Samenvatting
Samenvatting GDPR regulation and law cluster 4 en 5
- Instelling
- Tilburg University (UVT)
Een uitgebreide samenvatting met voorbeelden van cluster 4 en 5 van het vak regulation and law aan de universiteit van tilburg.
[Meer zien]Voorbeeld 3 van de 30 pagina's
Voorbeeld 3 van de 30 pagina's
In winkelwagengesponsord bericht van onze partner
Voorbeeld van de inhoud
Samenvatting regulation and law final exam.Readings week 4
3. Key principles of European data protection law.
Article 5 of the general data protection regulation (GDPR) sets out the principles governing the
processing of personnel data. These principles cover:
- Lawfulness, fairness, and transparency.
- Purpose limitation.
- Data minimization.
- Data accuracy.
- Storage limitation.
- Integrity and confidentiality.
Any exemptions from and restrictions to these key principles may be provided for at EU level or national
level; they must be provided for by law, purse a legitimate aim and be necessary and proportionate
measures in a democratic society. All three conditions must be fulfilled!
3.1 The lawfulness, fairness, and transparency of processing principles.
3.1.1 Lawfulness of processing.
EU and CoE data protection laws require personnel data to be processed lawfully. Lawful processing
requires the consent of the data subject or another legitimate ground provided in the data protection
legislation. Article 6(1) of the GDPR includes five lawful grounds for processing, in addition to consent.
3.1.2. Fairness of processing.
In addition to lawful processing, EU and CoE data protection laws require personal data to be processed
fairly. The principle of fair processing governs primarily the relationship between the controller and the
data subject.
Controllers should notify data subjects and the general public that they will process data in a lawful and
transparent manner and must also be able to demonstrate the compliance of processing operations with
the GDPR. Processing operations must not be performed in secret and data subjects should be aware of
potential risks. Furthermore, controllers, so far a s possible, must act in a way which promptly complies
with the wishes of the data subject, especially where his or her consent forms the legal basis or the data
processing.
In relation to internet services, the features of data processing systems must make it possible for data
subjects to really understand what is happening with their data in any case, the principle of fairness goes
beyond transparency obligations, and could also be linked to processing personal data in an ethical
manner.
3.1.3 Transparency of processing.
EU and CoE data protection laws require personnel data processing to be done ‘in a transparent manner
in relation to the data subject’. This principle establishes an obligation for the controller to take any
appropriate measure in order to keep the data subjects (users, customers of clients) informed about how
,their data are being used. Transparency may refer to the information given to the individual before the
processing starts, the information that should be readily accessible to data subjects during the
processing, but also to the information given to data subjects following a request of access to their own
data.
Processing operations must be explained to the data subjects in an easily accessible way which ensures
that they understand what will happen tot heir data. this means that the specific purpose of processing
personal data must be known by the data subject at the time of the collection of personal data.
CoE law also specifies that certain essential information has to be compulsory provided in a proactive
manner by the controller to the data subjects.
Pursuant to the right of access, a data subject has the right to be told by a controller at his/her request if
his/er data are being processed, and, if so, which data are subject to such processing. Additionally,
pursuant to the right of information, the persons who’s data are processed, must be informed by
controllers or processors pro-actively about the purposes, length, means of processing, among other
details, in principle before the processing activity starts. In certain situations, derogations are allowed
from the obligations to inform data subjects about data processing.
3.2 The principles of purpose limitations
The principle of purpose limitations is one of the fundamental principles of European data protection
law. It is strongly connected with transparency, predictability and user control. If the purpose of
processing is sufficiently and clear, individuals know what to expect and transparency and legal certainty
are enhanced at the same time, clear delineation of the purpose is important to ensure data subjects to
effectively exercise their rights, such as the right to object to processing.
The principles require that any processing of personal data must be done for a specific, well-defined
purpose and only for additional purposes that are compatible with the original purpose.
When considering the scope and limits of a particular purpose, modernized convention 108 and the
general data protection regulation rely on the concepts of compatibility: the use of data for compatible
purposes is allowed on the grounds of the initial legal basis. Further processing of the data may not,
therefore, be done in a way that is unexpected, inappropriate or objectionable for the data subject.
To assess whether the further processing is to be considered compatible, the controller should take the
following into account (among other things):
- Any link between those purposes and the purposes of the intended further processing;
- The context in which the personal data have been collected in particular concerning the
reasonable expectations of data subjects based on their relationship with the controller on its
further use.
