|
7 of 10 
|
Terms and Definitions
This is a list of terms and definitions in order to help users of the SafeTRIP system to gain a better understanding of data protection issues.
Privacy by design
This should be overall aim of SafeTRIP and its applications. Privacy by design is the integration of privacy and data protection into the design specifications and architecture of information and communication systems and technologies.
Personal data
Personal data is, according to the Data Protection Directive, "Any information relating to an identified or identifiable natural person, referred to as ‘data subject’ - an identifiable person is someone who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity".
Adequacy decision
An adequacy decision allows personal data to flow from EU to non-EU countries for processing and analysis. The decision is made by the European Commission that the non-EU country ensures an adequate level of protection of personal data through its domestic laws and/or international treaties. There have been seven agreements thus far: general agreements with Switzerland, Canada, Argentina, Guernsey, and the Isle of Man, along with two limited agreements with the United States. These are the US Department of Commerce Safe Harbor Privacy Principles, and the transfer of Air Passenger Name Record data to the US Bureau of Customs and Border Protection.
Article 29 working party
An Article 29 Working Party is the short name of the Data Protection Working Party established by Article 29 of the Data Protection Directive. It provides the European Commission with independent advice on data protection matters and helps in the development of harmonized policies for data protection in the EU Member States.
Confidentiality
Confidentiality is the duty not to share information with persons who are not qualified to receive that information. It the context of SafeTRIP, the E-Privacy Directive provides for the confidentiality of communication. Confidentiality of processing is defined in the Data Protection Directive as the obligation of any person acting under the authority of the controller or the processor, and who has access to personal data, to not process data except on instructions from the controller, unless he is required to do so by law.
Consent
Consent is defined in the Data Protection Directive as freely given, specific and informed indication of the wishes of a data subject, by which he/she agrees to personal data relating to him/her being processed. Consent is an important element in data protection legislation as it is one of the conditions that can legitimize processing of personal data. The obtained consent can only be used for the specific processing operation for which it was collected, and may in principle be withdrawn without retroactive effect.
Data subject
The data subject is the person whose personal data is collected, held or processed.
Processing (of personal data)
According to the Data Protection Directive, processing of personal data refers to "any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.”
Figure 3: The processing of data can occur in several places in addition to the vehicle
Data quality
Data quality is a set of principles that personal data should be:
- processed fairly and lawfully;
- collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes. Further processing may be allowed for historical, statistical or scientific purposes provided that appropriate safeguards have been provided by the controller;
- adequate, relevant and not excessive in relation to the original purpose;
- accurate and where necessary kept up to date; and
- kept in a form which permits identification of data subjects for no longer than is necessary. If data are stored for longer periods for historical, statistical or scientific use, they should be kept either in anonymous form only or, if not possible, only with the identity of the data subjects encrypted.
Data security
According to the Data Protection Directive, the data controller shall implement appropriate technical and organizational measures to ensure an appropriate level of security as a result of processing and the nature of the personal data collected.
Personal data filing system
According to the 2001 EU Data Protection Regulations, a personal data filing system refers to "any structured set of personal data which are accessible according to specific criteria, whether centralized, decentralized or dispersed on a functional or geographical basis. The definition is independent of the size of the filing system, which may vary according to the circumstances.
Recipient
The Data Protection Directive defines a recipient as "a natural or legal person, public authority, agency or any other body to whom data are disclosed, whether a third party or not; however, authorities which may receive data in the framework of a particular inquiry shall not be regarded as recipients.
Data Retention Directive
The Data Retention Directive obliges providers of electronic communications to retain traffic and location data of communications such as phone and email for the purpose of the investigation, detection and prosecution of serious crime.
7 of 10
SAFETRIP.eu is a project co-funded by the European Commission, DG Research
© Copyright 2012 SafeTRIP
