Andrew Muddiman, Deborah Markham, Therese Friberg, Christian Reuter, Federico Sangiorgio, Tony O’Brien, Kerstin Junge
EmerGent aims to understand the impact of social media in emergencies, thus will potentially be dealing with large quantities of social media data. To ensure the project is respecting the privacy of social media users we must be aware of, and compliant with, European laws on data protection and privacy. Thus we are continually monitoring the relevant law, and here we provide a summary of our findings to date. We also provide information about measures that will be in place to prevent improper use or disclosure of the data, as well as ensuring forensic readiness of our system. To ensure we continually consider and evaluate data protection risks, we provide an updated Privacy Impact Assessment which will be used for the remainder of the project for identifying, assessing and recording risks.
Purpose of the document
This deliverable provides a description of the European Data Protection and Privacy laws relevant to the EmerGent project. We discuss the EU Data Protection Directive, which acts as a guideline for data protection laws in each EU country, as well as investigating the laws based upon this directive in a number of EU countries. We also explain the measures we are taking to ensure compliance with these legal requirements throughout the project. In particular, we include a detailed discussion on security measures that we will implement in our system to prevent improper use, improper data disclosure and mission creep (data used for unintended purposes by project partners or a third party). Additionally, we provide an update guideline on the project’s Privacy Impact Assessment, which allows a more thorough evaluation and mitigation of the risks than was previously in place. Having this procedure in place ensures we have a process for identifying, assessing and recording risks, and that all partners have a clear understanding of the necessary steps to be taken.