GDPR Flashcards
FIRST LEGAL ARTICLE PUBLISHED ON THE RIGHT TO PRIVACY
SAMUEL WARREN AND LUIS BRANDEIS ; HARVARD LAW REVIEW 1890
1ST LAW ON DATA PROTECTION PASSED
FEDERAL STATE OF HESSEN, GERMANY 1970
ADEQUACY PRINCIPLE
FUNDAMENTAL PRINCIPLE; GUIDES THE EXPORT OF PERSONAL DATA OF EU CITIZENS OUTSIDE OF THE UNION ( TO COUNTRIES WITH ADEQUATE REGULATIONS REGARDING DATA PROCESSING)
EU LEGAL PACKAGE
GDPR, CONVENTION 108, DIRECTIVE 680/2016, DIRECTIVE 95/46, FUTURE E-PRIVACY REGULATION
DIRECTIVES
DIRECTIVE 95/46; REPEALED BY GDPR BUT STILL RELEVANT FOR SOME TRANSITIONAL ISSUES
DIRECTIVE 680/2016; KNOWN AS THE LAW ENFORCEMENT DIRECTIVE (AGAINST TERRORISM)
GDPR MAINLY:
-OVERRIDES EU DATA PROTECTION DIRECTIVE OF 1995
-COVERS ONLY PERSONAL DATA PROCESSING OF ORGANIZATIONS
-ENSHRINES 6 PRINCIPLES
CONFLICT BETWEEN RIGHT TO PROTECTION OF PERSONAL DATA AND RIGHT TO FREEDOM OF EXPRESSION
AD HOC BASIS, THE PRELEVANCE OF ONE OVER ANOTHER IS JUDGED BY THE FACTS OF EACH INDIVIDUAL CASE
WHAT TYPE OF LAW IS GDPR
RISK-BASED, EVEN IF THERE IS A MINIMUM RISK REGARDING DATA-PROCESSING THEN GDPR IS CONSIDERED
BALANCING OF RIGHTS
AS ESTABLISHED BY RECITAL 4, THE PROTECTION OF PERSONAL DATA IS NOT AN ABSOLUTE RIGHT, IT MUST BE CONSIDERED IN RELATION TO ITS FUNCTION IN SOCIETY AND BE BALANCED AGAINST FUNDAMENTAL RIGHTS
THE PRINCIPLE OF PROPORTIONALITY
MUST BE CONSIDERED IN THE CASE OF CONFLICT BETWEEN PERSONAL DATA PROTECTION RIGHTS AND FUNDAMENTAL RIGHTS, BALANCE OF INTEREST BETWEEN DATA CONTROLLER AND SUBJECT. RELATES TO THE IDEA THAT PROCESSING OF DATA MUST BE PROPORTIONATE TO ITS INTENDED USE.
TERRITORIAL SCOPE OF GDPR
Article 3 specifies that the GDPR applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the European Union (EU), regardless of where the processing takes place.
IN ACCORDANCE TO ARTICLE 3, PROCESSING OF DATA SUBJECTS WITHIN THE EU BY A CONTROLLER/ PROCESSOR NOT ESTABLISHED IN THE EU.
- THE SELLING OF GOODS AND SERVICES TO EU RESIDENTS (IRRESPECTIVE TO WETHER PAYMENT IS REQUIRED)
-THE MONITORING OF BEHAVIOUR WITHIN EU
ARTICLE 5
ALL BASIC PRINCIPLES OF GDPR SHOULD APPLY IN A ACUMMULATIVE WAY
CONTROLLER
NATURAL OR LEGAL PERSON, AGENCY OR BODY WHO ALONE OR JOINTLY DETERMINES THE PURPOSES AND MEANS OF PROCESSING DATA
RECITALS
EXPLAIN THE REASONING BEHIND THE PROVISIONS AND PROVIDE COMPLIMENTARY INFORMATION ON GDPR
ARTICLE 29 WORKING PARTY
PROVIDES EU WITH INDEPENDENT ADVICE ON DATA PROTECTION MATTERS AND HELPS THE DEVELOPMENTS HARMONIZED POLICIES.
(MADE UP OF NATIONAL REPRESENTATIVES)
PRIMARY V SECONDARY LAW
PRIMARY LAWS ARE LAWS CREATED BY TREATIES AND CHARTERS
SECONDARY LAWS ARE REGULATIONS MADE MY MINISTERS AND DIRECTIVES
CONVENTION 108
IS THE OLDEST CONVENTION WHICH PROTECTS PERSONAL DATA PROTECTION
EU CHARTER OF FUNDAMENTAL RIGHTS; ARTICLE 8
EVERYONE HAS THE RIGHT TO PROTECTION OF DATA CONCERNING HIM OR HER. THERE MUST BE A SPECIFIED REASON AND A BASIS OF CONSENT.
INTERNAL MARKET
THE SINGLE MARKET CREATED BY THE EU AMONG ITS MEMBER STATES TO EASE MOVEMENTS OF GOODS AND SERVICES
PERSONAL DATA
PERSONAL DATA WHICH RELATES TO AN IDENTIFIED OR IDENTIFIABLE PERSON
PROCESSING
ACTIONS DONE WITH PERSONAL DATA; AUTOMATED OR NOT. COULD BE COLLECTING, RECORDING, ORGANIZING, ADAPTING AND EVEN DELETING.
RESTRICTION OF PROCESSING
MARKING DATA TO LIMIT ITS PROCESSING IN THE FUTURE.
PROFILING
AUTOMATED PROCESSING OF DATA TO ANALYZE OR PREDICT ASPECTS OF A NATURAL PERSON IN THE FUTURE (HEALTH, LOCATION MOVEMENT) USUALLY THROUGH AI
ICO
SUPERVISORY SUBJECT FOR DATA PROTECTION IN THE EU
