Datafication 6 Flashcards
Rights of Data Subject
- transparency (no request)
- Obligation to inform (no request)
- Right to access
- Right to rectification / correction
- right to be forgotten
- right to restrict
- right to dataportability
- right to object
- right not to be subject of an automated decision
How should privacy policy look like? Transparency Art. 12
- dc must take measures to provide info Art. 13 & 14 to ds & any communication under 15-22 (rights of ds) relating to processing
- form: concise, transparent, intelligible (= clear & plain language), easy accessible
Transparency Art. 12 - easy accessible
ds should not seek information -> never more than “two-taps away”
- e.g. not: positioning or color that make text / link less noticeable
- direct link = clearly visible on each page of website under common used term (e.g. Privacy, Data Protection Notice, Privacy Policy))
e.g. apps when to see privacy note?
- necessary information from an online store prior to download
- after installation still need information
Transparency Art. 12 - transparent
- no vague words = poor practice as ambiguous
- avoid: “may”, “might”, “some”, “often”, “possible”
What should privacy policy include? Obligation to inform Art. 13 & 14
Art. 13: When dc directly collets data from ds
Art. 14: when dc gets data from someone else about ds
1) processing is taking place, 2) what processing entails, 3) rights
When inform ds? Obligation to inform Art. 13 & 14
Art. 13: At time of collection from ds
Art. 14: Within 1 month when collected from 3rd party
When no obligation to inform (exception)? Art. 13 & 14
- DS already informed
- Impossible, disappropriate effort
- Obtaining or disclosure expressly laid down by Union or Member state
- Pd confidential due to professional secrecy regulated by Eu or MS
general: exception of dc fulfilling the rights of ds
- not able to identify ds
- when restrictions can be applied
- further processing necessary
- request manifestly unfounded or excessive: charge reasonable fee or refuse to act on request
general: rights of ds
- Dc can not refuse action on rights request (exceptions)
- Dc must inform ds without delay & within 1 month
- verbally or orally
- rights provided free of charge (exceptions)
Right of Access Art. 15
ds right to obtain confirmation from dc if pd processed & if yes provide copy of pd
Right of Access Art. 15 - Exceptions
copy would affect rights & freedoms of others (e.g. trade secrets, info of other ds)
e.g. Rijkeboer case - Right of Access Art. 15
CJEU decided that acces not limited to records kept one year before request (ds would not be able to exercise right to have pd presumed unlawful or incorrect rectified etc.)
Right of Rectification Art. 16
ds right to correct inaccurate personal data (= incorrect or misleading) or to complete it
e.g. Peter Nowak case - Right of Rectification Art. 16
student who was declaimed to see his exam papers, court decided: access right with the aim of rectification
- Content of answers reflect knowledge in field & intellect, judgment & info to his handwriting
- Purpose: evaluate professional abilities
- Use of information possibly has effect, e.g. influence change of entering profession