Communication on Open Data and Commission Decision 2011/833/EU on the reuse of Commission documents 2012.
27. El Emam K. Risk-based de-identification of health data. IEEE Security & Privacy 2010, 8(3):64-67.
28. European Commission Communication to the European Parliament, the Council, the European Economic and Social Committee, and the Committee for the Regions. A digital agenda for Europe, COM (2010) 245 final 2010.
29. European Commission Communication to the European Parliament, the Council, the European Economic and Social Committee, and the Committee for the Regions. Open data: An engine for innovation, growth and transparent governance, COM (2011) 882 final 2011.
30. European Commission Impact assessment accompanying the document regulation of the European Parliament and of the council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) and directive of the European Parliament and of the council on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data. Commission staff working paper, SEC(2012) 72 final 2012.
31. European Commission Proposal for a regulation of the European Parliament and of the council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), COM (2010) 11 final 2012.
32. European Commission Commission notice - Guidelines on recommended standard licences, datasets and charging for the reuse of documents. OJ 2014, 2014:C240/01.
33. European Council Proposal for a regulation of the European Parliament and of the council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (first reading) - Analysis of the final compromise text with a view to agreement, (15039/15 - 2012/0011 (COD)), 15 December 2015.
34. European Council Proposal for a regulation of the European Parliament and of the council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), preparation of a general approach, (9565/15. - 2012/0011 (COD)), 11 June 2015.
35. European Council Proposal for a regulation of the European Parliament and of the council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) [first reading] - Political agreement, ST 5455 2016 INIT - 2012/011 (OLP), 28 January 2016.
36. European Parliament European Parliament legislative resolution of 12 March 2014 on the proposal for a regulation of the European Parliament and of the council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (COM(2012)0011 - C7-0025/2012 - 2012/0011(COD)) 2014.
37. European Parliament and Council Directive 95/46/EC of the European Parliament and of the council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. OJ L 1995, 281:31.
38. European Parliament and Council Directive 2003/98/EC of the European Parliament and of the council of 17 November 2003 on the re-use of public sector information. OJ L 2003, 345:90.
39. European Parliament and Council Directive 2013/37/EU of the European Parliament and of the council of 26 June 2013 amending Directive 2003/98/EC on the re-use of public sector information. OJ L 2013, 175:1.
40. Gallo C. Masterclass Steve Jobs 2012, Amsterdam/Antwerp, Business Contract.
41. GAO United States Government Accountability Office, facial recognition technology, commercial uses, privacy issues, and applicable federal law. Report to the ranking member, Subcommittee on Privacy, Technology and the Law, Committee on the Judiciary 2015, Senate, U.S.
42. Golle P. Revisiting the uniqueness of simple demographics in the US population. Paper presented at the WPES '06 of the 5th ACM workshop on privacy in electronic society 2006.
43. Graux H. Open government data: reconciling PSI re-use rights and privacy concerns. European public sector information platform topic report No. 2011/3 2011.
44. Hof Amsterdam Zaaknummer: 200.105.659/01 KG. Computerrecht 2014/116 met annotatie door F.C. van der Jagt 2014.
45. IBM What is big data? Retrieved from. http://www-01.ibm.com/software/data/bigdata/what-is-big-data.html.
46. Janssen K. The influence of the PSI directive on open government data: An overview of recent developments. Government Information Quarterly 2011, 28(4):446-456.
47. Karg M. Datenschutzrechtliche Rahmenbedingungen für die Bereitstellung von Geodaten für die Wirtschaft. Unabhängiges Landeszentrum für Datenschutz 2008, Gutachten im Auftrag der GIW-Kommission, Schleswig-Holstein (ULD).
48. Koot M.R. Measuring and predicting anonymity 2012, University of Amsterdam, Amsterdam.
49. Kulk S., van Loenen B. Brave new open data world?. International Journal of Spatial Data Infrastructures Research 2012, 7:196-206.
50. Land Registry Privacy impact assessment report. Making price paid data available through publication in a machine readable and reusable format 2012.
51. Land Registry Review of privacy impacts - Price paid data 2013.
52. van Loenen B. Developing geographical information infrastructures: The role of information policies 2006, DUP Science, Delft.
53. Longley P.A., Goodchild M.F., Maguire D.J., Rhind D.W. Geographical information systems and science 2001, John Wiley and Sons Ltd., Chicester, England.
54. Mantelero A. The EU proposal for a general data protection regulation and the roots of the 'right to be forgotten'. Computer Law & Security Review 2013, 29(3):229-235. June 2013.
