Class notes
College Notes Privacy - Week 3
- Course
- Institution
Lecture Notes 3 of Privacy
[Show more]
Seller
Follow
JustASmallTownGirl
Reviews received
Content preview
Key concepts and principles in data protection lawConcepts: Personal Data
Nature of Personal Data
Any kind of information can be personal data if it relates to an identified or
identifiable person
A person is considered identifiable if there are enough elements available through
which the person can be directly or indirectly identified
An individual, while not identified, can be singled out by this information in a way
which makes it possible to find out who the data subject is by conducting further
research
Art. 4 lid 1 GDPR
‘’can be identified, directly or indirectly, in particular by reference to an identifier such as a
name, an identification number, location data, an online identifier or to one or more factors
specific to the physical, physiological, genetic, mental, economic, cultural or social identity of
that person’’
Keep in mind:
- Amann case ECtHR – the term ‘personal data’ as not being limited to matters of
the private sphere of an individual
- In the joined cases YS v. Minister voor Immigratie, Integratie en Asiel and Minister
voor Immigratie, Integraties en Asiel v. M and S, the CJEU held that the legal
analysis contained in a draft decision of the Immigration and Naturalisation
Service dealing with residence permit applications does not in itself constitute
personal data, even though it may include some personal data
Beneficiaries: Difference between legal and natural person
Under EU law:
- Natural persons are the only beneficiaries of data protection rules
- Only living beings are protected under European data protection law
- EU data protection law does not cover data processing which concern legal
persons, and does not concern undertakings established as legal persons,
including the name and form of the legal person and their contact details
ECtHR case: Bernh Larsen Holding AS and Others v. Norway
- Legal person, art. 8 ECHR
Concepts: Personal Data Anonymisation
The process of anonymising data means that all identifying elements are eliminated
from a set of personal data so that the data subject is no longer identifiable
For data to be anonymised, no element may be left in the information which could,
by exercising reasonable effort, serve to re-identify the person(s) concerned
, When data have been successfully anonymised, they are no longer personal data and
data protection legislation no longer applies
Whenever the data subject, for the purpose of exercising the rights of access,
rectification, erasure, restriction of the processing and data portability, provides
additional information to the controller enabling his or her identification, then those
data which were previously anonymised become personal data again (art. 11 GDPR)
Concepts: Personal Data Pseudonymisation
The process of pseudonymising personal data means that attributes are replaced by
a pseudonym
- Attributes: date of birth, sex, address, or other elements that could lead to
identification
Art. 4 lid 5 GDPR
‘’the processing of personal data in such a manner that the personal data can no
longer be attributed to a specifc data subject without the use of additional
information, provided that such additional information is kept separately and is
subject to technical and organisational measures to ensure that the personal data are
not attributed to an identified or identifiable natural person’’.
Concepts: Personal Data Sensitive Data
Art. 9 GDPR: Sensitive data are personal data revealing:
- Racial or ethnic origin;
- Political opinions, religious or other beliefs, including philosophical beliefs;
- Trade union memberships;
- Genetic data and biometric data processed for the purpose of identifying a
person;
- Health, sexual life or sexual orientation
Concepts: Data processing
‘Data processing’ concerns any operation performed on personal data
What does it cover?
Automated and non-automated processing (art. 2 lid 1 & art. 4 lid 2 GDPR)
Manual processing in structured filing systems
Concepts: Users of personal data
1. Controller
- Whoever determines the means and purposes of processing the personal data of
others
2. Joint controllers:
- If several persons take this decision together, they may be ‘joint controllers’
3. Processor:
- A natural or legal person that processes personal data on behalf of a controller.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller JustASmallTownGirl. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $3.35. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
83430 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now