Ethical and Legal Issues Flashcards
Data Protection Act 1998
exists to ensure that organisations in the UK comply with the law regarding data privacy
Investigatory Powers Act 2016
sets out rules on the use of investigatory powers by law enforcement and the security and intelligence agencies
phone companies and internet service providers are required to keep copies of users’ emails and browsing histories for a period of time
also gives the police and security services the authority to access computers and phones to search for data.
controversial, with opponents concerned over how it impacts people’s right to privacy
General Data Protection Regulation
European-wide law that tightens data privacy and gives
data subjects
extra rights, including:
The right to be informed – data subjects have a right to know what data is collected about them and what it will be used for.
The right of access – data subjects can view any personal data of theirs that an organisation holds.
The right to rectification – data subjects can have inaccurate personal data corrected and incomplete data made complete.
The right to erasure – a data subject can ask, in certain circumstances, for all of their data to be erased.
The right to restrict processing – data can only be processed in a way agreed by the data subject.
The right to data portability – personal data can be transferred to and used by other organisations if the data subject wishes so.
The right to object – in certain circumstances, data subjects can object to personal data being processed. An example of this would be in an automated decision process such as filling in an online form for a bank loan. The decision on whether or not to grant a loan has to have human input.
The right to make a complaint – this is made to the Information Commissioner and relates to how personal data is held or processed.
Authorities have the power to fine an organisation up to €20 million, or 4% of its annual
turnover
, if it fails to comply with GDPR rules.
