Article 25 Data protection by design and by default

2020 ◽  
Author(s):  
Lee A. Bygrave
Keyword(s):  
Public Interest ◽  
Data Protection ◽  
Codes Of Conduct ◽  
Personal Data ◽  
Historical Research ◽  
Individual Decision Making ◽  
The Public ◽  
Definition Of ◽  
Article 5 ◽  
Data Subject

Article 4(5) (Definition of ‘pseudonymisation’) (see too recital 28); Article 5(2) (Accountability) (see too recital 11); Article 6(4)(e) (Compatibility); Article 22 (Automated individual decision-making, including profiling) (see too recital 71); Article 24 (Responsibility of controllers); Article 28 (Processors) (see too recital 81); Article 32 (Security of processing) (see too recital 83); Article 34(3)(a) (Communication of personal data breach to data subject) (see too recitals 87–88); Article 35 (Data protection impact assessment) (see too recital 84); Article 40 (Codes of conduct); Article 83(2)(d) and 83(4) (Fines); Article 89(1) (Safeguards relating to processing of personal data for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes).

Article 19 Notification obligation regarding rectification or erasure of personal data or restriction of processing

2020 ◽  
Author(s):  
Gloria González Fuster
Keyword(s):  
Public Interest ◽  
Personal Data ◽  
Historical Research ◽  
Information Communication ◽  
The Public ◽  
Right To Be Forgotten ◽  
Definition Of ◽  
Data Subject

Article 4(9) (Definition of ‘recipient’); Article 12 (Transparent information, communication and modalities for the exercise of the rights of the data subject); Article 16 (Right to rectification), Article 17(1) (Right to erasure (‘right to be forgotten’)); Article 18 (Right to restriction of processing); Article 58(2)(g) (Powers of supervisory authorities); Article 89(3) (Safeguards and derogations relating to processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes).

Article 16 Right to rectification

2020 ◽  
Author(s):  
Cécile de Terwangne
Keyword(s):  
Public Interest ◽  
Personal Data ◽  
Data Accuracy ◽  
Historical Research ◽  
Information Communication ◽  
The Public ◽  
Article 5 ◽  
Data Subject

Article 5(d) (Principles relating to processing of personal data—accuracy) (see too recital 39); Article 12 (Transparent information, communication and modalities for the exercise of the rights of the data subject) (see too recital 59); Article 19 (Notification obligation regarding rectification or erasure of personal data or restriction of processing); Article 23 (Restrictions) (see too recital 73); Article 89 (Safeguards and derogations relating to processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes) (see too recital 156).

Article 9 Processing of special categories of personal data

2020 ◽  
Author(s):  
Ludmila Georgieva ◽  
Christopher Kuner
Keyword(s):  
Decision Making ◽  
Data Protection ◽  
Personal Data ◽  
Genetic Data ◽  
Biometric Data ◽  
Individual Decision Making ◽  
Vital Interest ◽  
Data Portability ◽  
Definition Of ◽  
Data Subject

Article 4(1) (Definition of personal data); Article 4(2) (Definition of processing); Article 4(11) (Definition of consent); Article 4(13) (Definition of genetic data, see also recital 34); Article 4(14) (Definition of biometric data); Article 4(15) (Definition of data concerning health, see also recital 35); Article 6(4)(c) (Lawfulness of processing, compatibility test) (see too recital 46 on vital interest); Article 13(2)(c) (Information to be provided where personal data are collected from the data subject); Article 17(1)(b), (3)(c) (Right to erasure (‘right to be forgotten’)); Article 20(1)(a) (Right to data portability); Article 22(4) (Automated individual decision-making, including profiling); Article 27(2)(a) (Representatives of controllers or processors not established in the Union); Article 30(5) (Records of processing activities); Article 35(3)(b) (Data protection impact assessment) (see too recital 91); Article 37(1)(c) (Designation of the data protection officer) (see too recital 97); Article 83(5)(a) (General conditions for imposing administrative fines).

Article 5 Principles relating to processing of personal data

2020 ◽  
Author(s):  
Cécile de Terwangne
Keyword(s):  
Public Interest ◽  
Personal Data ◽  
Historical Research ◽  
The Public ◽  
Article 5

Article 6(1) (Lawfulness of processing) (see too recitals 40–49); Article 6(4) (Exceptions to the requirement of compatible purposes for further processing and criteria to ascertain whether a purpose of further processing is compatible with the purpose for which the personal data are initially collected) (see too recital 50); Article 12 (Transparent information) (see too recitals 58–59); Articles 13–15 (Information and access to personal data) (see also recitals 60–64); Article 24 (Responsibility of the controller) (see too recitals 74–78) ; Article 32 (Security of processing) (see too recital 83); Article 89(1) (Safeguards and derogations relating to processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes) (see too recitals 158–163).

Conditions of the Right to Erasure

2020 ◽  
pp. 196-274
Author(s):  
Jef Ausloos
Keyword(s):  
Public Interest ◽  
Freedom Of Expression ◽  
Personal Data ◽  
Historical Research ◽  
Legal Obligation ◽  
The Public ◽  
The Third ◽  
Legal Provisions ◽  
The Right ◽  
Data Subject

This chapter zooms in on Article 17 GDPR, on the right to erasure (‘right to be forgotten’). It meticulously dissects the three paragraphs of this provision. The first paragraph lists six rights-to-erasure triggers which can be summarized as: (a) purpose expiration; (b) withdrawal of consent; (c) right to object; (d) unlawful processing; (e) legal obligation; and (f) withdrawal of consent by minors in the online environment. The second paragraph comprises an odd extension of the right to erasure, enabling data subjects to request that controllers who have made the personal data public, communicate potential erasure to anyone else processing that same personal data. The third paragraph lists five exemptions to the right to erasure, summarized as: (a) freedom of expression and information; (b) legal obligation or task carried out in the public interest or official authority; (c) public interest in the area of public health; (d) public interest archiving, scientific and historical research, or statistical purposes; and (e) legal claims. What becomes clear right away is how both the right-to-erasure’s triggers and exemptions all refer to other legal provisions in and outside the GDPR. As such, the right to erasure can be seen as a central hub in the GDPR, bringing together key data protection principles from the perspective of data subject empowerment.

Processing of personal data relating to the health of the data subject in a pandemic situation

Glimpse ◽  
2021 ◽  
Vol 22 (1) ◽  
pp. 95-99
Author(s):  
Juan Francisco Rodriguez Ayuso ◽  
Keyword(s):  
Public Interest ◽  
Data Protection ◽  
Personal Data ◽  
The State ◽  
Community Level ◽  
Interested Party ◽  
Health Crisis ◽  
The Public ◽  
Vital Interest ◽  
Data Subject

This study offers a systematic, exhaustive and updated investigation of the declaration of the state of alarm and the processing of personal data relating to the health of citizens affected and/or potentially affected by the exceptional situation resulting from COVID-19. Specifically, it analyses the distinction between the state of alarm and the states of exception and siege and the possible effect on the fundamental right to the protection of personal data in exceptional health crisis situations and the effects that this declaration may have on the applicable regulations, issued, at a Community level. Next, and taking into consideration all the general and sectorial regulations applicable to data protection and health, we proceed to the analysis of the legitimate bases and the exceptions that, applicable to situations of health emergency such as the present one, enable the processing, taking into account the nature of the person who intervenes as the controller, making special emphasis on the public interest pursued by the Public Administrations and on the vital interest of the interested party.

Article 18 Right to restriction of processing

2020 ◽  
Author(s):  
Gloria González Fuster
Keyword(s):  
Public Interest ◽  
Historical Research ◽  
The Public ◽  
Definition Of ◽  
The Right ◽  
Article 5

Article 4(3) (Definition of ‘restriction of processing’); Article 5(1)(d) (Principle of accuracy); Article 16 (Right to rectification); Article 5(1)(a) (Principle of lawfulness); Article 17(1)(d) (Right to erasure based on unlawful processing); Article 5(1)(c) (Principle of data minimisation); Article 17(3)(e) (Limitations to the right to erasure); Article 19 (Notification obligation); Article 21 (Right to object); Article 89 (Derogations relating to processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes); Article 58(1)(g) (Powers of supervisory authorities).

Article 11 Processing which does not require identification

2020 ◽  
Author(s):  
Ludmila Georgieva
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Information Communication ◽  
Definition Of ◽  
Article 5 ◽  
Data Subject

Article 4(1) (Definition of ‘personal data’); Article 5 (Principles relating to processing of personal data) (see too recital 39); Article 6 (Lawfulness of processing); Article 12 (Transparent information, communication and modalities for the exercise of the rights of the data subject); Articles 15–20 (Data subject rights) (see too recital 64); Article 24 (Responsibility of the controller); Article 25 (Data protection by design and default) (see too recital 78); Article 32 (Security of processing) (see too recital 83).

Article 89 Safeguards and derogations relating to processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes

2020 ◽  
Author(s):  
Christian Wiese Svanberg
Keyword(s):  
Public Interest ◽  
Personal Data ◽  
Historical Research ◽  
The Public ◽  
Article 9 ◽  
Article 5

Article 4 (Definitions) (see too recital 26); Article 5 (Principles relating to processing of personal data); Article 6 (Lawfulness of processing) (see too recital 50); Article 9 (Processing of special categories of personal data) (see too recitals 52–53).

Article 22 Automated individual decision-making, including profiling

2020 ◽  
Author(s):  
Lee A. Bygrave
Keyword(s):  
Decision Making ◽  
Impact Assessment ◽  
Data Protection ◽  
Personal Data ◽  
Individual Decision Making ◽  
Definition Of ◽  
Article 5 ◽  
Automated Decision Making ◽  
Right Of Access ◽  
Legal Grounds

Article 3(2)(b) (Monitoring of data subjects’ behaviour); Article 4(4) (Definition of ‘profiling’); Article 5(1)(a) (Fair and transparent processing) (see also recitals 39 and 60); Article 5(2) (Accountability); Article 6 (Legal grounds for processing of personal data); Article 8 (Conditions applicable to children’s consent in relation to information society services); Article 12 (see too recital 58); Article 13(2)(f) (Information on the existence of automated decision-making); Article 14(2)(g) (Information on the existence of automated decision-making); Article 15(1)(h) (Right of access regarding automated decision-making); Article 21 (Right to object) (see also recital 70); Article 23 (Restrictions); Article 35(3)(a) (Data protection impact assessment) (see too recital 84); Article 47(2)(e) (Binding corporate rules); Article 70(1)(f) (EDPB guidelines on automated decisions based on profiling).

Sign in / Sign up

Export Citation Format

Share Document