-
Recent Posts
- Why data protection law is uniquely equipped to let us fight a pandemic with personal data
- A US Bill from 1974 shares so much DNA with the GDPR, it could be its ancestor
- Planet49 CJEU Judgment brings some ‘Cookie Consent’ Certainty to Planet Online Tracking
- The CJEU decides lack of access to personal data does not unmake a joint controller: A look at Wirtschaftsakademie
- Brief case-law companion for the GDPR professional
- Exam scripts are partly personal data and other practical findings of the CJEU in Nowak
- A Conversation with Giovanni Buttarelli about The Future of Data Protection: setting the stage for an EU Digital Regulator
- Why did Facebook just receive (one of) the biggest data protection fine(s) on record
- Exam scripts and examiner’s corrections are personal data of the exam candidate (AG Kokott Opinion in Nowak)
- Highlights of the draft LIBE report on the ePrivacy Reg
Archives
Tags roulette
AG Mengozzi Article 8 Charter article 29 working party big data CJEU cloud computing CNIL data portability data protection Data Protection Directive data protection laws data protection officer data protection reform data protection regulation directive 95/46 directive 95/46/EC EDPS European Commission European Data Protection Supervisor European Parliament Facebook Gabriela Zanfir GDPR Google personal data PNR privacy right to be forgotten Surveillance technology Viviane RedingCategories
RSS
Meta
All about personal data protection and privacy
EPIC.ORG news- An error has occurred; the feed is probably down. Try again later.
- EDRi
- Commission launches internet fee consultation full of biased questions
- Will the European Union allow politicians to use your personal data for political advertising?
- EDRi-gram, 31 May 2023
- Sex, religion and race are advertising taboos, except for power-hungry politicians
- USA border plan requires “continuous and systematic” transfers of biometric data
- €1.2 billion GDPR fine for Meta over US mass surveillance
- 5 years of the GDPR: National authorities let down European legislator
- Romania: CSA Regulation will make journalistic investigations of child abuse impossible
- Open letter: Gender-inclusive and safe digital world that is free from violence for all
- Chaos Communication Camp 2023
- European Data Protection Supervisor
- An error has occurred; the feed is probably down. Try again later.
- CNIL
- Journées RGPD les 13 et 14 juin à Rennes
- Fusion de la carte Vitale et de la carte d’identité : les points d’attention de la CNIL concernant la protection des données
- Clôture de l’injonction prononcée à l’encontre de MICROSOFT IRELAND OPERATIONS LIMITED
- Remise du prix « Protection de la vie privée » 2022 par la CNIL et l’Inria
- Données de santé et utilisation des cookies : DOCTISSIMO sanctionné par une amende de 380 000 euros
- Le rapport annuel 2022 de la CNIL
- Intelligence artificielle : le plan d’action de la CNIL
- Évolution des pratiques du web en matière de cookies : la CNIL évalue l’impact de son plan d’action
- Privacy Research Day : découvrez le programme et inscrivez-vous gratuitement à l’évènement
- Accompagnement renforcé : la CNIL sélectionne 3 entreprises du numérique à fort potentiel
- ICO
- ICO reprimands Thames Valley Police for releasing witness details to suspected criminals
- John Edwards, Information Commissioner, delivers a keynote speech at the Data and the Future of Financial Services Summit
- ICO statement on Capita incident
- Statement in response to the Open Rights Group’s report
- ICO issues Ministry of Justice with reprimand after confidential personal information left in prison holding area
- “It’s important not to get caught out.” - New SARs guidance for employers issued
- Information Commissioner John Edwards' opening remarks at the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE), delivered on 23 May 2023.