- The nature of the personal data.
- The consequences of the intended further processing for data subjects.
- The existence of appropriate safeguards in both the original and intended further processing
operations.
Further processing for archiving purposes in the public interest, scientific or historical research purposes
or statistical purposes is a priori considered compatible with the initial purpose. When undertaking
, further processing, the data subject should be informed of the purposes, as well as of his or her rights,
such as the right to object.
3.3 The data minimization principle.
The categories of data chosen for processing must be necessary in order to achieve the declared overall
aim of the processing operations, and a controller should strictly limit collection of data to such info as is
directly relevant for the specific purposes pursued by the processing. Furthermore, by making use of
special privacy-enhancing technology, it is sometimes possible to avoid using personal data at all, or to
use measures to reduce the ability to attribute data to a data subject, which results in a privacy friendly
solution.
Article 5(1) of modernized convention 108 contains a proportionality requirement for processing
personal data in relation to the legitimate purpose pursued. There must be a fair balance between all
interests concerned at all stages of the processing. This means that personal data which is adequate and
relevant but would entail a disproportional interference in the fundamental rights and freedoms at stake
should be considered as excessive.
3.4 The data accuracy principle.
A controller holding personal information shall not use that information without taking steps to ensure
with reasonable certainty that the data are accurate and up to date. The obligation to ensure accuracy of
data must be seen in context of the purpose of data processing.
There may also be cases where updating stored data is legally prohibited, because the purpose of storing
data is principally to document events as a historical ‘snap-shot’. On the other hand, there are situations
where it is absolute necessity to update and regularly check the accuracy of data, due to potentials
damage which might be caused to the data subject if data were to remain inaccurate.
3.5 The storage limitation principle.
Art. 5 of the GDPR require personal data to be ‘kept in a form which permits identification of data
subjects for no longer than is necessary for the purposes for which the data are processed’. The data
must therefore be erased or anonymized when those purposes have been served. To this end, time limits
should be established by the controller for ensure or for periodic review. To make sure that the data are
kept for no longer than is necessary.
The time limitation for storing personal data only applies to data kept in a form which permits
identification of data subjects. Lawful storage of data which are no longer needed could, therefore, be
achieved by anonymizing data.
Modernized convention 108 also permits exceptions to the principle of storage limitation, on the
condition that they are provided by law, respect to the essence of fundamental rights and freedoms, and
are necessary and proportion for pursuing a limited number of legitimate aims.
5.6 The data security principle.
The principle of data security requires that appropriate technical or organizational measures are
implemented when processing personal data to protect the data against accidental, unauthorized or
unlawful access, us, modification, disclosure, loss, destruction, or damage.
Voordelen van het kopen van samenvattingen bij Stuvia op een rij:
Verzekerd van kwaliteit door reviews
Stuvia-klanten hebben meer dan 700.000 samenvattingen beoordeeld. Zo weet je zeker dat je de beste documenten koopt!
Snel en makkelijk kopen
Je betaalt supersnel en eenmalig met iDeal, creditcard of Stuvia-tegoed voor de samenvatting. Zonder lidmaatschap.
Focus op de essentie
Samenvattingen worden geschreven voor en door anderen. Daarom zijn de samenvattingen altijd betrouwbaar en actueel. Zo kom je snel tot de kern!
Veelgestelde vragen
Wat krijg ik als ik dit document koop?
Je krijgt een PDF, die direct beschikbaar is na je aankoop. Het gekochte document is altijd, overal en oneindig toegankelijk via je profiel.
Tevredenheidsgarantie: hoe werkt dat?
Onze tevredenheidsgarantie zorgt ervoor dat je altijd een studiedocument vindt dat goed bij je past. Je vult een formulier in en onze klantenservice regelt de rest.
Van wie koop ik deze samenvatting?
Stuvia is een marktplaats, je koop dit document dus niet van ons, maar van verkoper robinvanheesch1. Stuvia faciliteert de betaling aan de verkoper.
Zit ik meteen vast aan een abonnement?
Nee, je koopt alleen deze samenvatting voor €6,49. Je zit daarna nergens aan vast.
Is Stuvia te vertrouwen?
4,6 sterren op Google & Trustpilot (+1000 reviews)
Afgelopen 30 dagen zijn er 82191 samenvattingen verkocht
Opgericht in 2010, al 14 jaar dé plek om samenvattingen te kopen