55. de Montjoye Y.-A., Hidalgo C.A., Verleysen M., Blondel V.D. Unique in the crowd: The privacy bounds of human mobility. Nature scientific reports 2013, 3:1376.
56. de Montjoye Y.-A., Radaelli L., Kumar Singh V., Pentland A."Sandy" Unique in the shopping mall: On the reidentifiability of credit card metadata. Science 2015, 347(6221):536-539.
57. Narayanan A., Shmatikov V. Robust de-anonymization of large sparse datasets. Paper presented at the IEEE Symposium on Security and Privacy 2008.
58. Nebert D. Spatial data infrastructure cookbook Retrieved from:. http://www.gsdidocs.org/GSDIWiki/index.php/Main_Page.
59. NSGIC This isn't private information Retrieved from. http://www.nsgic.org/public_resources/This_Isnt_Private_Information_082313_NSGIC_Outreach_Committee.pdf.
60. Ohm P. Broken promises of privacy: Responding to the surprising failure of anonymization. UCLA Law Review 2010, 57(2010):1701-1777.
61. OMB Open data policy - Managing information as an asset. Memorandum for the heads of executive departments and agencies 2013.
62. Pandurangan V. On taxis and rainbows. Lessons from NYC's improperly anonymized taxi logs Retrieved from. https://medium.com/@vijayp/of-taxis-and-rainbows-f6bc289679a1.
63. Pira International Ltd., University of East Anglia, & KnowledgeView Ltd. Commercial exploitation of Europe's public sector information. Final report for the European Commission Directorate General for the Information Society 2000.
64. Poort A. Statistiek saai?. CBS-cijfers komen tot leven op de kaart. NRC Handelsblad 2012, 12-13. Retrieved from. http://www.nrc.nl/nieuws/2012/02/14/statistiek-saai-cbs-cijfers-komen-tot-leven-op-een-kaart/.
65. Registratiekamer (Dutch Data Protection Agency) Credit scoring database 1996.
66. Robinson N., Graux H., Botterman M., Valeri L. Review of the European Data Protection Directive 2009, RAND Corporation technical report series, Santa Monica, CA.
67. Scassa T. More on privacy and public gun permit data Retrieved from. http://www.teresascassa.ca/index.php?option=com_k2&view=item&id=120:more-on-privacy-and-public-gun-permit-data&Itemid=80.
68. Scassa T. Geographical information as 'personal information'. Oxford University Commonwealth Law Journal 2010, 10(2):185-214.
69. Scassa T. Information maps 2013, Freedom of Expression and Privacy, Retrieved from. http://www.teresascassa.ca/index.php?option=com_k2&view=item&id=116:information-maps-freedom-of-expression-and-privacy&Itemid=81.
70. Schwartz P.M., Solove D.J. The PII problem: Privacy and a new concept of personally identifiable information. New York University Law Review 2011, 86(6):1814-1894.
71. Simpson A.C. On privacy and public data: A study of data.gov.uk. Journal of Privacy and Confidentiality 2011, 2011(1):51-65.
72. Sweeney L. Uniqueness of simple demographics in the U.S. 2006, Carnegie Mellon University, Population.
73. The Task Force Smart Grids Expert Group 2 Essential regulatory requirements and recommendations for data handling, data safety, and consumer protection recommendation to the European Commission (final draft) 2011.
74. UK Comptroller and Auditor General Implementing transparency: Cross government review 2012, National Audit Office, London.
75. Van der Sloot B., Zuiderveen Borgesius F.J. Google's dead end, or: On Street View and the right to data protection: An analysis of Google Street View's compatibility with EU data protection law. Computer Law Review International 2012, 4:103-109.
76. Vickery G. Review of recent studies on PSI re-use and related market developments 2011.
77. VTEBG (Vlaamse Toezichtcommissie voor het elektronische bestuurlijke gegevensverkeer) Aanvraag tot machtiging van het ter beschikking van de mobile mapping beelden door het Agentschap voor Geografische Informatie Vlaanderen (AGIV) aan het AGIV zelf en de steden en gemeenten en de deelnemers aan GDI-Vlaanderen voor een aantal taken in het kader van de uitvoering van het CRABdecreet, Beraadslaging VTC nr. 15/2011 van 22 juni 2011 2011.
78. Watts M., Brunger J., Shires K. Do European data protection laws apply to the collection of WiFi network data for use in geolocation look-up services?. International Data Privacy Law 2011, 1(3):149-160.