fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " data subject rights "

ICO launches the ‘Be Data Aware’ campaign

The UK’s Information Commissioner’s Office (ICO) is launching the ‘Be Data Aware’ campaign to help the general public understand how organisations use their data.

The ‘Be Data Aware’ campaign helps people understand how organisations might be using their data to target them online, as well as informing people on how they can control it.

Source: ICO launches the ‘Be Data Aware’ campaign

Irish DPA Examines Right to Rectification

In light of increased awareness of the rights granted to individuals under the new data protection legislation, Ireland’s data protection authority (DPA) – Data Protection Commission – has published a note to clarify aspects of the right to rectification of personal data.

In particular, it examines the case of recording of names of individuals that contain diacritical marks (for example, fadas in the Irish language).

Read note: Examination of Right to Rectification complaints | 30/04/2019 | Data Protection Commission

First fine imposed by the Polish privacy watchdog

The President of the Personal Data Protection Office (UODO) imposed its first fine for the amount of PLN 943 000 (around €220 000) for the failure to fulfil the information obligation.

The decision of the UODO’s President concerned the proceedings related to the activity of a company which processed the data subjects’ data obtained from publicly available sources, inter alia from the Central Electronic Register and Information on Economic Activity, and processed the data for commercial purposes. The authority verified incompliance with the information obligation in relation to natural persons conducting business activity – entrepreneurs who are currently conducting such activity or have suspended it, as well as entrepreneurs who conducted such activity in the past.

The controller fulfilled the information obligation by providing the information required under Art. 14 (1) – (3) of the GDPR only in relation to the persons whose e-mail addresses it had at its disposal. In case of the remaining persons the controller failed to comply with the information obligation – as it explained in the course of the proceedings – due to high operational costs. Therefore, it presented the information clause only on its website. In the opinion of the President of the Personal Data Protection Office, such action was insufficient.

Source: First fine imposed by the President of the Personal Data Protection Office | European Data Protection Board

Facebook Promised A Clear History Tool. Where Is It?

Last May, Facebook promised to create a “Clear History” function it said would give users more control over their data. Nine months later it’s nowhere to be found and sources say it’s a key example of the company’s “reactionary” way of dealing with privacy concerns.

Full article: Former Facebook Employees Say The Company’s Prioritization Of Privacy Is About Optics

GDPR investigation begins after a filmmaker’s name is misspelt

The Irish Data Protection Commission (IDPC) is looking into a potential breach of GDPR standards, after a filmmaker filed an official complaint for the misspelling of his name.

The director at the centre of what may be a landmark case, Ciarán Ó Cofaigh, claims the EU’s new data laws provision individuals with the legal right to have their name correctly spelt.

Source: GDPR investigation begins after a filmmaker’s name is misspelt

GDPR makes it easier to get your data, but doesn’t mean you’ll understand it

“Right of Access” says that, when requested, any company should be prepared to provide you with your personal data.

They should provide it in a way that’s easy for you to read, in a timely manner, and with enough background information for you to understand how they got it and how they use it. The problem is that companies can often be really stingy about actually providing this data.

Full article: GDPR makes it easier to get your data, but doesn’t mean you’ll understand it – The Verge

Dutch surgeon wins landmark ‘right to be forgotten’ case

A Dutch surgeon formally disciplined for her medical negligence has won a legal action to remove Google search results about her case in a landmark “right to be forgotten” ruling.

The doctor’s registration on the register of healthcare professionals was initially suspended by a disciplinary panel because of her postoperative care of a patient. After an appeal, this was changed to a conditional suspension under which she was allowed to continue to practise.

Google and the Dutch data privacy watchdog, Autoriteit Persoonsgegevens, initially rejected attempts to have the links removed on the basis that the doctor was still on probation and the information remained relevant.

Source: Dutch surgeon wins landmark ‘right to be forgotten’ case | Technology | The Guardian

UK Court of Appeal reverses High Court decision on data subject access requests

In June 2018, in B v General Medical Council [2018] EWCA Civ 1497, a majority of the Court of Appeal reversed the earlier decision of the English High Court and permitted General Medical Council, as data controller, to disclose an expert medical report to a patient pursuant to a data subject access request.

Full article: UK Court of Appeal reverses High Court decision on data subject access requests

Apple gives U.S. users tool to see what data it has collected

Apple on Wednesday rolled out an online tool to users in the United States and several other countries to download, change or delete all the data that the iPhone maker has collected on them. It also gives users a simpler way to make changes to the data, suspend their Apple account or even permanently delete it. Previously such tool was available to users in the European Union and was built in response to the region’s General Data Protection Regulation, or GDPR.

Source: Apple gives U.S. users tool to see what data it has collected | Reuters

1 2 3 7
>