Datafication 3 Flashcards

1
Q

principles of processing personal data

A

Art. 5 (1) 6:
1. Lawful, Fair & Transparent in relation to data subject
2. Purpose Limitation
3. Data minimization
4. Accuracy
5. Storage limitation
6. Integrity and Confidentiality

Art. 5(2): Accountability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Requirements for processing lawfully

A
  • 6 Principles Art. 5 and
  • 1 Legal Basis Art. 6 & 9
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Lawfullness of Processing - Art. 5(1)(a)

A
  • Processing in compliance with data protection legislation (not: e.g. processing data when collected under threat)
  • establish a legitimate basis – GDPR art. 6 & 9
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Fairness of Processing - Art. 5(1)(a)

A
  • Reasonable from data subjects point of view (only relevant information)
  • Need to be seen in context (of lawfulness)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Transparency of Processing - Art. 5(1)(a)

A
  • Applies to 3 areas:
    1. provision of info to ds related to fair processing
    2. way dc communicates rights to ds
    3. way dc facilitate exercising of rights to data subjects
  • Duty to inform ds
    1. about a) risks, rules, safeguards & rights of processing & b) how to exercise rights
    2. in clear (= easy to understand) & accessible way
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Purpose limitation - Art. 5(1)(b)

A
  • pd must be collected for purpose that is:
    1. Specified
    2. Explicit
    3. Legitimate
  • no further processing incompatible with purpose of pd
  • Purpose must be clear at time of collection
  • Processing must be within scope of dc activities (e.g. employment HR)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Purpose limitation - Art. 5(1)(b) - Purpose must be specific

A

sufficiently defined to
a) implement necessary data protection safeguards &
b) limit scope of processing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Purpose limitation - Art. 5(1)(b) - Purpose must be explicit

A
  • sufficiently unambiguously & clearly revealed
  • in intelligible form
  • no vagueness or ambiguity of meaning or intent, considering relevant cultural & linguistic backgrounds
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Purpose limitation - Art. 5(1)(b) - Purpose must be legitimate

A
  • Compatible with broader legal principles of applicable law (e.g. employment law, consumer protection law, fundamental rights)
  • Processing requires a legal basis
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

e.g. purpose? “improving users experience”, “marketing purposes”, “IT-security purposes” or “further research”

A

vague or general -> usually not sufficiently specific (depends on particular context)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Data minimization - Art. 5(1)(c)

A
  • Pd must be
    1) adequate, 2) relevant & 3) limited
    to what is necessary in relation to purpose for which it is processed
  • Dc aim: process as few pd as possible “Must have to fulfill job vs nice to have”
  • pd storage time limited to strict minimum -> time limits should be established by controller for erasure & periodic review
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Accuracy - Art. 5(1)(d)

A

Pd must be kept up to data & incorrect must be deleted or rectified (dc own initiative <-> ds rights such as right to rectification must be initiated by ds)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Storage limitation - Art. 5(1)(e)

A
  • Limit: no longer than necessary for purpose (never unlimited) e.g. selling bed with guarantee 10 years -> storing limit 10 years because its needed
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Integrity & Confidentiality - Article 5 (1) (f)

A
  • Processed in manner ensuring appropriate security
  • protection against unauthorized or unlawful processing & access & accidental loss destruction or damage
  • Obligation: implement technical & organizational security measures appropriate to risk (article 32 = security of processing)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Accountability - Art. 5(2)

A

principles of Art 5(1)
- dc responsible (= actively & continuously implement measures to promote & safeguard principles) &
- must be able to demonstrate compliance (= to ds & supervisory authorities) )

How well did you know this?
1
Not at all
2
3
4
5
Perfectly