- ICO fines two businesses £180,000 for making unlawful marketing calls
- ICO takes action against both Plymouth City Council and Norfolk County Council for failing to respond to information access requests
- ICO takes action against Shropshire Council for failing to respond to Freedom of Information requests
- Privacy Commissioner Canada
- Announcement: Commissioner welcomes conclusion of the U.S. Federal Trade Commission’s investigation into Ashley Madison breach
- Announcement: OPC blog post: learn how identifiers on your phone can be used to track you
- Don’t repeat past mistakes, Privacy Commissioner warns as government reviews national security framework - December 6, 2016
- Media Advisory: Privacy guardians to unveil recommendations on modernizing Canada’s national security framework - December 5, 2016
- Announcement: Contributions Program launches call for innovative research and knowledge translation proposals - November 30, 2016
- Announcement: Commissioner shares views on Security of Canada Information Sharing Act with Parliament
- Announcement: Commissioner shares views on Bill C-22 with Parliament
- Announcement: OPC posts new summaries of cases involving businesses
- Media surveillance highlights privacy risk to all Canadians
- Announcement: Privacy Commissioner launches Privacy Tech-Know blog series
pdpEcho 
Complaints Dealt With by EDPS in 2010
Source: http://www.rasmussen.edu
I will continue my endeavour started yesterday (read all about it HERE). Before analyzing some of the cases from the EDPS 2010 Report, I shoul mention that in 10 cases resolved in 2010 the EDPS found there was no breach of data protection rules, while in 11 cases non-compliance with data protection law was found to have occured (and reccommendations were addressed to the data controler concerned).
Here are the cases, just as they are explained in the EDPS 2010 Activity Report:
I. Compliance
1. Acces to one’s own medical file. The EDPS received a complaint relating to access to one’s own medical file held by an institution’s medical service. The EDPS confirmed that under the data protection rules, access to personal data does not oblige the controller to send the original medical file, but that it implied in practice being able to have a look at it (in person or in certain cases indirectly via a doctor) and/or take copies of it. With regard to the right to rectification of inaccurate or incomplete data, the EDPS underlined that the obligation to rectify data in the context of medical data is related only to factual data and not to health related assessments. The controller is therefore not obliged under data protection rules to modify the conclusion of a specific medical report. In such a context, the right to rectify the data could result in the possibility to include another report from another medical professional containing a different assessment. The EDPS therefore concluded in this case that there was no breach to data protection rules.
II. Non-compliance
1. Publication of personal sensitive data. A complaint was received about the publication of highly sensitive personal data in the Official Journal of the European Union and in the minutes of a European Parliament session. Following an inquiry into the matter, the EDPS concluded that the opinion of the Member of Parliament could have been expressed and the political message of the Written declaration could have been transmitted effectively without revealing the identities of the persons concerned. The EDPS requested the deletion of the names of the persons invoked by the Member in the Written declaration and in any other medium. He also requested that a formal and effective procedure be established in order to ensure that definitive versions of documents published in the Official Journal and on the internet site of the Parliament take into account modifications introduced by the services in charge of the preparation of documents.
2. Communication of personnel numbers through an agency’s internal e-mail. A complaint was received relating to the communication of personnel numbers of the members of staff of an agency to all users via the agency’s internal email addresses. The purpose of the particular processing was to invite all members of staff for an appointment with the agency’s Security section to have their photograph taken. The EDPS considered that, for this purpose it was fully sufficient to send a list containing only last name and first name of all the persons concerned. The personnel number on this list was irrelevant and excessive in relation to the said purpose and thus in violation of Article 4 of the Regulation. The EDPS invited the agency to formally instruct staff dealing with personal data to be selective and exercise particular care when sending massive internal or external mailings containing personal data so as to ensure that only data which are necessary for the purpose of the message are included.
3. Covert video surveillance. A staff member complained against covert video surveillance in his institution. In particular, he questioned the lawfulness of the use of a video camera which recorded him, without his knowledge, when he entered his supervisor’s office in his absence. The EDPS concluded that the institution had not demonstrated the existence of a legal basis which would explicitly allow the possibility of such highly intrusive operations and provide for specific conditions and safeguards. Without such a transparent legal basis and a structured approach, the proportionality of covert video surveillance was doubtful. The EDPS, therefore, called on the institution to re examine whether it wished to avail itself of covert surveillance in the future and if so, to submit its plans to the EDPS for prior checking.
In conclusion, data protection complaints to an authority such as the EDPS vary as much as the general subject matter of data protection. Whether people don’t have access to their personal information, whether their sensitive data is published or whtether they are being surveilled in an office without knowing, they feel like their privacy is being invaded and they want to react somehow. Nevertheless, it is clear that the right to data protection is not an absolute one. In case I.1. from above, the individual did not have the right to simply modify data concerning his health, even though the modification was meant for his own medical file. Health is a sensitive subject matter and keeping track of one’s medical condition is important, even though the medical condition changed. It would be interesting to know more facts from this particular case to analyze in depth this limit of the right to data protection.
Share this:
Like this: