Privacy Flashcards
What is privacy
Refers to a moral right of individuals to avoid intrusion into their personal affairs by third parties
What type of information is collected by digital marketers
Contact information Profile information Platform usage Behavioural insights on a single site Behavioural information on multiple sites
How is contact information approached
Online forms
Cookies
How is profile information collected
Online registration forms
Cookies
How is platform usage identified
Analytics
How are behavioural insights collected
Purchase history
Web analytics
First party cookies
Malware
How is behaviour information on multiple sites collected
Third party cookies
Search engines
Sites monitoring internet traffic
What is GDPR
General data protection regulation
What are the requirements of GDPR
All data controllers and processors that handle the personal information of EU residents must implement the appropriate technical and organisational measures to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services or face fines up to 20 million euro or 4% of annual global turnover
Who does GDPR apply to
All member states of the EU
And any organisation anywhere in the world that provides service into the EU involving processing personal data
2 benefits of GDPR
Protects the rights privacy and freedom of EU people
Helps business operate uniformly across all eu states
Facilitates the free movement of data throughout the EU
5 important terms in privacy
Processing Controller Processor Personal data Supervisory authority
What does processing mean
Any operation which is perform d on personal data eg Collecting Recording Organising Structuring Storing Adapting Retrieving Consulting Using Disclosing Transmission Dissemination Making available alignment or combination, restriction, erasure or destruction
What does controller mean
The natural or legal person, public authority max agency or other body which determines the purposes and means of processing personal data
What is a processor
The natural or legal person, public authority, agency, or other body which proceeded personal data on behalf of the controller
What is personal data
Any information relating to an identified or identifiable person or ‘data subject’.
An identifiable natural person is one who can be identified directly or indirectly in particular reference to an identifier such as name, id number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the person.
What is supervisory authority
An independent public authority which is established by a member state pursuant to article 51.
It is the governmental organisation in each member state that is responsible for the enforcement of GDPR
UK- ICO information commissioners office
What are data subject rights
Rights data subjects have in relation to their personal data
What are four examples of data subject rights
The right for individuals to have a sense of control over their personal data through obligating organisations to provide transparency on their data processing methods
The entitlement for data subjects to complain to supervisory authorities and seek judicial remedies against controllers and processes for damages (both materials and non material) arising from breaches of the GDPR
The security of any personal data that is passed to a processor which the controller is responsible for, wether the processor is inside or outside the EU
The time limits for organisations to respond to subject access requests and introduce new rights such as the right to data portability
What information does right to access regulation state data subjects must be given access to
A copy of their personal data
The purposes of processing their data
The categories of the data being processed
The third parties or categories of third parties that will receive their data
How long does GDPR give data controllers to respond to right to access requests
1 month and it should be free of charge
What is the right to rectification
The data subject had the right to rectify any inaccuracies in the personal data held about them
Eg if customers view their personal data online you might use the same web interface to allow them to edit their personal data
What is the right to be forgotten
Data subjects can request that information is erased if they withdraw consents or there is an issue with the underlying legality of the processing
Reasons organisations are not automatically obliged to delete data under GDPR
1) to protect the right of freedom of expression and information
2) to comply with a EU legal obligation
3) to perform a task in the wider public Interest or exercise of official authority
4) for public health reasons
5) for archiving scientific or historical research or statistical purposes
6) for the establishment, exercise or defence of legal claims
What is the right to restriction of processing
Although an organisation can store the personal data this right means that it can’t process the data further unless the individual gives their consent to lift the restriction or the processing is necessary for the establishment of legal claims, to protect the right of another person or interest if the wider public
When does an individual have the right to restrict the processing of data
If they contest the accuracy of the data
If the processing of the data is unlawful but the data subject does not want their data to be erased and instead requests the restriction of their use
If the controller no longer needs the personal data for purposes of processing but the data subject requires the data to establish exercise or defend legal claims
If they object to their data in accordance with the right to object and restriction is used while
The controller seeks to verify the legitimate grounds for continuing processing
What is the right to data portability
The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services. It allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability.
What is the right to object
A data subject can object to having their personal data processed
The UK GDPR gives individuals the right to object to the processing of their personal data in certain circumstances.
Individuals have an absolute right to stop their data being used for direct marketing.
In other cases where the right to object applies you may be able to continue processing if you can show that you have a compelling reason for doing so.
You must tell individuals about their right to object.
An individual can make an objection verbally or in writing.
You have one calendar month to respond to an objection.
What is consent
The data subject freely gives specific informed and unambiguous indication of the data subjects wishes by which he kr she signifies agreement to the processing of Personal data
