Privacy and Data Protection – Page 25

August 23, 2017September 5, 2017

GDPR is for Filing System Processed Data Only

A fair quantity of data processing, though digitally performed, is outside of the GDPR’s reach.

I do not have figures comparing database-based processing to instantaneous, non-filing-system-handled data manning, nevertheless it is fair to say that the latter are a relevant part of the digital ecosystem (think of the instant messaging sector, where end-to-end communication is not necessarily meant to be stored.) As such, these kind of processing are not covered by the GDPR. Continue reading “GDPR is for Filing System Processed Data Only”

August 22, 2017September 5, 2017

The GDPR and the problem of “simple” wording-based consent

An always present “advice” about GDPR’s consent gathering is “keep it simple and clear”.

This call for clarity, mainly advocated by the Data Protection Authorities themselves, is based on the assumption that legalese is actually a way to deceive the data subject into releasing a non well understood consent.

Clarity is a good thing but, in the law realm, must be practiced within the limit of the technical vocabulary. Continue reading “The GDPR and the problem of “simple” wording-based consent”

August 11, 2017September 5, 2017

The GDPR doesn’t work for Data Retention

A simple syllogism. Continue reading “The GDPR doesn’t work for Data Retention”

August 7, 2017September 5, 2017

The EU Court of Justice: privacy and data protection are different rights. Data Protection Authorities are on notice

The press release 84/2017 issued by the EU Court of Justice on the EU-Canada PNR transfer contains ? an important (though unnoticed) statement:

… the transfer of PNR data from the EU to Canada, and the rules laid down in the envisaged agreement on the retention of data, its use and its possible subsequent transfer to Canadian, European or foreign public authorities entail an interference with the fundamental right to respect for private life (emphasis added). Similarly, the envisaged agreement entails an interference with the fundamental right to the protection of personal data (emphasis added).

Continue reading “The EU Court of Justice: privacy and data protection are different rights. Data Protection Authorities are on notice”

August 3, 2017September 5, 2017

A useful feature of the upcoming GDPR

The unified system of definitions set forth by the GDPR is its main strength because it prevents – at national level – the unauthorized modification of the EU provisions. Continue reading “A useful feature of the upcoming GDPR”