Data protection and Privacy: The Necessary Rules and Principles that you should know. (EU Directives)
By Mohammad Al-Thunibat
The reason of establishing laws that organised and governed data protection and privacy based on the fact that users’ personal data become more ease to transfer by using the new technological instruments of communication. Furthermore, the most two important Directives that established for that purpose are the Directive 95/46/EC (Data Protection) and the Directive 97/66/EC (that deals specifically with the protection of privacy in telecommunications)
Ø Definitions:
‘Data Subject’ the person who’s own and provided his/ her personal data , (which covers mostly any online user)
'Personal Data' shall mean any information relating to an identified or identifiable natural person ('data subject'); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity
'Controller' shall mean the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by national or Community laws or regulations, the controller or the specific criteria for his nomination may be designated by national or Community law
'Processor' shall mean a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller
'Third Party' shall mean any natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorized to process the data
'Recipient' shall mean a natural or legal person, public authority, agency or any other body to whom data are disclosed, whether a third party or not; however, authorities which may receive data in the framework of a particular inquiry shall not be regarded as recipients
'The Data Subject's Consent' shall mean any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed
'Processing of Personal Data' ('Processing') shall mean any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction
'Personal Data Filing System' ('Filing System') shall mean any structured set of personal data which are accessible according to specific criteria, whether centralized, decentralized or dispersed on a functional or geographical basis
Ø The Rights of Data Subject:
‘You have the right to be informed of any data processing when you are the data subject’, this right covers by Articles (10 & 11) of the Directive 95/46/EC. As these rules cover Information in cases of collection of data from the data subject and Information where the data have not been obtained from the data subject
‘You have the right of access data about you’, this right covered by Article (12)
‘You must also have access to the logic on which automated decisions are based’, and ‘THE DATA SUBJECT'S RIGHT TO OBJECT’, these rights covered in Articles (14 & 15)
Ø Exemptions and restrictions
Article (13) stated these exemptions and restrictions when such a restriction constitutes a necessary measures to safeguard.
Ø Sensitive data
There are some sort of data that have a specialty situation, which therefore organised in two special rules which are Articles (8 & 9), these Articles covered ‘The processing of special categories of data’ and ‘Processing of personal data and freedom of expression’
Ø The supervisory authority
According to the Directive, each Member State must provide one or more public authorities to ensure the proper application of the data protection law. This authority, often referred to as the supervisory authority, is competent to hear complaints lodged by any person or business. The supervisory authority must investigate the claim and may temporarily ban the processing. If the supervisory authority finds that the data protection law has been violated, then the supervisory authority could, among other things, order the erasure or destruction of the data and/or ban further processing
Ø The legal requirements of data control acts
Data controllers are required to observe several principles. These principles not only aim to protect the data subjects but also are a statement of good business practices that contribute to reliable and efficient data processing
Ø PRINCIPLES RELATING TO DATA QUALITY
These principles stated in Article (6) of the Directive, as personal data must be processed fairly and lawfully, and collected for specified, explicit and legitimate purposes... etc
Ø CRITERIA FOR MAKING DATA PROCESSING LEGITIMATE
This important subject covered in Article (7), as the personal data shall be processed only in specific legal framework that determined in this Article; such as in case of data subject consent, in case of contract performance or legal obligation... etc
References:
No comments:
Post a Comment